congrats Icon
New! Tabnine Pro 14-day free trial
Start a free trial
Tabnine Logo
SecurityUtils
Code IndexAdd Tabnine to your IDE (free)

How to use
SecurityUtils
in
alluxio.util

Best Java code snippets using alluxio.util.SecurityUtils (Showing top 20 results out of 315)

origin: Alluxio/alluxio

/**
 * Creates {@link ChannelAuthenticator} instance.
 *
 * @param subject javax subject to use for authentication
 * @param conf Alluxio configuration
 */
public ChannelAuthenticator(Subject subject, AlluxioConfiguration conf) {
 mUseSubject = true;
 mChannelId = UUID.randomUUID();
 mParentSubject = subject;
 mAuthType = conf.getEnum(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.class);
 mSecurityEnabled = SecurityUtils.isSecurityEnabled(conf);
 mGrpcAuthTimeoutMs = conf.getMs(PropertyKey.MASTER_GRPC_CHANNEL_AUTH_TIMEOUT);
}
origin: Alluxio/alluxio

/**
 * Creates context with given option data.
 *
 * @param optionsBuilder the options builder
 */
protected CreatePathContext(T optionsBuilder) {
 super(optionsBuilder);
 mMountPoint = false;
 mOperationTimeMs = System.currentTimeMillis();
 mAcl = Collections.emptyList();
 mMetadataLoad = false;
 mGroup = "";
 mOwner = "";
 if (SecurityUtils.isAuthenticationEnabled(ServerConfiguration.global())) {
  mOwner = SecurityUtils.getOwnerFromGrpcClient(ServerConfiguration.global());
  mGroup = SecurityUtils.getGroupFromGrpcClient(ServerConfiguration.global());
 }
 // Initialize mPersisted based on proto write type.
 WritePType writeType = WritePType.NONE;
 if (optionsBuilder instanceof CreateFilePOptions.Builder) {
  writeType = ((CreateFilePOptions.Builder) optionsBuilder).getWriteType();
 } else if (optionsBuilder instanceof CreateDirectoryPOptions.Builder) {
  writeType = ((CreateDirectoryPOptions.Builder) optionsBuilder).getWriteType();
 }
 mPersisted = WriteType.fromProto(writeType).isThrough();
}
origin: Alluxio/alluxio

 private CreateUfsFileOptions(AlluxioConfiguration alluxioConf) {
  mOwner = SecurityUtils.getOwnerFromLoginModule(alluxioConf);
  mGroup = SecurityUtils.getGroupFromLoginModule(alluxioConf);
  mMode = ModeUtils.applyFileUMask(Mode.defaults(), alluxioConf
    .get(PropertyKey.SECURITY_AUTHORIZATION_PERMISSION_UMASK));
  // TODO(chaomin): set permission based on the alluxio file. Not needed for now since the
  // file is always created with default permission.
 }
}
origin: Alluxio/alluxio

/**
 * Checks if security is enabled.
 *
 * @param conf Alluxio configuration
 * @return true if security is enabled, false otherwise
 */
public static boolean isSecurityEnabled(AlluxioConfiguration conf) {
 return isAuthenticationEnabled(conf) && isAuthorizationEnabled(conf);
}
origin: Alluxio/alluxio

try (JournalContext context = createJournalContext()) {
 mInodeTree.initializeRoot(
   SecurityUtils.getOwnerFromLoginModule(ServerConfiguration.global()),
   SecurityUtils.getGroupFromLoginModule(ServerConfiguration.global()),
   ModeUtils.applyDirectoryUMask(Mode.createFullAccess(),
     ServerConfiguration.get(PropertyKey.SECURITY_AUTHORIZATION_PERMISSION_UMASK)),
String serverOwner = SecurityUtils.getOwnerFromLoginModule(ServerConfiguration.global());
if (SecurityUtils.isSecurityEnabled(ServerConfiguration.global())
  && !root.getOwner().isEmpty() && !root.getOwner().equals(serverOwner)) {
origin: Alluxio/alluxio

private AlluxioURI createTestFile() throws Exception {
 AlluxioURI path = new AlluxioURI("/" + CommonUtils.randomAlphaNumString(10));
 String owner = SecurityUtils.getOwnerFromGrpcClient(ServerConfiguration.global());
 String group = SecurityUtils.getGroupFromGrpcClient(ServerConfiguration.global());
 mFileSystemMaster.createFile(path,
   CreateFileContext
     .defaults(
       CreateFilePOptions.newBuilder().setMode(Mode.createFullAccess().toProto()))
     .setOwner(owner).setGroup(group));
 mFileSystemMaster.completeFile(path, CompleteFileContext.defaults());
 return path;
}
origin: Alluxio/alluxio

/**
 * Gets the {@link User} from the {@link ThreadLocal} variable.
 *
 * @param conf Alluxio configuration
 * @return the client user, null if the user is not present
 */
// TODO(peis): Fail early if the user is not able to be set to avoid returning null.
public static User get(AlluxioConfiguration conf) throws IOException {
 if (!SecurityUtils.isAuthenticationEnabled(conf)) {
  throw new IOException(ExceptionMessage.AUTHENTICATION_IS_NOT_ENABLED.getMessage());
 }
 return sUserThreadLocal.get();
}
origin: org.alluxio/alluxio-core-server-master

/**
 * Constructs an instance of {@link CreateFileOptions} from {@link CreateFileTOptions}. The option
 * of permission is constructed with the username obtained from thrift transport.
 *
 * @param options the {@link CreateFileTOptions} to use
 */
public CreateFileOptions(CreateFileTOptions options) {
 this();
 if (options != null) {
  if (options.isSetCommonOptions()) {
   mCommonOptions = new CommonOptions(options.getCommonOptions());
  }
  mBlockSizeBytes = options.getBlockSizeBytes();
  mPersisted = options.isPersisted();
  mRecursive = options.isRecursive();
  mTtl = options.getTtl();
  mTtlAction = TtlAction.fromThrift(options.getTtlAction());
  if (SecurityUtils.isAuthenticationEnabled()) {
   mOwner = SecurityUtils.getOwnerFromThriftClient();
   mGroup = SecurityUtils.getGroupFromThriftClient();
  }
  if (options.isSetMode()) {
   mMode = new Mode(options.getMode());
  } else {
   mMode.applyFileUMask();
  }
 }
}
origin: Alluxio/alluxio

/**
 * Tests the {@link SecurityUtils#getOwnerFromGrpcClient()} ()} method.
 */
@Test
public void getOwnerFromGrpcClient() throws Exception {
 // When security is not enabled, user and group are not set
 mConfiguration.set(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.NOSASL.getAuthName());
 Assert.assertEquals("", SecurityUtils.getOwnerFromGrpcClient(mConfiguration));
 mConfiguration.set(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.SIMPLE.getAuthName());
 mConfiguration.set(PropertyKey.SECURITY_GROUP_MAPPING_CLASS,
   IdentityUserGroupsMapping.class.getName());
 AuthenticatedClientUser.set("test_client_user");
 Assert.assertEquals("test_client_user", SecurityUtils.getOwnerFromGrpcClient(mConfiguration));
}
origin: Alluxio/alluxio

/**
 * Tests the {@link SecurityUtils#getGroupFromGrpcClient()} ()} method.
 */
@Test
public void getGroupFromGrpcClient() throws Exception {
 // When security is not enabled, user and group are not set
 mConfiguration.set(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.NOSASL.getAuthName());
 Assert.assertEquals("", SecurityUtils.getGroupFromGrpcClient(mConfiguration));
 mConfiguration.set(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.SIMPLE.getAuthName());
 mConfiguration.set(PropertyKey.SECURITY_GROUP_MAPPING_CLASS,
   IdentityUserGroupsMapping.class.getName());
 AuthenticatedClientUser.set("test_client_user");
 Assert.assertEquals("test_client_user", SecurityUtils.getGroupFromGrpcClient(mConfiguration));
}
origin: Alluxio/alluxio

/**
 * Tests the {@link SecurityUtils#getOwnerFromLoginModule()} method.
 */
@Test
public void getOwnerFromLoginModule() throws Exception {
 // When security is not enabled, user and group are not set
 mConfiguration.set(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.NOSASL.getAuthName());
 Assert.assertEquals("", SecurityUtils.getOwnerFromLoginModule(mConfiguration));
 // When authentication is enabled, user and group are inferred from login module
 mConfiguration.set(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.SIMPLE.getAuthName());
 mConfiguration.set(PropertyKey.SECURITY_LOGIN_USERNAME, "test_login_user");
 mConfiguration.set(PropertyKey.SECURITY_GROUP_MAPPING_CLASS,
   IdentityUserGroupsMapping.class.getName());
 Assert.assertEquals("test_login_user", SecurityUtils.getOwnerFromLoginModule(mConfiguration));
}
origin: Alluxio/alluxio

 /**
  * Tests the {@link SecurityUtils#getGroupFromLoginModule()} method.
  */
 @Test
 public void getGroupFromLoginModuleError() throws Exception {
  // When security is not enabled, user and group are not set
  mConfiguration.set(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.NOSASL.getAuthName());
  Assert.assertEquals("", SecurityUtils.getGroupFromLoginModule(mConfiguration));

  // When authentication is enabled, user and group are inferred from login module
  mConfiguration.set(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.SIMPLE.getAuthName());
  mConfiguration.set(PropertyKey.SECURITY_LOGIN_USERNAME, "test_login_user");
  mConfiguration.set(PropertyKey.SECURITY_GROUP_MAPPING_CLASS,
    IdentityUserGroupsMapping.class.getName());
  LoginUserTestUtils.resetLoginUser();
  Assert.assertEquals("test_login_user", SecurityUtils.getGroupFromLoginModule(mConfiguration));
 }
}
origin: org.alluxio/alluxio-core-server-master

if (root == null) {
 try (JournalContext context = createJournalContext()) {
  mInodeTree.initializeRoot(SecurityUtils.getOwnerFromLoginModule(),
    SecurityUtils.getGroupFromLoginModule(),
    Mode.createFullAccess().applyDirectoryUMask(), context);
  context.append(mInodeTree.getRoot().toJournalEntry());
 String serverOwner = SecurityUtils.getOwnerFromLoginModule();
 if (SecurityUtils.isSecurityEnabled() && !root.getOwner().isEmpty()
   && !root.getOwner().equals(serverOwner)) {
origin: Alluxio/alluxio

private void verifyCreateFile(TestUser user, String path, boolean recursive) throws Exception {
 try (Closeable r = new AuthenticatedUserRule(user.getUser(),
   ServerConfiguration.global()).toResource()) {
  CreateFileContext context = CreateFileContext
    .defaults(
      CreateFilePOptions.newBuilder().setRecursive(recursive))
    .setOwner(SecurityUtils.getOwnerFromGrpcClient(ServerConfiguration.global()))
    .setGroup(SecurityUtils.getGroupFromGrpcClient(ServerConfiguration.global()))
    .setPersisted(true);
  long fileId = mFileSystemMaster.createFile(new AlluxioURI(path), context);
  FileInfo fileInfo = mFileSystemMaster.getFileInfo(fileId);
  String[] pathComponents = path.split("/");
  assertEquals(pathComponents[pathComponents.length - 1], fileInfo.getName());
  assertEquals(user.getUser(), fileInfo.getOwner());
 }
}
origin: Alluxio/alluxio

private GrpcServerBuilder(NettyServerBuilder nettyServerBuilder, AlluxioConfiguration conf) {
 mConfiguration = conf;
 mServices = new HashSet<>();
 mNettyServerBuilder = nettyServerBuilder;
 if (SecurityUtils.isAuthenticationEnabled(conf)) {
  LoggerFactory.getLogger(GrpcServerBuilder.class).warn("Authentication ENABLED");
  mAuthenticationServer = new DefaultAuthenticationServer(conf);
  addService(new GrpcService(mAuthenticationServer).disableAuthentication());
 }
}
origin: org.alluxio/alluxio-core-server-master

/**
 * Constructs an instance of {@link CreateDirectoryOptions} from {@link CreateDirectoryTOptions}.
 * The option of permission is constructed with the username obtained from thrift
 * transport.
 *
 * @param options the {@link CreateDirectoryTOptions} to use
 */
public CreateDirectoryOptions(CreateDirectoryTOptions options) {
 this();
 if (options != null) {
  if (options.isSetCommonOptions()) {
   mCommonOptions = new CommonOptions(options.getCommonOptions());
  }
  mAllowExists = options.isAllowExists();
  mPersisted = options.isPersisted();
  mRecursive = options.isRecursive();
  mTtl = options.getTtl();
  mTtlAction = TtlAction.fromThrift(options.getTtlAction());
  if (SecurityUtils.isAuthenticationEnabled()) {
   mOwner = SecurityUtils.getOwnerFromThriftClient();
   mGroup = SecurityUtils.getGroupFromThriftClient();
  }
  if (options.isSetMode()) {
   mMode = new Mode(options.getMode());
  } else {
   mMode.applyDirectoryUMask();
  }
 }
}
origin: org.alluxio/alluxio-core-common

/**
 * Checks if security is enabled.
 *
 * @return true if security is enabled, false otherwise
 */
public static boolean isSecurityEnabled() {
 return isAuthenticationEnabled() && isAuthorizationEnabled();
}
origin: Alluxio/alluxio

@Override
public List<ServerInterceptor> getInterceptors() {
 if (!SecurityUtils.isSecurityEnabled(mConfiguration)) {
  return Collections.emptyList();
 }
 List<ServerInterceptor> interceptorsList = new ArrayList<>(2);
 AuthType authType = mConfiguration.getEnum(PropertyKey.SECURITY_AUTHENTICATION_TYPE,
   AuthType.class);
 checkSupported(authType);
 switch (authType) {
  case SIMPLE:
  case CUSTOM:
   interceptorsList.add(new AuthenticatedUserInjector(this));
   break;
  default:
   throw new RuntimeException("Unsupported authentication type:" + authType);
 }
 return interceptorsList;
}
origin: Alluxio/alluxio

 private CompleteUfsFileOptions(AlluxioConfiguration alluxioConf) {
  mOwner = SecurityUtils.getOwnerFromLoginModule(alluxioConf);
  mGroup = SecurityUtils.getGroupFromLoginModule(alluxioConf);
  mMode = ModeUtils.applyFileUMask(Mode.defaults(),
    alluxioConf.get(PropertyKey.SECURITY_AUTHORIZATION_PERMISSION_UMASK));
  // TODO(chaomin): set permission based on the alluxio file. Not needed for now since the
  // file is always created with default permission.
 }
}
origin: Alluxio/alluxio

private void verifyCreateDirectory(TestUser user, String path, boolean recursive)
  throws Exception {
 try (Closeable r = new AuthenticatedUserRule(user.getUser(),
   ServerConfiguration.global()).toResource()) {
  CreateDirectoryContext context = CreateDirectoryContext
    .defaults(CreateDirectoryPOptions.newBuilder().setRecursive(recursive))
    .setOwner(SecurityUtils.getOwnerFromGrpcClient(ServerConfiguration.global()))
    .setGroup(SecurityUtils.getGroupFromGrpcClient(ServerConfiguration.global()));
  mFileSystemMaster.createDirectory(new AlluxioURI(path), context);
  FileInfo fileInfo =
    mFileSystemMaster.getFileInfo(mFileSystemMaster.getFileId(new AlluxioURI(path)));
  String[] pathComponents = path.split("/");
  assertEquals(pathComponents[pathComponents.length - 1], fileInfo.getName());
  assertEquals(true, fileInfo.isFolder());
  assertEquals(user.getUser(), fileInfo.getOwner());
 }
}
alluxio.utilSecurityUtils

Javadoc

Utility methods for security.

Most used methods

  • isSecurityEnabled
    Checks if security is enabled.
  • getGroupFromGrpcClient
  • getGroupFromLoginModule
  • getOwnerFromGrpcClient
  • getOwnerFromLoginModule
  • isAuthenticationEnabled
    Checks if authentication is enabled.
  • getGroupFromThriftClient
  • getOwnerFromThriftClient
  • isAuthorizationEnabled
    Checks if authorization is enabled.

Popular in Java

  • Start an intent from android
  • getApplicationContext (Context)
  • getSystemService (Context)
  • compareTo (BigDecimal)
  • InputStreamReader (java.io)
    A class for turning a byte stream into a character stream. Data read from the source input stream is
  • PrintStream (java.io)
    Fake signature of an existing Java class.
  • ByteBuffer (java.nio)
    A buffer for bytes. A byte buffer can be created in either one of the following ways: * #allocate
  • Permission (java.security)
    Legacy security code; do not use.
  • ResultSet (java.sql)
    An interface for an object which represents a database table entry, returned as the result of the qu
  • SortedMap (java.util)
    A map that has its keys ordered. The sorting is according to either the natural ordering of its keys
  • 21 Best IntelliJ Plugins
Tabnine Logo

  • Products

    Search for Java codeSearch for JavaScript code

  • IDE Plugins

    IntelliJ IDEAWebStormVisual StudioAndroid StudioEclipseVisual Studio CodePyCharmSublime TextPhpStormVimAtomGoLandRubyMineEmacsJupyter NotebookJupyter LabRiderDataGripAppCode

  • Company

    About UsContact UsCareers

  • Resources

    FAQBlogTabnine AcademyStudentsTerms of usePrivacy policyJava Code IndexJavascript Code Index
Get Tabnine for your IDE now