Search in sources :

Example 11 with RangerSecurityContext

use of org.apache.ranger.security.context.RangerSecurityContext in project ranger by apache.

the class TestUserMgr method setupKeyAdmin.

public void setupKeyAdmin() {
    RangerSecurityContext context = new RangerSecurityContext();
    context.setUserSession(new UserSessionBase());
    RangerContextHolder.setSecurityContext(context);
    UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
    XXPortalUser userKeyAdmin = new XXPortalUser();
    userKeyAdmin.setId(userProfile().getId());
    userKeyAdmin.setLoginId(userProfile().getLoginId());
    currentUserSession.setXXPortalUser(userKeyAdmin);
    currentUserSession.setKeyAdmin(true);
}
Also used : XXPortalUser(org.apache.ranger.entity.XXPortalUser) RangerSecurityContext(org.apache.ranger.security.context.RangerSecurityContext) UserSessionBase(org.apache.ranger.common.UserSessionBase)

Example 12 with RangerSecurityContext

use of org.apache.ranger.security.context.RangerSecurityContext in project ranger by apache.

the class TestUserMgr method setupUser.

public void setupUser() {
    RangerSecurityContext context = new RangerSecurityContext();
    context.setUserSession(new UserSessionBase());
    RangerContextHolder.setSecurityContext(context);
    UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
    XXPortalUser user = new XXPortalUser();
    user.setId(userProfile().getId());
    user.setLoginId(userProfile().getLoginId());
    currentUserSession.setXXPortalUser(user);
}
Also used : XXPortalUser(org.apache.ranger.entity.XXPortalUser) RangerSecurityContext(org.apache.ranger.security.context.RangerSecurityContext) UserSessionBase(org.apache.ranger.common.UserSessionBase)

Example 13 with RangerSecurityContext

use of org.apache.ranger.security.context.RangerSecurityContext in project ranger by apache.

the class SessionMgr method getSSOSpnegoAuthCheckForAPI.

private void getSSOSpnegoAuthCheckForAPI(String currentLoginId, HttpServletRequest request) {
    RangerSecurityContext context = RangerContextHolder.getSecurityContext();
    UserSessionBase session = context != null ? context.getUserSession() : null;
    boolean ssoEnabled = session != null ? session.isSSOEnabled() : PropertiesUtil.getBooleanProperty("ranger.sso.enabled", false);
    XXPortalUser gjUser = daoManager.getXXPortalUser().findByLoginId(currentLoginId);
    if (gjUser == null && ((request.getAttribute("spnegoEnabled") != null && (boolean) request.getAttribute("spnegoEnabled")) || (ssoEnabled))) {
        if (logger.isDebugEnabled()) {
            logger.debug("User : " + currentLoginId + " doesn't exist in Ranger DB So creating user as it's SSO or Spnego authenticated");
        }
        xUserMgr.createServiceConfigUser(currentLoginId);
    }
}
Also used : XXPortalUser(org.apache.ranger.entity.XXPortalUser) RangerSecurityContext(org.apache.ranger.security.context.RangerSecurityContext) UserSessionBase(org.apache.ranger.common.UserSessionBase)

Example 14 with RangerSecurityContext

use of org.apache.ranger.security.context.RangerSecurityContext in project ranger by apache.

the class SessionMgr method processSuccessLogin.

public UserSessionBase processSuccessLogin(int authType, String userAgent, HttpServletRequest httpRequest) {
    boolean newSessionCreation = true;
    UserSessionBase userSession = null;
    RangerSecurityContext context = RangerContextHolder.getSecurityContext();
    if (context != null) {
        userSession = context.getUserSession();
    }
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    WebAuthenticationDetails details = (WebAuthenticationDetails) authentication.getDetails();
    String currentLoginId = authentication.getName();
    if (userSession != null) {
        if (validateUserSession(userSession, currentLoginId)) {
            newSessionCreation = false;
        }
    }
    if (newSessionCreation) {
        getSSOSpnegoAuthCheckForAPI(currentLoginId, httpRequest);
        // Need to build the UserSession
        XXPortalUser gjUser = daoManager.getXXPortalUser().findByLoginId(currentLoginId);
        if (gjUser == null) {
            logger.error("Error getting user for loginId=" + currentLoginId, new Exception());
            return null;
        }
        XXAuthSession gjAuthSession = new XXAuthSession();
        gjAuthSession.setLoginId(currentLoginId);
        gjAuthSession.setUserId(gjUser.getId());
        gjAuthSession.setAuthTime(DateUtil.getUTCDate());
        gjAuthSession.setAuthStatus(XXAuthSession.AUTH_STATUS_SUCCESS);
        gjAuthSession.setAuthType(authType);
        if (details != null) {
            gjAuthSession.setExtSessionId(details.getSessionId());
            gjAuthSession.setRequestIP(details.getRemoteAddress());
        }
        if (userAgent != null) {
            gjAuthSession.setRequestUserAgent(userAgent);
        }
        gjAuthSession.setDeviceType(httpUtil.getDeviceType(userAgent));
        HttpSession session = httpRequest.getSession();
        if (session != null) {
            if (session.getAttribute("auditLoginId") == null) {
                synchronized (session) {
                    if (session.getAttribute("auditLoginId") == null) {
                        boolean isDownloadLogEnabled = PropertiesUtil.getBooleanProperty("ranger.downloadpolicy.session.log.enabled", false);
                        if (isDownloadLogEnabled) {
                            gjAuthSession = storeAuthSession(gjAuthSession);
                            session.setAttribute("auditLoginId", gjAuthSession.getId());
                        } else if (!StringUtils.isEmpty(httpRequest.getRequestURI()) && !(httpRequest.getRequestURI().contains("/secure/policies/download/") || httpRequest.getRequestURI().contains("/secure/download/"))) {
                            gjAuthSession = storeAuthSession(gjAuthSession);
                            session.setAttribute("auditLoginId", gjAuthSession.getId());
                        } else if (StringUtils.isEmpty(httpRequest.getRequestURI())) {
                            gjAuthSession = storeAuthSession(gjAuthSession);
                            session.setAttribute("auditLoginId", gjAuthSession.getId());
                        } else {
                        // NOPMD
                        // do not log the details for download policy and tag
                        }
                    }
                }
            }
        }
        userSession = new UserSessionBase();
        userSession.setXXPortalUser(gjUser);
        userSession.setXXAuthSession(gjAuthSession);
        if (httpRequest.getAttribute("spnegoEnabled") != null && (boolean) httpRequest.getAttribute("spnegoEnabled")) {
            userSession.setSpnegoEnabled(true);
        }
        resetUserSessionForProfiles(userSession);
        resetUserModulePermission(userSession);
        Calendar cal = Calendar.getInstance();
        if (details != null) {
            logger.info("Login Success: loginId=" + currentLoginId + ", sessionId=" + gjAuthSession.getId() + ", sessionId=" + details.getSessionId() + ", requestId=" + details.getRemoteAddress() + ", epoch=" + cal.getTimeInMillis());
        } else {
            logger.info("Login Success: loginId=" + currentLoginId + ", sessionId=" + gjAuthSession.getId() + ", details is null" + ", epoch=" + cal.getTimeInMillis());
        }
    }
    return userSession;
}
Also used : XXPortalUser(org.apache.ranger.entity.XXPortalUser) RangerSecurityContext(org.apache.ranger.security.context.RangerSecurityContext) Authentication(org.springframework.security.core.Authentication) WebAuthenticationDetails(org.springframework.security.web.authentication.WebAuthenticationDetails) HttpSession(javax.servlet.http.HttpSession) Calendar(java.util.Calendar) XXAuthSession(org.apache.ranger.entity.XXAuthSession) UserSessionBase(org.apache.ranger.common.UserSessionBase)

Example 15 with RangerSecurityContext

use of org.apache.ranger.security.context.RangerSecurityContext in project ranger by apache.

the class RangerSecurityContextFormationFilter method doFilter.

/*
	 * (non-Javadoc)
	 *
	 * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
	 * javax.servlet.ServletResponse, javax.servlet.FilterChain)
	 */
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    try {
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        if (!(auth instanceof AnonymousAuthenticationToken)) {
            HttpServletRequest httpRequest = (HttpServletRequest) request;
            HttpSession httpSession = httpRequest.getSession(false);
            // [1]get the context from session
            RangerSecurityContext context = null;
            if (httpSession != null) {
                context = (RangerSecurityContext) httpSession.getAttribute(AKA_SC_SESSION_KEY);
            }
            int clientTimeOffset = 0;
            if (context == null) {
                context = new RangerSecurityContext();
                httpSession.setAttribute(AKA_SC_SESSION_KEY, context);
            }
            String userAgent = httpRequest.getHeader(USER_AGENT);
            clientTimeOffset = RestUtil.getTimeOffset(httpRequest);
            // Get the request specific info
            RequestContext requestContext = new RequestContext();
            String reqIP = testIP;
            if (testIP == null) {
                reqIP = httpRequest.getRemoteAddr();
            }
            requestContext.setIpAddress(reqIP);
            requestContext.setUserAgent(userAgent);
            requestContext.setDeviceType(httpUtil.getDeviceType(httpRequest));
            requestContext.setServerRequestId(guidUtil.genGUID());
            requestContext.setRequestURL(httpRequest.getRequestURI());
            requestContext.setClientTimeOffsetInMinute(clientTimeOffset);
            context.setRequestContext(requestContext);
            RangerContextHolder.setSecurityContext(context);
            UserSessionBase userSession = sessionMgr.processSuccessLogin(XXAuthSession.AUTH_TYPE_PASSWORD, userAgent, httpRequest);
            if (userSession != null) {
                Object ssoEnabledObj = request.getAttribute("ssoEnabled");
                Boolean ssoEnabled = ssoEnabledObj != null ? Boolean.valueOf(String.valueOf(ssoEnabledObj)) : PropertiesUtil.getBooleanProperty("ranger.sso.enabled", false);
                userSession.setSSOEnabled(ssoEnabled);
                if (userSession.getClientTimeOffsetInMinute() == 0) {
                    userSession.setClientTimeOffsetInMinute(clientTimeOffset);
                }
            }
            context.setUserSession(userSession);
        }
        HttpServletResponse res = (HttpServletResponse) response;
        res.setHeader("X-Frame-Options", "DENY");
        res.setHeader("X-Content-Type-Options", "nosniff");
        res.setHeader("X-XSS-Protection", "1; mode=block");
        res.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
        chain.doFilter(request, res);
    } finally {
        // [4]remove context from thread-local
        RangerContextHolder.resetSecurityContext();
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) RangerSecurityContext(org.apache.ranger.security.context.RangerSecurityContext) Authentication(org.springframework.security.core.Authentication) HttpSession(javax.servlet.http.HttpSession) HttpServletResponse(javax.servlet.http.HttpServletResponse) RequestContext(org.apache.ranger.common.RequestContext) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken) UserSessionBase(org.apache.ranger.common.UserSessionBase)

Aggregations

RangerSecurityContext (org.apache.ranger.security.context.RangerSecurityContext)25 UserSessionBase (org.apache.ranger.common.UserSessionBase)24 XXPortalUser (org.apache.ranger.entity.XXPortalUser)8 Authentication (org.springframework.security.core.Authentication)4 HttpSession (javax.servlet.http.HttpSession)3 Before (org.junit.Before)3 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 HttpServletResponse (javax.servlet.http.HttpServletResponse)2 XXPortalUserDao (org.apache.ranger.db.XXPortalUserDao)2 XXUserDao (org.apache.ranger.db.XXUserDao)2 XXAuthSession (org.apache.ranger.entity.XXAuthSession)2 XXUser (org.apache.ranger.entity.XXUser)2 Test (org.junit.Test)2 WebAuthenticationDetails (org.springframework.security.web.authentication.WebAuthenticationDetails)2 SignedJWT (com.nimbusds.jwt.SignedJWT)1 ParseException (java.text.ParseException)1 ArrayList (java.util.ArrayList)1 Calendar (java.util.Calendar)1 CopyOnWriteArrayList (java.util.concurrent.CopyOnWriteArrayList)1 PrePersist (javax.persistence.PrePersist)1