Search in sources :

Example 1 with XXAuthSession

use of org.apache.ranger.entity.XXAuthSession in project ranger by apache.

the class SessionMgr method processStandaloneSuccessLogin.

// non-WEB processing
public UserSessionBase processStandaloneSuccessLogin(int authType, String ipAddress) {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    String currentLoginId = authentication.getName();
    // Need to build the UserSession
    XXPortalUser gjUser = daoManager.getXXPortalUser().findByLoginId(currentLoginId);
    if (gjUser == null) {
        logger.error("Error getting user for loginId=" + currentLoginId, new Exception());
        return null;
    }
    XXAuthSession gjAuthSession = new XXAuthSession();
    gjAuthSession.setLoginId(currentLoginId);
    gjAuthSession.setUserId(gjUser.getId());
    gjAuthSession.setAuthTime(DateUtil.getUTCDate());
    gjAuthSession.setAuthStatus(XXAuthSession.AUTH_STATUS_SUCCESS);
    gjAuthSession.setAuthType(authType);
    gjAuthSession.setDeviceType(RangerCommonEnums.DEVICE_UNKNOWN);
    gjAuthSession.setExtSessionId(null);
    gjAuthSession.setRequestIP(ipAddress);
    gjAuthSession.setRequestUserAgent(null);
    gjAuthSession = storeAuthSession(gjAuthSession);
    UserSessionBase userSession = new UserSessionBase();
    userSession.setXXPortalUser(gjUser);
    userSession.setXXAuthSession(gjAuthSession);
    // create context with user-session and set in thread-local
    RangerSecurityContext context = new RangerSecurityContext();
    context.setUserSession(userSession);
    RangerContextHolder.setSecurityContext(context);
    resetUserSessionForProfiles(userSession);
    resetUserModulePermission(userSession);
    return userSession;
}
Also used : XXPortalUser(org.apache.ranger.entity.XXPortalUser) RangerSecurityContext(org.apache.ranger.security.context.RangerSecurityContext) Authentication(org.springframework.security.core.Authentication) XXAuthSession(org.apache.ranger.entity.XXAuthSession) UserSessionBase(org.apache.ranger.common.UserSessionBase)

Example 2 with XXAuthSession

use of org.apache.ranger.entity.XXAuthSession in project ranger by apache.

the class SessionMgr method processFailureLogin.

public XXAuthSession processFailureLogin(int authStatus, int authType, String loginId, String remoteAddr, String sessionId) {
    XXAuthSession gjAuthSession = new XXAuthSession();
    gjAuthSession.setLoginId(loginId);
    gjAuthSession.setUserId(null);
    gjAuthSession.setAuthTime(DateUtil.getUTCDate());
    gjAuthSession.setAuthStatus(authStatus);
    gjAuthSession.setAuthType(authType);
    gjAuthSession.setDeviceType(RangerCommonEnums.DEVICE_UNKNOWN);
    gjAuthSession.setExtSessionId(sessionId);
    gjAuthSession.setRequestIP(remoteAddr);
    gjAuthSession.setRequestUserAgent(null);
    gjAuthSession = storeAuthSession(gjAuthSession);
    return gjAuthSession;
}
Also used : XXAuthSession(org.apache.ranger.entity.XXAuthSession)

Example 3 with XXAuthSession

use of org.apache.ranger.entity.XXAuthSession in project ranger by apache.

the class SessionMgr method getAuthSessionBySessionId.

public VXAuthSession getAuthSessionBySessionId(String authSessionId) {
    if (stringUtil.isEmpty(authSessionId)) {
        throw restErrorUtil.createRESTException("Please provide the auth session id.", MessageEnums.INVALID_INPUT_DATA);
    }
    XXAuthSession xXAuthSession = daoManager.getXXAuthSession().getAuthSessionBySessionId(authSessionId);
    if (xXAuthSession == null) {
        throw restErrorUtil.createRESTException("Please provide a valid " + "session id.", MessageEnums.INVALID_INPUT_DATA);
    }
    VXAuthSession vXAuthSession = authSessionService.populateViewBean(xXAuthSession);
    return vXAuthSession;
}
Also used : VXAuthSession(org.apache.ranger.view.VXAuthSession) XXAuthSession(org.apache.ranger.entity.XXAuthSession)

Example 4 with XXAuthSession

use of org.apache.ranger.entity.XXAuthSession in project ranger by apache.

the class XUserMgr method deleteXUser.

public synchronized void deleteXUser(Long id, boolean force) {
    checkAdminAccess();
    xaBizUtil.blockAuditorRoleUser();
    XXUserDao xXUserDao = daoManager.getXXUser();
    XXUser xXUser = xXUserDao.getById(id);
    VXUser vXUser = xUserService.populateViewBean(xXUser);
    if (vXUser == null || StringUtil.isEmpty(vXUser.getName())) {
        throw restErrorUtil.createRESTException("No user found with id=" + id);
    }
    XXPortalUserDao xXPortalUserDao = daoManager.getXXPortalUser();
    XXPortalUser xXPortalUser = xXPortalUserDao.findByLoginId(vXUser.getName().trim());
    VXPortalUser vXPortalUser = null;
    if (xXPortalUser != null) {
        vXPortalUser = xPortalUserService.populateViewBean(xXPortalUser);
    }
    if (vXPortalUser == null || StringUtil.isEmpty(vXPortalUser.getLoginId())) {
        throw restErrorUtil.createRESTException("No user found with id=" + id);
    }
    if (logger.isDebugEnabled()) {
        logger.debug("Force delete status=" + force + " for user=" + vXUser.getName());
    }
    restrictSelfAccountDeletion(vXUser.getName().trim());
    SearchCriteria searchCriteria = new SearchCriteria();
    searchCriteria.addParam("xUserId", id);
    VXGroupUserList vxGroupUserList = searchXGroupUsers(searchCriteria);
    searchCriteria = new SearchCriteria();
    searchCriteria.addParam("userId", id);
    VXPermMapList vXPermMapList = searchXPermMaps(searchCriteria);
    searchCriteria = new SearchCriteria();
    searchCriteria.addParam("userId", id);
    VXAuditMapList vXAuditMapList = searchXAuditMaps(searchCriteria);
    long xXPortalUserId = 0;
    xXPortalUserId = vXPortalUser.getId();
    XXAuthSessionDao xXAuthSessionDao = daoManager.getXXAuthSession();
    XXUserPermissionDao xXUserPermissionDao = daoManager.getXXUserPermission();
    XXPortalUserRoleDao xXPortalUserRoleDao = daoManager.getXXPortalUserRole();
    List<XXAuthSession> xXAuthSessions = xXAuthSessionDao.getAuthSessionByUserId(xXPortalUserId);
    List<XXUserPermission> xXUserPermissions = xXUserPermissionDao.findByUserPermissionId(xXPortalUserId);
    List<XXPortalUserRole> xXPortalUserRoles = xXPortalUserRoleDao.findByUserId(xXPortalUserId);
    XXPolicyDao xXPolicyDao = daoManager.getXXPolicy();
    List<XXPolicy> xXPolicyList = xXPolicyDao.findByUserId(id);
    logger.warn("Deleting User : " + vXUser.getName());
    if (force) {
        // delete XXGroupUser mapping
        XXGroupUserDao xGroupUserDao = daoManager.getXXGroupUser();
        for (VXGroupUser groupUser : vxGroupUserList.getList()) {
            if (groupUser != null) {
                logger.warn("Removing user '" + vXUser.getName() + "' from group '" + groupUser.getName() + "'");
                xGroupUserDao.remove(groupUser.getId());
            }
        }
        // delete XXPermMap records of user
        XXPermMapDao xXPermMapDao = daoManager.getXXPermMap();
        for (VXPermMap vXPermMap : vXPermMapList.getList()) {
            if (vXPermMap != null) {
                logger.warn("Deleting '" + AppConstants.getLabelFor_XAPermType(vXPermMap.getPermType()) + "' permission from policy ID='" + vXPermMap.getResourceId() + "' for user '" + vXPermMap.getUserName() + "'");
                xXPermMapDao.remove(vXPermMap.getId());
            }
        }
        // delete XXAuditMap records of user
        XXAuditMapDao xXAuditMapDao = daoManager.getXXAuditMap();
        for (VXAuditMap vXAuditMap : vXAuditMapList.getList()) {
            if (vXAuditMap != null) {
                xXAuditMapDao.remove(vXAuditMap.getId());
            }
        }
        // delete XXPortalUser references
        if (vXPortalUser != null) {
            xPortalUserService.updateXXPortalUserReferences(xXPortalUserId);
            if (xXAuthSessions != null && xXAuthSessions.size() > 0) {
                logger.warn("Deleting " + xXAuthSessions.size() + " login session records for user '" + vXPortalUser.getLoginId() + "'");
            }
            for (XXAuthSession xXAuthSession : xXAuthSessions) {
                xXAuthSessionDao.remove(xXAuthSession.getId());
            }
            for (XXUserPermission xXUserPermission : xXUserPermissions) {
                if (xXUserPermission != null) {
                    XXModuleDef xXModuleDef = daoManager.getXXModuleDef().findByModuleId(xXUserPermission.getModuleId());
                    if (xXModuleDef != null) {
                        logger.warn("Deleting '" + xXModuleDef.getModule() + "' module permission for user '" + vXPortalUser.getLoginId() + "'");
                    }
                    xXUserPermissionDao.remove(xXUserPermission.getId());
                }
            }
            for (XXPortalUserRole xXPortalUserRole : xXPortalUserRoles) {
                if (xXPortalUserRole != null) {
                    logger.warn("Deleting '" + xXPortalUserRole.getUserRole() + "' role for user '" + vXPortalUser.getLoginId() + "'");
                    xXPortalUserRoleDao.remove(xXPortalUserRole.getId());
                }
            }
        }
        // delete XXPolicyItemUserPerm records of user
        for (XXPolicy xXPolicy : xXPolicyList) {
            RangerPolicy rangerPolicy = policyService.getPopulatedViewObject(xXPolicy);
            List<RangerPolicyItem> policyItems = rangerPolicy.getPolicyItems();
            removeUserGroupReferences(policyItems, vXUser.getName(), null);
            rangerPolicy.setPolicyItems(policyItems);
            List<RangerPolicyItem> denyPolicyItems = rangerPolicy.getDenyPolicyItems();
            removeUserGroupReferences(denyPolicyItems, vXUser.getName(), null);
            rangerPolicy.setDenyPolicyItems(denyPolicyItems);
            List<RangerPolicyItem> allowExceptions = rangerPolicy.getAllowExceptions();
            removeUserGroupReferences(allowExceptions, vXUser.getName(), null);
            rangerPolicy.setAllowExceptions(allowExceptions);
            List<RangerPolicyItem> denyExceptions = rangerPolicy.getDenyExceptions();
            removeUserGroupReferences(denyExceptions, vXUser.getName(), null);
            rangerPolicy.setDenyExceptions(denyExceptions);
            List<RangerDataMaskPolicyItem> dataMaskItems = rangerPolicy.getDataMaskPolicyItems();
            removeUserGroupReferences(dataMaskItems, vXUser.getName(), null);
            rangerPolicy.setDataMaskPolicyItems(dataMaskItems);
            List<RangerRowFilterPolicyItem> rowFilterItems = rangerPolicy.getRowFilterPolicyItems();
            removeUserGroupReferences(rowFilterItems, vXUser.getName(), null);
            rangerPolicy.setRowFilterPolicyItems(rowFilterItems);
            try {
                svcStore.updatePolicy(rangerPolicy);
            } catch (Throwable excp) {
                logger.error("updatePolicy(" + rangerPolicy + ") failed", excp);
                throw restErrorUtil.createRESTException(excp.getMessage());
            }
        }
        // delete XXUser entry of user
        xXUserDao.remove(id);
        // delete XXPortal entry of user
        logger.warn("Deleting Portal User : " + vXPortalUser.getLoginId());
        xXPortalUserDao.remove(xXPortalUserId);
        List<XXTrxLog> trxLogList = xUserService.getTransactionLog(xUserService.populateViewBean(xXUser), "delete");
        xaBizUtil.createTrxLog(trxLogList);
        if (xXPortalUser != null) {
            trxLogList = xPortalUserService.getTransactionLog(xPortalUserService.populateViewBean(xXPortalUser), "delete");
            xaBizUtil.createTrxLog(trxLogList);
        }
    } else {
        boolean hasReferences = false;
        if (vxGroupUserList != null && vxGroupUserList.getListSize() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && xXPolicyList != null && xXPolicyList.size() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && vXPermMapList != null && vXPermMapList.getListSize() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && vXAuditMapList != null && vXAuditMapList.getListSize() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && xXAuthSessions != null && xXAuthSessions.size() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && xXUserPermissions != null && xXUserPermissions.size() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && xXPortalUserRoles != null && xXPortalUserRoles.size() > 0) {
            hasReferences = true;
        }
        if (hasReferences) {
            if (vXUser.getIsVisible() != RangerCommonEnums.IS_HIDDEN) {
                logger.info("Updating visibility of user '" + vXUser.getName() + "' to Hidden!");
                vXUser.setIsVisible(RangerCommonEnums.IS_HIDDEN);
                xUserService.updateResource(vXUser);
            }
        } else {
            xPortalUserService.updateXXPortalUserReferences(xXPortalUserId);
            // delete XXUser entry of user
            xXUserDao.remove(id);
            // delete XXPortal entry of user
            logger.warn("Deleting Portal User : " + vXPortalUser.getLoginId());
            xXPortalUserDao.remove(xXPortalUserId);
            List<XXTrxLog> trxLogList = xUserService.getTransactionLog(xUserService.populateViewBean(xXUser), "delete");
            xaBizUtil.createTrxLog(trxLogList);
            trxLogList = xPortalUserService.getTransactionLog(xPortalUserService.populateViewBean(xXPortalUser), "delete");
            xaBizUtil.createTrxLog(trxLogList);
        }
    }
}
Also used : XXUser(org.apache.ranger.entity.XXUser) XXUserDao(org.apache.ranger.db.XXUserDao) XXPolicy(org.apache.ranger.entity.XXPolicy) XXAuthSessionDao(org.apache.ranger.db.XXAuthSessionDao) XXPortalUserRoleDao(org.apache.ranger.db.XXPortalUserRoleDao) XXGroupUserDao(org.apache.ranger.db.XXGroupUserDao) XXModuleDef(org.apache.ranger.entity.XXModuleDef) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) XXPermMapDao(org.apache.ranger.db.XXPermMapDao) XXPortalUserRole(org.apache.ranger.entity.XXPortalUserRole) XXUserPermissionDao(org.apache.ranger.db.XXUserPermissionDao) XXAuditMapDao(org.apache.ranger.db.XXAuditMapDao) RangerRowFilterPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem) XXTrxLog(org.apache.ranger.entity.XXTrxLog) XXAuthSession(org.apache.ranger.entity.XXAuthSession) XXUserPermission(org.apache.ranger.entity.XXUserPermission) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) SearchCriteria(org.apache.ranger.common.SearchCriteria) XXPortalUser(org.apache.ranger.entity.XXPortalUser) RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem) XXPortalUserDao(org.apache.ranger.db.XXPortalUserDao) XXPolicyDao(org.apache.ranger.db.XXPolicyDao)

Example 5 with XXAuthSession

use of org.apache.ranger.entity.XXAuthSession in project ranger by apache.

the class AuthSessionService method search.

/**
 * @param searchCriteria
 * @return
 */
public VXAuthSessionList search(SearchCriteria searchCriteria) {
    VXAuthSessionList returnList = new VXAuthSessionList();
    List<VXAuthSession> viewList = new ArrayList<VXAuthSession>();
    List<XXAuthSession> resultList = searchResources(searchCriteria, AUTH_SESSION_SEARCH_FLDS, AUTH_SESSION_SORT_FLDS, returnList);
    // Iterate over the result list and create the return list
    for (XXAuthSession gjObj : resultList) {
        VXAuthSession viewObj = populateViewBean(gjObj);
        viewList.add(viewObj);
    }
    returnList.setVXAuthSessions(viewList);
    return returnList;
}
Also used : VXAuthSession(org.apache.ranger.view.VXAuthSession) ArrayList(java.util.ArrayList) VXAuthSessionList(org.apache.ranger.view.VXAuthSessionList) XXAuthSession(org.apache.ranger.entity.XXAuthSession)

Aggregations

XXAuthSession (org.apache.ranger.entity.XXAuthSession)7 XXPortalUser (org.apache.ranger.entity.XXPortalUser)4 ArrayList (java.util.ArrayList)2 UserSessionBase (org.apache.ranger.common.UserSessionBase)2 XXAuditMapDao (org.apache.ranger.db.XXAuditMapDao)2 XXAuthSessionDao (org.apache.ranger.db.XXAuthSessionDao)2 XXGroupUserDao (org.apache.ranger.db.XXGroupUserDao)2 XXPermMapDao (org.apache.ranger.db.XXPermMapDao)2 XXPolicyDao (org.apache.ranger.db.XXPolicyDao)2 XXPortalUserDao (org.apache.ranger.db.XXPortalUserDao)2 XXPortalUserRoleDao (org.apache.ranger.db.XXPortalUserRoleDao)2 XXUserDao (org.apache.ranger.db.XXUserDao)2 XXUserPermissionDao (org.apache.ranger.db.XXUserPermissionDao)2 XXPolicy (org.apache.ranger.entity.XXPolicy)2 XXPortalUserRole (org.apache.ranger.entity.XXPortalUserRole)2 XXUser (org.apache.ranger.entity.XXUser)2 XXUserPermission (org.apache.ranger.entity.XXUserPermission)2 RangerSecurityContext (org.apache.ranger.security.context.RangerSecurityContext)2 VXAuthSession (org.apache.ranger.view.VXAuthSession)2 Authentication (org.springframework.security.core.Authentication)2