congrats Icon
New! Tabnine Pro 14-day free trial
Start a free trial
Tabnine Logo
Authorizer
Code IndexAdd Tabnine to your IDE (free)

How to use
Authorizer
in
co.cask.cdap.security.spi.authorization

Best Java code snippets using co.cask.cdap.security.spi.authorization.Authorizer (Showing top 20 results out of 315)

origin: cdapio/cdap

@Test
public void testWildcard() throws Exception {
 Authorizer authorizer = get();
 verifyAuthFailure(namespace, user, Action.READ);
 authorizer.grant(Authorizable.fromEntityId(namespace), user, EnumSet.allOf(Action.class));
 authorizer.enforce(namespace, user, Action.READ);
 authorizer.enforce(namespace, user, Action.WRITE);
 authorizer.enforce(namespace, user, Action.ADMIN);
 authorizer.enforce(namespace, user, Action.EXECUTE);
 authorizer.revoke(Authorizable.fromEntityId(namespace), user, EnumSet.allOf(Action.class));
 verifyAuthFailure(namespace, user, Action.READ);
}
origin: cdapio/cdap

private void grantAndAssertSuccess(EntityId entityId, Principal principal, Set<Action> actions) throws Exception {
 Set<Privilege> existingPrivileges = authorizer.listPrivileges(principal);
 authorizer.grant(Authorizable.fromEntityId(entityId), principal, actions);
 ImmutableSet.Builder<Privilege> expectedPrivilegesAfterGrant = ImmutableSet.builder();
 for (Action action : actions) {
  expectedPrivilegesAfterGrant.add(new Privilege(entityId, action));
 }
 Assert.assertEquals(Sets.union(existingPrivileges, expectedPrivilegesAfterGrant.build()),
           authorizer.listPrivileges(principal));
}
origin: cdapio/cdap

@Path("/{principal-type}/{principal-name}/roles/{role-name}")
@PUT
public void addRoleToPrincipal(HttpRequest httpRequest, HttpResponder httpResponder,
                @PathParam("principal-type") String principalType,
                @PathParam("principal-name") String principalName,
                @PathParam("role-name") String roleName) throws Exception {
 ensureSecurityEnabled();
 Principal principal = new Principal(principalName, Principal.PrincipalType.valueOf(principalType.toUpperCase()));
 authorizer.addRoleToPrincipal(new Role(roleName), principal);
 httpResponder.sendStatus(HttpResponseStatus.OK);
 createLogEntry(httpRequest, HttpResponseStatus.OK);
}
origin: cdapio/cdap

 private void revokeAndAssertSuccess(EntityId entityId, Principal principal, Set<Action> actions) throws Exception {
  Set<Privilege> existingPrivileges = authorizer.listPrivileges(principal);
  authorizer.revoke(Authorizable.fromEntityId(entityId), principal, actions);
  Set<Privilege> revokedPrivileges = new HashSet<>();
  for (Action action : actions) {
   revokedPrivileges.add(new Privilege(entityId, action));
  }
  Assert.assertEquals(Sets.difference(existingPrivileges, revokedPrivileges), authorizer.listPrivileges(principal));
 }
}
origin: cdapio/cdap

authorizer.createRole(admins);
authorizer.createRole(engineers);
Set<Role> roles = authorizer.listAllRoles();
Set<Role> expectedRoles = new HashSet<>();
expectedRoles.add(admins);
 authorizer.createRole(admins);
 Assert.fail(String.format("Created a role %s which already exists. Should have failed.", admins.getName()));
} catch (AlreadyExistsException expected) {
authorizer.dropRole(admins);
roles = authorizer.listAllRoles();
Assert.assertEquals(Collections.singleton(engineers), roles);
 authorizer.dropRole(admins);
 Assert.fail(String.format("Dropped a role %s which does not exists. Should have failed.", admins.getName()));
} catch (NotFoundException expected) {
authorizer.addRoleToPrincipal(engineers, spiderman);
 authorizer.addRoleToPrincipal(admins, spiderman);
 Assert.fail(String.format("Added role %s to principal %s. Should have failed.", admins, spiderman));
} catch (NotFoundException expected) {
Assert.assertEquals(Collections.singleton(engineers), authorizer.listRoles(spiderman));
origin: cdapio/cdap

@Test
public void testSimple() throws Exception {
 Authorizer authorizer = get();
 verifyAuthFailure(namespace, user, Action.READ);
 authorizer.grant(Authorizable.fromEntityId(namespace), user, Collections.singleton(Action.READ));
 authorizer.enforce(namespace, user, Action.READ);
 Set<Privilege> expectedPrivileges = new HashSet<>();
 expectedPrivileges.add(new Privilege(namespace, Action.READ));
 Assert.assertEquals(expectedPrivileges, authorizer.listPrivileges(user));
 authorizer.revoke(Authorizable.fromEntityId(namespace), user, Collections.singleton(Action.READ));
 verifyAuthFailure(namespace, user, Action.READ);
}
origin: cdapio/cdap

@BeforeClass
public static void setup() throws Exception {
 cConf = createCConf();
 final Injector injector = AppFabricTestHelper.getInjector(cConf);
 metadataAdmin = injector.getInstance(MetadataAdmin.class);
 authorizer = injector.getInstance(AuthorizerInstantiator.class).get();
 appFabricServer = injector.getInstance(AppFabricServer.class);
 appFabricServer.startAndWait();
 // Wait for the default namespace creation
 String user = AuthorizationUtil.getEffectiveMasterUser(cConf);
 authorizer.grant(Authorizable.fromEntityId(NamespaceId.DEFAULT), new Principal(user, Principal.PrincipalType.USER),
          Collections.singleton(Action.ADMIN));
 // Starting the Appfabric server will create the default namespace
 Tasks.waitFor(true, () -> injector.getInstance(NamespaceAdmin.class).exists(NamespaceId.DEFAULT),
        5, TimeUnit.SECONDS);
 authorizer.revoke(Authorizable.fromEntityId(NamespaceId.DEFAULT), new Principal(user, Principal.PrincipalType.USER),
          Collections.singleton(Action.ADMIN));
}
origin: cdapio/cdap

@Override
public void grant(Authorizable authorizable, Principal principal, Set<Action> actions) throws Exception {
 delegateAuthorizer.grant(authorizable, principal, actions);
}
origin: cdapio/cdap

 @Override
 public Set<Privilege> listPrivileges(Principal principal) throws Exception {
  return delegateAuthorizer.listPrivileges(principal);
 }
}
origin: cdapio/cdap

@Override
public void revoke(Authorizable authorizable, Principal principal, Set<Action> actions) throws Exception {
 delegateAuthorizer.revoke(authorizable, principal, actions);
}
origin: cdapio/cdap

Assert.assertTrue("Bob should not have any privileges on alice's app", authorizer.listPrivileges(BOB).isEmpty());
Assert.assertTrue(!getAuthorizer().isVisible(Collections.singleton(dummyAppId), BOB).isEmpty());
Assert.assertEquals(3, authorizer.listPrivileges(BOB).size());
origin: cdapio/cdap

private void assertAllAccess(Principal principal, EntityId... entityIds) throws Exception {
 for (EntityId entityId : entityIds) {
  getAuthorizer().enforce(entityId, principal, EnumSet.allOf(Action.class));
 }
}
origin: cdapio/cdap

/********************************************************************************************************************
 * Role Management : For Role Based Access Control
 ********************************************************************************************************************/
@Path("/roles/{role-name}")
@PUT
public void createRole(HttpRequest httpRequest, HttpResponder httpResponder,
            @PathParam("role-name") String roleName) throws Exception {
 ensureSecurityEnabled();
 authorizer.createRole(new Role(roleName));
 httpResponder.sendStatus(HttpResponseStatus.OK);
 createLogEntry(httpRequest, HttpResponseStatus.OK);
}
origin: cdapio/cdap

@Path("/roles/{role-name}")
@DELETE
public void dropRole(HttpRequest httpRequest, HttpResponder httpResponder,
           @PathParam("role-name") String roleName) throws Exception {
 ensureSecurityEnabled();
 authorizer.dropRole(new Role(roleName));
 httpResponder.sendStatus(HttpResponseStatus.OK);
 createLogEntry(httpRequest, HttpResponseStatus.OK);
}
origin: cdapio/cdap

Set<? extends EntityId> moreVisibleEntities;
try {
 moreVisibleEntities = authorizerInstantiator.get().isVisible(difference, principal);
} finally {
 watch.stop();
origin: cdapio/cdap

authorizer.grant(Authorizable.fromEntityId(NamespaceId.SYSTEM), ALICE, Collections.singleton(Action.ADMIN));
Assert.assertEquals(
 Collections.singleton(new Privilege(NamespaceId.SYSTEM, Action.ADMIN)), authorizer.listPrivileges(ALICE));
authorizer.grant(Authorizable.fromEntityId(namespaceId), ALICE, Collections.singleton(Action.ADMIN));
namespaceAdmin.create(new NamespaceMeta.Builder().setName(namespaceId.getNamespace()).build());
 authorizer.enforce(SYSTEM_ARTIFACT, ALICE, EnumSet.allOf(Action.class));
 Assert.fail();
} catch (UnauthorizedException e) {
authorizer.grant(Authorizable.fromEntityId(SYSTEM_ARTIFACT), ALICE, EnumSet.of(Action.ADMIN));
artifactRepository.deleteArtifact(Id.Artifact.fromEntityId(SYSTEM_ARTIFACT));
authorizer.revoke(Authorizable.fromEntityId(SYSTEM_ARTIFACT));
authorizer.revoke(Authorizable.fromEntityId(namespaceId));
origin: cdapio/cdap

@BeforeClass
public static void setup() throws Exception {
 cConf = createCConf();
 final Injector injector = AppFabricTestHelper.getInjector(cConf);
 authorizer = injector.getInstance(AuthorizerInstantiator.class).get();
 appFabricServer = injector.getInstance(AppFabricServer.class);
 appFabricServer.startAndWait();
 programLifecycleService = injector.getInstance(ProgramLifecycleService.class);
 // Wait for the default namespace creation
 String user = AuthorizationUtil.getEffectiveMasterUser(cConf);
 authorizer.grant(Authorizable.fromEntityId(NamespaceId.DEFAULT), new Principal(user, Principal.PrincipalType.USER),
          Collections.singleton(Action.ADMIN));
 // Starting the Appfabric server will create the default namespace
 Tasks.waitFor(true, new Callable<Boolean>() {
  @Override
  public Boolean call() throws Exception {
   return injector.getInstance(NamespaceAdmin.class).exists(NamespaceId.DEFAULT);
  }
 }, 5, TimeUnit.SECONDS);
 authorizer.revoke(Authorizable.fromEntityId(NamespaceId.DEFAULT), new Principal(user, Principal.PrincipalType.USER),
          Collections.singleton(Action.ADMIN));
}
origin: cdapio/cdap

 private void setUpPrivilegesAndExpectFailedDeploy(Map<EntityId, Set<Action>> neededPrivileges) throws Exception {
  int count = 0;
  for (Map.Entry<EntityId, Set<Action>> privilege : neededPrivileges.entrySet()) {
   authorizer.grant(Authorizable.fromEntityId(privilege.getKey()), ALICE, privilege.getValue());
   count++;
   if (count < neededPrivileges.size()) {
    try {
     AppFabricTestHelper.deployApplication(Id.Namespace.DEFAULT, AllProgramsApp.class, null, cConf);
     Assert.fail();
    } catch (Exception e) {
     // expected
    }
   }
  }
 }
}
origin: cdapio/cdap

@AfterClass
public static void cleanup() throws Exception {
 authorizer.revoke(Authorizable.fromEntityId(NamespaceId.SYSTEM));
 Assert.assertEquals(Collections.emptySet(), authorizer.listPrivileges(ALICE));
 SecurityRequestContext.setUserId(OLD_USER_ID);
}
origin: cdapio/cdap

@Path("{principal-type}/{principal-name}/privileges")
@GET
public void listPrivileges(HttpRequest httpRequest, HttpResponder httpResponder,
              @PathParam("principal-type") String principalType,
              @PathParam("principal-name") String principalName) throws Exception {
 ensureSecurityEnabled();
 Principal principal = new Principal(principalName, Principal.PrincipalType.valueOf(principalType.toUpperCase()));
 httpResponder.sendJson(HttpResponseStatus.OK,
             GSON.toJson(authorizer.listPrivileges(principal), PRIVILEGE_SET_TYPE));
 createLogEntry(httpRequest, HttpResponseStatus.OK);
}
co.cask.cdap.security.spi.authorizationAuthorizer

Javadoc

Interface for managing Principal authorization for Action on EntityId. Authorization extensions must implement this interface to delegate authorization to appropriate authorization back-ends. The contract with Authorization extensions is as below:
  • Authorization is enabled setting the parameter security.authorization.enabled to true in cdap-site.xml.
  • The path to the extension jar bundled with all its dependencies must be specified by security.authorization.extension.jar.path in cdap-site.xml
  • The extension jar must contain a class that implements Authorizer. This class must be specified as the Attributes.Name#MAIN_CLASS in the extension jar's manifest file.
  • The contract with the class that implements Authorizer is that it must have a default constructor.
  • Authorizer also provides lifecycle methods for extensions. #initialize(AuthorizationContext)can be used to perform initialization tasks. This method provides an AuthorizationContext which gives extensions access to CDAP entities for operations like creating and accessing datasets, accessing datasets in transactions, etc. It also provides access to Properties via the AuthorizationContext#getExtensionProperties() method. The Properties object returned form this method is populated with all configuration settings from cdap-site.xml that have keys with the prefix security.authorization.extension.config.
  • The #destroy() method can be used to perform cleanup tasks.

Most used methods

  • grant
  • listPrivileges
  • revoke
  • enforce
  • addRoleToPrincipal
    Add a role to the specified Principal.
  • createRole
    Create a role.
  • dropRole
    Drop a role.
  • isVisible
  • listAllRoles
    Returns all available Role. Only a super user can perform this operation.
  • listRoles
    Returns a set of all Role for the specified Principal.
  • removeRoleFromPrincipal
    Delete a role from the specified Principal.
  • destroy
    Destroys an Authorizer. Authorization extensions can use this method to write any cleanup code.
  • removeRoleFromPrincipal,
  • destroy,
  • initialize

Popular in Java

  • Updating database using SQL prepared statement
  • setScale (BigDecimal)
  • getSharedPreferences (Context)
  • compareTo (BigDecimal)
  • System (java.lang)
    Provides access to system-related information and resources including standard input and output. Ena
  • SocketTimeoutException (java.net)
    This exception is thrown when a timeout expired on a socket read or accept operation.
  • Charset (java.nio.charset)
    A charset is a named mapping between Unicode characters and byte sequences. Every Charset can decode
  • Format (java.text)
    The base class for all formats. This is an abstract base class which specifies the protocol for clas
  • Locale (java.util)
    Locale represents a language/country/variant combination. Locales are used to alter the presentatio
  • Get (org.apache.hadoop.hbase.client)
    Used to perform Get operations on a single row. To get everything for a row, instantiate a Get objec
  • Top 25 Plugins for Webstorm
Tabnine Logo
  • Products

    Search for Java codeSearch for JavaScript code
  • IDE Plugins

    IntelliJ IDEAWebStormVisual StudioAndroid StudioEclipseVisual Studio CodePyCharmSublime TextPhpStormVimAtomGoLandRubyMineEmacsJupyter NotebookJupyter LabRiderDataGripAppCode
  • Company

    About UsContact UsCareers
  • Resources

    FAQBlogTabnine AcademyStudentsTerms of usePrivacy policyJava Code IndexJavascript Code Index
Get Tabnine for your IDE now