@Override public boolean hasPermissions(AuthenticationContext ctx, String targetEntityNamespace, Long targetEntityId, EnumSet<Permission> permissions) { boolean result = checkPermissions(ctx, targetEntityNamespace, targetEntityId, permissions); LOG.debug("DefaultStreamlineAuthorizer, AuthenticationContext: {}, targetEntityNamespace: {}, targetEntityId: {}, " + "permissions: {}, result: {}", ctx, targetEntityNamespace, targetEntityId, permissions, result); return result; }
@Override public boolean hasRole(AuthenticationContext ctx, String role) { boolean result = checkRole(ctx, role); LOG.debug("DefaultStreamlineAuthorizer, AuthenticationContext: {}, Role: {}, Result: {}", ctx, role, result); return result; }
@SuppressWarnings("unchecked") @Override public void init(Map<String, Object> config) { LOG.info("Initializing DefaultStreamlineAuthorizer with config {}", config); catalogService = (SecurityCatalogService) config.get(CONF_CATALOG_SERVICE); adminUsers = ((Set<String>) config.get(CONF_ADMIN_PRINCIPALS)).stream() .map(SecurityUtil::getUserName) .collect(Collectors.toSet()); LOG.info("Admin users: {}", adminUsers); mayBeAddAdminUsers(); mayBeAssignAdminRole(); }
private boolean checkRole(AuthenticationContext ctx, String role) { validateAuthenticationContext(ctx); String userName = SecurityUtil.getUserName(ctx); User user = catalogService.getUser(userName); if (user == null) { String msg = String.format("No such user '%s'", userName); LOG.warn(msg); throw new AuthorizationException(msg); } return userHasRole(user, Roles.ROLE_ADMIN) || userHasRole(user, role); }
@Override public void removeAcl(AuthenticationContext ctx, String targetEntityNamespace, Long targetEntityId) { validateAuthenticationContext(ctx); String userName = SecurityUtil.getUserName(ctx); User user = catalogService.getUser(userName); if (user == null || user.getId() == null) { String msg = String.format("No such user '%s'", userName); LOG.warn(msg); throw new AuthorizationException(msg); } catalogService.listUserAcls(user.getId(), targetEntityNamespace, targetEntityId).forEach(acl -> { LOG.debug("Removing Acl {}", acl); catalogService.removeAcl(acl.getId()); }); }
private void mayBeAssignAdminRole() { LOG.info("Checking if admin users have admin role"); Role adminRole = catalogService.getRole(Roles.ROLE_ADMIN) .orElseGet(() -> { Role admin = new Role(); admin.setName("ROLE_ADMIN"); admin.setDisplayName("Admin"); admin.setDescription("Super user role that has all the system roles and privileges"); admin.setMetadata("{\"colorCode\":\"#8261be\",\"colorLabel\":\"purple\",\"icon\":\"gears\", \"menu\": [\"schemaRegistry\", \"modelRegistry\", \"udf\", \"dashboard\", \"topology\", \"authorizer\", \"notifier\", \"customprocessor\", \"servicepool\", \"environments\"], \"capabilities\": [{\"Applications\": \"Edit\"}, {\"Service Pool\": \"Edit\"}, {\"Environments\": \"Edit\"}, {\"Users\": \"Edit\"}, {\"Dashboard\": \"Edit\"}]}"); admin.setSystem(false); return catalogService.addRole(admin); }); adminUsers.stream() .map(userName -> catalogService.getUser(userName)) .filter(user -> { if (userHasRole(user, Roles.ROLE_ADMIN)) { LOG.info("user '{}' already has '{}'", user, Roles.ROLE_ADMIN); return false; } else { return true; } }) .forEach(user -> catalogService.addUserRole(user.getId(), adminRole.getId())); }
private boolean checkPermissions(AuthenticationContext ctx, String targetEntityNamespace, Long targetEntityId, EnumSet<Permission> permissions) { validateAuthenticationContext(ctx); String userName = SecurityUtil.getUserName(ctx); User user = catalogService.getUser(userName); if (user == null || user.getId() == null) { String msg = String.format("No such user '%s'", userName); LOG.warn(msg); throw new AuthorizationException(msg); } return userHasRole(user, Roles.ROLE_ADMIN) || catalogService.checkUserPermissions(targetEntityNamespace, targetEntityId, user.getId(), permissions); }
@Override public void addAcl(AuthenticationContext ctx, String targetEntityNamespace, Long targetEntityId, boolean owner, boolean grant, EnumSet<Permission> permissions) { validateAuthenticationContext(ctx); String userName = SecurityUtil.getUserName(ctx); User user = catalogService.getUser(userName); if (user == null || user.getId() == null) { String msg = String.format("No such user '%s'", userName); LOG.warn(msg); throw new AuthorizationException(msg); } AclEntry aclEntry = new AclEntry(); aclEntry.setObjectId(targetEntityId); aclEntry.setObjectNamespace(targetEntityNamespace); aclEntry.setSidId(user.getId()); aclEntry.setSidType(AclEntry.SidType.USER); aclEntry.setOwner(owner); aclEntry.setGrant(grant); aclEntry.setPermissions(permissions); catalogService.addAcl(aclEntry); }