Search in sources :

Example 26 with UserSessionBase

use of org.apache.ranger.common.UserSessionBase in project ranger by apache.

the class TestUserMgr method setupKeyAdmin.

public void setupKeyAdmin() {
    RangerSecurityContext context = new RangerSecurityContext();
    context.setUserSession(new UserSessionBase());
    RangerContextHolder.setSecurityContext(context);
    UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
    XXPortalUser userKeyAdmin = new XXPortalUser();
    userKeyAdmin.setId(userProfile().getId());
    userKeyAdmin.setLoginId(userProfile().getLoginId());
    currentUserSession.setXXPortalUser(userKeyAdmin);
    currentUserSession.setKeyAdmin(true);
}
Also used : XXPortalUser(org.apache.ranger.entity.XXPortalUser) RangerSecurityContext(org.apache.ranger.security.context.RangerSecurityContext) UserSessionBase(org.apache.ranger.common.UserSessionBase)

Example 27 with UserSessionBase

use of org.apache.ranger.common.UserSessionBase in project ranger by apache.

the class TestUserMgr method setupUser.

public void setupUser() {
    RangerSecurityContext context = new RangerSecurityContext();
    context.setUserSession(new UserSessionBase());
    RangerContextHolder.setSecurityContext(context);
    UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
    XXPortalUser user = new XXPortalUser();
    user.setId(userProfile().getId());
    user.setLoginId(userProfile().getLoginId());
    currentUserSession.setXXPortalUser(user);
}
Also used : XXPortalUser(org.apache.ranger.entity.XXPortalUser) RangerSecurityContext(org.apache.ranger.security.context.RangerSecurityContext) UserSessionBase(org.apache.ranger.common.UserSessionBase)

Example 28 with UserSessionBase

use of org.apache.ranger.common.UserSessionBase in project ranger by apache.

the class UserService method gjUserToUserProfile.

// TODO: Need to remove this ASAP
public void gjUserToUserProfile(XXPortalUser user, VXPortalUser userProfile) {
    userProfile.setId(user.getId());
    userProfile.setLoginId(user.getLoginId());
    userProfile.setFirstName(user.getFirstName());
    userProfile.setLastName(user.getLastName());
    userProfile.setPublicScreenName(user.getPublicScreenName());
    userProfile.setStatus(user.getStatus());
    userProfile.setUserRoleList(new ArrayList<String>());
    UserSessionBase sess = ContextUtil.getCurrentUserSession();
    String emailAddress = user.getEmailAddress();
    if (emailAddress != null && stringUtil.validateEmail(emailAddress)) {
        userProfile.setEmailAddress(user.getEmailAddress());
    }
    if (sess != null) {
        userProfile.setUserSource(sess.getAuthProvider());
    }
    List<XXPortalUserRole> gjUserRoleList = daoManager.getXXPortalUserRole().findByParentId(user.getId());
    for (XXPortalUserRole gjUserRole : gjUserRoleList) {
        userProfile.getUserRoleList().add(gjUserRole.getUserRole());
    }
}
Also used : XXPortalUserRole(org.apache.ranger.entity.XXPortalUserRole) UserSessionBase(org.apache.ranger.common.UserSessionBase)

Example 29 with UserSessionBase

use of org.apache.ranger.common.UserSessionBase in project ranger by apache.

the class ServiceDBStore method createService.

@Override
public RangerService createService(RangerService service) throws Exception {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> ServiceDBStore.createService(" + service + ")");
    }
    if (service == null) {
        throw restErrorUtil.createRESTException("Service object cannot be null.", MessageEnums.ERROR_CREATING_OBJECT);
    }
    boolean createDefaultPolicy = true;
    Map<String, String> configs = service.getConfigs();
    Map<String, String> validConfigs = validateRequiredConfigParams(service, configs);
    if (validConfigs == null) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ConfigParams cannot be null, ServiceDBStore.createService(" + service + ")");
        }
        throw restErrorUtil.createRESTException("ConfigParams cannot be null.", MessageEnums.ERROR_CREATING_OBJECT);
    }
    // While creating, value of version should be 1.
    service.setVersion(Long.valueOf(1));
    service.setTagVersion(Long.valueOf(1));
    if (populateExistingBaseFields) {
        svcServiceWithAssignedId.setPopulateExistingBaseFields(true);
        daoMgr.getXXService().setIdentityInsert(true);
        service = svcServiceWithAssignedId.create(service);
        daoMgr.getXXService().setIdentityInsert(false);
        daoMgr.getXXService().updateSequence();
        svcServiceWithAssignedId.setPopulateExistingBaseFields(false);
        createDefaultPolicy = false;
    } else {
        service = svcService.create(service);
    }
    XXService xCreatedService = daoMgr.getXXService().getById(service.getId());
    VXUser vXUser = null;
    XXServiceConfigMapDao xConfMapDao = daoMgr.getXXServiceConfigMap();
    for (Entry<String, String> configMap : validConfigs.entrySet()) {
        String configKey = configMap.getKey();
        String configValue = configMap.getValue();
        if (StringUtils.equalsIgnoreCase(configKey, "username")) {
            String userName = stringUtil.getValidUserName(configValue);
            XXUser xxUser = daoMgr.getXXUser().findByUserName(userName);
            if (xxUser != null) {
                vXUser = xUserService.populateViewBean(xxUser);
            } else {
                UserSessionBase usb = ContextUtil.getCurrentUserSession();
                if (usb != null && !usb.isUserAdmin() && !usb.isSpnegoEnabled()) {
                    throw restErrorUtil.createRESTException("User does not exist with given username: [" + userName + "] please use existing user", MessageEnums.OPER_NO_PERMISSION);
                }
                vXUser = xUserMgr.createServiceConfigUser(userName);
            }
        }
        if (StringUtils.equalsIgnoreCase(configKey, CONFIG_KEY_PASSWORD)) {
            String cryptConfigString = CRYPT_ALGO + "," + ENCRYPT_KEY + "," + SALT + "," + ITERATION_COUNT + "," + configValue;
            String encryptedPwd = PasswordUtils.encryptPassword(cryptConfigString);
            encryptedPwd = CRYPT_ALGO + "," + ENCRYPT_KEY + "," + SALT + "," + ITERATION_COUNT + "," + encryptedPwd;
            String decryptedPwd = PasswordUtils.decryptPassword(encryptedPwd);
            if (StringUtils.equals(decryptedPwd, configValue)) {
                configValue = encryptedPwd;
            }
        }
        XXServiceConfigMap xConfMap = new XXServiceConfigMap();
        xConfMap = rangerAuditFields.populateAuditFields(xConfMap, xCreatedService);
        xConfMap.setServiceId(xCreatedService.getId());
        xConfMap.setConfigkey(configKey);
        xConfMap.setConfigvalue(configValue);
        xConfMapDao.create(xConfMap);
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("vXUser:[" + vXUser + "]");
    }
    RangerService createdService = svcService.getPopulatedViewObject(xCreatedService);
    if (createdService == null) {
        throw restErrorUtil.createRESTException("Could not create service - Internal error ", MessageEnums.ERROR_CREATING_OBJECT);
    }
    dataHistService.createObjectDataHistory(createdService, RangerDataHistService.ACTION_CREATE);
    List<XXTrxLog> trxLogList = svcService.getTransactionLog(createdService, RangerServiceService.OPERATION_CREATE_CONTEXT);
    bizUtil.createTrxLog(trxLogList);
    if (createDefaultPolicy) {
        createDefaultPolicies(createdService);
    }
    return createdService;
}
Also used : XXUser(org.apache.ranger.entity.XXUser) VXString(org.apache.ranger.view.VXString) XXTrxLog(org.apache.ranger.entity.XXTrxLog) VXUser(org.apache.ranger.view.VXUser) XXServiceConfigMapDao(org.apache.ranger.db.XXServiceConfigMapDao) UserSessionBase(org.apache.ranger.common.UserSessionBase) XXServiceConfigMap(org.apache.ranger.entity.XXServiceConfigMap) RangerService(org.apache.ranger.plugin.model.RangerService) XXService(org.apache.ranger.entity.XXService)

Example 30 with UserSessionBase

use of org.apache.ranger.common.UserSessionBase in project ranger by apache.

the class SessionMgr method getSSOSpnegoAuthCheckForAPI.

private void getSSOSpnegoAuthCheckForAPI(String currentLoginId, HttpServletRequest request) {
    RangerSecurityContext context = RangerContextHolder.getSecurityContext();
    UserSessionBase session = context != null ? context.getUserSession() : null;
    boolean ssoEnabled = session != null ? session.isSSOEnabled() : PropertiesUtil.getBooleanProperty("ranger.sso.enabled", false);
    XXPortalUser gjUser = daoManager.getXXPortalUser().findByLoginId(currentLoginId);
    if (gjUser == null && ((request.getAttribute("spnegoEnabled") != null && (boolean) request.getAttribute("spnegoEnabled")) || (ssoEnabled))) {
        if (logger.isDebugEnabled()) {
            logger.debug("User : " + currentLoginId + " doesn't exist in Ranger DB So creating user as it's SSO or Spnego authenticated");
        }
        xUserMgr.createServiceConfigUser(currentLoginId);
    }
}
Also used : XXPortalUser(org.apache.ranger.entity.XXPortalUser) RangerSecurityContext(org.apache.ranger.security.context.RangerSecurityContext) UserSessionBase(org.apache.ranger.common.UserSessionBase)

Aggregations

UserSessionBase (org.apache.ranger.common.UserSessionBase)69 RangerSecurityContext (org.apache.ranger.security.context.RangerSecurityContext)24 XXPortalUser (org.apache.ranger.entity.XXPortalUser)11 VXString (org.apache.ranger.view.VXString)11 XXUser (org.apache.ranger.entity.XXUser)8 ArrayList (java.util.ArrayList)6 XXPortalUserRole (org.apache.ranger.entity.XXPortalUserRole)6 XXService (org.apache.ranger.entity.XXService)5 VXResponse (org.apache.ranger.view.VXResponse)4 Test (org.junit.Test)4 Authentication (org.springframework.security.core.Authentication)4 HashSet (java.util.HashSet)3 HttpSession (javax.servlet.http.HttpSession)3 XXGroupUser (org.apache.ranger.entity.XXGroupUser)3 XXResource (org.apache.ranger.entity.XXResource)3 EntityManager (javax.persistence.EntityManager)2 CriteriaBuilder (javax.persistence.criteria.CriteriaBuilder)2 Predicate (javax.persistence.criteria.Predicate)2 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 HttpServletResponse (javax.servlet.http.HttpServletResponse)2