Example 31 with UserSessionBase
use of org.apache.ranger.common.UserSessionBase in project ranger by apache.
the class SessionMgr method processSuccessLogin.
public UserSessionBase processSuccessLogin(int authType, String userAgent, HttpServletRequest httpRequest) {
boolean newSessionCreation = true;
UserSessionBase userSession = null;
RangerSecurityContext context = RangerContextHolder.getSecurityContext();
if (context != null) {
userSession = context.getUserSession();
}
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
WebAuthenticationDetails details = (WebAuthenticationDetails) authentication.getDetails();
String currentLoginId = authentication.getName();
if (userSession != null) {
if (validateUserSession(userSession, currentLoginId)) {
newSessionCreation = false;
}
}
if (newSessionCreation) {
getSSOSpnegoAuthCheckForAPI(currentLoginId, httpRequest);
// Need to build the UserSession
XXPortalUser gjUser = daoManager.getXXPortalUser().findByLoginId(currentLoginId);
if (gjUser == null) {
logger.error("Error getting user for loginId=" + currentLoginId, new Exception());
return null;
}
XXAuthSession gjAuthSession = new XXAuthSession();
gjAuthSession.setLoginId(currentLoginId);
gjAuthSession.setUserId(gjUser.getId());
gjAuthSession.setAuthTime(DateUtil.getUTCDate());
gjAuthSession.setAuthStatus(XXAuthSession.AUTH_STATUS_SUCCESS);
gjAuthSession.setAuthType(authType);
if (details != null) {
gjAuthSession.setExtSessionId(details.getSessionId());
gjAuthSession.setRequestIP(details.getRemoteAddress());
}
if (userAgent != null) {
gjAuthSession.setRequestUserAgent(userAgent);
}
gjAuthSession.setDeviceType(httpUtil.getDeviceType(userAgent));
HttpSession session = httpRequest.getSession();
if (session != null) {
if (session.getAttribute("auditLoginId") == null) {
synchronized (session) {
if (session.getAttribute("auditLoginId") == null) {
boolean isDownloadLogEnabled = PropertiesUtil.getBooleanProperty("ranger.downloadpolicy.session.log.enabled", false);
if (isDownloadLogEnabled) {
gjAuthSession = storeAuthSession(gjAuthSession);
session.setAttribute("auditLoginId", gjAuthSession.getId());
} else if (!StringUtils.isEmpty(httpRequest.getRequestURI()) && !(httpRequest.getRequestURI().contains("/secure/policies/download/") || httpRequest.getRequestURI().contains("/secure/download/"))) {
gjAuthSession = storeAuthSession(gjAuthSession);
session.setAttribute("auditLoginId", gjAuthSession.getId());
} else if (StringUtils.isEmpty(httpRequest.getRequestURI())) {
gjAuthSession = storeAuthSession(gjAuthSession);
session.setAttribute("auditLoginId", gjAuthSession.getId());
} else {
// NOPMD
// do not log the details for download policy and tag
}
}
}
}
}
userSession = new UserSessionBase();
userSession.setXXPortalUser(gjUser);
userSession.setXXAuthSession(gjAuthSession);
if (httpRequest.getAttribute("spnegoEnabled") != null && (boolean) httpRequest.getAttribute("spnegoEnabled")) {
userSession.setSpnegoEnabled(true);
}
resetUserSessionForProfiles(userSession);
resetUserModulePermission(userSession);
Calendar cal = Calendar.getInstance();
if (details != null) {
logger.info("Login Success: loginId=" + currentLoginId + ", sessionId=" + gjAuthSession.getId() + ", sessionId=" + details.getSessionId() + ", requestId=" + details.getRemoteAddress() + ", epoch=" + cal.getTimeInMillis());
} else {
logger.info("Login Success: loginId=" + currentLoginId + ", sessionId=" + gjAuthSession.getId() + ", details is null" + ", epoch=" + cal.getTimeInMillis());
}
}
return userSession;
}
Also used :
XXPortalUser(org.apache.ranger.entity.XXPortalUser)
RangerSecurityContext(org.apache.ranger.security.context.RangerSecurityContext)
Authentication(org.springframework.security.core.Authentication)
WebAuthenticationDetails(org.springframework.security.web.authentication.WebAuthenticationDetails)
HttpSession(javax.servlet.http.HttpSession)
Calendar(java.util.Calendar)
XXAuthSession(org.apache.ranger.entity.XXAuthSession)
UserSessionBase(org.apache.ranger.common.UserSessionBase)
Example 32 with UserSessionBase
use of org.apache.ranger.common.UserSessionBase in project ranger by apache.
the class SessionMgr method resetUserModulePermission.
public void resetUserModulePermission(UserSessionBase userSession) {
XXUser xUser = daoManager.getXXUser().findByUserName(userSession.getLoginId());
if (xUser != null) {
List<String> permissionList = daoManager.getXXModuleDef().findAccessibleModulesByUserId(userSession.getUserId(), xUser.getId());
CopyOnWriteArraySet<String> userPermissions = new CopyOnWriteArraySet<String>(permissionList);
UserSessionBase.RangerUserPermission rangerUserPermission = userSession.getRangerUserPermission();
if (rangerUserPermission == null) {
rangerUserPermission = new UserSessionBase.RangerUserPermission();
}
rangerUserPermission.setUserPermissions(userPermissions);
rangerUserPermission.setLastUpdatedTime(Calendar.getInstance().getTimeInMillis());
userSession.setRangerUserPermission(rangerUserPermission);
logger.info("UserSession Updated to set new Permissions to User: " + userSession.getLoginId());
} else {
logger.error("No XUser found with username: " + userSession.getLoginId() + "So Permission is not set for the user");
}
}
Also used :
XXUser(org.apache.ranger.entity.XXUser)
CopyOnWriteArraySet(java.util.concurrent.CopyOnWriteArraySet)
UserSessionBase(org.apache.ranger.common.UserSessionBase)
Example 33 with UserSessionBase
use of org.apache.ranger.common.UserSessionBase in project ranger by apache.
the class UserMgr method checkAccessForUpdate.
public void checkAccessForUpdate(XXPortalUser gjUser) {
if (gjUser == null) {
throw restErrorUtil.create403RESTException("serverMsg.userMgrWrongUser");
}
UserSessionBase sess = ContextUtil.getCurrentUserSession();
if (sess != null) {
// Admin
if (sess.isUserAdmin()) {
return;
}
// Self
if (sess.getXXPortalUser().getId().equals(gjUser.getId())) {
return;
}
}
VXResponse vXResponse = new VXResponse();
vXResponse.setStatusCode(HttpServletResponse.SC_FORBIDDEN);
vXResponse.setMsgDesc("User " + " access denied. loggedInUser=" + (sess != null ? sess.getXXPortalUser().getId() : "Not Logged In") + ", accessing user=" + gjUser.getId());
throw restErrorUtil.generateRESTException(vXResponse);
}
Also used :
VXResponse(org.apache.ranger.view.VXResponse)
UserSessionBase(org.apache.ranger.common.UserSessionBase)
Example 34 with UserSessionBase
use of org.apache.ranger.common.UserSessionBase in project ranger by apache.
the class UserMgr method addUserRole.
public XXPortalUserRole addUserRole(Long userId, String userRole) {
rangerBizUtil.blockAuditorRoleUser();
List<XXPortalUserRole> roleList = daoManager.getXXPortalUserRole().findByUserId(userId);
boolean publicRole = false;
for (String publicRoleStr : publicRoles) {
if (publicRoleStr.equalsIgnoreCase(userRole)) {
publicRole = true;
break;
}
}
if (!publicRole) {
UserSessionBase sess = ContextUtil.getCurrentUserSession();
if (sess == null) {
return null;
}
// Admin
if (!sess.isUserAdmin() && !sess.isKeyAdmin()) {
logger.error("SECURITY WARNING: User trying to add non public role. userId=" + userId + ", role=" + userRole + ", session=" + sess.toString(), new Throwable());
return null;
}
}
for (XXPortalUserRole gjUserRole : roleList) {
if (userRole.equalsIgnoreCase(gjUserRole.getUserRole())) {
return gjUserRole;
}
}
XXPortalUserRole userRoleObj = new XXPortalUserRole();
if (!VALID_ROLE_LIST.contains(userRole.toUpperCase())) {
throw restErrorUtil.createRESTException("Invalid user role, please provide valid user role.", MessageEnums.INVALID_INPUT_DATA);
}
userRoleObj.setUserRole(userRole.toUpperCase());
userRoleObj.setUserId(userId);
userRoleObj.setStatus(RangerConstants.STATUS_ENABLED);
daoManager.getXXPortalUserRole().create(userRoleObj);
// If role is not OTHER, then remove OTHER
if (!RangerConstants.ROLE_OTHER.equalsIgnoreCase(userRole)) {
deleteUserRole(userId, RangerConstants.ROLE_OTHER);
}
sessionMgr.resetUserSessionForProfiles(ContextUtil.getCurrentUserSession());
return null;
}
Also used :
XXPortalUserRole(org.apache.ranger.entity.XXPortalUserRole)
VXString(org.apache.ranger.view.VXString)
UserSessionBase(org.apache.ranger.common.UserSessionBase)
Example 35 with UserSessionBase
use of org.apache.ranger.common.UserSessionBase in project ranger by apache.
the class UserMgr method gjUserToUserProfile.
private void gjUserToUserProfile(XXPortalUser user, VXPortalUser userProfile) {
UserSessionBase sess = ContextUtil.getCurrentUserSession();
if (sess == null) {
return;
}
// Admin
if (sess.isUserAdmin() || sess.isKeyAdmin() || sess.getXXPortalUser().getId().equals(user.getId())) {
userProfile.setLoginId(user.getLoginId());
userProfile.setStatus(user.getStatus());
userProfile.setUserRoleList(new ArrayList<String>());
String emailAddress = user.getEmailAddress();
if (emailAddress != null && stringUtil.validateEmail(emailAddress)) {
userProfile.setEmailAddress(user.getEmailAddress());
}
userProfile.setUserSource(sess.getAuthProvider());
List<XXPortalUserRole> gjUserRoleList = daoManager.getXXPortalUserRole().findByParentId(user.getId());
for (XXPortalUserRole gjUserRole : gjUserRoleList) {
userProfile.getUserRoleList().add(gjUserRole.getUserRole());
}
userProfile.setId(user.getId());
List<XXUserPermission> xUserPermissions = daoManager.getXXUserPermission().findByUserPermissionIdAndIsAllowed(userProfile.getId());
List<XXGroupPermission> xxGroupPermissions = daoManager.getXXGroupPermission().findbyVXPortalUserId(userProfile.getId());
List<VXGroupPermission> groupPermissions = new ArrayList<VXGroupPermission>();
List<VXUserPermission> vxUserPermissions = new ArrayList<VXUserPermission>();
for (XXGroupPermission xxGroupPermission : xxGroupPermissions) {
VXGroupPermission groupPermission = xGroupPermissionService.populateViewBean(xxGroupPermission);
groupPermission.setModuleName(daoManager.getXXModuleDef().findByModuleId(groupPermission.getModuleId()).getModule());
groupPermissions.add(groupPermission);
}
for (XXUserPermission xUserPermission : xUserPermissions) {
VXUserPermission vXUserPermission = xUserPermissionService.populateViewBean(xUserPermission);
vXUserPermission.setModuleName(daoManager.getXXModuleDef().findByModuleId(vXUserPermission.getModuleId()).getModule());
vxUserPermissions.add(vXUserPermission);
}
userProfile.setGroupPermissions(groupPermissions);
userProfile.setUserPermList(vxUserPermissions);
userProfile.setFirstName(user.getFirstName());
userProfile.setLastName(user.getLastName());
userProfile.setPublicScreenName(user.getPublicScreenName());
}
}
Also used :
XXGroupPermission(org.apache.ranger.entity.XXGroupPermission)
ArrayList(java.util.ArrayList)
VXString(org.apache.ranger.view.VXString)
XXUserPermission(org.apache.ranger.entity.XXUserPermission)
VXUserPermission(org.apache.ranger.view.VXUserPermission)
UserSessionBase(org.apache.ranger.common.UserSessionBase)
VXGroupPermission(org.apache.ranger.view.VXGroupPermission)
XXPortalUserRole(org.apache.ranger.entity.XXPortalUserRole)
Aggregations
UserSessionBase (org.apache.ranger.common.UserSessionBase)69
RangerSecurityContext (org.apache.ranger.security.context.RangerSecurityContext)24
XXPortalUser (org.apache.ranger.entity.XXPortalUser)11
VXString (org.apache.ranger.view.VXString)11
XXUser (org.apache.ranger.entity.XXUser)8
ArrayList (java.util.ArrayList)6
XXPortalUserRole (org.apache.ranger.entity.XXPortalUserRole)6
XXService (org.apache.ranger.entity.XXService)5
VXResponse (org.apache.ranger.view.VXResponse)4
Test (org.junit.Test)4
Authentication (org.springframework.security.core.Authentication)4
HashSet (java.util.HashSet)3
HttpSession (javax.servlet.http.HttpSession)3
XXGroupUser (org.apache.ranger.entity.XXGroupUser)3
XXResource (org.apache.ranger.entity.XXResource)3
EntityManager (javax.persistence.EntityManager)2
CriteriaBuilder (javax.persistence.criteria.CriteriaBuilder)2
Predicate (javax.persistence.criteria.Predicate)2
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
