Example 36 with UserSessionBase
use of org.apache.ranger.common.UserSessionBase in project ranger by apache.
the class XAuditMgr method checkAdminAccess.
public void checkAdminAccess() {
UserSessionBase session = ContextUtil.getCurrentUserSession();
if (session != null) {
if (!session.isUserAdmin()) {
throw restErrorUtil.create403RESTException("Operation" + " denied. LoggedInUser=" + session.getXXPortalUser().getId() + " ,isn't permitted to perform the action.");
}
} else {
VXResponse vXResponse = new VXResponse();
vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
vXResponse.setMsgDesc("Bad Credentials");
throw restErrorUtil.generateRESTException(vXResponse);
}
}
Also used :
VXResponse(org.apache.ranger.view.VXResponse)
UserSessionBase(org.apache.ranger.common.UserSessionBase)
Example 37 with UserSessionBase
use of org.apache.ranger.common.UserSessionBase in project ranger by apache.
the class XUserMgr method searchXAuditMaps.
public VXAuditMapList searchXAuditMaps(SearchCriteria searchCriteria) {
VXAuditMapList returnList;
UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
// If user is system admin
if (currentUserSession != null && currentUserSession.isUserAdmin()) {
returnList = super.searchXAuditMaps(searchCriteria);
} else {
returnList = new VXAuditMapList();
int startIndex = searchCriteria.getStartIndex();
int pageSize = searchCriteria.getMaxRows();
searchCriteria.setStartIndex(0);
searchCriteria.setMaxRows(Integer.MAX_VALUE);
List<VXAuditMap> resultList = xAuditMapService.searchXAuditMaps(searchCriteria).getVXAuditMaps();
List<VXAuditMap> adminAuditResourceList = new ArrayList<VXAuditMap>();
for (VXAuditMap xXAuditMap : resultList) {
XXResource xRes = daoManager.getXXResource().getById(xXAuditMap.getResourceId());
VXResponse vXResponse = msBizUtil.hasPermission(xResourceService.populateViewBean(xRes), AppConstants.XA_PERM_TYPE_ADMIN);
if (vXResponse.getStatusCode() == VXResponse.STATUS_SUCCESS) {
adminAuditResourceList.add(xXAuditMap);
}
}
if (adminAuditResourceList.size() > 0) {
populatePageList(adminAuditResourceList, startIndex, pageSize, returnList);
}
}
return returnList;
}
Also used :
XXResource(org.apache.ranger.entity.XXResource)
ArrayList(java.util.ArrayList)
UserSessionBase(org.apache.ranger.common.UserSessionBase)
Example 38 with UserSessionBase
use of org.apache.ranger.common.UserSessionBase in project ranger by apache.
the class XUserMgr method createXGroupPermission.
// Group permission
public VXGroupPermission createXGroupPermission(VXGroupPermission vXGroupPermission) {
vXGroupPermission = xGroupPermissionService.createResource(vXGroupPermission);
List<XXGroupUser> grpUsers = daoManager.getXXGroupUser().findByGroupId(vXGroupPermission.getGroupId());
for (XXGroupUser xGrpUser : grpUsers) {
Set<UserSessionBase> userSessions = sessionMgr.getActiveUserSessionsForXUserId(xGrpUser.getUserId());
if (!CollectionUtils.isEmpty(userSessions)) {
for (UserSessionBase userSession : userSessions) {
logger.info("Assigning permission to group, one of the user belongs to that group found logged in into system, so updating permission in session of that user");
sessionMgr.resetUserModulePermission(userSession);
}
}
}
return vXGroupPermission;
}
Also used :
XXGroupUser(org.apache.ranger.entity.XXGroupUser)
UserSessionBase(org.apache.ranger.common.UserSessionBase)
Example 39 with UserSessionBase
use of org.apache.ranger.common.UserSessionBase in project ranger by apache.
the class XUserMgr method restrictSelfAccountDeletion.
public void restrictSelfAccountDeletion(String loginID) {
UserSessionBase session = ContextUtil.getCurrentUserSession();
if (session != null) {
if (!session.isUserAdmin()) {
throw restErrorUtil.create403RESTException("Operation denied. LoggedInUser= " + session.getXXPortalUser().getLoginId() + " isn't permitted to perform the action.");
} else {
if (!StringUtil.isEmpty(loginID) && loginID.equals(session.getLoginId())) {
throw restErrorUtil.create403RESTException("Operation denied. LoggedInUser= " + session.getXXPortalUser().getLoginId() + " isn't permitted to delete his own profile.");
}
}
} else {
VXResponse vXResponse = new VXResponse();
vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
vXResponse.setMsgDesc("Bad Credentials");
throw restErrorUtil.generateRESTException(vXResponse);
}
}
Also used :
UserSessionBase(org.apache.ranger.common.UserSessionBase)
Example 40 with UserSessionBase
use of org.apache.ranger.common.UserSessionBase in project ranger by apache.
the class XUserMgr method checkAccessRoles.
public void checkAccessRoles(List<String> stringRolesList) {
UserSessionBase session = ContextUtil.getCurrentUserSession();
if (session != null && stringRolesList != null) {
if (!session.isUserAdmin() && !session.isKeyAdmin()) {
throw restErrorUtil.create403RESTException("Permission" + " denied. LoggedInUser=" + (session != null ? session.getXXPortalUser().getId() : "Not Logged In") + " ,isn't permitted to perform the action.");
} else {
if (!"rangerusersync".equals(session.getXXPortalUser().getLoginId())) {
// new logic for rangerusersync user
if (session.isUserAdmin() && stringRolesList.contains(RangerConstants.ROLE_KEY_ADMIN)) {
throw restErrorUtil.create403RESTException("Permission" + " denied. LoggedInUser=" + (session != null ? session.getXXPortalUser().getId() : "") + " isn't permitted to perform the action.");
}
if (session.isKeyAdmin() && stringRolesList.contains(RangerConstants.ROLE_SYS_ADMIN)) {
throw restErrorUtil.create403RESTException("Permission" + " denied. LoggedInUser=" + (session != null ? session.getXXPortalUser().getId() : "") + " isn't permitted to perform the action.");
}
} else {
logger.info("LoggedInUser=" + (session != null ? session.getXXPortalUser().getId() : "") + " is permitted to perform the action.");
}
}
} else {
VXResponse vXResponse = new VXResponse();
vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
vXResponse.setMsgDesc("Bad Credentials");
throw restErrorUtil.generateRESTException(vXResponse);
}
}
Also used :
UserSessionBase(org.apache.ranger.common.UserSessionBase)
Aggregations
UserSessionBase (org.apache.ranger.common.UserSessionBase)69
RangerSecurityContext (org.apache.ranger.security.context.RangerSecurityContext)24
XXPortalUser (org.apache.ranger.entity.XXPortalUser)11
VXString (org.apache.ranger.view.VXString)11
XXUser (org.apache.ranger.entity.XXUser)8
ArrayList (java.util.ArrayList)6
XXPortalUserRole (org.apache.ranger.entity.XXPortalUserRole)6
XXService (org.apache.ranger.entity.XXService)5
VXResponse (org.apache.ranger.view.VXResponse)4
Test (org.junit.Test)4
Authentication (org.springframework.security.core.Authentication)4
HashSet (java.util.HashSet)3
HttpSession (javax.servlet.http.HttpSession)3
XXGroupUser (org.apache.ranger.entity.XXGroupUser)3
XXResource (org.apache.ranger.entity.XXResource)3
EntityManager (javax.persistence.EntityManager)2
CriteriaBuilder (javax.persistence.criteria.CriteriaBuilder)2
Predicate (javax.persistence.criteria.Predicate)2
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
