StreamQueueReader(StreamId streamId, Supplier<StreamConsumer> consumerSupplier, int batchSize, Function<StreamEvent, T> eventTransform, AuthenticationContext authenticationContext, AuthorizationEnforcer authorizationEnforcer) { this.streamId = streamId; this.consumerSupplier = consumerSupplier; this.batchSize = batchSize; this.eventTransform = eventTransform; this.authorizationEnforcer = authorizationEnforcer; this.principal = authenticationContext.getPrincipal(); }
/** * Helper function, to run the callable as the principal provided and reset back when the call is done */ public static <T> T authorizeAs(String userName, Callable<T> callable) throws Exception { String oldUserName = SecurityRequestContext.getUserId(); SecurityRequestContext.setUserId(userName); try { return callable.call(); } finally { SecurityRequestContext.setUserId(oldUserName); } }
@Override public ListenableFuture<MetaDataInfo> info(final MetaDataInfo.InfoType infoType) { final String userId = SecurityRequestContext.getUserId(); final String userIp = SecurityRequestContext.getUserIP(); // this is not an async call so we do not need to wait for the future return executor.submit(new Callable<MetaDataInfo>() { @Override public MetaDataInfo call() throws Exception { SecurityRequestContext.setUserId(userId); SecurityRequestContext.setUserIP(userIp); return getInfo(infoType); } }); }
@BeforeClass public static void setup() { oldUser = SecurityRequestContext.getUserId(); }
@Override public Principal getPrincipal() { return delegateAuthenticationContext.getPrincipal(); }
@Override public ListenableFuture<MetaDataInfo> info(final MetaDataInfo.InfoType infoType) { final String userId = SecurityRequestContext.getUserId(); final String userIp = SecurityRequestContext.getUserIP(); // this is not an async call so we do not need to wait for the future return executor.submit(new Callable<MetaDataInfo>() { @Override public MetaDataInfo call() throws Exception { SecurityRequestContext.setUserId(userId); SecurityRequestContext.setUserIP(userIp); return getInfo(infoType); } }); }
private <T extends EntityId> void ensureAccess(T entityId, Action action) throws Exception { Principal principal = authenticationContext.getPrincipal(); authorizationEnforcer.enforce(entityId, principal, action); } }
@Override protected String getUserId() { return authenticationContext.getPrincipal().getName(); }
@Override protected String getUserId() { return authenticationContext.getPrincipal().getName(); }
@Override protected Map<String, String> addAdditionalSecurityHeaders() { return Collections.singletonMap(Constants.Security.Headers.USER_PRINCIPAL, authenticationContext.getPrincipal().getKerberosPrincipal()); } }
@Override protected Map<String, String> addAdditionalSecurityHeaders() { return Collections.singletonMap(Constants.Security.Headers.USER_PRINCIPAL, authenticationContext.getPrincipal().getKerberosPrincipal()); } }
@Override public List<DatasetModuleMeta> listModules(final NamespaceId namespaceId) throws Exception { List<DatasetModuleMeta> modules = delegate.listModules(namespaceId); return AuthorizationUtil.isVisible(modules, authorizationEnforcer, authenticationContext.getPrincipal(), new Function<DatasetModuleMeta, EntityId>() { @Override public EntityId apply(DatasetModuleMeta input) { return namespaceId.datasetModule(input.getName()); } }, null); }
@Override public BodyConsumer addModule(DatasetModuleId datasetModuleId, String className, boolean forceUpdate) throws Exception { final Principal principal = authenticationContext.getPrincipal(); // enforce that the principal has ADMIN access on the dataset module authorizationEnforcer.enforce(datasetModuleId, principal, Action.ADMIN); return delegate.addModule(datasetModuleId, className, forceUpdate); }
@Override public void addSystemArtifacts() throws Exception { // to add system artifacts, users should have admin privileges on the system namespace Principal principal = authenticationContext.getPrincipal(); authorizationEnforcer.enforce(NamespaceId.SYSTEM, principal, Action.ADMIN); delegate.addSystemArtifacts(); }
private HttpRequest addUserIdHeader(HttpRequest request) throws IOException { return new HttpRequest.Builder(request).addHeader(Constants.Security.Headers.USER_ID, authenticationContext.getPrincipal().getName()).build(); } }
private HttpRequest addUserIdHeader(HttpRequest request) { return new HttpRequest.Builder(request).addHeader(Constants.Security.Headers.USER_ID, authenticationContext.getPrincipal().getName()).build(); } }