Search in sources :

Example 26 with VXResponse

use of org.apache.ranger.view.VXResponse in project ranger by apache.

the class XAuditMgr method checkAdminAccess.

public void checkAdminAccess() {
    UserSessionBase session = ContextUtil.getCurrentUserSession();
    if (session != null) {
        if (!session.isUserAdmin()) {
            throw restErrorUtil.create403RESTException("Operation" + " denied. LoggedInUser=" + session.getXXPortalUser().getId() + " ,isn't permitted to perform the action.");
        }
    } else {
        VXResponse vXResponse = new VXResponse();
        vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
        vXResponse.setMsgDesc("Bad Credentials");
        throw restErrorUtil.generateRESTException(vXResponse);
    }
}
Also used : VXResponse(org.apache.ranger.view.VXResponse) UserSessionBase(org.apache.ranger.common.UserSessionBase)

Example 27 with VXResponse

use of org.apache.ranger.view.VXResponse in project ranger by apache.

the class RESTErrorUtil method createRESTException.

public WebApplicationException createRESTException(String errorMessage, MessageEnums messageEnum) {
    List<VXMessage> messageList = new ArrayList<VXMessage>();
    messageList.add(messageEnum.getMessage());
    VXResponse gjResponse = new VXResponse();
    gjResponse.setStatusCode(VXResponse.STATUS_ERROR);
    gjResponse.setMsgDesc(errorMessage);
    gjResponse.setMessageList(messageList);
    WebApplicationException webAppEx = createRESTException(gjResponse);
    logger.info("Operation error. response=" + gjResponse, webAppEx);
    return webAppEx;
}
Also used : VXResponse(org.apache.ranger.view.VXResponse) WebApplicationException(javax.ws.rs.WebApplicationException) ArrayList(java.util.ArrayList) VXMessage(org.apache.ranger.view.VXMessage)

Example 28 with VXResponse

use of org.apache.ranger.view.VXResponse in project ranger by apache.

the class RangerBizUtil method blockAuditorRoleUser.

public void blockAuditorRoleUser() {
    UserSessionBase session = ContextUtil.getCurrentUserSession();
    if (session != null) {
        if (session.isAuditKeyAdmin() || session.isAuditUserAdmin()) {
            VXResponse vXResponse = new VXResponse();
            vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
            vXResponse.setMsgDesc("Operation" + " denied. LoggedInUser=" + session.getXXPortalUser().getId() + " ,isn't permitted to perform the action.");
            throw restErrorUtil.generateRESTException(vXResponse);
        }
    } else {
        VXResponse vXResponse = new VXResponse();
        vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
        vXResponse.setMsgDesc("Bad Credentials");
        throw restErrorUtil.generateRESTException(vXResponse);
    }
}
Also used : VXResponse(org.apache.ranger.view.VXResponse) UserSessionBase(org.apache.ranger.common.UserSessionBase)

Example 29 with VXResponse

use of org.apache.ranger.view.VXResponse in project ranger by apache.

the class ServiceREST method revokeAccess.

@POST
@Path("/services/revoke/{serviceName}")
@Produces({ "application/json", "application/xml" })
public RESTResponse revokeAccess(@PathParam("serviceName") String serviceName, GrantRevokeRequest revokeRequest, @Context HttpServletRequest request) throws Exception {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> ServiceREST.revokeAccess(" + serviceName + ", " + revokeRequest + ")");
    }
    RESTResponse ret = new RESTResponse();
    RangerPerfTracer perf = null;
    if (revokeRequest != null) {
        if (serviceUtil.isValidateHttpsAuthentication(serviceName, request)) {
            try {
                if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
                    perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.revokeAccess(serviceName=" + serviceName + ")");
                }
                validateGrantRevokeRequest(revokeRequest);
                String userName = revokeRequest.getGrantor();
                Set<String> userGroups = CollectionUtils.isNotEmpty(revokeRequest.getGrantorGroups()) ? revokeRequest.getGrantorGroups() : userMgr.getGroupsForUser(userName);
                RangerAccessResource resource = new RangerAccessResourceImpl(StringUtil.toStringObjectMap(revokeRequest.getResource()));
                VXUser vxUser = xUserService.getXUserByUserName(userName);
                if (vxUser.getUserRoleList().contains(RangerConstants.ROLE_ADMIN_AUDITOR) || vxUser.getUserRoleList().contains(RangerConstants.ROLE_KEY_ADMIN_AUDITOR)) {
                    VXResponse vXResponse = new VXResponse();
                    vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
                    vXResponse.setMsgDesc("Operation" + " denied. LoggedInUser=" + vxUser.getId() + " ,isn't permitted to perform the action.");
                    throw restErrorUtil.generateRESTException(vXResponse);
                }
                boolean isAdmin = hasAdminAccess(serviceName, userName, userGroups, resource);
                if (!isAdmin) {
                    throw restErrorUtil.createGrantRevokeRESTException("User doesn't have necessary permission to revoke access");
                }
                RangerPolicy policy = getExactMatchPolicyForResource(serviceName, resource, userName);
                if (policy != null) {
                    boolean policyUpdated = false;
                    policyUpdated = ServiceRESTUtil.processRevokeRequest(policy, revokeRequest);
                    if (policyUpdated) {
                        svcStore.updatePolicy(policy);
                    } else {
                        LOG.error("processRevokeRequest processing failed");
                        throw new Exception("processRevokeRequest processing failed");
                    }
                }
            } catch (WebApplicationException excp) {
                throw excp;
            } catch (Throwable excp) {
                LOG.error("revokeAccess(" + serviceName + ", " + revokeRequest + ") failed", excp);
                throw restErrorUtil.createRESTException(excp.getMessage());
            } finally {
                RangerPerfTracer.log(perf);
            }
            ret.setStatusCode(RESTResponse.STATUS_SUCCESS);
        }
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== ServiceREST.revokeAccess(" + serviceName + ", " + revokeRequest + "): " + ret);
    }
    return ret;
}
Also used : VXResponse(org.apache.ranger.view.VXResponse) WebApplicationException(javax.ws.rs.WebApplicationException) RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer) VXString(org.apache.ranger.view.VXString) VXUser(org.apache.ranger.view.VXUser) WebApplicationException(javax.ws.rs.WebApplicationException) IOException(java.io.IOException) JsonSyntaxException(com.google.gson.JsonSyntaxException) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) RangerAccessResourceImpl(org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl) RESTResponse(org.apache.ranger.admin.client.datatype.RESTResponse) RangerAccessResource(org.apache.ranger.plugin.policyengine.RangerAccessResource) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Produces(javax.ws.rs.Produces)

Example 30 with VXResponse

use of org.apache.ranger.view.VXResponse in project ranger by apache.

the class UserREST method setUserRoles.

@PUT
@Path("/{userId}/roles")
@Produces({ "application/xml", "application/json" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.SET_USER_ROLES + "\")")
public VXResponse setUserRoles(@PathParam("userId") Long userId, VXStringList roleList) {
    userManager.checkAccess(userId);
    userManager.setUserRoles(userId, roleList.getVXStrings());
    VXResponse response = new VXResponse();
    response.setStatusCode(VXResponse.STATUS_SUCCESS);
    return response;
}
Also used : VXResponse(org.apache.ranger.view.VXResponse) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) PUT(javax.ws.rs.PUT)

Aggregations

VXResponse (org.apache.ranger.view.VXResponse)40 Test (org.junit.Test)13 ArrayList (java.util.ArrayList)12 WebApplicationException (javax.ws.rs.WebApplicationException)10 XXPortalUser (org.apache.ranger.entity.XXPortalUser)7 VXMessage (org.apache.ranger.view.VXMessage)7 VXString (org.apache.ranger.view.VXString)7 IOException (java.io.IOException)6 VXResource (org.apache.ranger.view.VXResource)6 Path (javax.ws.rs.Path)5 Produces (javax.ws.rs.Produces)5 RESTResponse (org.apache.ranger.admin.client.datatype.RESTResponse)5 UserSessionBase (org.apache.ranger.common.UserSessionBase)5 XXPortalUserDao (org.apache.ranger.db.XXPortalUserDao)5 XXResource (org.apache.ranger.entity.XXResource)5 POST (javax.ws.rs.POST)4 Response (javax.ws.rs.core.Response)3 RangerPerfTracer (org.apache.ranger.plugin.util.RangerPerfTracer)3 VXPasswordChange (org.apache.ranger.view.VXPasswordChange)3 VXPortalUser (org.apache.ranger.view.VXPortalUser)3