private void propagateUserId(HttpRequest request) { String userId = request.headers().get(Constants.Security.Headers.USER_ID); if (userId != null) { LOG.debug("Propagating userId as {}", userId); SecurityRequestContext.setUserId(userId); } } }
/** * Helper function, to run the callable as the principal provided and reset back when the call is done */ public static <T> T authorizeAs(String userName, Callable<T> callable) throws Exception { String oldUserName = SecurityRequestContext.getUserId(); SecurityRequestContext.setUserId(userName); try { return callable.call(); } finally { SecurityRequestContext.setUserId(oldUserName); } }
@Override public ListenableFuture<MetaDataInfo> info(final MetaDataInfo.InfoType infoType) { final String userId = SecurityRequestContext.getUserId(); final String userIp = SecurityRequestContext.getUserIP(); // this is not an async call so we do not need to wait for the future return executor.submit(new Callable<MetaDataInfo>() { @Override public MetaDataInfo call() throws Exception { SecurityRequestContext.setUserId(userId); SecurityRequestContext.setUserIP(userIp); return getInfo(infoType); } }); }
@Path("/") @DELETE public void delete(HttpRequest request, HttpResponder responder) throws Exception { String userId = Objects.firstNonNull(SecurityRequestContext.getUserId(), ""); try { store.delete(userId); } catch (ConfigNotFoundException e) { // no-op if configuration does not exist - possible if nothing was 'put' } responder.sendStatus(HttpResponseStatus.OK); }
@After @Override public void afterTest() throws Exception { Authorizer authorizer = getAuthorizer(); SecurityRequestContext.setUserId(ALICE.getName()); grantAndAssertSuccess(AUTH_NAMESPACE, SecurityRequestContext.toPrincipal(), EnumSet.of(Action.ADMIN)); // clean up. remove the namespace if it exists if (getNamespaceAdmin().exists(AUTH_NAMESPACE)) { getNamespaceAdmin().delete(AUTH_NAMESPACE); Assert.assertFalse(getNamespaceAdmin().exists(AUTH_NAMESPACE)); } revokeAndAssertSuccess(AUTH_NAMESPACE); for (EntityId entityId : cleanUpEntities) { revokeAndAssertSuccess(entityId); } Assert.assertEquals(Collections.emptySet(), authorizer.listPrivileges(ALICE)); }
private void createLogEntry(HttpRequest httpRequest, HttpResponseStatus responseStatus) throws UnknownHostException { InetAddress clientAddr = InetAddress.getByName(Objects.firstNonNull(SecurityRequestContext.getUserIP(), "0.0.0.0")); AuditLogEntry logEntry = new AuditLogEntry(httpRequest, clientAddr.getHostAddress()); logEntry.setUserName(authenticationContext.getPrincipal().getName()); logEntry.setResponse(responseStatus.code(), 0L); AUDIT_LOG.trace(logEntry.toString()); } }
@Path("/") @DELETE public void delete(HttpRequest request, HttpResponder responder) throws Exception { String userId = Objects.firstNonNull(SecurityRequestContext.getUserId(), ""); try { store.delete(userId); } catch (ConfigNotFoundException e) { // no-op if configuration does not exist - possible if nothing was 'put' } responder.sendStatus(HttpResponseStatus.OK); }
private void createLogEntry(HttpRequest httpRequest, HttpResponseStatus responseStatus) throws UnknownHostException { InetAddress clientAddr = InetAddress.getByName(Objects.firstNonNull(SecurityRequestContext.getUserIP(), "0.0.0.0")); AuditLogEntry logEntry = new AuditLogEntry(httpRequest, clientAddr.getHostAddress()); logEntry.setUserName(authenticationContext.getPrincipal().getName()); logEntry.setResponse(responseStatus.code(), 0L); AUDIT_LOG.trace(logEntry.toString()); } }
private void propagateUserId(HttpRequest request) { String userId = request.headers().get(Constants.Security.Headers.USER_ID); if (userId != null) { LOG.debug("Propagating userId as {}", userId); SecurityRequestContext.setUserId(userId); } } }
/** * Executes the given {@link ThrowingRunnable} by setting the {@link SecurityRequestContext} based on the given * {@link Principal}. */ private void runWithPrincipal(Principal principal, ThrowingRunnable runnable) throws Exception { String oldUserId = SecurityRequestContext.getUserId(); try { SecurityRequestContext.setUserId(principal.getName()); runnable.run(); } finally { SecurityRequestContext.setUserId(oldUserId); } } }
@Override public Principal getPrincipal() { // When requests come in via rest endpoints, the userId is updated inside SecurityRequestContext, so give that // precedence. String userId = SecurityRequestContext.getUserId(); // This userId can be null, when the master itself is asynchoronously updating the policy cache, since // during that process the router will not set the SecurityRequestContext. In that case, obtain the userId from // the UserGroupInformation, which will be the user that the master is running as. if (userId == null) { try { userId = UserGroupInformation.getCurrentUser().getShortUserName(); } catch (IOException e) { throw Throwables.propagate(e); } } return new Principal(userId, Principal.PrincipalType.USER); } }
@Override public ListenableFuture<MetaDataInfo> info(final MetaDataInfo.InfoType infoType) { final String userId = SecurityRequestContext.getUserId(); final String userIp = SecurityRequestContext.getUserIP(); // this is not an async call so we do not need to wait for the future return executor.submit(new Callable<MetaDataInfo>() { @Override public MetaDataInfo call() throws Exception { SecurityRequestContext.setUserId(userId); SecurityRequestContext.setUserIP(userIp); return getInfo(infoType); } }); }
private void propagateUserId(HttpRequest request) { String userId = request.headers().get(Constants.Security.Headers.USER_ID); if (userId != null) { LOG.debug("Propagating userId as {}", userId); SecurityRequestContext.setUserId(userId); } } }
/** * Executes the given {@link ThrowingRunnable} by setting the {@link SecurityRequestContext} based on the given * {@link Principal}. */ private void runWithPrincipal(Principal principal, ThrowingRunnable runnable) throws Exception { String oldUserId = SecurityRequestContext.getUserId(); try { SecurityRequestContext.setUserId(principal.getName()); runnable.run(); } finally { SecurityRequestContext.setUserId(oldUserId); } } }
private void logWithTrace(HttpRequest request, Throwable t) { LOG.trace("Error in handling request={} {} for user={}:", request.method().name(), request.uri(), Objects.firstNonNull(SecurityRequestContext.getUserId(), "<null>"), t); } })
private ListenableFuture<ExploreExecutionResult> getResultsFuture(final HandleProducer handleProducer) { // NOTE: here we have two levels of Future because we want to return the future that actually // finishes the execution of the operation - it is not enough that the future handle // be available final String userId = SecurityRequestContext.getUserId(); final String userIp = SecurityRequestContext.getUserIP(); ListenableFuture<QueryHandle> futureHandle = executor.submit(new Callable<QueryHandle>() { @Override public QueryHandle call() throws Exception { SecurityRequestContext.setUserId(userId); SecurityRequestContext.setUserIP(userIp); return handleProducer.getHandle(); } }); return getFutureResultsFromHandle(futureHandle); }