use of org.apache.ranger.view.VXUser in project ranger by apache.
the class XUserServiceBase method searchXUsers.
/**
* @param searchCriteria
* @return
*/
public VXUserList searchXUsers(SearchCriteria searchCriteria) {
VXUserList returnList = new VXUserList();
List<VXUser> xUserList = new ArrayList<VXUser>();
@SuppressWarnings("unchecked") List<XXUser> resultList = (List<XXUser>) searchResources(searchCriteria, searchFields, sortFields, returnList);
// Iterate over the result list and create the return list
for (XXUser gjXUser : resultList) {
@SuppressWarnings("unchecked") VXUser vXUser = populateViewBean((T) gjXUser);
xUserList.add(vXUser);
}
returnList.setVXUsers(xUserList);
return returnList;
}
use of org.apache.ranger.view.VXUser in project ranger by apache.
the class ServiceDBStore method createService.
@Override
public RangerService createService(RangerService service) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceDBStore.createService(" + service + ")");
}
if (service == null) {
throw restErrorUtil.createRESTException("Service object cannot be null.", MessageEnums.ERROR_CREATING_OBJECT);
}
boolean createDefaultPolicy = true;
Map<String, String> configs = service.getConfigs();
Map<String, String> validConfigs = validateRequiredConfigParams(service, configs);
if (validConfigs == null) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ConfigParams cannot be null, ServiceDBStore.createService(" + service + ")");
}
throw restErrorUtil.createRESTException("ConfigParams cannot be null.", MessageEnums.ERROR_CREATING_OBJECT);
}
// While creating, value of version should be 1.
service.setVersion(Long.valueOf(1));
service.setTagVersion(Long.valueOf(1));
if (populateExistingBaseFields) {
svcServiceWithAssignedId.setPopulateExistingBaseFields(true);
daoMgr.getXXService().setIdentityInsert(true);
service = svcServiceWithAssignedId.create(service);
daoMgr.getXXService().setIdentityInsert(false);
daoMgr.getXXService().updateSequence();
svcServiceWithAssignedId.setPopulateExistingBaseFields(false);
createDefaultPolicy = false;
} else {
service = svcService.create(service);
}
XXService xCreatedService = daoMgr.getXXService().getById(service.getId());
VXUser vXUser = null;
XXServiceConfigMapDao xConfMapDao = daoMgr.getXXServiceConfigMap();
for (Entry<String, String> configMap : validConfigs.entrySet()) {
String configKey = configMap.getKey();
String configValue = configMap.getValue();
if (StringUtils.equalsIgnoreCase(configKey, "username")) {
String userName = stringUtil.getValidUserName(configValue);
XXUser xxUser = daoMgr.getXXUser().findByUserName(userName);
if (xxUser != null) {
vXUser = xUserService.populateViewBean(xxUser);
} else {
UserSessionBase usb = ContextUtil.getCurrentUserSession();
if (usb != null && !usb.isUserAdmin() && !usb.isSpnegoEnabled()) {
throw restErrorUtil.createRESTException("User does not exist with given username: [" + userName + "] please use existing user", MessageEnums.OPER_NO_PERMISSION);
}
vXUser = xUserMgr.createServiceConfigUser(userName);
}
}
if (StringUtils.equalsIgnoreCase(configKey, CONFIG_KEY_PASSWORD)) {
String cryptConfigString = CRYPT_ALGO + "," + ENCRYPT_KEY + "," + SALT + "," + ITERATION_COUNT + "," + configValue;
String encryptedPwd = PasswordUtils.encryptPassword(cryptConfigString);
encryptedPwd = CRYPT_ALGO + "," + ENCRYPT_KEY + "," + SALT + "," + ITERATION_COUNT + "," + encryptedPwd;
String decryptedPwd = PasswordUtils.decryptPassword(encryptedPwd);
if (StringUtils.equals(decryptedPwd, configValue)) {
configValue = encryptedPwd;
}
}
XXServiceConfigMap xConfMap = new XXServiceConfigMap();
xConfMap = rangerAuditFields.populateAuditFields(xConfMap, xCreatedService);
xConfMap.setServiceId(xCreatedService.getId());
xConfMap.setConfigkey(configKey);
xConfMap.setConfigvalue(configValue);
xConfMapDao.create(xConfMap);
}
if (LOG.isDebugEnabled()) {
LOG.debug("vXUser:[" + vXUser + "]");
}
RangerService createdService = svcService.getPopulatedViewObject(xCreatedService);
if (createdService == null) {
throw restErrorUtil.createRESTException("Could not create service - Internal error ", MessageEnums.ERROR_CREATING_OBJECT);
}
dataHistService.createObjectDataHistory(createdService, RangerDataHistService.ACTION_CREATE);
List<XXTrxLog> trxLogList = svcService.getTransactionLog(createdService, RangerServiceService.OPERATION_CREATE_CONTEXT);
bizUtil.createTrxLog(trxLogList);
if (createDefaultPolicy) {
createDefaultPolicies(createdService);
}
return createdService;
}
use of org.apache.ranger.view.VXUser in project ranger by apache.
the class ServiceDBStore method createGenericUsers.
private void createGenericUsers() {
VXUser genericUser = new VXUser();
genericUser.setName(RangerPolicyEngine.USER_CURRENT);
genericUser.setDescription(RangerPolicyEngine.USER_CURRENT);
xUserService.createXUserWithOutLogin(genericUser);
genericUser.setName(RangerPolicyEngine.RESOURCE_OWNER);
genericUser.setDescription(RangerPolicyEngine.RESOURCE_OWNER);
xUserService.createXUserWithOutLogin(genericUser);
}
use of org.apache.ranger.view.VXUser in project ranger by apache.
the class RoleBasedUserSearchUtil method validateUserAndFetchUserList.
public void validateUserAndFetchUserList() {
userLoginId = userLoginId.toLowerCase();
XXPortalUser xxPortalUser = daoMgr.getXXPortalUser().findByLoginId(userLoginId);
Boolean isUserAuthorized = false;
if (xxPortalUser != null) {
String dbPassword = xxPortalUser.getPassword();
String currentEncryptedPassword = null;
try {
currentEncryptedPassword = userMgr.encrypt(userLoginId, currentPassword);
if (currentEncryptedPassword != null && currentEncryptedPassword.equals(dbPassword)) {
VXUser vxUser = xUserService.getXUserByUserName(xxPortalUser.getLoginId());
if (vxUser != null) {
List<String> existingRole = (List<String>) vxUser.getUserRoleList();
List<String> permissionList = daoMgr.getXXModuleDef().findAccessibleModulesByUserId(xxPortalUser.getId(), vxUser.getId());
if (permissionList != null && permissionList.contains(RangerConstants.MODULE_USER_GROUPS) && !CollectionUtils.isEmpty(existingRole) && !StringUtils.isBlank(existingRole.get(0))) {
List<String> userRoleList = new ArrayList<String>();
if (existingRole.get(0).equalsIgnoreCase(RangerConstants.ROLE_USER)) {
userRoleList.add(RangerConstants.ROLE_USER);
if (checkRole) {
getUsersBasedOnRole(userRoleList);
} else if (existingRole.get(0).equalsIgnoreCase(userRole) || userRole.equalsIgnoreCase(RangerConstants.ROLE_USER)) {
getUsersBasedOnRole(userRoleList);
} else {
isUserAuthorized = true;
}
} else if (existingRole.get(0).equalsIgnoreCase(RangerConstants.ROLE_SYS_ADMIN) || existingRole.get(0).equalsIgnoreCase(RangerConstants.ROLE_ADMIN_AUDITOR)) {
if (checkRole) {
userRoleList.add(RangerConstants.ROLE_SYS_ADMIN);
userRoleList.add(RangerConstants.ROLE_ADMIN_AUDITOR);
userRoleList.add(RangerConstants.ROLE_USER);
getUsersBasedOnRole(userRoleList);
} else if (existingRole.get(0).equalsIgnoreCase(userRole) || userRole.equalsIgnoreCase(RangerConstants.ROLE_USER) || userRole.equalsIgnoreCase(RangerConstants.ROLE_ADMIN_AUDITOR) || userRole.equalsIgnoreCase(RangerConstants.ROLE_SYS_ADMIN)) {
userRoleList.add(userRole);
getUsersBasedOnRole(userRoleList);
} else {
isUserAuthorized = true;
}
} else if (existingRole.get(0).equalsIgnoreCase(RangerConstants.ROLE_KEY_ADMIN) || existingRole.get(0).equalsIgnoreCase(RangerConstants.ROLE_KEY_ADMIN_AUDITOR) || userRole.equalsIgnoreCase(RangerConstants.ROLE_USER)) {
if (checkRole) {
userRoleList.add(RangerConstants.ROLE_KEY_ADMIN);
userRoleList.add(RangerConstants.ROLE_KEY_ADMIN_AUDITOR);
userRoleList.add(RangerConstants.ROLE_USER);
getUsersBasedOnRole(userRoleList);
} else if (existingRole.get(0).equalsIgnoreCase(userRole) || userRole.equalsIgnoreCase(RangerConstants.ROLE_USER) || userRole.equalsIgnoreCase(RangerConstants.ROLE_KEY_ADMIN) || userRole.equalsIgnoreCase(RangerConstants.ROLE_KEY_ADMIN_AUDITOR)) {
userRoleList.add(userRole);
getUsersBasedOnRole(userRoleList);
} else {
isUserAuthorized = true;
}
}
if (isUserAuthorized == true) {
System.out.println("user is not authorized to fetch this list");
logger.error("user is not authorized to fetch this list");
System.exit(1);
}
} else {
System.out.println("user permission denied");
logger.error("user permission denied");
System.exit(1);
}
}
} else {
System.out.println("Invalid user password");
logger.error("Invalid user password");
System.exit(1);
}
} catch (Exception e) {
logger.error("Getting User's List with the mentioned role failure. Detail: \n", e);
System.exit(1);
}
} else {
System.out.println("User does not exist in DB!!");
logger.error("User does not exist in DB");
System.exit(1);
}
}
use of org.apache.ranger.view.VXUser in project ranger by apache.
the class ServiceREST method revokeAccess.
@POST
@Path("/services/revoke/{serviceName}")
@Produces({ "application/json", "application/xml" })
public RESTResponse revokeAccess(@PathParam("serviceName") String serviceName, GrantRevokeRequest revokeRequest, @Context HttpServletRequest request) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.revokeAccess(" + serviceName + ", " + revokeRequest + ")");
}
RESTResponse ret = new RESTResponse();
RangerPerfTracer perf = null;
if (revokeRequest != null) {
if (serviceUtil.isValidateHttpsAuthentication(serviceName, request)) {
try {
if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.revokeAccess(serviceName=" + serviceName + ")");
}
validateGrantRevokeRequest(revokeRequest);
String userName = revokeRequest.getGrantor();
Set<String> userGroups = CollectionUtils.isNotEmpty(revokeRequest.getGrantorGroups()) ? revokeRequest.getGrantorGroups() : userMgr.getGroupsForUser(userName);
RangerAccessResource resource = new RangerAccessResourceImpl(StringUtil.toStringObjectMap(revokeRequest.getResource()));
VXUser vxUser = xUserService.getXUserByUserName(userName);
if (vxUser.getUserRoleList().contains(RangerConstants.ROLE_ADMIN_AUDITOR) || vxUser.getUserRoleList().contains(RangerConstants.ROLE_KEY_ADMIN_AUDITOR)) {
VXResponse vXResponse = new VXResponse();
vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
vXResponse.setMsgDesc("Operation" + " denied. LoggedInUser=" + vxUser.getId() + " ,isn't permitted to perform the action.");
throw restErrorUtil.generateRESTException(vXResponse);
}
boolean isAdmin = hasAdminAccess(serviceName, userName, userGroups, resource);
if (!isAdmin) {
throw restErrorUtil.createGrantRevokeRESTException("User doesn't have necessary permission to revoke access");
}
RangerPolicy policy = getExactMatchPolicyForResource(serviceName, resource, userName);
if (policy != null) {
boolean policyUpdated = false;
policyUpdated = ServiceRESTUtil.processRevokeRequest(policy, revokeRequest);
if (policyUpdated) {
svcStore.updatePolicy(policy);
} else {
LOG.error("processRevokeRequest processing failed");
throw new Exception("processRevokeRequest processing failed");
}
}
} catch (WebApplicationException excp) {
throw excp;
} catch (Throwable excp) {
LOG.error("revokeAccess(" + serviceName + ", " + revokeRequest + ") failed", excp);
throw restErrorUtil.createRESTException(excp.getMessage());
} finally {
RangerPerfTracer.log(perf);
}
ret.setStatusCode(RESTResponse.STATUS_SUCCESS);
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceREST.revokeAccess(" + serviceName + ", " + revokeRequest + "): " + ret);
}
return ret;
}
Aggregations