@Override protected Authorizer get() { return new InMemoryAuthorizer(); } }
@Override public void revoke(Authorizable authorizable, Principal principal, Set<Action> actions) throws Exception { getActions(authorizable, principal).removeAll(actions); }
@Override public Set<Privilege> listPrivileges(Principal principal) { Set<Privilege> privileges = new HashSet<>(); // privileges for this principal privileges.addAll(getPrivileges(principal)); // privileges for the role to which this principal belongs to if its not a role if (principal.getType() != Principal.PrincipalType.ROLE) { for (Role role : roleToPrincipals.keySet()) { privileges.addAll(getPrivileges(role)); } } return Collections.unmodifiableSet(privileges); }
conf.setBoolean(Constants.Security.ENABLED, true); properties.setProperty("superusers", admin.getName()); final InMemoryAuthorizer auth = new InMemoryAuthorizer(); auth.initialize(FACTORY.create(properties)); service = new CommonNettyHttpServiceBuilder(conf, getClass().getSimpleName()) .setHttpHandlers(new AuthorizationHandler(auth, new AuthorizerInstantiator(conf, FACTORY) {
@Override public void enforce(EntityId entity, Principal principal, Set<Action> actions) throws UnauthorizedException { // super users do not have any enforcement if (superUsers.contains(principal) || superUsers.contains(allSuperUsers)) { return; } // actions allowed for this principal Set<Action> allowed = getActions(entity, principal); if (allowed.containsAll(actions)) { return; } Set<Action> allowedForRoles = new HashSet<>(); // actions allowed for any of the roles to which this principal belongs if its not a role if (principal.getType() != Principal.PrincipalType.ROLE) { for (Role role : getRoles(principal)) { allowedForRoles.addAll(getActions(entity, role)); } } if (!allowedForRoles.containsAll(actions)) { throw new UnauthorizedException(principal, Sets.difference(actions, allowed), entity); } }
@Override public Set<Role> listRoles(Principal principal) { return Collections.unmodifiableSet(getRoles(principal)); }
@Override public Set<? extends EntityId> isVisible(Set<? extends EntityId> entityIds, Principal principal) throws Exception { if (superUsers.contains(principal) || superUsers.contains(allSuperUsers)) { return entityIds; } Set<EntityId> results = new HashSet<>(); for (EntityId entityId : entityIds) { for (Authorizable existingEntity : privileges.keySet()) { if (isParent(entityId, existingEntity.getEntityParts())) { Set<Action> allowedActions = privileges.get(existingEntity).get(principal); if (allowedActions != null && !allowedActions.isEmpty()) { results.add(entityId); break; } } } } return results; }
private void testDisabled(CConfiguration cConf, FeatureDisabledException.Feature feature, String configSetting) throws Exception { final InMemoryAuthorizer authorizer = new InMemoryAuthorizer(); NettyHttpService service = new CommonNettyHttpServiceBuilder(cConf, getClass().getSimpleName()) .setHttpHandlers(new AuthorizationHandler(
@Override public void grant(Authorizable authorizable, Principal principal, Set<Action> actions) throws Exception { getActions(authorizable, principal).addAll(actions); }
private Set<Privilege> getPrivileges(Principal principal) { Set<Privilege> result = new HashSet<>(); for (Map.Entry<Authorizable, ConcurrentMap<Principal, Set<Action>>> entry : privileges.entrySet()) { Authorizable authorizable = entry.getKey(); Set<Action> actions = getActions(authorizable, principal); for (Action action : actions) { result.add(new Privilege(authorizable, action)); } } return Collections.unmodifiableSet(result); }
private Set<Action> getActions(EntityId entityId, Principal principal) { return getActions(Authorizable.fromEntityId(entityId), principal); }