use of org.apache.ranger.view.VXResponse in project ranger by apache.
the class XAuditMgr method checkAdminAccess.
public void checkAdminAccess() {
UserSessionBase session = ContextUtil.getCurrentUserSession();
if (session != null) {
if (!session.isUserAdmin()) {
throw restErrorUtil.create403RESTException("Operation" + " denied. LoggedInUser=" + session.getXXPortalUser().getId() + " ,isn't permitted to perform the action.");
}
} else {
VXResponse vXResponse = new VXResponse();
vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
vXResponse.setMsgDesc("Bad Credentials");
throw restErrorUtil.generateRESTException(vXResponse);
}
}
use of org.apache.ranger.view.VXResponse in project ranger by apache.
the class RESTErrorUtil method createRESTException.
public WebApplicationException createRESTException(String errorMessage, MessageEnums messageEnum) {
List<VXMessage> messageList = new ArrayList<VXMessage>();
messageList.add(messageEnum.getMessage());
VXResponse gjResponse = new VXResponse();
gjResponse.setStatusCode(VXResponse.STATUS_ERROR);
gjResponse.setMsgDesc(errorMessage);
gjResponse.setMessageList(messageList);
WebApplicationException webAppEx = createRESTException(gjResponse);
logger.info("Operation error. response=" + gjResponse, webAppEx);
return webAppEx;
}
use of org.apache.ranger.view.VXResponse in project ranger by apache.
the class RangerBizUtil method blockAuditorRoleUser.
public void blockAuditorRoleUser() {
UserSessionBase session = ContextUtil.getCurrentUserSession();
if (session != null) {
if (session.isAuditKeyAdmin() || session.isAuditUserAdmin()) {
VXResponse vXResponse = new VXResponse();
vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
vXResponse.setMsgDesc("Operation" + " denied. LoggedInUser=" + session.getXXPortalUser().getId() + " ,isn't permitted to perform the action.");
throw restErrorUtil.generateRESTException(vXResponse);
}
} else {
VXResponse vXResponse = new VXResponse();
vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
vXResponse.setMsgDesc("Bad Credentials");
throw restErrorUtil.generateRESTException(vXResponse);
}
}
use of org.apache.ranger.view.VXResponse in project ranger by apache.
the class ServiceREST method revokeAccess.
@POST
@Path("/services/revoke/{serviceName}")
@Produces({ "application/json", "application/xml" })
public RESTResponse revokeAccess(@PathParam("serviceName") String serviceName, GrantRevokeRequest revokeRequest, @Context HttpServletRequest request) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.revokeAccess(" + serviceName + ", " + revokeRequest + ")");
}
RESTResponse ret = new RESTResponse();
RangerPerfTracer perf = null;
if (revokeRequest != null) {
if (serviceUtil.isValidateHttpsAuthentication(serviceName, request)) {
try {
if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.revokeAccess(serviceName=" + serviceName + ")");
}
validateGrantRevokeRequest(revokeRequest);
String userName = revokeRequest.getGrantor();
Set<String> userGroups = CollectionUtils.isNotEmpty(revokeRequest.getGrantorGroups()) ? revokeRequest.getGrantorGroups() : userMgr.getGroupsForUser(userName);
RangerAccessResource resource = new RangerAccessResourceImpl(StringUtil.toStringObjectMap(revokeRequest.getResource()));
VXUser vxUser = xUserService.getXUserByUserName(userName);
if (vxUser.getUserRoleList().contains(RangerConstants.ROLE_ADMIN_AUDITOR) || vxUser.getUserRoleList().contains(RangerConstants.ROLE_KEY_ADMIN_AUDITOR)) {
VXResponse vXResponse = new VXResponse();
vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
vXResponse.setMsgDesc("Operation" + " denied. LoggedInUser=" + vxUser.getId() + " ,isn't permitted to perform the action.");
throw restErrorUtil.generateRESTException(vXResponse);
}
boolean isAdmin = hasAdminAccess(serviceName, userName, userGroups, resource);
if (!isAdmin) {
throw restErrorUtil.createGrantRevokeRESTException("User doesn't have necessary permission to revoke access");
}
RangerPolicy policy = getExactMatchPolicyForResource(serviceName, resource, userName);
if (policy != null) {
boolean policyUpdated = false;
policyUpdated = ServiceRESTUtil.processRevokeRequest(policy, revokeRequest);
if (policyUpdated) {
svcStore.updatePolicy(policy);
} else {
LOG.error("processRevokeRequest processing failed");
throw new Exception("processRevokeRequest processing failed");
}
}
} catch (WebApplicationException excp) {
throw excp;
} catch (Throwable excp) {
LOG.error("revokeAccess(" + serviceName + ", " + revokeRequest + ") failed", excp);
throw restErrorUtil.createRESTException(excp.getMessage());
} finally {
RangerPerfTracer.log(perf);
}
ret.setStatusCode(RESTResponse.STATUS_SUCCESS);
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceREST.revokeAccess(" + serviceName + ", " + revokeRequest + "): " + ret);
}
return ret;
}
use of org.apache.ranger.view.VXResponse in project ranger by apache.
the class UserREST method setUserRoles.
@PUT
@Path("/{userId}/roles")
@Produces({ "application/xml", "application/json" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.SET_USER_ROLES + "\")")
public VXResponse setUserRoles(@PathParam("userId") Long userId, VXStringList roleList) {
userManager.checkAccess(userId);
userManager.setUserRoles(userId, roleList.getVXStrings());
VXResponse response = new VXResponse();
response.setStatusCode(VXResponse.STATUS_SUCCESS);
return response;
}
Aggregations