use of org.apache.storm.security.auth.IAuthorizer in project storm by apache.
the class StormCommon method mkAuthorizationHandlerImpl.
protected IAuthorizer mkAuthorizationHandlerImpl(String klassName, Map conf) throws ClassNotFoundException, IllegalAccessException, InstantiationException {
IAuthorizer aznHandler = null;
if (StringUtils.isNotBlank(klassName)) {
Class<?> aznClass = Class.forName(klassName);
if (aznClass != null) {
aznHandler = (IAuthorizer) aznClass.newInstance();
if (aznHandler != null) {
aznHandler.prepare(conf);
}
LOG.debug("authorization class name:{}, class:{}, handler:{}", klassName, aznClass, aznHandler);
}
}
return aznHandler;
}
use of org.apache.storm.security.auth.IAuthorizer in project storm by apache.
the class Supervisor method checkAuthorization.
@VisibleForTesting
public void checkAuthorization(String topoName, Map<String, Object> topoConf, String operation, ReqContext context) throws AuthorizationException {
if (context == null) {
context = ReqContext.context();
}
Map<String, Object> checkConf = new HashMap<>();
if (topoConf != null) {
checkConf.putAll(topoConf);
} else if (topoName != null) {
checkConf.put(Config.TOPOLOGY_NAME, topoName);
}
if (context.isImpersonating()) {
LOG.info("principal: {} is trying to impersonate principal: {}", context.realPrincipal(), context.principal());
throw new WrappedAuthorizationException("Supervisor does not support impersonation");
}
IAuthorizer aclHandler = authorizationHandler;
if (aclHandler != null) {
if (!aclHandler.permit(context, operation, checkConf)) {
ThriftAccessLogger.logAccess(context.requestID(), context.remoteAddress(), context.principal(), operation, topoName, "access-denied");
throw new WrappedAuthorizationException(operation + (topoName != null ? " on topology " + topoName : "") + " is not authorized");
} else {
ThriftAccessLogger.logAccess(context.requestID(), context.remoteAddress(), context.principal(), operation, topoName, "access-granted");
}
}
}
use of org.apache.storm.security.auth.IAuthorizer in project storm by apache.
the class SimpleACLAuthorizerTest method SimpleACLTopologyReadOnlyGroupAuthTest.
@Test
public void SimpleACLTopologyReadOnlyGroupAuthTest() {
Map<String, Object> clusterConf = ConfigUtils.readStormConfig();
clusterConf.put(Config.STORM_GROUP_MAPPING_SERVICE_PROVIDER_PLUGIN, SimpleACLTopologyReadOnlyGroupAuthTestMock.class.getName());
Map<String, Object> topoConf = new HashMap<>();
Collection<String> topologyReadOnlyGroupSet = new HashSet<>(Arrays.asList("group-readonly"));
topoConf.put(Config.TOPOLOGY_READONLY_GROUPS, topologyReadOnlyGroupSet);
Subject userInReadOnlyGroup = createSubject("user-in-readonly-group");
Subject userB = createSubject("user-b");
IAuthorizer authorizer = new SimpleACLAuthorizer();
authorizer.prepare(clusterConf);
Assert.assertFalse(authorizer.permit(new ReqContext(userInReadOnlyGroup), "killTopology", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "killTopology", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userInReadOnlyGroup), "getTopologyInfo", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "getTopologyInfo", topoConf));
}
use of org.apache.storm.security.auth.IAuthorizer in project storm by apache.
the class SimpleACLAuthorizerTest method SimpleACLTopologyReadOnlyUserAuthTest.
@Test
public void SimpleACLTopologyReadOnlyUserAuthTest() {
Map<String, Object> clusterConf = ConfigUtils.readStormConfig();
Map<String, Object> topoConf = new HashMap<>();
Collection<String> topologyUserSet = new HashSet<>(Arrays.asList("user-a"));
topoConf.put(Config.TOPOLOGY_USERS, topologyUserSet);
Collection<String> topologyReadOnlyUserSet = new HashSet<>(Arrays.asList("user-readonly"));
topoConf.put(Config.TOPOLOGY_READONLY_USERS, topologyReadOnlyUserSet);
Subject userA = createSubject("user-a");
Subject userB = createSubject("user-b");
Subject readOnlyUser = createSubject("user-readonly");
IAuthorizer authorizer = new SimpleACLAuthorizer();
authorizer.prepare(clusterConf);
Assert.assertFalse(authorizer.permit(new ReqContext(readOnlyUser), "killTopology", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "killTopology", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "killTopology", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(readOnlyUser), "rebalance", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "rebalance", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "rebalance", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(readOnlyUser), "activate", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "activate", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "activate", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(readOnlyUser), "deactivate", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "deactivate", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "deactivate", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(readOnlyUser), "getTopologyConf", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "getTopologyConf", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "getTopologyConf", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(readOnlyUser), "getTopology", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "getTopology", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "getTopology", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(readOnlyUser), "getUserTopology", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "getUserTopology", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "getUserTopology", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(readOnlyUser), "getTopologyInfo", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "getTopologyInfo", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "getTopologyInfo", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(readOnlyUser), "getTopologyPageInfo", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "getTopologyPageInfo", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "getTopologyPageInfo", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(readOnlyUser), "getComponentPageInfo", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "getComponentPageInfo", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "getComponentPageInfo", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(readOnlyUser), "uploadNewCredentials", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "uploadNewCredentials", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "uploadNewCredentials", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(readOnlyUser), "setLogConfig", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "setLogConfig", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "setLogConfig", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(readOnlyUser), "setWorkerProfiler", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "setWorkerProfiler", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "setWorkerProfiler", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(readOnlyUser), "getWorkerProfileActionExpiry", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "getWorkerProfileActionExpiry", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "getWorkerProfileActionExpiry", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(readOnlyUser), "getComponentPendingProfileActions", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "getComponentPendingProfileActions", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "getComponentPendingProfileActions", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(readOnlyUser), "startProfiling", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "startProfiling", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "startProfiling", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(readOnlyUser), "stopProfiling", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "stopProfiling", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "stopProfiling", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(readOnlyUser), "dumpProfile", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "dumpProfile", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "dumpProfile", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(readOnlyUser), "dumpJstack", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "dumpJstack", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "dumpJstack", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(readOnlyUser), "dumpHeap", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "dumpHeap", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "dumpHeap", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(readOnlyUser), "debug", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "debug", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "debug", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(readOnlyUser), "getLogConfig", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "getLogConfig", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "getLogConfig", topoConf));
}
use of org.apache.storm.security.auth.IAuthorizer in project storm by apache.
the class SimpleACLAuthorizerTest method SimpleACLUserAuthTest.
@Test
public void SimpleACLUserAuthTest() {
Map<String, Object> clusterConf = ConfigUtils.readStormConfig();
Collection<String> adminUserSet = new HashSet<>(Arrays.asList("admin"));
Collection<String> supervisorUserSet = new HashSet<>(Arrays.asList("supervisor"));
clusterConf.put(Config.NIMBUS_ADMINS, adminUserSet);
clusterConf.put(Config.NIMBUS_SUPERVISOR_USERS, supervisorUserSet);
IAuthorizer authorizer = new SimpleACLAuthorizer();
Subject adminUser = createSubject("admin");
Subject supervisorUser = createSubject("supervisor");
Subject userA = createSubject("user-a");
Subject userB = createSubject("user-b");
authorizer.prepare(clusterConf);
Assert.assertTrue(authorizer.permit(new ReqContext(adminUser), "submitTopology", new HashMap<>()));
Assert.assertFalse(authorizer.permit(new ReqContext(supervisorUser), "submitTopology", new HashMap<>()));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "submitTopology", new HashMap<>()));
Assert.assertTrue(authorizer.permit(new ReqContext(userB), "submitTopology", new HashMap<>()));
Assert.assertTrue(authorizer.permit(new ReqContext(adminUser), "fileUpload", new HashMap<>()));
Assert.assertFalse(authorizer.permit(new ReqContext(supervisorUser), "fileUpload", new HashMap<>()));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "fileUpload", new HashMap<>()));
Assert.assertTrue(authorizer.permit(new ReqContext(userB), "fileUpload", new HashMap<>()));
Assert.assertTrue(authorizer.permit(new ReqContext(adminUser), "getNimbusConf", new HashMap<>()));
Assert.assertFalse(authorizer.permit(new ReqContext(supervisorUser), "getNimbusConf", new HashMap<>()));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "getNimbusConf", new HashMap<>()));
Assert.assertTrue(authorizer.permit(new ReqContext(userB), "getNimbusConf", new HashMap<>()));
Assert.assertTrue(authorizer.permit(new ReqContext(adminUser), "getClusterInfo", new HashMap<>()));
Assert.assertFalse(authorizer.permit(new ReqContext(supervisorUser), "getClusterInfo", new HashMap<>()));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "getClusterInfo", new HashMap<>()));
Assert.assertTrue(authorizer.permit(new ReqContext(userB), "getClusterInfo", new HashMap<>()));
Assert.assertTrue(authorizer.permit(new ReqContext(adminUser), "getSupervisorPageInfo", new HashMap<>()));
Assert.assertFalse(authorizer.permit(new ReqContext(supervisorUser), "getSupervisorPageInfo", new HashMap<>()));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "getSupervisorPageInfo", new HashMap<>()));
Assert.assertTrue(authorizer.permit(new ReqContext(userB), "getSupervisorPageInfo", new HashMap<>()));
Assert.assertTrue(authorizer.permit(new ReqContext(adminUser), "fileDownload", new HashMap<>()));
Assert.assertTrue(authorizer.permit(new ReqContext(supervisorUser), "fileDownload", new HashMap<>()));
Assert.assertFalse(authorizer.permit(new ReqContext(userA), "fileDownload", new HashMap<>()));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "fileDownload", new HashMap<>()));
Map<String, Object> topoConf = new HashMap<>();
Collection<String> topologyUserSet = new HashSet<>(Arrays.asList("user-a"));
topoConf.put(Config.TOPOLOGY_USERS, topologyUserSet);
Assert.assertTrue(authorizer.permit(new ReqContext(adminUser), "killTopology", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(supervisorUser), "killTopology", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "killTopology", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "killTopology", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(adminUser), "rebalance", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(supervisorUser), "rebalance", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "rebalance", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "rebalance", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(adminUser), "activate", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(supervisorUser), "activate", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "activate", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "activate", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(adminUser), "deactivate", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(supervisorUser), "deactivate", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "deactivate", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "deactivate", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(adminUser), "getTopologyConf", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(supervisorUser), "getTopologyConf", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "getTopologyConf", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "getTopologyConf", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(adminUser), "getTopology", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(supervisorUser), "getTopology", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "getTopology", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "getTopology", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(adminUser), "getUserTopology", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(supervisorUser), "getUserTopology", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "getUserTopology", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "getUserTopology", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(adminUser), "getTopologyInfo", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(supervisorUser), "getTopologyInfo", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "getTopologyInfo", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "getTopologyInfo", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(adminUser), "getTopologyPageInfo", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(supervisorUser), "getTopologyPageInfo", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "getTopologyPageInfo", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "getTopologyPageInfo", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(adminUser), "getComponentPageInfo", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(supervisorUser), "getComponentPageInfo", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "getComponentPageInfo", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "getComponentPageInfo", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(adminUser), "uploadNewCredentials", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(supervisorUser), "uploadNewCredentials", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "uploadNewCredentials", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "uploadNewCredentials", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(adminUser), "setLogConfig", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(supervisorUser), "setLogConfig", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "setLogConfig", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "setLogConfig", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(adminUser), "setWorkerProfiler", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(supervisorUser), "setWorkerProfiler", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "setWorkerProfiler", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "setWorkerProfiler", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(adminUser), "getWorkerProfileActionExpiry", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(supervisorUser), "getWorkerProfileActionExpiry", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "getWorkerProfileActionExpiry", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "getWorkerProfileActionExpiry", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(adminUser), "getComponentPendingProfileActions", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(supervisorUser), "getComponentPendingProfileActions", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "getComponentPendingProfileActions", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "getComponentPendingProfileActions", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(adminUser), "startProfiling", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(supervisorUser), "startProfiling", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "startProfiling", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "startProfiling", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(adminUser), "stopProfiling", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(supervisorUser), "stopProfiling", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "stopProfiling", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "stopProfiling", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(adminUser), "dumpProfile", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(supervisorUser), "dumpProfile", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "dumpProfile", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "dumpProfile", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(adminUser), "dumpJstack", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(supervisorUser), "dumpJstack", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "dumpJstack", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "dumpJstack", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(adminUser), "dumpHeap", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(supervisorUser), "dumpHeap", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "dumpHeap", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "dumpHeap", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(adminUser), "debug", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(supervisorUser), "debug", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "debug", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "debug", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(adminUser), "getLogConfig", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(supervisorUser), "getLogConfig", topoConf));
Assert.assertTrue(authorizer.permit(new ReqContext(userA), "getLogConfig", topoConf));
Assert.assertFalse(authorizer.permit(new ReqContext(userB), "getLogConfig", topoConf));
}
Aggregations