public String toLocal(String principalName); }
/** * Construct a principal to local plugin * * @param topoConf storm configuration * @return the plugin */ public static IPrincipalToLocal getPrincipalToLocalPlugin(Map<String, Object> topoConf) { IPrincipalToLocal ptol = null; try { String ptol_klassName = (String) topoConf.get(Config.STORM_PRINCIPAL_TO_LOCAL_PLUGIN); if (ptol_klassName == null) { LOG.warn("No principal to local given {}", Config.STORM_PRINCIPAL_TO_LOCAL_PLUGIN); } else { ptol = ReflectionUtils.newInstance(ptol_klassName); //TODO this can only ever be null if someone is doing something odd with mocking // We should really fix the mocking and remove this if (ptol != null) { ptol.prepare(topoConf); } } } catch (Exception e) { throw new RuntimeException(e); } return ptol; }
private Set<String> getUserNamesFromSubject(Subject who) { Set<String> user = new HashSet<String>(); if (who != null) { for (Principal p : who.getPrincipals()) { user.add(_ptol.toLocal(p)); } } return user; } }
/** * Construct a principal to local plugin * @param storm_conf storm configuration * @return the plugin */ public static IPrincipalToLocal GetPrincipalToLocalPlugin(Map storm_conf) { IPrincipalToLocal ptol; try { String ptol_klassName = (String) storm_conf.get(Config.STORM_PRINCIPAL_TO_LOCAL_PLUGIN); Class klass = Class.forName(ptol_klassName); ptol = (IPrincipalToLocal)klass.newInstance(); ptol.prepare(storm_conf); } catch (Exception e) { throw new RuntimeException(e); } return ptol; }
private Set<String> constructUserFromPrincipals(Subject who) { Set<String> user = new HashSet<String>(); if (who != null) { for (Principal p : who.getPrincipals()) { user.add(_ptol.toLocal(p)); } } return user; }
private String getLocalUserFromContext(ReqContext context) { if (context != null) { return _ptol.toLocal(context.principal()); } return null; }
/** * Checks whether user is authorized to access file. Checks regardless of UI filter. * * @param user username * @param fileName file name to access */ public boolean isAuthorizedLogUser(String user, String fileName) { if (StringUtils.isEmpty(user) || StringUtils.isEmpty(fileName) || getLogUserGroupWhitelist(fileName) == null) { return false; } else { LogUserGroupWhitelist whitelist = getLogUserGroupWhitelist(fileName); List<String> logsUsers = new ArrayList<>(); logsUsers.addAll(ObjectReader.getStrings(stormConf.get(DaemonConfig.LOGS_USERS))); logsUsers.addAll(ObjectReader.getStrings(stormConf.get(Config.NIMBUS_ADMINS))); logsUsers.addAll(whitelist.getUserWhitelist()); List<String> logsGroups = new ArrayList<>(); logsGroups.addAll(ObjectReader.getStrings(stormConf.get(DaemonConfig.LOGS_GROUPS))); logsGroups.addAll(ObjectReader.getStrings(stormConf.get(Config.NIMBUS_ADMINS_GROUPS))); logsGroups.addAll(whitelist.getGroupWhitelist()); String userName = principalToLocal.toLocal(user); Set<String> groups = getUserGroups(userName); return logsUsers.stream().anyMatch(u -> u.equals(userName)) || Sets.intersection(groups, new HashSet<>(logsGroups)).size() > 0; } }
public boolean permit(ReqContext context, String operation, Map<String, Object> topoConf) { String principal = context.principal().getName(); String user = ptol.toLocal(context.principal()); Set<String> userGroups = new HashSet<>();
public boolean permit(ReqContext context, String operation, Map<String, Object> topoConf) { String principal = context.principal().getName(); String user = ptol.toLocal(context.principal()); Set<String> userGroups = new HashSet<>();
Principal principal = req.principal(); String submitterPrincipal = principal == null ? null : principal.toString(); String submitterUser = principalToLocal.toLocal(principal); String systemUser = System.getProperty("user.name"); @SuppressWarnings("unchecked")
private Set<String> constructUserFromPrincipals(Subject who) { Set<String> user = new HashSet<String>(); if (who != null) { for (Principal p : who.getPrincipals()) { user.add(_ptol.toLocal(p)); } } return user; }
private Set<String> getUserNamesFromSubject(Subject who) { Set<String> user = new HashSet<String>(); if (who != null) { for(Principal p: who.getPrincipals()) { user.add(_ptol.toLocal(p)); } } return user; } }
private String getLocalUserFromContext(ReqContext context) { if (context != null) { return _ptol.toLocal(context.principal()); } return null; }
public boolean permit(ReqContext context, String operation, Map topology_conf) { String principal = context.principal().getName(); String user = _ptol.toLocal(context.principal()); Set<String> userGroups = new HashSet<>();