Search in sources :

Example 1 with UserAuthenticator

use of org.apache.drill.exec.rpc.user.security.UserAuthenticator in project drill by apache.

the class DrillRestLoginService method login.

@Override
public UserIdentity login(String username, Object credentials) {
    if (!(credentials instanceof String)) {
        return null;
    }
    try {
        // Authenticate WebUser locally using UserAuthenticator. If WebServer is started that guarantees the PLAIN
        // mechanism is configured and authenticator is also available
        final AuthenticatorFactory plainFactory = drillbitContext.getAuthProvider().getAuthenticatorFactory(PlainFactory.SIMPLE_NAME);
        final UserAuthenticator userAuthenticator = ((PlainFactory) plainFactory).getAuthenticator();
        // Authenticate the user with configured Authenticator
        userAuthenticator.authenticate(username, credentials.toString());
        logger.debug("WebUser {} is successfully authenticated", username);
        final SystemOptionManager sysOptions = drillbitContext.getOptionManager();
        final boolean isAdmin = ImpersonationUtil.hasAdminPrivileges(username, sysOptions.getOption(ExecConstants.ADMIN_USERS_KEY).string_val, sysOptions.getOption(ExecConstants.ADMIN_USER_GROUPS_KEY).string_val);
        // Create the UserPrincipal corresponding to logged in user.
        final Principal userPrincipal = new DrillUserPrincipal(username, isAdmin);
        final Subject subject = new Subject();
        subject.getPrincipals().add(userPrincipal);
        subject.getPrivateCredentials().add(credentials);
        if (isAdmin) {
            subject.getPrincipals().addAll(DrillUserPrincipal.ADMIN_PRINCIPALS);
            return identityService.newUserIdentity(subject, userPrincipal, DrillUserPrincipal.ADMIN_USER_ROLES);
        } else {
            subject.getPrincipals().addAll(DrillUserPrincipal.NON_ADMIN_PRINCIPALS);
            return identityService.newUserIdentity(subject, userPrincipal, DrillUserPrincipal.NON_ADMIN_USER_ROLES);
        }
    } catch (final Exception e) {
        if (e instanceof UserAuthenticationException) {
            logger.debug("Authentication failed for WebUser '{}'", username, e);
        } else {
            logger.error("UnExpected failure occurred for WebUser {} during login.", username, e);
        }
        return null;
    }
}
Also used : UserAuthenticationException(org.apache.drill.exec.rpc.user.security.UserAuthenticationException) SystemOptionManager(org.apache.drill.exec.server.options.SystemOptionManager) UserAuthenticator(org.apache.drill.exec.rpc.user.security.UserAuthenticator) PlainFactory(org.apache.drill.exec.rpc.security.plain.PlainFactory) AuthenticatorFactory(org.apache.drill.exec.rpc.security.AuthenticatorFactory) Principal(java.security.Principal) Subject(javax.security.auth.Subject) UserAuthenticationException(org.apache.drill.exec.rpc.user.security.UserAuthenticationException)

Aggregations

Principal (java.security.Principal)1 Subject (javax.security.auth.Subject)1 AuthenticatorFactory (org.apache.drill.exec.rpc.security.AuthenticatorFactory)1 PlainFactory (org.apache.drill.exec.rpc.security.plain.PlainFactory)1 UserAuthenticationException (org.apache.drill.exec.rpc.user.security.UserAuthenticationException)1 UserAuthenticator (org.apache.drill.exec.rpc.user.security.UserAuthenticator)1 SystemOptionManager (org.apache.drill.exec.server.options.SystemOptionManager)1