Example 16 with UserIdentity
use of io.cdap.cdap.security.auth.UserIdentity in project cdap by caskdata.
the class MockAccessTokenIdentityExtractor method extract.
@Override
public UserIdentityExtractionResponse extract(HttpRequest request) throws UserIdentityExtractionException {
String auth = request.headers().get(HttpHeaderNames.AUTHORIZATION);
String accessToken = null;
if (auth != null) {
int idx = auth.trim().indexOf(' ');
if (idx < 0) {
return new UserIdentityExtractionResponse(UserIdentityExtractionState.ERROR_MISSING_CREDENTIAL, "No access token found");
}
accessToken = auth.substring(idx + 1).trim();
}
if (accessToken == null || accessToken.length() == 0) {
return new UserIdentityExtractionResponse(UserIdentityExtractionState.ERROR_MISSING_CREDENTIAL, "No access token found");
}
TokenState state = validator.validate(accessToken);
if (!state.isValid()) {
return new UserIdentityExtractionResponse(UserIdentityExtractionState.ERROR_INVALID_TOKEN, String.format("Failed to validate access token with reason: %s", state));
}
UserIdentityPair pair = new UserIdentityPair(accessToken, new UserIdentity("dummy", UserIdentity.IdentifierType.EXTERNAL, new LinkedHashSet<>(), System.currentTimeMillis(), System.currentTimeMillis() + 100000));
return new UserIdentityExtractionResponse(pair);
}
Also used :
LinkedHashSet(java.util.LinkedHashSet)
UserIdentityExtractionResponse(io.cdap.cdap.security.auth.UserIdentityExtractionResponse)
UserIdentity(io.cdap.cdap.security.auth.UserIdentity)
UserIdentityPair(io.cdap.cdap.security.auth.UserIdentityPair)
TokenState(io.cdap.cdap.security.auth.TokenState)
Example 17 with UserIdentity
use of io.cdap.cdap.security.auth.UserIdentity in project cdap by caskdata.
the class RemoteExecutionTwillRunnerService method generateAndSaveRuntimeToken.
/**
* Generates a runtime token to talk back from the execution cluster to CDAP instance.
*/
private Location generateAndSaveRuntimeToken(ProgramRunId programRunId, Location keysDir) {
try {
long currentTimestamp = System.currentTimeMillis();
// TODO: Use a better identity & expiration
UserIdentity identity = new UserIdentity(Constants.Security.Authentication.RUNTIME_IDENTITY, UserIdentity.IdentifierType.INTERNAL, Collections.emptyList(), currentTimestamp, currentTimestamp + DEFAULT_EXPIRATION);
AccessToken accessToken = tokenManager.signIdentifier(identity);
byte[] encodedAccessToken = Base64.getEncoder().encode(accessTokenCodec.encode(accessToken));
Location location = keysDir.append(Constants.Security.Authentication.RUNTIME_TOKEN_FILE);
try (OutputStream os = location.getOutputStream()) {
os.write(encodedAccessToken);
}
return location;
} catch (IOException e) {
throw new RuntimeException("Failed to generate runtime token for " + programRunId, e);
}
}
Also used :
AccessToken(io.cdap.cdap.security.auth.AccessToken)
UserIdentity(io.cdap.cdap.security.auth.UserIdentity)
OutputStream(java.io.OutputStream)
IOException(java.io.IOException)
Location(org.apache.twill.filesystem.Location)
Aggregations
UserIdentity (io.cdap.cdap.security.auth.UserIdentity)17
Credential (io.cdap.cdap.proto.security.Credential)13
Principal (io.cdap.cdap.proto.security.Principal)13
NamespaceId (io.cdap.cdap.proto.id.NamespaceId)12
Test (org.junit.Test)12
EntityId (io.cdap.cdap.proto.id.EntityId)4
AccessToken (io.cdap.cdap.security.auth.AccessToken)4
IOException (java.io.IOException)3
JsonObject (com.google.gson.JsonObject)1
AccessException (io.cdap.cdap.api.security.AccessException)1
InvalidTokenException (io.cdap.cdap.security.auth.InvalidTokenException)1
TokenState (io.cdap.cdap.security.auth.TokenState)1
UserIdentityExtractionResponse (io.cdap.cdap.security.auth.UserIdentityExtractionResponse)1
UserIdentityPair (io.cdap.cdap.security.auth.UserIdentityPair)1
OutputStream (java.io.OutputStream)1
LinkedHashSet (java.util.LinkedHashSet)1
Location (org.apache.twill.filesystem.Location)1
