Search in sources :

Example 21 with UserSessionBase

use of org.apache.ranger.common.UserSessionBase in project ranger by apache.

the class RangerBizUtil method hasAccess.

/**
 * @param xxDbBase
 * @param baseModel
 * @return Boolean
 *
 * @NOTE: Kindly check all the references of this function before making any changes
 */
public Boolean hasAccess(XXDBBase xxDbBase, RangerBaseModelObject baseModel) {
    UserSessionBase session = ContextUtil.getCurrentUserSession();
    if (session == null) {
        logger.info("User session not found, granting access.");
        return true;
    }
    boolean isKeyAdmin = session.isKeyAdmin();
    boolean isSysAdmin = session.isUserAdmin();
    boolean isAuditor = session.isAuditUserAdmin();
    boolean isAuditorKeyAdmin = session.isAuditKeyAdmin();
    boolean isUser = false;
    List<String> roleList = session.getUserRoleList();
    if (roleList.contains(RangerConstants.ROLE_USER)) {
        isUser = true;
    }
    if (xxDbBase != null && xxDbBase instanceof XXServiceDef) {
        XXServiceDef xServiceDef = (XXServiceDef) xxDbBase;
        final String implClass = xServiceDef.getImplclassname();
        if (EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME.equals(implClass)) {
            // KMS case
            return isKeyAdmin || isAuditorKeyAdmin;
        } else {
            // Other cases - implClass can be null!
            return isSysAdmin || isUser || isAuditor;
        }
    }
    if (xxDbBase != null && xxDbBase instanceof XXService) {
        // services including KMS
        if (isSysAdmin || isAuditor) {
            return true;
        }
        XXService xService = (XXService) xxDbBase;
        XXServiceDef xServiceDef = daoManager.getXXServiceDef().getById(xService.getType());
        String implClass = xServiceDef.getImplclassname();
        if (EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME.equals(implClass)) {
            // KMS case
            return isKeyAdmin || isAuditorKeyAdmin;
        } else {
            // Other cases - implClass can be null!
            return isUser;
        }
    }
    return false;
}
Also used : XXServiceDef(org.apache.ranger.entity.XXServiceDef) VXString(org.apache.ranger.view.VXString) XXService(org.apache.ranger.entity.XXService) UserSessionBase(org.apache.ranger.common.UserSessionBase)

Example 22 with UserSessionBase

use of org.apache.ranger.common.UserSessionBase in project ranger by apache.

the class ServiceDBStore method createDefaultPolicyUsersAndGroups.

void createDefaultPolicyUsersAndGroups(List<RangerPolicy> defaultPolicies) {
    Set<String> defaultPolicyUsers = new HashSet<String>();
    Set<String> defaultPolicyGroups = new HashSet<String>();
    for (RangerPolicy defaultPolicy : defaultPolicies) {
        for (RangerPolicyItem defaultPolicyItem : defaultPolicy.getPolicyItems()) {
            defaultPolicyUsers.addAll(defaultPolicyItem.getUsers());
            defaultPolicyGroups.addAll(defaultPolicyItem.getGroups());
        }
        for (RangerPolicyItem defaultPolicyItem : defaultPolicy.getAllowExceptions()) {
            defaultPolicyUsers.addAll(defaultPolicyItem.getUsers());
            defaultPolicyGroups.addAll(defaultPolicyItem.getGroups());
        }
        for (RangerPolicyItem defaultPolicyItem : defaultPolicy.getDenyPolicyItems()) {
            defaultPolicyUsers.addAll(defaultPolicyItem.getUsers());
            defaultPolicyGroups.addAll(defaultPolicyItem.getGroups());
        }
        for (RangerPolicyItem defaultPolicyItem : defaultPolicy.getDenyExceptions()) {
            defaultPolicyUsers.addAll(defaultPolicyItem.getUsers());
            defaultPolicyGroups.addAll(defaultPolicyItem.getGroups());
        }
        for (RangerPolicyItem defaultPolicyItem : defaultPolicy.getDataMaskPolicyItems()) {
            defaultPolicyUsers.addAll(defaultPolicyItem.getUsers());
            defaultPolicyGroups.addAll(defaultPolicyItem.getGroups());
        }
        for (RangerPolicyItem defaultPolicyItem : defaultPolicy.getRowFilterPolicyItems()) {
            defaultPolicyUsers.addAll(defaultPolicyItem.getUsers());
            defaultPolicyGroups.addAll(defaultPolicyItem.getGroups());
        }
    }
    for (String policyUser : defaultPolicyUsers) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Checking policyUser:[" + policyUser + "] for existence");
        }
        if (StringUtils.isNotBlank(policyUser) && !StringUtils.equals(policyUser, RangerPolicyEngine.USER_CURRENT) && !StringUtils.equals(policyUser, RangerPolicyEngine.RESOURCE_OWNER)) {
            XXUser xxUser = daoMgr.getXXUser().findByUserName(policyUser);
            if (xxUser == null) {
                UserSessionBase usb = ContextUtil.getCurrentUserSession();
                if (usb != null && !usb.isKeyAdmin() && !usb.isUserAdmin() && !usb.isSpnegoEnabled()) {
                    throw restErrorUtil.createRESTException("User does not exist with given username: [" + policyUser + "] please use existing user", MessageEnums.OPER_NO_PERMISSION);
                }
                xUserMgr.createServiceConfigUser(policyUser);
            }
        }
    }
    for (String policyGroup : defaultPolicyGroups) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Checking policyGroup:[" + policyGroup + "] for existence");
        }
        if (StringUtils.isNotBlank(policyGroup)) {
            XXGroup xxGroup = daoMgr.getXXGroup().findByGroupName(policyGroup);
            if (xxGroup == null) {
                UserSessionBase usb = ContextUtil.getCurrentUserSession();
                if (usb != null && !usb.isKeyAdmin() && !usb.isUserAdmin() && !usb.isSpnegoEnabled()) {
                    throw restErrorUtil.createRESTException("Group does not exist with given groupname: [" + policyGroup + "] please use existing group", MessageEnums.OPER_NO_PERMISSION);
                }
                VXGroup vXGroup = new VXGroup();
                vXGroup.setName(policyGroup);
                vXGroup.setDescription(policyGroup);
                vXGroup.setGroupSource(RangerCommonEnums.GROUP_INTERNAL);
                vXGroup.setIsVisible(RangerCommonEnums.IS_VISIBLE);
                xGroupService.createResource(vXGroup);
            }
        }
    }
}
Also used : XXUser(org.apache.ranger.entity.XXUser) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) XXGroup(org.apache.ranger.entity.XXGroup) VXString(org.apache.ranger.view.VXString) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) VXGroup(org.apache.ranger.view.VXGroup) LinkedHashSet(java.util.LinkedHashSet) HashSet(java.util.HashSet) UserSessionBase(org.apache.ranger.common.UserSessionBase)

Example 23 with UserSessionBase

use of org.apache.ranger.common.UserSessionBase in project ranger by apache.

the class TestRangerBizUtil method testHasPermission_isAdmin.

@Test
public void testHasPermission_isAdmin() {
    VXResource vXResource = new VXResource();
    vXResource.setName(resourceName);
    vXResource.setAssetId(id);
    UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
    currentUserSession.setUserAdmin(true);
    VXResponse resp = rangerBizUtil.hasPermission(vXResource, AppConstants.XA_PERM_TYPE_UNKNOWN);
    Assert.assertNotNull(resp);
    Assert.assertEquals(VXResponse.STATUS_SUCCESS, resp.getStatusCode());
}
Also used : VXResponse(org.apache.ranger.view.VXResponse) VXResource(org.apache.ranger.view.VXResource) UserSessionBase(org.apache.ranger.common.UserSessionBase) Test(org.junit.Test)

Example 24 with UserSessionBase

use of org.apache.ranger.common.UserSessionBase in project ranger by apache.

the class TestRangerBizUtil method setup.

@Before
public void setup() {
    RangerSecurityContext context = new RangerSecurityContext();
    context.setUserSession(new UserSessionBase());
    RangerContextHolder.setSecurityContext(context);
}
Also used : RangerSecurityContext(org.apache.ranger.security.context.RangerSecurityContext) UserSessionBase(org.apache.ranger.common.UserSessionBase) Before(org.junit.Before)

Example 25 with UserSessionBase

use of org.apache.ranger.common.UserSessionBase in project ranger by apache.

the class TestServiceDBStore method setup.

public void setup() {
    RangerSecurityContext context = new RangerSecurityContext();
    context.setUserSession(new UserSessionBase());
    RangerContextHolder.setSecurityContext(context);
    UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
    currentUserSession.setUserAdmin(true);
}
Also used : RangerSecurityContext(org.apache.ranger.security.context.RangerSecurityContext) UserSessionBase(org.apache.ranger.common.UserSessionBase)

Aggregations

UserSessionBase (org.apache.ranger.common.UserSessionBase)69 RangerSecurityContext (org.apache.ranger.security.context.RangerSecurityContext)24 XXPortalUser (org.apache.ranger.entity.XXPortalUser)11 VXString (org.apache.ranger.view.VXString)11 XXUser (org.apache.ranger.entity.XXUser)8 ArrayList (java.util.ArrayList)6 XXPortalUserRole (org.apache.ranger.entity.XXPortalUserRole)6 XXService (org.apache.ranger.entity.XXService)5 VXResponse (org.apache.ranger.view.VXResponse)4 Test (org.junit.Test)4 Authentication (org.springframework.security.core.Authentication)4 HashSet (java.util.HashSet)3 HttpSession (javax.servlet.http.HttpSession)3 XXGroupUser (org.apache.ranger.entity.XXGroupUser)3 XXResource (org.apache.ranger.entity.XXResource)3 EntityManager (javax.persistence.EntityManager)2 CriteriaBuilder (javax.persistence.criteria.CriteriaBuilder)2 Predicate (javax.persistence.criteria.Predicate)2 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 HttpServletResponse (javax.servlet.http.HttpServletResponse)2