Example 21 with VXUser
use of org.apache.ranger.view.VXUser in project ranger by apache.
the class XUserServiceBase method searchXUsers.
/**
* @param searchCriteria
* @return
*/
public VXUserList searchXUsers(SearchCriteria searchCriteria) {
VXUserList returnList = new VXUserList();
List<VXUser> xUserList = new ArrayList<VXUser>();
@SuppressWarnings("unchecked") List<XXUser> resultList = (List<XXUser>) searchResources(searchCriteria, searchFields, sortFields, returnList);
// Iterate over the result list and create the return list
for (XXUser gjXUser : resultList) {
@SuppressWarnings("unchecked") VXUser vXUser = populateViewBean((T) gjXUser);
xUserList.add(vXUser);
}
returnList.setVXUsers(xUserList);
return returnList;
}
Also used :
XXUser(org.apache.ranger.entity.XXUser)
ArrayList(java.util.ArrayList)
List(java.util.List)
VXUserList(org.apache.ranger.view.VXUserList)
ArrayList(java.util.ArrayList)
VXUser(org.apache.ranger.view.VXUser)
VXUserList(org.apache.ranger.view.VXUserList)
Example 22 with VXUser
use of org.apache.ranger.view.VXUser in project ranger by apache.
the class ServiceDBStore method createService.
@Override
public RangerService createService(RangerService service) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceDBStore.createService(" + service + ")");
}
if (service == null) {
throw restErrorUtil.createRESTException("Service object cannot be null.", MessageEnums.ERROR_CREATING_OBJECT);
}
boolean createDefaultPolicy = true;
Map<String, String> configs = service.getConfigs();
Map<String, String> validConfigs = validateRequiredConfigParams(service, configs);
if (validConfigs == null) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ConfigParams cannot be null, ServiceDBStore.createService(" + service + ")");
}
throw restErrorUtil.createRESTException("ConfigParams cannot be null.", MessageEnums.ERROR_CREATING_OBJECT);
}
// While creating, value of version should be 1.
service.setVersion(Long.valueOf(1));
service.setTagVersion(Long.valueOf(1));
if (populateExistingBaseFields) {
svcServiceWithAssignedId.setPopulateExistingBaseFields(true);
daoMgr.getXXService().setIdentityInsert(true);
service = svcServiceWithAssignedId.create(service);
daoMgr.getXXService().setIdentityInsert(false);
daoMgr.getXXService().updateSequence();
svcServiceWithAssignedId.setPopulateExistingBaseFields(false);
createDefaultPolicy = false;
} else {
service = svcService.create(service);
}
XXService xCreatedService = daoMgr.getXXService().getById(service.getId());
VXUser vXUser = null;
XXServiceConfigMapDao xConfMapDao = daoMgr.getXXServiceConfigMap();
for (Entry<String, String> configMap : validConfigs.entrySet()) {
String configKey = configMap.getKey();
String configValue = configMap.getValue();
if (StringUtils.equalsIgnoreCase(configKey, "username")) {
String userName = stringUtil.getValidUserName(configValue);
XXUser xxUser = daoMgr.getXXUser().findByUserName(userName);
if (xxUser != null) {
vXUser = xUserService.populateViewBean(xxUser);
} else {
UserSessionBase usb = ContextUtil.getCurrentUserSession();
if (usb != null && !usb.isUserAdmin() && !usb.isSpnegoEnabled()) {
throw restErrorUtil.createRESTException("User does not exist with given username: [" + userName + "] please use existing user", MessageEnums.OPER_NO_PERMISSION);
}
vXUser = xUserMgr.createServiceConfigUser(userName);
}
}
if (StringUtils.equalsIgnoreCase(configKey, CONFIG_KEY_PASSWORD)) {
String cryptConfigString = CRYPT_ALGO + "," + ENCRYPT_KEY + "," + SALT + "," + ITERATION_COUNT + "," + configValue;
String encryptedPwd = PasswordUtils.encryptPassword(cryptConfigString);
encryptedPwd = CRYPT_ALGO + "," + ENCRYPT_KEY + "," + SALT + "," + ITERATION_COUNT + "," + encryptedPwd;
String decryptedPwd = PasswordUtils.decryptPassword(encryptedPwd);
if (StringUtils.equals(decryptedPwd, configValue)) {
configValue = encryptedPwd;
}
}
XXServiceConfigMap xConfMap = new XXServiceConfigMap();
xConfMap = rangerAuditFields.populateAuditFields(xConfMap, xCreatedService);
xConfMap.setServiceId(xCreatedService.getId());
xConfMap.setConfigkey(configKey);
xConfMap.setConfigvalue(configValue);
xConfMapDao.create(xConfMap);
}
if (LOG.isDebugEnabled()) {
LOG.debug("vXUser:[" + vXUser + "]");
}
RangerService createdService = svcService.getPopulatedViewObject(xCreatedService);
if (createdService == null) {
throw restErrorUtil.createRESTException("Could not create service - Internal error ", MessageEnums.ERROR_CREATING_OBJECT);
}
dataHistService.createObjectDataHistory(createdService, RangerDataHistService.ACTION_CREATE);
List<XXTrxLog> trxLogList = svcService.getTransactionLog(createdService, RangerServiceService.OPERATION_CREATE_CONTEXT);
bizUtil.createTrxLog(trxLogList);
if (createDefaultPolicy) {
createDefaultPolicies(createdService);
}
return createdService;
}
Also used :
XXUser(org.apache.ranger.entity.XXUser)
VXString(org.apache.ranger.view.VXString)
XXTrxLog(org.apache.ranger.entity.XXTrxLog)
VXUser(org.apache.ranger.view.VXUser)
XXServiceConfigMapDao(org.apache.ranger.db.XXServiceConfigMapDao)
UserSessionBase(org.apache.ranger.common.UserSessionBase)
XXServiceConfigMap(org.apache.ranger.entity.XXServiceConfigMap)
RangerService(org.apache.ranger.plugin.model.RangerService)
XXService(org.apache.ranger.entity.XXService)
Example 23 with VXUser
use of org.apache.ranger.view.VXUser in project ranger by apache.
the class ServiceDBStore method createGenericUsers.
private void createGenericUsers() {
VXUser genericUser = new VXUser();
genericUser.setName(RangerPolicyEngine.USER_CURRENT);
genericUser.setDescription(RangerPolicyEngine.USER_CURRENT);
xUserService.createXUserWithOutLogin(genericUser);
genericUser.setName(RangerPolicyEngine.RESOURCE_OWNER);
genericUser.setDescription(RangerPolicyEngine.RESOURCE_OWNER);
xUserService.createXUserWithOutLogin(genericUser);
}
Also used :
VXUser(org.apache.ranger.view.VXUser)
Example 24 with VXUser
use of org.apache.ranger.view.VXUser in project ranger by apache.
the class RoleBasedUserSearchUtil method validateUserAndFetchUserList.
public void validateUserAndFetchUserList() {
userLoginId = userLoginId.toLowerCase();
XXPortalUser xxPortalUser = daoMgr.getXXPortalUser().findByLoginId(userLoginId);
Boolean isUserAuthorized = false;
if (xxPortalUser != null) {
String dbPassword = xxPortalUser.getPassword();
String currentEncryptedPassword = null;
try {
currentEncryptedPassword = userMgr.encrypt(userLoginId, currentPassword);
if (currentEncryptedPassword != null && currentEncryptedPassword.equals(dbPassword)) {
VXUser vxUser = xUserService.getXUserByUserName(xxPortalUser.getLoginId());
if (vxUser != null) {
List<String> existingRole = (List<String>) vxUser.getUserRoleList();
List<String> permissionList = daoMgr.getXXModuleDef().findAccessibleModulesByUserId(xxPortalUser.getId(), vxUser.getId());
if (permissionList != null && permissionList.contains(RangerConstants.MODULE_USER_GROUPS) && !CollectionUtils.isEmpty(existingRole) && !StringUtils.isBlank(existingRole.get(0))) {
List<String> userRoleList = new ArrayList<String>();
if (existingRole.get(0).equalsIgnoreCase(RangerConstants.ROLE_USER)) {
userRoleList.add(RangerConstants.ROLE_USER);
if (checkRole) {
getUsersBasedOnRole(userRoleList);
} else if (existingRole.get(0).equalsIgnoreCase(userRole) || userRole.equalsIgnoreCase(RangerConstants.ROLE_USER)) {
getUsersBasedOnRole(userRoleList);
} else {
isUserAuthorized = true;
}
} else if (existingRole.get(0).equalsIgnoreCase(RangerConstants.ROLE_SYS_ADMIN) || existingRole.get(0).equalsIgnoreCase(RangerConstants.ROLE_ADMIN_AUDITOR)) {
if (checkRole) {
userRoleList.add(RangerConstants.ROLE_SYS_ADMIN);
userRoleList.add(RangerConstants.ROLE_ADMIN_AUDITOR);
userRoleList.add(RangerConstants.ROLE_USER);
getUsersBasedOnRole(userRoleList);
} else if (existingRole.get(0).equalsIgnoreCase(userRole) || userRole.equalsIgnoreCase(RangerConstants.ROLE_USER) || userRole.equalsIgnoreCase(RangerConstants.ROLE_ADMIN_AUDITOR) || userRole.equalsIgnoreCase(RangerConstants.ROLE_SYS_ADMIN)) {
userRoleList.add(userRole);
getUsersBasedOnRole(userRoleList);
} else {
isUserAuthorized = true;
}
} else if (existingRole.get(0).equalsIgnoreCase(RangerConstants.ROLE_KEY_ADMIN) || existingRole.get(0).equalsIgnoreCase(RangerConstants.ROLE_KEY_ADMIN_AUDITOR) || userRole.equalsIgnoreCase(RangerConstants.ROLE_USER)) {
if (checkRole) {
userRoleList.add(RangerConstants.ROLE_KEY_ADMIN);
userRoleList.add(RangerConstants.ROLE_KEY_ADMIN_AUDITOR);
userRoleList.add(RangerConstants.ROLE_USER);
getUsersBasedOnRole(userRoleList);
} else if (existingRole.get(0).equalsIgnoreCase(userRole) || userRole.equalsIgnoreCase(RangerConstants.ROLE_USER) || userRole.equalsIgnoreCase(RangerConstants.ROLE_KEY_ADMIN) || userRole.equalsIgnoreCase(RangerConstants.ROLE_KEY_ADMIN_AUDITOR)) {
userRoleList.add(userRole);
getUsersBasedOnRole(userRoleList);
} else {
isUserAuthorized = true;
}
}
if (isUserAuthorized == true) {
System.out.println("user is not authorized to fetch this list");
logger.error("user is not authorized to fetch this list");
System.exit(1);
}
} else {
System.out.println("user permission denied");
logger.error("user permission denied");
System.exit(1);
}
}
} else {
System.out.println("Invalid user password");
logger.error("Invalid user password");
System.exit(1);
}
} catch (Exception e) {
logger.error("Getting User's List with the mentioned role failure. Detail: \n", e);
System.exit(1);
}
} else {
System.out.println("User does not exist in DB!!");
logger.error("User does not exist in DB");
System.exit(1);
}
}
Also used :
XXPortalUser(org.apache.ranger.entity.XXPortalUser)
ArrayList(java.util.ArrayList)
ArrayList(java.util.ArrayList)
List(java.util.List)
VXUser(org.apache.ranger.view.VXUser)
Example 25 with VXUser
use of org.apache.ranger.view.VXUser in project ranger by apache.
the class ServiceREST method revokeAccess.
@POST
@Path("/services/revoke/{serviceName}")
@Produces({ "application/json", "application/xml" })
public RESTResponse revokeAccess(@PathParam("serviceName") String serviceName, GrantRevokeRequest revokeRequest, @Context HttpServletRequest request) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.revokeAccess(" + serviceName + ", " + revokeRequest + ")");
}
RESTResponse ret = new RESTResponse();
RangerPerfTracer perf = null;
if (revokeRequest != null) {
if (serviceUtil.isValidateHttpsAuthentication(serviceName, request)) {
try {
if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.revokeAccess(serviceName=" + serviceName + ")");
}
validateGrantRevokeRequest(revokeRequest);
String userName = revokeRequest.getGrantor();
Set<String> userGroups = CollectionUtils.isNotEmpty(revokeRequest.getGrantorGroups()) ? revokeRequest.getGrantorGroups() : userMgr.getGroupsForUser(userName);
RangerAccessResource resource = new RangerAccessResourceImpl(StringUtil.toStringObjectMap(revokeRequest.getResource()));
VXUser vxUser = xUserService.getXUserByUserName(userName);
if (vxUser.getUserRoleList().contains(RangerConstants.ROLE_ADMIN_AUDITOR) || vxUser.getUserRoleList().contains(RangerConstants.ROLE_KEY_ADMIN_AUDITOR)) {
VXResponse vXResponse = new VXResponse();
vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
vXResponse.setMsgDesc("Operation" + " denied. LoggedInUser=" + vxUser.getId() + " ,isn't permitted to perform the action.");
throw restErrorUtil.generateRESTException(vXResponse);
}
boolean isAdmin = hasAdminAccess(serviceName, userName, userGroups, resource);
if (!isAdmin) {
throw restErrorUtil.createGrantRevokeRESTException("User doesn't have necessary permission to revoke access");
}
RangerPolicy policy = getExactMatchPolicyForResource(serviceName, resource, userName);
if (policy != null) {
boolean policyUpdated = false;
policyUpdated = ServiceRESTUtil.processRevokeRequest(policy, revokeRequest);
if (policyUpdated) {
svcStore.updatePolicy(policy);
} else {
LOG.error("processRevokeRequest processing failed");
throw new Exception("processRevokeRequest processing failed");
}
}
} catch (WebApplicationException excp) {
throw excp;
} catch (Throwable excp) {
LOG.error("revokeAccess(" + serviceName + ", " + revokeRequest + ") failed", excp);
throw restErrorUtil.createRESTException(excp.getMessage());
} finally {
RangerPerfTracer.log(perf);
}
ret.setStatusCode(RESTResponse.STATUS_SUCCESS);
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceREST.revokeAccess(" + serviceName + ", " + revokeRequest + "): " + ret);
}
return ret;
}
Also used :
VXResponse(org.apache.ranger.view.VXResponse)
WebApplicationException(javax.ws.rs.WebApplicationException)
RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer)
VXString(org.apache.ranger.view.VXString)
VXUser(org.apache.ranger.view.VXUser)
WebApplicationException(javax.ws.rs.WebApplicationException)
IOException(java.io.IOException)
JsonSyntaxException(com.google.gson.JsonSyntaxException)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
RangerAccessResourceImpl(org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl)
RESTResponse(org.apache.ranger.admin.client.datatype.RESTResponse)
RangerAccessResource(org.apache.ranger.plugin.policyengine.RangerAccessResource)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Produces(javax.ws.rs.Produces)
Aggregations
VXUser (org.apache.ranger.view.VXUser)42
Test (org.junit.Test)31
VXString (org.apache.ranger.view.VXString)21
ArrayList (java.util.ArrayList)13
HttpServletRequest (javax.servlet.http.HttpServletRequest)11
XXUser (org.apache.ranger.entity.XXUser)8
XXPortalUser (org.apache.ranger.entity.XXPortalUser)6
VXStringList (org.apache.ranger.view.VXStringList)6
VXPortalUser (org.apache.ranger.view.VXPortalUser)5
HashMap (java.util.HashMap)4
XXModuleDefDao (org.apache.ranger.db.XXModuleDefDao)4
XXPortalUserRoleDao (org.apache.ranger.db.XXPortalUserRoleDao)4
XXUserDao (org.apache.ranger.db.XXUserDao)4
VXUserList (org.apache.ranger.view.VXUserList)4
Date (java.util.Date)3
XXPortalUserRole (org.apache.ranger.entity.XXPortalUserRole)3
VXGroup (org.apache.ranger.view.VXGroup)3
JsonSyntaxException (com.google.gson.JsonSyntaxException)2
IOException (java.io.IOException)2
List (java.util.List)2
