use of org.apache.ranger.security.context.RangerSecurityContext in project ranger by apache.
the class TestUserMgr method setupKeyAdmin.
public void setupKeyAdmin() {
RangerSecurityContext context = new RangerSecurityContext();
context.setUserSession(new UserSessionBase());
RangerContextHolder.setSecurityContext(context);
UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
XXPortalUser userKeyAdmin = new XXPortalUser();
userKeyAdmin.setId(userProfile().getId());
userKeyAdmin.setLoginId(userProfile().getLoginId());
currentUserSession.setXXPortalUser(userKeyAdmin);
currentUserSession.setKeyAdmin(true);
}
use of org.apache.ranger.security.context.RangerSecurityContext in project ranger by apache.
the class TestUserMgr method setupUser.
public void setupUser() {
RangerSecurityContext context = new RangerSecurityContext();
context.setUserSession(new UserSessionBase());
RangerContextHolder.setSecurityContext(context);
UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
XXPortalUser user = new XXPortalUser();
user.setId(userProfile().getId());
user.setLoginId(userProfile().getLoginId());
currentUserSession.setXXPortalUser(user);
}
use of org.apache.ranger.security.context.RangerSecurityContext in project ranger by apache.
the class SessionMgr method getSSOSpnegoAuthCheckForAPI.
private void getSSOSpnegoAuthCheckForAPI(String currentLoginId, HttpServletRequest request) {
RangerSecurityContext context = RangerContextHolder.getSecurityContext();
UserSessionBase session = context != null ? context.getUserSession() : null;
boolean ssoEnabled = session != null ? session.isSSOEnabled() : PropertiesUtil.getBooleanProperty("ranger.sso.enabled", false);
XXPortalUser gjUser = daoManager.getXXPortalUser().findByLoginId(currentLoginId);
if (gjUser == null && ((request.getAttribute("spnegoEnabled") != null && (boolean) request.getAttribute("spnegoEnabled")) || (ssoEnabled))) {
if (logger.isDebugEnabled()) {
logger.debug("User : " + currentLoginId + " doesn't exist in Ranger DB So creating user as it's SSO or Spnego authenticated");
}
xUserMgr.createServiceConfigUser(currentLoginId);
}
}
use of org.apache.ranger.security.context.RangerSecurityContext in project ranger by apache.
the class SessionMgr method processSuccessLogin.
public UserSessionBase processSuccessLogin(int authType, String userAgent, HttpServletRequest httpRequest) {
boolean newSessionCreation = true;
UserSessionBase userSession = null;
RangerSecurityContext context = RangerContextHolder.getSecurityContext();
if (context != null) {
userSession = context.getUserSession();
}
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
WebAuthenticationDetails details = (WebAuthenticationDetails) authentication.getDetails();
String currentLoginId = authentication.getName();
if (userSession != null) {
if (validateUserSession(userSession, currentLoginId)) {
newSessionCreation = false;
}
}
if (newSessionCreation) {
getSSOSpnegoAuthCheckForAPI(currentLoginId, httpRequest);
// Need to build the UserSession
XXPortalUser gjUser = daoManager.getXXPortalUser().findByLoginId(currentLoginId);
if (gjUser == null) {
logger.error("Error getting user for loginId=" + currentLoginId, new Exception());
return null;
}
XXAuthSession gjAuthSession = new XXAuthSession();
gjAuthSession.setLoginId(currentLoginId);
gjAuthSession.setUserId(gjUser.getId());
gjAuthSession.setAuthTime(DateUtil.getUTCDate());
gjAuthSession.setAuthStatus(XXAuthSession.AUTH_STATUS_SUCCESS);
gjAuthSession.setAuthType(authType);
if (details != null) {
gjAuthSession.setExtSessionId(details.getSessionId());
gjAuthSession.setRequestIP(details.getRemoteAddress());
}
if (userAgent != null) {
gjAuthSession.setRequestUserAgent(userAgent);
}
gjAuthSession.setDeviceType(httpUtil.getDeviceType(userAgent));
HttpSession session = httpRequest.getSession();
if (session != null) {
if (session.getAttribute("auditLoginId") == null) {
synchronized (session) {
if (session.getAttribute("auditLoginId") == null) {
boolean isDownloadLogEnabled = PropertiesUtil.getBooleanProperty("ranger.downloadpolicy.session.log.enabled", false);
if (isDownloadLogEnabled) {
gjAuthSession = storeAuthSession(gjAuthSession);
session.setAttribute("auditLoginId", gjAuthSession.getId());
} else if (!StringUtils.isEmpty(httpRequest.getRequestURI()) && !(httpRequest.getRequestURI().contains("/secure/policies/download/") || httpRequest.getRequestURI().contains("/secure/download/"))) {
gjAuthSession = storeAuthSession(gjAuthSession);
session.setAttribute("auditLoginId", gjAuthSession.getId());
} else if (StringUtils.isEmpty(httpRequest.getRequestURI())) {
gjAuthSession = storeAuthSession(gjAuthSession);
session.setAttribute("auditLoginId", gjAuthSession.getId());
} else {
// NOPMD
// do not log the details for download policy and tag
}
}
}
}
}
userSession = new UserSessionBase();
userSession.setXXPortalUser(gjUser);
userSession.setXXAuthSession(gjAuthSession);
if (httpRequest.getAttribute("spnegoEnabled") != null && (boolean) httpRequest.getAttribute("spnegoEnabled")) {
userSession.setSpnegoEnabled(true);
}
resetUserSessionForProfiles(userSession);
resetUserModulePermission(userSession);
Calendar cal = Calendar.getInstance();
if (details != null) {
logger.info("Login Success: loginId=" + currentLoginId + ", sessionId=" + gjAuthSession.getId() + ", sessionId=" + details.getSessionId() + ", requestId=" + details.getRemoteAddress() + ", epoch=" + cal.getTimeInMillis());
} else {
logger.info("Login Success: loginId=" + currentLoginId + ", sessionId=" + gjAuthSession.getId() + ", details is null" + ", epoch=" + cal.getTimeInMillis());
}
}
return userSession;
}
use of org.apache.ranger.security.context.RangerSecurityContext in project ranger by apache.
the class RangerSecurityContextFormationFilter method doFilter.
/*
* (non-Javadoc)
*
* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
* javax.servlet.ServletResponse, javax.servlet.FilterChain)
*/
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
try {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (!(auth instanceof AnonymousAuthenticationToken)) {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpSession httpSession = httpRequest.getSession(false);
// [1]get the context from session
RangerSecurityContext context = null;
if (httpSession != null) {
context = (RangerSecurityContext) httpSession.getAttribute(AKA_SC_SESSION_KEY);
}
int clientTimeOffset = 0;
if (context == null) {
context = new RangerSecurityContext();
httpSession.setAttribute(AKA_SC_SESSION_KEY, context);
}
String userAgent = httpRequest.getHeader(USER_AGENT);
clientTimeOffset = RestUtil.getTimeOffset(httpRequest);
// Get the request specific info
RequestContext requestContext = new RequestContext();
String reqIP = testIP;
if (testIP == null) {
reqIP = httpRequest.getRemoteAddr();
}
requestContext.setIpAddress(reqIP);
requestContext.setUserAgent(userAgent);
requestContext.setDeviceType(httpUtil.getDeviceType(httpRequest));
requestContext.setServerRequestId(guidUtil.genGUID());
requestContext.setRequestURL(httpRequest.getRequestURI());
requestContext.setClientTimeOffsetInMinute(clientTimeOffset);
context.setRequestContext(requestContext);
RangerContextHolder.setSecurityContext(context);
UserSessionBase userSession = sessionMgr.processSuccessLogin(XXAuthSession.AUTH_TYPE_PASSWORD, userAgent, httpRequest);
if (userSession != null) {
Object ssoEnabledObj = request.getAttribute("ssoEnabled");
Boolean ssoEnabled = ssoEnabledObj != null ? Boolean.valueOf(String.valueOf(ssoEnabledObj)) : PropertiesUtil.getBooleanProperty("ranger.sso.enabled", false);
userSession.setSSOEnabled(ssoEnabled);
if (userSession.getClientTimeOffsetInMinute() == 0) {
userSession.setClientTimeOffsetInMinute(clientTimeOffset);
}
}
context.setUserSession(userSession);
}
HttpServletResponse res = (HttpServletResponse) response;
res.setHeader("X-Frame-Options", "DENY");
res.setHeader("X-Content-Type-Options", "nosniff");
res.setHeader("X-XSS-Protection", "1; mode=block");
res.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
chain.doFilter(request, res);
} finally {
// [4]remove context from thread-local
RangerContextHolder.resetSecurityContext();
}
}
Aggregations