use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser in project druid by druid-io.
the class CoordinatorBasicAuthorizerMetadataStorageUpdater method createUserOnce.
private boolean createUserOnce(String prefix, String userName) {
byte[] oldValue = getCurrentUserMapBytes(prefix);
Map<String, BasicAuthorizerUser> userMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, oldValue);
if (userMap.get(userName) != null) {
throw new BasicSecurityDBResourceException("User [%s] already exists.", userName);
} else {
userMap.put(userName, new BasicAuthorizerUser(userName, null));
}
byte[] newValue = BasicAuthUtils.serializeAuthorizerUserMap(objectMapper, userMap);
return tryUpdateUserMap(prefix, userMap, oldValue, newValue);
}
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser in project druid by druid-io.
the class CoordinatorBasicAuthorizerMetadataStorageUpdater method unassignUserRoleOnce.
private boolean unassignUserRoleOnce(String prefix, String userName, String roleName) {
byte[] oldRoleMapValue = getCurrentRoleMapBytes(prefix);
Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, oldRoleMapValue);
if (roleMap.get(roleName) == null) {
throw new BasicSecurityDBResourceException("Role [%s] does not exist.", roleName);
}
byte[] oldUserMapValue = getCurrentUserMapBytes(prefix);
Map<String, BasicAuthorizerUser> userMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, oldUserMapValue);
BasicAuthorizerUser user = userMap.get(userName);
if (userMap.get(userName) == null) {
throw new BasicSecurityDBResourceException("User [%s] does not exist.", userName);
}
if (!user.getRoles().contains(roleName)) {
throw new BasicSecurityDBResourceException("User [%s] does not have role [%s].", userName, roleName);
}
user.getRoles().remove(roleName);
byte[] newUserMapValue = BasicAuthUtils.serializeAuthorizerUserMap(objectMapper, userMap);
// Role map is unchanged, but submit as an update to ensure that the table didn't change (e.g., role deleted)
return tryUpdateUserAndRoleMap(prefix, userMap, oldUserMapValue, newUserMapValue, roleMap, oldRoleMapValue, oldRoleMapValue);
}
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser in project druid by druid-io.
the class CoordinatorBasicAuthorizerMetadataStorageUpdater method assignUserRoleOnce.
private boolean assignUserRoleOnce(String prefix, String userName, String roleName) {
byte[] oldRoleMapValue = getCurrentRoleMapBytes(prefix);
Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, oldRoleMapValue);
if (roleMap.get(roleName) == null) {
throw new BasicSecurityDBResourceException("Role [%s] does not exist.", roleName);
}
byte[] oldUserMapValue = getCurrentUserMapBytes(prefix);
Map<String, BasicAuthorizerUser> userMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, oldUserMapValue);
BasicAuthorizerUser user = userMap.get(userName);
if (userMap.get(userName) == null) {
throw new BasicSecurityDBResourceException("User [%s] does not exist.", userName);
}
if (user.getRoles().contains(roleName)) {
throw new BasicSecurityDBResourceException("User [%s] already has role [%s].", userName, roleName);
}
user.getRoles().add(roleName);
byte[] newUserMapValue = BasicAuthUtils.serializeAuthorizerUserMap(objectMapper, userMap);
// Role map is unchanged, but submit as an update to ensure that the table didn't change (e.g., role deleted)
return tryUpdateUserAndRoleMap(prefix, userMap, oldUserMapValue, newUserMapValue, roleMap, oldRoleMapValue, oldRoleMapValue);
}
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser in project druid by druid-io.
the class CoordinatorBasicAuthorizerResourceHandler method getUserFull.
private Response getUserFull(String authorizerName, String userName, boolean simplifyPermissions) {
Map<String, BasicAuthorizerUser> userMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, storageUpdater.getCurrentUserMapBytes(authorizerName));
try {
BasicAuthorizerUser user = userMap.get(userName);
if (user == null) {
throw new BasicSecurityDBResourceException("User [%s] does not exist.", userName);
}
Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, storageUpdater.getCurrentRoleMapBytes(authorizerName));
if (simplifyPermissions) {
Set<BasicAuthorizerRoleSimplifiedPermissions> roles = getRolesForUserWithSimplifiedPermissions(user, roleMap);
BasicAuthorizerUserFullSimplifiedPermissions fullUser = new BasicAuthorizerUserFullSimplifiedPermissions(userName, roles);
return Response.ok(fullUser).build();
} else {
Set<BasicAuthorizerRole> roles = getRolesForUser(user, roleMap);
BasicAuthorizerUserFull fullUser = new BasicAuthorizerUserFull(userName, roles);
return Response.ok(fullUser).build();
}
} catch (BasicSecurityDBResourceException e) {
return makeResponseForBasicSecurityDBResourceException(e);
}
}
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser in project druid by druid-io.
the class CoordinatorBasicAuthorizerResourceHandler method getAllUsers.
@Override
public Response getAllUsers(String authorizerName) {
final BasicRoleBasedAuthorizer authorizer = authorizerMap.get(authorizerName);
if (authorizer == null) {
return makeResponseForAuthorizerNotFound(authorizerName);
}
Map<String, BasicAuthorizerUser> userMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, storageUpdater.getCurrentUserMapBytes(authorizerName));
return Response.ok(userMap.keySet()).build();
}
Aggregations