You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2014/12/12 02:29:51 UTC
[08/51] [partial] incubator-ranger git commit: RANGER-194: Rename
packages from xasecure to apache ranger
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/security-admin/src/main/java/org/apache/ranger/biz/AssetMgrBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgrBase.java b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgrBase.java
new file mode 100644
index 0000000..55320b8
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgrBase.java
@@ -0,0 +1,174 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+ package org.apache.ranger.biz;
+
+import org.apache.ranger.common.*;
+import org.apache.ranger.service.*;
+import org.apache.ranger.view.*;
+import org.springframework.beans.factory.annotation.Autowired;
+public class AssetMgrBase {
+
+ @Autowired
+ RESTErrorUtil restErrorUtil;
+
+ @Autowired
+ XAssetService xAssetService;
+
+ @Autowired
+ XResourceService xResourceService;
+
+ @Autowired
+ XCredentialStoreService xCredentialStoreService;
+
+ @Autowired
+ XPolicyExportAuditService xPolicyExportAuditService;
+ public VXAsset getXAsset(Long id){
+ return (VXAsset)xAssetService.readResource(id);
+ }
+
+ public VXAsset createXAsset(VXAsset vXAsset){
+ vXAsset = (VXAsset)xAssetService.createResource(vXAsset);
+ return vXAsset;
+ }
+
+ public VXAsset updateXAsset(VXAsset vXAsset) {
+ vXAsset = (VXAsset)xAssetService.updateResource(vXAsset);
+ return vXAsset;
+ }
+
+ public void deleteXAsset(Long id, boolean force) {
+ if (force) {
+ xAssetService.deleteResource(id);
+ } else {
+ throw restErrorUtil.createRESTException(
+ "serverMsg.modelMgrBaseDeleteModel",
+ MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
+ }
+ }
+
+ public VXAssetList searchXAssets(SearchCriteria searchCriteria) {
+ return xAssetService.searchXAssets(searchCriteria);
+ }
+
+ public VXLong getXAssetSearchCount(SearchCriteria searchCriteria) {
+ return xAssetService.getSearchCount(searchCriteria,
+ xAssetService.searchFields);
+ }
+
+ public VXResource getXResource(Long id){
+ return (VXResource)xResourceService.readResource(id);
+ }
+
+ public VXResource createXResource(VXResource vXResource){
+ vXResource = (VXResource)xResourceService.createResource(vXResource);
+ return vXResource;
+ }
+
+ public VXResource updateXResource(VXResource vXResource) {
+ vXResource = (VXResource)xResourceService.updateResource(vXResource);
+ return vXResource;
+ }
+
+ public void deleteXResource(Long id, boolean force) {
+ if (force) {
+ xResourceService.deleteResource(id);
+ } else {
+ throw restErrorUtil.createRESTException(
+ "serverMsg.modelMgrBaseDeleteModel",
+ MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
+ }
+ }
+
+ public VXResourceList searchXResources(SearchCriteria searchCriteria) {
+ return xResourceService.searchXResources(searchCriteria);
+ }
+
+ public VXLong getXResourceSearchCount(SearchCriteria searchCriteria) {
+ return xResourceService.getSearchCount(searchCriteria,
+ xResourceService.searchFields);
+ }
+
+ public VXCredentialStore getXCredentialStore(Long id){
+ return (VXCredentialStore)xCredentialStoreService.readResource(id);
+ }
+
+ public VXCredentialStore createXCredentialStore(VXCredentialStore vXCredentialStore){
+ vXCredentialStore = (VXCredentialStore)xCredentialStoreService.createResource(vXCredentialStore);
+ return vXCredentialStore;
+ }
+
+ public VXCredentialStore updateXCredentialStore(VXCredentialStore vXCredentialStore) {
+ vXCredentialStore = (VXCredentialStore)xCredentialStoreService.updateResource(vXCredentialStore);
+ return vXCredentialStore;
+ }
+
+ public void deleteXCredentialStore(Long id, boolean force) {
+ if (force) {
+ xCredentialStoreService.deleteResource(id);
+ } else {
+ throw restErrorUtil.createRESTException(
+ "serverMsg.modelMgrBaseDeleteModel",
+ MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
+ }
+ }
+
+ public VXCredentialStoreList searchXCredentialStores(SearchCriteria searchCriteria) {
+ return xCredentialStoreService.searchXCredentialStores(searchCriteria);
+ }
+
+ public VXLong getXCredentialStoreSearchCount(SearchCriteria searchCriteria) {
+ return xCredentialStoreService.getSearchCount(searchCriteria,
+ xCredentialStoreService.searchFields);
+ }
+
+ public VXPolicyExportAudit getXPolicyExportAudit(Long id){
+ return (VXPolicyExportAudit)xPolicyExportAuditService.readResource(id);
+ }
+
+ public VXPolicyExportAudit createXPolicyExportAudit(VXPolicyExportAudit vXPolicyExportAudit){
+ vXPolicyExportAudit = (VXPolicyExportAudit)xPolicyExportAuditService.createResource(vXPolicyExportAudit);
+ return vXPolicyExportAudit;
+ }
+
+ public VXPolicyExportAudit updateXPolicyExportAudit(VXPolicyExportAudit vXPolicyExportAudit) {
+ vXPolicyExportAudit = (VXPolicyExportAudit)xPolicyExportAuditService.updateResource(vXPolicyExportAudit);
+ return vXPolicyExportAudit;
+ }
+
+ public void deleteXPolicyExportAudit(Long id, boolean force) {
+ if (force) {
+ xPolicyExportAuditService.deleteResource(id);
+ } else {
+ throw restErrorUtil.createRESTException(
+ "serverMsg.modelMgrBaseDeleteModel",
+ MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
+ }
+ }
+
+ public VXPolicyExportAuditList searchXPolicyExportAudits(SearchCriteria searchCriteria) {
+ return xPolicyExportAuditService.searchXPolicyExportAudits(searchCriteria);
+ }
+
+ public VXLong getXPolicyExportAuditSearchCount(SearchCriteria searchCriteria) {
+ return xPolicyExportAuditService.getSearchCount(searchCriteria,
+ xPolicyExportAuditService.searchFields);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/security-admin/src/main/java/org/apache/ranger/biz/BaseMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/BaseMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/BaseMgr.java
new file mode 100644
index 0000000..be808de
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/biz/BaseMgr.java
@@ -0,0 +1,79 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+ /**
+ *
+ */
+package org.apache.ranger.biz;
+
+import org.apache.log4j.Logger;
+import org.apache.ranger.common.MessageEnums;
+import org.apache.ranger.common.RESTErrorUtil;
+import org.apache.ranger.common.XAConstants;
+import org.apache.ranger.common.db.BaseDao;
+import org.apache.ranger.db.XADaoManager;
+import org.apache.ranger.entity.XXDBBase;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component
+public abstract class BaseMgr {
+ static final Logger logger = Logger.getLogger(BaseMgr.class);
+
+ @Autowired
+ XADaoManager daoManager;
+
+ @Autowired
+ RESTErrorUtil restErrorUtil;
+
+ public XADaoManager getDaoManager() {
+ return daoManager;
+ }
+
+ public void deleteEntity(BaseDao<? extends XXDBBase> baseDao, Long id,
+ String entityName) {
+ XXDBBase entity = baseDao.getById(id);
+ if (entity != null) {
+ try {
+ baseDao.remove(id);
+ } catch (Exception e) {
+ logger.error("Error deleting " + entityName + ". Id=" + id, e);
+ throw restErrorUtil.createRESTException("This " + entityName
+ + " can't be deleted",
+ MessageEnums.OPER_NOT_ALLOWED_FOR_STATE, id, null, ""
+ + id + ", error=" + e.getMessage());
+ }
+ } else {
+ // Return without error
+ logger.info("Delete ignored for non-existent " + entityName
+ + " id=" + id);
+ }
+ }
+
+ /**
+ * @param objectClassType
+ */
+ protected void validateClassType(int objectClassType) {
+ // objectClassType
+ restErrorUtil.validateMinMax(objectClassType, 1,
+ XAConstants.ClassTypes_MAX, "Invalid classType", null,
+ "objectClassType");
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/security-admin/src/main/java/org/apache/ranger/biz/HadoopFSMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/HadoopFSMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/HadoopFSMgr.java
new file mode 100644
index 0000000..86e2311
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/biz/HadoopFSMgr.java
@@ -0,0 +1,83 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+ /**
+ *
+ */
+package org.apache.ranger.biz;
+
+import org.apache.log4j.Logger;
+import org.apache.ranger.hadoop.client.HadoopFS;
+import org.springframework.context.annotation.Scope;
+import org.springframework.stereotype.Component;
+
+/**
+ *
+ *
+ */
+
+@Component
+@Scope("singleton")
+public class HadoopFSMgr {
+
+ private HadoopFS fs;
+ private String dataSource;
+ private static Logger logger = Logger.getLogger(HadoopFSMgr.class);
+
+ public HadoopFSMgr() {
+ init();
+ }
+
+ public HadoopFSMgr(String dataSource) {
+ this.dataSource = dataSource;
+ init();
+ }
+
+ private void init() {
+ try {
+// if (dataSource != null) {
+// fs = new HadoopFS(dataSource);
+// } else {
+// fs = new HadoopFS("hadoopdev");
+// }
+ } catch (Exception e) {
+ logger.error("Error connecting hive client", e);
+ }
+ }
+
+ protected HadoopFS getInstance(String dataSourceName) {
+ if (dataSourceName == null) {
+ logger.info("Hadoop client name not provided.");
+ return fs;
+ } else {
+ if (fs.getDataSource() != null) {
+ if (fs.getDataSource().equalsIgnoreCase(dataSourceName)) {
+ return fs;
+ } else {
+ fs = new HadoopFS(dataSourceName);
+ return fs;
+ }
+ } else {
+ fs = new HadoopFS(dataSourceName);
+ return fs;
+ }
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/security-admin/src/main/java/org/apache/ranger/biz/HiveFSMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/HiveFSMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/HiveFSMgr.java
new file mode 100644
index 0000000..e6924ea
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/biz/HiveFSMgr.java
@@ -0,0 +1,83 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+ /**
+ *
+ */
+package org.apache.ranger.biz;
+
+import org.apache.log4j.Logger;
+import org.apache.ranger.hive.client.HiveClient;
+import org.springframework.context.annotation.Scope;
+import org.springframework.stereotype.Component;
+
+/**
+ *
+ */
+
+// @Component
+// @Scope("singleton")
+
+public class HiveFSMgr {
+
+ private HiveClient fs;
+ private String dataSource;
+ private static Logger logger = Logger.getLogger(HiveFSMgr.class);
+
+ public HiveFSMgr() {
+ init();
+ }
+
+ public HiveFSMgr(String dataSource) {
+ this.dataSource = dataSource;
+ init();
+ }
+
+ private void init() {
+ try {
+ if (dataSource != null) {
+ fs = new HiveClient(dataSource);
+ } else {
+ fs = new HiveClient("dev-hive");
+ }
+ } catch (Exception e) {
+ logger.error("Error connecting hive client", e);
+ }
+ }
+
+ protected HiveClient getInstance(String dataSourceName) {
+ if (dataSourceName == null) {
+ logger.info("Hive client name not provided.");
+ return fs;
+ } else {
+ if (fs.getDataSource() != null) {
+ if (fs.getDataSource().equalsIgnoreCase(dataSourceName)) {
+ return fs;
+ } else {
+ fs = new HiveClient(dataSourceName);
+ return fs;
+ }
+ } else {
+ fs = new HiveClient(dataSourceName);
+ return fs;
+ }
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java
new file mode 100644
index 0000000..f273f2b
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java
@@ -0,0 +1,340 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+ package org.apache.ranger.biz;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.log4j.Logger;
+import org.apache.ranger.common.DateUtil;
+import org.apache.ranger.common.HTTPUtil;
+import org.apache.ranger.common.MessageEnums;
+import org.apache.ranger.common.RESTErrorUtil;
+import org.apache.ranger.common.SearchCriteria;
+import org.apache.ranger.common.StringUtil;
+import org.apache.ranger.common.UserSessionBase;
+import org.apache.ranger.common.XACommonEnums;
+import org.apache.ranger.common.XAConstants;
+import org.apache.ranger.db.XADaoManager;
+import org.apache.ranger.entity.XXAuthSession;
+import org.apache.ranger.entity.XXPortalUser;
+import org.apache.ranger.entity.XXPortalUserRole;
+import org.apache.ranger.security.context.XAContextHolder;
+import org.apache.ranger.security.context.XASecurityContext;
+import org.apache.ranger.service.AuthSessionService;
+import org.apache.ranger.util.RestUtil;
+import org.apache.ranger.view.VXAuthSession;
+import org.apache.ranger.view.VXAuthSessionList;
+import org.apache.ranger.view.VXLong;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.authentication.WebAuthenticationDetails;
+import org.springframework.stereotype.Component;
+import org.springframework.transaction.annotation.Propagation;
+import org.springframework.transaction.annotation.Transactional;
+
+@Component
+@Transactional
+public class SessionMgr {
+
+ static final Logger logger = Logger.getLogger(SessionMgr.class);
+
+ @Autowired
+ RESTErrorUtil restErrorUtil;
+
+ @Autowired
+ XADaoManager daoManager;
+
+ @Autowired
+ AuthSessionService authSessionService;
+
+ @Autowired
+ HTTPUtil httpUtil;
+
+ @Autowired
+ StringUtil stringUtil;
+
+ public SessionMgr() {
+ logger.debug("SessionManager created");
+ }
+
+ public UserSessionBase processSuccessLogin(int authType, String userAgent) {
+ return processSuccessLogin(authType, userAgent, null);
+ }
+
+ public UserSessionBase processSuccessLogin(int authType, String userAgent,
+ HttpServletRequest httpRequest) {
+ boolean newSessionCreation = true;
+ UserSessionBase userSession = null;
+
+ XASecurityContext context = XAContextHolder.getSecurityContext();
+ if (context != null) {
+ userSession = context.getUserSession();
+ }
+
+ Authentication authentication = SecurityContextHolder.getContext()
+ .getAuthentication();
+ WebAuthenticationDetails details = (WebAuthenticationDetails) authentication
+ .getDetails();
+
+ String currentLoginId = authentication.getName();
+ if (userSession != null) {
+ if (validateUserSession(userSession, currentLoginId)) {
+ newSessionCreation = false;
+ }
+ }
+
+ if (newSessionCreation) {
+ // Need to build the UserSession
+ XXPortalUser gjUser = daoManager.getXXPortalUser().findByLoginId(currentLoginId);
+ if (gjUser == null) {
+ logger.error(
+ "Error getting user for loginId=" + currentLoginId,
+ new Exception());
+ return null;
+ }
+
+ XXAuthSession gjAuthSession = new XXAuthSession();
+ gjAuthSession.setLoginId(currentLoginId);
+ gjAuthSession.setUserId(gjUser.getId());
+ gjAuthSession.setAuthTime(DateUtil.getUTCDate());
+ gjAuthSession.setAuthStatus(XXAuthSession.AUTH_STATUS_SUCCESS);
+ gjAuthSession.setAuthType(authType);
+ if (details != null) {
+ gjAuthSession.setExtSessionId(details.getSessionId());
+ gjAuthSession.setRequestIP(details.getRemoteAddress());
+ }
+
+ if (userAgent != null) {
+ gjAuthSession.setRequestUserAgent(userAgent);
+ }
+ gjAuthSession.setDeviceType(httpUtil.getDeviceType(userAgent));
+ gjAuthSession = storeAuthSession(gjAuthSession);
+
+ userSession = new UserSessionBase();
+ userSession.setXXPortalUser(gjUser);
+ userSession.setXXAuthSession(gjAuthSession);
+ resetUserSessionForProfiles(userSession);
+
+ if (details != null) {
+ logger.info("Login Success: loginId=" + currentLoginId
+ + ", sessionId=" + gjAuthSession.getId()
+ + ", sessionId=" + details.getSessionId()
+ + ", requestId=" + details.getRemoteAddress());
+ } else {
+ logger.info("Login Success: loginId=" + currentLoginId
+ + ", sessionId=" + gjAuthSession.getId()
+ + ", details is null");
+ }
+
+ }
+
+ return userSession;
+ }
+
+ public void resetUserSessionForProfiles(UserSessionBase userSession) {
+ if (userSession == null) {
+ // Nothing to reset
+ return;
+ }
+
+ // Let's get the Current User Again
+ String currentLoginId = userSession.getLoginId();
+
+ XXPortalUser gjUser = daoManager.getXXPortalUser().findByLoginId(currentLoginId);
+ userSession.setXXPortalUser(gjUser);
+
+ setUserRoles(userSession);
+
+ }
+
+ private void setUserRoles(UserSessionBase userSession) {
+
+ List<String> strRoleList = new ArrayList<String>();
+ List<XXPortalUserRole> roleList = daoManager.getXXPortalUserRole().findByUserId(
+ userSession.getUserId());
+ for (XXPortalUserRole gjUserRole : roleList) {
+ String userRole = gjUserRole.getUserRole();
+
+ strRoleList.add(userRole);
+ if (userRole.equals(XAConstants.ROLE_SYS_ADMIN)) {
+ userSession.setUserAdmin(true);
+ }
+ }
+ userSession.setUserRoleList(strRoleList);
+ }
+
+ public XXAuthSession processFailureLogin(int authStatus, int authType,
+ String loginId, String remoteAddr, String sessionId) {
+ XXAuthSession gjAuthSession = new XXAuthSession();
+ gjAuthSession.setLoginId(loginId);
+ gjAuthSession.setUserId(null);
+ gjAuthSession.setAuthTime(DateUtil.getUTCDate());
+ gjAuthSession.setAuthStatus(authStatus);
+ gjAuthSession.setAuthType(authType);
+ gjAuthSession.setDeviceType(XACommonEnums.DEVICE_UNKNOWN);
+ gjAuthSession.setExtSessionId(sessionId);
+ gjAuthSession.setRequestIP(remoteAddr);
+ gjAuthSession.setRequestUserAgent(null);
+
+ gjAuthSession = storeAuthSession(gjAuthSession);
+ return gjAuthSession;
+ }
+
+ protected boolean validateUserSession(UserSessionBase userSession,
+ String currentLoginId) {
+ if (currentLoginId
+ .equalsIgnoreCase(userSession.getXXPortalUser().getLoginId())) {
+ return true;
+ } else {
+ logger.info(
+ "loginId doesn't match loginId from HTTPSession. Will create new session. loginId="
+ + currentLoginId + ", userSession=" + userSession,
+ new Exception());
+ return false;
+ }
+ }
+
+ @Transactional(readOnly = false, propagation = Propagation.REQUIRES_NEW)
+ protected XXAuthSession storeAuthSession(XXAuthSession gjAuthSession) {
+ // daoManager.getEntityManager().getTransaction().begin();
+ XXAuthSession dbMAuthSession = daoManager.getXXAuthSession().create(
+ gjAuthSession);
+ // daoManager.getEntityManager().getTransaction().commit();
+ return dbMAuthSession;
+ }
+
+ // non-WEB processing
+ public UserSessionBase processStandaloneSuccessLogin(int authType,
+ String ipAddress) {
+ Authentication authentication = SecurityContextHolder.getContext()
+ .getAuthentication();
+
+ String currentLoginId = authentication.getName();
+
+ // Need to build the UserSession
+ XXPortalUser gjUser = daoManager.getXXPortalUser().findByLoginId(currentLoginId);
+ if (gjUser == null) {
+ logger.error("Error getting user for loginId=" + currentLoginId,
+ new Exception());
+ return null;
+ }
+
+ XXAuthSession gjAuthSession = new XXAuthSession();
+ gjAuthSession.setLoginId(currentLoginId);
+ gjAuthSession.setUserId(gjUser.getId());
+ gjAuthSession.setAuthTime(DateUtil.getUTCDate());
+ gjAuthSession.setAuthStatus(XXAuthSession.AUTH_STATUS_SUCCESS);
+ gjAuthSession.setAuthType(authType);
+ gjAuthSession.setDeviceType(XACommonEnums.DEVICE_UNKNOWN);
+ gjAuthSession.setExtSessionId(null);
+ gjAuthSession.setRequestIP(ipAddress);
+ gjAuthSession.setRequestUserAgent(null);
+
+ gjAuthSession = storeAuthSession(gjAuthSession);
+
+ UserSessionBase userSession = new UserSessionBase();
+ userSession.setXXPortalUser(gjUser);
+ userSession.setXXAuthSession(gjAuthSession);
+
+ // create context with user-session and set in thread-local
+ XASecurityContext context = new XASecurityContext();
+ context.setUserSession(userSession);
+ XAContextHolder.setSecurityContext(context);
+
+ resetUserSessionForProfiles(userSession);
+
+ return userSession;
+ }
+
+ /**
+ * @param searchCriteria
+ * @return
+ */
+ public VXAuthSessionList searchAuthSessions(SearchCriteria searchCriteria) {
+
+ if (searchCriteria != null && searchCriteria.getParamList() != null
+ && searchCriteria.getParamList().size() > 0) {
+
+ int clientTimeOffsetInMinute=RestUtil.getClientTimeOffset();
+ java.util.Date temp = null;
+ DateUtil dateUtil = new DateUtil();
+ if (searchCriteria.getParamList().containsKey("startDate")) {
+ temp = (java.util.Date) searchCriteria.getParamList().get(
+ "startDate");
+ temp = dateUtil.getDateFromGivenDate(temp, 0, 0, 0, 0);
+ temp = dateUtil.addTimeOffset(temp, clientTimeOffsetInMinute);
+ searchCriteria.getParamList().put("startDate", temp);
+ }
+ if (searchCriteria.getParamList().containsKey("endDate")) {
+ temp = (java.util.Date) searchCriteria.getParamList().get(
+ "endDate");
+ temp = dateUtil.getDateFromGivenDate(temp, 0, 23, 59, 59);
+ temp = dateUtil.addTimeOffset(temp, clientTimeOffsetInMinute);
+ searchCriteria.getParamList().put("endDate", temp);
+ }
+ }
+
+ return authSessionService.search(searchCriteria);
+ }
+
+ public VXLong countAuthSessions(SearchCriteria searchCriteria) {
+ return authSessionService.getSearchCount(searchCriteria,
+ AuthSessionService.AUTH_SESSION_SEARCH_FLDS);
+ }
+
+ public VXAuthSession getAuthSession(Long id) {
+ return authSessionService.readResource(id);
+ }
+
+ public VXAuthSession getAuthSessionBySessionId(String authSessionId) {
+ if(stringUtil.isEmpty(authSessionId)){
+ throw restErrorUtil.createRESTException("Please provide the auth session id.",
+ MessageEnums.INVALID_INPUT_DATA);
+ }
+
+ XXAuthSession xXAuthSession = daoManager.getXXAuthSession()
+ .getAuthSessionBySessionId(authSessionId);
+
+ if(xXAuthSession==null){
+ throw restErrorUtil.createRESTException("Please provide a valid "
+ + "session id.", MessageEnums.INVALID_INPUT_DATA);
+ }
+
+ VXAuthSession vXAuthSession = authSessionService.populateViewBean(xXAuthSession);
+ return vXAuthSession;
+ }
+
+ public boolean isValidXAUser(String loginId) {
+ XXPortalUser pUser = daoManager.getXXPortalUser().findByLoginId(loginId);
+ if (pUser == null) {
+ logger.error("Error getting user for loginId=" + loginId);
+ return false;
+ } else {
+ logger.info(loginId+" is a valid user");
+ return true;
+ }
+
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
new file mode 100644
index 0000000..648d80a
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
@@ -0,0 +1,1149 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+ package org.apache.ranger.biz;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.List;
+
+import javax.persistence.Query;
+
+import org.apache.log4j.Logger;
+import org.apache.ranger.common.AppConstants;
+import org.apache.ranger.common.ContextUtil;
+import org.apache.ranger.common.DateUtil;
+import org.apache.ranger.common.GUIDUtil;
+import org.apache.ranger.common.MessageEnums;
+import org.apache.ranger.common.RESTErrorUtil;
+import org.apache.ranger.common.SearchCriteria;
+import org.apache.ranger.common.SearchUtil;
+import org.apache.ranger.common.StringUtil;
+import org.apache.ranger.common.UserSessionBase;
+import org.apache.ranger.common.XACommonEnums;
+import org.apache.ranger.common.XAConfigUtil;
+import org.apache.ranger.common.XAConstants;
+import org.apache.ranger.db.XADaoManager;
+import org.apache.ranger.entity.XXPortalUser;
+import org.apache.ranger.entity.XXPortalUserRole;
+import org.apache.ranger.entity.XXTrxLog;
+import org.apache.ranger.service.XPortalUserService;
+import org.apache.ranger.view.VXPasswordChange;
+import org.apache.ranger.view.VXPortalUser;
+import org.apache.ranger.view.VXPortalUserList;
+import org.apache.ranger.view.VXResponse;
+import org.apache.ranger.view.VXString;
+import org.apache.velocity.Template;
+import org.apache.velocity.app.VelocityEngine;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
+import org.springframework.stereotype.Component;
+import org.springframework.transaction.annotation.Propagation;
+import org.springframework.transaction.annotation.Transactional;
+
+@Component
+public class UserMgr {
+
+ static final Logger logger = Logger.getLogger(UserMgr.class);
+ private static final Md5PasswordEncoder md5Encoder = new Md5PasswordEncoder();
+
+ @Autowired
+ XADaoManager daoManager;
+
+ @Autowired
+ RESTErrorUtil restErrorUtil;
+
+ @Autowired
+ StringUtil stringUtil;
+
+ @Autowired
+ SearchUtil searchUtil;
+
+ @Autowired
+ XABizUtil msBizUtil;
+
+ @Autowired
+ SessionMgr sessionMgr;
+
+ @Autowired
+ VelocityEngine velocityEngine;
+ Template t;
+
+ @Autowired
+ DateUtil dateUtil;
+
+ @Autowired
+ XAConfigUtil configUtil;
+
+ @Autowired
+ XPortalUserService xPortalUserService;
+
+ String publicRoles[] = new String[] { XAConstants.ROLE_USER,
+ XAConstants.ROLE_OTHER };
+
+ private static final List<String> DEFAULT_ROLE_LIST = new ArrayList<String>(
+ 1);
+
+ private static final List<String> VALID_ROLE_LIST = new ArrayList<String>(2);
+
+ static {
+ DEFAULT_ROLE_LIST.add(XAConstants.ROLE_USER);
+ VALID_ROLE_LIST.add(XAConstants.ROLE_SYS_ADMIN);
+ VALID_ROLE_LIST.add(XAConstants.ROLE_USER);
+ }
+
+ public UserMgr() {
+ if (logger.isDebugEnabled()) {
+ logger.debug("UserMgr()");
+ }
+ }
+
+ public XXPortalUser createUser(VXPortalUser userProfile, int userStatus,
+ Collection<String> userRoleList) {
+ XXPortalUser user = mapVXPortalUserToXXPortalUser(userProfile);
+ user = createUser(user, userStatus, userRoleList);
+
+ return user;
+ }
+
+ public XXPortalUser createUser(XXPortalUser user, int userStatus,
+ Collection<String> userRoleList) {
+ user.setStatus(userStatus);
+ String saltEncodedpasswd = encrypt(user.getLoginId(),
+ user.getPassword());
+ user.setPassword(saltEncodedpasswd);
+ user = daoManager.getXXPortalUser().create(user);
+
+ // Create the UserRole for this user
+ List<XXPortalUserRole> gjUserRoleList = new ArrayList<XXPortalUserRole>();
+ if (userRoleList != null) {
+ for (String userRole : userRoleList) {
+ XXPortalUserRole gjUserRole = addUserRole(user.getId(), userRole);
+ if (gjUserRole != null) {
+ gjUserRoleList.add(gjUserRole);
+ }
+ }
+ }
+
+ return user;
+ }
+
+ public XXPortalUser createUser(VXPortalUser userProfile, int userStatus) {
+ ArrayList<String> roleList = new ArrayList<String>();
+ Collection<String> reqRoleList = userProfile.getUserRoleList();
+ if (reqRoleList != null && reqRoleList.size()>0) {
+ for (String role : reqRoleList) {
+ roleList.add(role);
+ }
+ }else{
+ roleList.add(XAConstants.ROLE_USER);
+ }
+
+ return createUser(userProfile, userStatus, roleList);
+ }
+
+ /**
+ * @param userProfile
+ * @return
+ */
+ public XXPortalUser updateUser(VXPortalUser userProfile) {
+ XXPortalUser gjUser = daoManager.getXXPortalUser().getById(
+ userProfile.getId());
+
+ if (gjUser == null) {
+ logger.error("updateUser(). User not found. userProfile="
+ + userProfile);
+ return null;
+ }
+
+ checkAccess(gjUser);
+
+ boolean updateUser = false;
+ // Selectively update fields
+
+ // status
+ if (userProfile.getStatus() != gjUser.getStatus()) {
+ updateUser = true;
+ }
+
+ // Allowing email address update even when its set to empty.
+ // emailAddress
+ String emailAddress = userProfile.getEmailAddress();
+ if (stringUtil.isEmpty(emailAddress)) {
+ String randomString = GUIDUtil.genGUI();
+ userProfile.setEmailAddress(randomString);
+ updateUser = true;
+ } else {
+ if (stringUtil.validateEmail(emailAddress)) {
+ XXPortalUser checkUser = daoManager.getXXPortalUser()
+ .findByEmailAddress(emailAddress);
+ if (checkUser != null) {
+ String loginId = userProfile.getLoginId();
+ if (loginId == null) {
+ throw restErrorUtil.createRESTException(
+ "Invalid user, please provide valid "
+ + "username.",
+ MessageEnums.INVALID_INPUT_DATA);
+ } else if (!loginId.equals(checkUser.getLoginId())) {
+ throw restErrorUtil
+ .createRESTException(
+ "The email address "
+ + "you've provided already exists in system.",
+ MessageEnums.INVALID_INPUT_DATA);
+ } else {
+ userProfile.setEmailAddress(emailAddress);
+ updateUser = true;
+ }
+ } else {
+ userProfile.setEmailAddress(emailAddress);
+ updateUser = true;
+ }
+ } else {
+ throw restErrorUtil.createRESTException(
+ "Please provide valid email address.",
+ MessageEnums.INVALID_INPUT_DATA);
+ }
+ }
+
+ // loginId
+ // if (!stringUtil.isEmpty(userProfile.getLoginId())
+ // && !userProfile.getLoginId().equals(gjUser.getLoginId())) {
+ // gjUser.setLoginId(userProfile.getLoginId());
+ // updateUser = true;
+ // }
+
+ // firstName
+ if (!stringUtil.isEmpty(userProfile.getFirstName())
+ && !userProfile.getFirstName().equals(gjUser.getFirstName())) {
+ userProfile.setFirstName(stringUtil.toCamelCaseAllWords(userProfile
+ .getFirstName()));
+ updateUser = true;
+ }
+
+ // lastName allowed to be empty
+ if (userProfile.getLastName() != null
+ && !userProfile.getLastName().equals(gjUser.getLastName())) {
+ userProfile.setLastName(stringUtil.toCamelCaseAllWords(userProfile
+ .getLastName()));
+ updateUser = true;
+ }
+
+ // publicScreenName
+ if (!stringUtil.isEmpty(userProfile.getPublicScreenName())
+ && !userProfile.getPublicScreenName().equals(
+ gjUser.getPublicScreenName())) {
+ userProfile.setPublicScreenName(userProfile.getFirstName() + " "
+ + userProfile.getLastName());
+ updateUser = true;
+ }
+
+ // notes
+ /*if (!stringUtil.isEmpty(userProfile.getNotes())
+ && !userProfile.getNotes().equalsIgnoreCase(gjUser.getNotes())) {
+ updateUser = true;
+ }*/
+
+ // userRoleList
+ updateRoles(userProfile.getId(), userProfile.getUserRoleList());
+
+ if (updateUser) {
+
+ List<XXTrxLog> trxLogList = xPortalUserService.getTransactionLog(
+ userProfile, gjUser, "update");
+
+ userProfile.setPassword(gjUser.getPassword());
+ userProfile = xPortalUserService.updateResource(userProfile);
+ sessionMgr.resetUserSessionForProfiles(ContextUtil
+ .getCurrentUserSession());
+
+ msBizUtil.createTrxLog(trxLogList);
+ }
+
+ return gjUser;
+ }
+
+ private boolean updateRoles(Long userId, Collection<String> rolesList) {
+ boolean rolesUpdated = false;
+ if (rolesList == null || rolesList.size() == 0) {
+ return false;
+ }
+
+ // Let's first delete old roles
+ List<XXPortalUserRole> gjUserRoles = daoManager.getXXPortalUserRole().findByUserId(
+ userId);
+
+ for (XXPortalUserRole gjUserRole : gjUserRoles) {
+ boolean found = false;
+ for (String userRole : rolesList) {
+ if (gjUserRole.getUserRole().equalsIgnoreCase(userRole)) {
+ found = true;
+ break;
+ }
+ }
+ if (!found) {
+ if (deleteUserRole(userId, gjUserRole)) {
+ rolesUpdated = true;
+ }
+ }
+ }
+
+ // Let's add new roles
+ for (String userRole : rolesList) {
+ boolean found = false;
+ for (XXPortalUserRole gjUserRole : gjUserRoles) {
+ if (gjUserRole.getUserRole().equalsIgnoreCase(userRole)) {
+ found = true;
+ break;
+ }
+ }
+ if (!found) {
+ if (addUserRole(userId, userRole) != null) {
+ rolesUpdated = true;
+ }
+ }
+ }
+ return rolesUpdated;
+ }
+
+ /**
+ * @param userId
+ * @param vStrings
+ */
+ public void setUserRoles(Long userId, List<VXString> vStringRolesList) {
+ List<String> stringRolesList = new ArrayList<String>();
+ for (VXString vXString : vStringRolesList) {
+ stringRolesList.add(vXString.getValue());
+ }
+ updateRoles(userId, stringRolesList);
+ }
+
+ /**
+ * @param pwdChange
+ * @return
+ */
+ public VXResponse changePassword(VXPasswordChange pwdChange) {
+ // First let's get the XXPortalUser for the current logged in user
+ String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
+ XXPortalUser gjUserCurrent = daoManager.getXXPortalUser()
+ .findByLoginId(currentUserLoginId);
+
+ String encryptedOldPwd = encrypt(gjUserCurrent.getLoginId(),
+ pwdChange.getOldPassword());
+
+ VXResponse ret = new VXResponse();
+
+ if (!stringUtil.equals(encryptedOldPwd, gjUserCurrent.getPassword())) {
+ logger.info("changePassword(). Invalid old password. userId="
+ + pwdChange.getId());
+
+ throw restErrorUtil.createRESTException(
+ "serverMsg.userMgrPassword",
+ MessageEnums.OPER_NO_PERMISSION, null, null,
+ "" + pwdChange.getId());
+ }
+
+ // Get the user for whom we want to change the password
+ XXPortalUser gjUser = daoManager.getXXPortalUser().getById(
+ pwdChange.getId());
+ if (gjUser == null) {
+ logger.warn("SECURITY:changePassword(). User not found. userId="
+ + pwdChange.getId());
+ throw restErrorUtil.createRESTException(
+ "serverMsg.userMgrInvalidUser",
+ MessageEnums.DATA_NOT_FOUND, null, null,
+ "" + pwdChange.getId());
+ }
+
+ if (!stringUtil
+ .validatePassword(
+ pwdChange.getUpdPassword(),
+ new String[] { gjUser.getFirstName(),
+ gjUser.getLastName(), gjUser.getLoginId(),
+ gjUserCurrent.getFirstName(),
+ gjUserCurrent.getLastName(),
+ gjUserCurrent.getLoginId() })) {
+ logger.warn("SECURITY:changePassword(). Invalid new password. userId="
+ + pwdChange.getId());
+
+ throw restErrorUtil.createRESTException(
+ "serverMsg.userMgrNewPassword",
+ MessageEnums.INVALID_PASSWORD, null, null,
+ "" + pwdChange.getId());
+ }
+
+ String encryptedNewPwd = encrypt(gjUser.getLoginId(),
+ pwdChange.getUpdPassword());
+
+ String currentPassword = gjUser.getPassword();
+
+ if (!encryptedNewPwd.equals(currentPassword)) {
+
+ List<XXTrxLog> trxLogList = new ArrayList<XXTrxLog>();
+ XXTrxLog xTrxLog = new XXTrxLog();
+
+ xTrxLog.setAttributeName("Password");
+ xTrxLog.setPreviousValue(currentPassword);
+ xTrxLog.setNewValue(encryptedNewPwd);
+ xTrxLog.setAction("password change");
+ xTrxLog.setObjectClassType(AppConstants.CLASS_TYPE_PASSWORD_CHANGE);
+ xTrxLog.setObjectId(pwdChange.getId());
+ xTrxLog.setObjectName(pwdChange.getLoginId());
+ trxLogList.add(xTrxLog);
+
+ msBizUtil.createTrxLog(trxLogList);
+
+ gjUser.setPassword(encryptedNewPwd);
+ gjUser = daoManager.getXXPortalUser().update(gjUser);
+
+ ret.setMsgDesc("Password successfully updated");
+ ret.setStatusCode(VXResponse.STATUS_SUCCESS);
+ } else {
+ ret.setMsgDesc("Password update failed");
+ ret.setStatusCode(VXResponse.STATUS_ERROR);
+ throw restErrorUtil.createRESTException(
+ "serverMsg.userMgrOldPassword",
+ MessageEnums.INVALID_INPUT_DATA, gjUser.getId(),
+ "password", gjUser.toString());
+ }
+ return ret;
+ }
+
+ /**
+ * @param gjUser
+ * @param changeEmail
+ * @return
+ */
+ public VXPortalUser changeEmailAddress(XXPortalUser gjUser,
+ VXPasswordChange changeEmail) {
+
+ if (gjUser.getEmailAddress() != null) {
+ throw restErrorUtil.createRESTException(
+ "serverMsg.userMgrEmailChange",
+ MessageEnums.OPER_NO_PERMISSION, null, null, ""
+ + changeEmail);
+ }
+
+ String encryptedOldPwd = encrypt(gjUser.getLoginId(),
+ changeEmail.getOldPassword());
+
+ if (!stringUtil.validateEmail(changeEmail.getEmailAddress())) {
+ logger.info("Invalid email address." + changeEmail);
+ throw restErrorUtil.createRESTException(
+ "serverMsg.userMgrInvalidEmail",
+ MessageEnums.INVALID_INPUT_DATA, changeEmail.getId(),
+ "emailAddress", changeEmail.toString());
+
+ }
+
+ if (!stringUtil.equals(encryptedOldPwd, gjUser.getPassword())) {
+ logger.info("changeEmailAddress(). Invalid password. changeEmail="
+ + changeEmail);
+
+ throw restErrorUtil.createRESTException(
+ "serverMsg.userMgrWrongPassword",
+ MessageEnums.OPER_NO_PERMISSION, null, null, ""
+ + changeEmail);
+ }
+
+ // Normalize email. Make it lower case
+ gjUser.setEmailAddress(stringUtil.normalizeEmail(changeEmail
+ .getEmailAddress()));
+
+ // loginId
+ gjUser.setLoginId(gjUser.getEmailAddress());
+
+ String saltEncodedpasswd = encrypt(gjUser.getLoginId(),
+ changeEmail.getOldPassword());
+
+ gjUser.setPassword(saltEncodedpasswd);
+
+ daoManager.getXXPortalUser().update(gjUser);
+ return mapXXPortalUserVXPortalUser(gjUser);
+ }
+
+ /**
+ * @param userId
+ */
+ public VXPortalUser deactivateUser(XXPortalUser gjUser) {
+ if (gjUser != null
+ && gjUser.getStatus() != XAConstants.ACT_STATUS_DEACTIVATED) {
+ logger.info("Marking user " + gjUser.getLoginId() + " as deleted");
+ gjUser.setStatus(XAConstants.ACT_STATUS_DEACTIVATED);
+ gjUser = daoManager.getXXPortalUser().update(gjUser);
+ return mapXXPortalUserVXPortalUser(gjUser);
+ }
+ return null;
+ }
+
+ public VXPortalUser getUserProfile(Long id) {
+ XXPortalUser user = daoManager.getXXPortalUser().getById(id);
+ if (user != null) {
+ checkAccessForRead(user);
+ return mapXXPortalUserVXPortalUser(user);
+ } else {
+ if (logger.isDebugEnabled()) {
+ logger.debug("User not found. userId=" + id);
+ }
+ return null;
+ }
+ }
+
+ public VXPortalUser getUserProfileByLoginId() {
+ String loginId = ContextUtil.getCurrentUserLoginId();
+ return getUserProfileByLoginId(loginId);
+ }
+
+ public VXPortalUser getUserProfileByLoginId(String loginId) {
+ XXPortalUser user = daoManager.getXXPortalUser().findByLoginId(loginId);
+ if (user != null) {
+ return mapXXPortalUserVXPortalUser(user);
+ } else {
+ if (logger.isDebugEnabled()) {
+ logger.debug("User not found. loginId=" + loginId);
+ }
+ return null;
+ }
+ }
+
+ public XXPortalUser mapVXPortalUserToXXPortalUser(VXPortalUser userProfile) {
+ XXPortalUser gjUser = new XXPortalUser();
+ gjUser.setEmailAddress(userProfile.getEmailAddress());
+ gjUser.setFirstName(userProfile.getFirstName());
+ gjUser.setLastName(userProfile.getLastName());
+ gjUser.setLoginId(userProfile.getLoginId());
+ gjUser.setPassword(userProfile.getPassword());
+ gjUser.setUserSource(userProfile.getUserSource());
+ gjUser.setPublicScreenName(userProfile.getPublicScreenName());
+ return gjUser;
+ }
+
+ /**
+ * @param user
+ * @return
+ */
+ public VXPortalUser mapXXPortalUserToVXPortalUser(XXPortalUser user,
+ Collection<String> userRoleList) {
+ if (user == null) {
+ return null;
+ }
+ UserSessionBase sess = ContextUtil.getCurrentUserSession();
+ if (sess == null) {
+ return null;
+ }
+
+ VXPortalUser userProfile = new VXPortalUser();
+ gjUserToUserProfile(user, userProfile);
+ if (sess.isUserAdmin() || sess.getXXPortalUser().getId().equals(user.getId())) {
+ if (userRoleList == null) {
+ userRoleList = new ArrayList<String>();
+ List<XXPortalUserRole> gjUserRoleList = daoManager.getXXPortalUserRole()
+ .findByParentId(user.getId());
+
+ for (XXPortalUserRole userRole : gjUserRoleList) {
+ userRoleList.add(userRole.getUserRole());
+ }
+ }
+
+ userProfile.setUserRoleList(userRoleList);
+ }
+ userProfile.setUserSource(user.getUserSource());
+ return userProfile;
+ }
+
+ private void gjUserToUserProfile(XXPortalUser user, VXPortalUser userProfile) {
+ UserSessionBase sess = ContextUtil.getCurrentUserSession();
+ if (sess == null) {
+ return;
+ }
+
+ // Is accessed by peer from the same account
+ boolean isPeer = false;
+ boolean isAccountAdmin = false;
+
+ // Admin
+ if (sess.isUserAdmin() || sess.getXXPortalUser().getId().equals(user.getId())) {
+ userProfile.setLoginId(user.getLoginId());
+ userProfile.setStatus(user.getStatus());
+ userProfile.setUserRoleList(new ArrayList<String>());
+ String emailAddress = user.getEmailAddress();
+
+ if (emailAddress != null && stringUtil.validateEmail(emailAddress)) {
+ userProfile.setEmailAddress(user.getEmailAddress());
+ }
+
+ if (sess != null) {
+ userProfile.setUserSource(sess.getAuthProvider());
+ }
+
+ List<XXPortalUserRole> gjUserRoleList = daoManager.getXXPortalUserRole()
+ .findByParentId(user.getId());
+
+ for (XXPortalUserRole gjUserRole : gjUserRoleList) {
+ userProfile.getUserRoleList().add(gjUserRole.getUserRole());
+ }
+ }
+
+ if (sess.isUserAdmin() || sess.getXXPortalUser().getId().equals(user.getId())
+ || isPeer) {
+ userProfile.setId(user.getId());
+ userProfile.setFirstName(user.getFirstName());
+ userProfile.setLastName(user.getLastName());
+ userProfile.setPublicScreenName(user.getPublicScreenName());
+ if (isAccountAdmin) {
+ userProfile.setEmailAddress(user.getEmailAddress());
+ }
+ }
+
+ }
+
+ /**
+ * Translates XXPortalUser to VUserProfile. This method should be called in the
+ * same transaction in which the XXPortalUser was retrieved from the database
+ *
+ * @param user
+ * @return
+ */
+ public VXPortalUser mapXXPortalUserVXPortalUser(XXPortalUser user) {
+ return mapXXPortalUserToVXPortalUser(user, null);
+ }
+
+ /**
+ * @param emailId
+ * @return
+ */
+ public XXPortalUser findByEmailAddress(String emailId) {
+ return daoManager.getXXPortalUser().findByEmailAddress(emailId);
+ }
+
+ public XXPortalUser findByLoginId(String loginId) {
+ return daoManager.getXXPortalUser().findByLoginId(loginId);
+ }
+
+ @Transactional(readOnly = true, propagation = Propagation.REQUIRED)
+ public Collection<String> getRolesForUser(XXPortalUser user) {
+ Collection<String> roleList = new ArrayList<String>();
+
+ Collection<XXPortalUserRole> roleCollection = daoManager.getXXPortalUserRole()
+ .findByUserId(user.getId());
+ for (XXPortalUserRole role : roleCollection) {
+ roleList.add(role.getUserRole());
+ }
+ return roleList;
+ }
+
+ /**
+ * @param searchCriteria
+ * @return
+ */
+ public VXPortalUserList searchUsers(SearchCriteria searchCriteria) {
+
+ VXPortalUserList returnList = new VXPortalUserList();
+ ArrayList<VXPortalUser> objectList = new ArrayList<VXPortalUser>();
+ String queryStr = "SELECT u FROM XXPortalUser u ";
+ String countQueryStr = "SELECT COUNT(u) FROM XXPortalUser u ";
+
+ // Get total count first
+ Query query = createUserSearchQuery(countQueryStr, null, searchCriteria);
+ Long count = (Long) query.getSingleResult();
+ if (count == null || count.longValue() == 0) {
+ return returnList;
+ }
+
+ // Get actual data
+
+ // Add sort by
+ String sortBy = searchCriteria.getSortBy();
+ String querySortBy = "u.loginId";
+ if (!stringUtil.isEmpty(sortBy)) {
+ sortBy = sortBy.trim();
+ if (sortBy.equalsIgnoreCase("userId")) {
+ querySortBy = "u.id";
+ } else if (sortBy.equalsIgnoreCase("loginId")) {
+ querySortBy = "ua.loginId";
+ } else if (sortBy.equalsIgnoreCase("emailAddress")) {
+ querySortBy = "u.emailAddress";
+ } else if (sortBy.equalsIgnoreCase("firstName")) {
+ querySortBy = "u.firstName";
+ } else if (sortBy.equalsIgnoreCase("lastName")) {
+ querySortBy = "u.lastName";
+ } else {
+ sortBy = "loginId";
+ logger.error("Invalid sortBy provided. sortBy=" + sortBy);
+ }
+ } else {
+ sortBy = "loginId";
+ }
+
+ // Default sort field
+ String sortClause = " order by " + querySortBy + " ";
+
+ // Add sort type
+ String sortType = searchCriteria.getSortType();
+ String querySortType = "asc";
+ if (sortType != null) {
+ if (sortType.equalsIgnoreCase("asc")
+ || sortType.equalsIgnoreCase("desc")) {
+ querySortType = sortType;
+ } else {
+ logger.error("Invalid sortType. sortType=" + sortType);
+ }
+ }
+ sortClause += querySortType;
+
+ query = createUserSearchQuery(queryStr, sortClause, searchCriteria);
+
+ // Set start index
+ query.setFirstResult(searchCriteria.getStartIndex());
+
+ searchUtil.updateQueryPageSize(query, searchCriteria);
+
+ @SuppressWarnings("rawtypes")
+ List resultList = query.getResultList();
+ // Iterate over the result list and create the return list
+ for (Object object : resultList) {
+ XXPortalUser gjUser = (XXPortalUser) object;
+ VXPortalUser userProfile = new VXPortalUser();
+ gjUserToUserProfile(gjUser, userProfile);
+ objectList.add(userProfile);
+ }
+
+ returnList.setPageSize(query.getMaxResults());
+ returnList.setSortBy(sortBy);
+ returnList.setSortType(querySortType);
+ returnList.setStartIndex(query.getFirstResult());
+ returnList.setTotalCount(count.longValue());
+ returnList.setVXPortalUsers(objectList);
+ return returnList;
+ }
+
+ /**
+ * @param queryStr
+ * @param sortClause
+ * @param searchCriteria
+ * @return
+ */
+ private Query createUserSearchQuery(String queryStr, String sortClause,
+ SearchCriteria searchCriteria) {
+ HashMap<String, Object> paramList = searchCriteria.getParamList();
+
+ String whereClause = "WHERE 1 = 1 ";
+
+ // roles
+ @SuppressWarnings("unchecked")
+ List<String> roleList = (List<String>) paramList.get("roleList");
+ if (roleList != null && roleList.size() > 0) {
+ whereClause = ", XXPortalUserRole ur WHERE u.id = ur.userId";
+ if (roleList.size() == 1) {
+ // For only one role, let's do an equal to
+ whereClause += " and ur.userRole = :role";
+ } else {
+ whereClause += " and ur.userRole in (:roleList)";
+ }
+ }
+
+ // userId
+ Long userId = (Long) paramList.get("userId");
+ if (userId != null) {
+ whereClause += " and u.id = :userId ";
+ }
+
+ // loginId
+ String loginId = (String) paramList.get("loginId");
+ if (loginId != null) {
+ whereClause += " and LOWER(u.loginId) = :loginId ";
+ }
+
+ // emailAddress
+ String emailAddress = (String) paramList.get("emailAddress");
+ if (emailAddress != null) {
+ whereClause += " and LOWER(u.emailAddress) = :emailAddress ";
+ }
+
+ // firstName
+ String firstName = (String) paramList.get("firstName");
+ if (firstName != null) {
+ whereClause += " and LOWER(u.firstName) = :firstName ";
+ }
+
+ // lastName
+ String lastName = (String) paramList.get("lastName");
+ if (lastName != null) {
+ whereClause += " and LOWER(u.lastName) = :lastName ";
+ }
+
+ // status
+ Integer status = null;
+ @SuppressWarnings("unchecked")
+ List<Integer> statusList = (List<Integer>) paramList.get("statusList");
+ if (statusList != null && statusList.size() == 1) {
+ // use == condition
+ whereClause += " and u.status = :status";
+ status = statusList.get(0);
+ } else if (statusList != null && statusList.size() > 1) {
+ // use in operator
+ whereClause += " and u.status in (:statusList) ";
+ }
+
+ // publicScreenName
+ String publicScreenName = (String) paramList.get("publicScreenName");
+ if (publicScreenName != null) {
+ whereClause += " and LOWER(u.publicScreenName) = :publicScreenName ";
+ }
+
+ // familyScreenName
+ String familyScreenName = (String) paramList.get("familyScreenName");
+ if (familyScreenName != null) {
+ whereClause += " and LOWER(u.familyScreenName) = :familyScreenName ";
+ }
+
+ if (sortClause != null) {
+ whereClause += sortClause;
+ }
+
+ Query query = daoManager.getEntityManager().createQuery(
+ queryStr + whereClause);
+
+ if (roleList != null && roleList.size() > 0) {
+ if (roleList.size() == 1) {
+ query.setParameter("role", roleList.get(0));
+ } else {
+ query.setParameter("roleList", roleList);
+ }
+ }
+
+ if (status != null) {
+ query.setParameter("status", status);
+ }
+ if (statusList != null && statusList.size() > 1) {
+ query.setParameter("statusList", statusList);
+ }
+ if (emailAddress != null) {
+ query.setParameter("emailAddress", emailAddress.toLowerCase());
+ }
+
+ // userId
+ if (userId != null) {
+ query.setParameter("userId", userId);
+ }
+ // firstName
+ if (firstName != null) {
+ query.setParameter("firstName", firstName.toLowerCase());
+ }
+ // lastName
+ if (lastName != null) {
+ query.setParameter("lastName", lastName.toLowerCase());
+ }
+
+ // loginId
+ if (loginId != null) {
+ query.setParameter("loginId", loginId.toLowerCase());
+ }
+
+ // publicScreenName
+ if (publicScreenName != null) {
+ query.setParameter("publicScreenName",
+ publicScreenName.toLowerCase());
+ }
+
+ // familyScreenName
+ if (familyScreenName != null) {
+ query.setParameter("familyScreenName",
+ familyScreenName.toLowerCase());
+ }
+
+ return query;
+ }
+
+ public boolean deleteUserRole(Long userId, String userRole) {
+ List<XXPortalUserRole> roleList = daoManager.getXXPortalUserRole().findByUserId(
+ userId);
+ for (XXPortalUserRole gjUserRole : roleList) {
+ if (gjUserRole.getUserRole().equalsIgnoreCase(userRole)) {
+ return deleteUserRole(userId, gjUserRole);
+ }
+ }
+ return false;
+ }
+
+ public boolean deleteUserRole(Long userId, XXPortalUserRole gjUserRole) {
+ /*if (XAConstants.ROLE_USER.equals(gjUserRole.getUserRole())) {
+ return false;
+ }*/
+ boolean publicRole = false;
+ for (int i = 0; i < publicRoles.length; i++) {
+ if (publicRoles[i].equalsIgnoreCase(gjUserRole.getUserRole())) {
+ publicRole = true;
+ break;
+ }
+ }
+ if (!publicRole) {
+ UserSessionBase sess = ContextUtil.getCurrentUserSession();
+ if (sess == null || !sess.isUserAdmin()) {
+ return false;
+ }
+ }
+
+ daoManager.getXXPortalUserRole().remove(gjUserRole.getId());
+ return true;
+ }
+
+ public XXPortalUserRole addUserRole(Long userId, String userRole) {
+ List<XXPortalUserRole> roleList = daoManager.getXXPortalUserRole().findByUserId(
+ userId);
+ boolean publicRole = false;
+ for (int i = 0; i < publicRoles.length; i++) {
+ if (publicRoles[i].equalsIgnoreCase(userRole)) {
+ publicRole = true;
+ break;
+ }
+ }
+ if (!publicRole) {
+ UserSessionBase sess = ContextUtil.getCurrentUserSession();
+ if (sess == null) {
+ return null;
+ }
+ // Admin
+ if (!sess.isUserAdmin()) {
+ logger.error(
+ "SECURITY WARNING: User trying to add non public role. userId="
+ + userId + ", role=" + userRole + ", session="
+ + sess.toString(), new Throwable());
+ return null;
+ }
+ }
+
+ for (XXPortalUserRole gjUserRole : roleList) {
+ if (userRole.equalsIgnoreCase(gjUserRole.getUserRole())) {
+ return gjUserRole;
+ }
+ }
+ XXPortalUserRole userRoleObj = new XXPortalUserRole();
+ userRoleObj.setUserRole(userRole.toUpperCase());
+ userRoleObj.setUserId(userId);
+ userRoleObj.setStatus(XAConstants.STATUS_ENABLED);
+ daoManager.getXXPortalUserRole().create(userRoleObj);
+
+ // If role is not OTHER, then remove OTHER
+ if (!XAConstants.ROLE_OTHER.equalsIgnoreCase(userRole)) {
+ deleteUserRole(userId, XAConstants.ROLE_OTHER);
+ }
+
+ sessionMgr.resetUserSessionForProfiles(ContextUtil
+ .getCurrentUserSession());
+ return null;
+ }
+
+ public void checkAccess(Long userId) {
+ XXPortalUser gjUser = daoManager.getXXPortalUser().getById(userId);
+ if (gjUser == null) {
+ throw restErrorUtil
+ .create403RESTException("serverMsg.userMgrWrongUser"
+ + userId);
+ }
+
+ checkAccess(gjUser);
+ }
+
+ /**
+ * @param gjUser
+ * @return
+ */
+ public void checkAccess(XXPortalUser gjUser) {
+ if (gjUser == null) {
+ throw restErrorUtil
+ .create403RESTException("serverMsg.userMgrWrongUser");
+ }
+ UserSessionBase sess = ContextUtil.getCurrentUserSession();
+ if (sess != null) {
+
+ // Admin
+ if (sess != null && sess.isUserAdmin()) {
+ return;
+ }
+
+ // Self
+ if (sess.getXXPortalUser().getId().equals(gjUser.getId())) {
+ return;
+ }
+
+ }
+ throw restErrorUtil.create403RESTException("User "
+ + " access denied. loggedInUser="
+ + (sess != null ? sess.getXXPortalUser().getId() : "Not Logged In")
+ + ", accessing user=" + gjUser.getId());
+
+ }
+
+ public void checkAccessForRead(XXPortalUser gjUser) {
+ if (gjUser == null) {
+ throw restErrorUtil
+ .create403RESTException("serverMsg.userMgrWrongUser");
+ }
+ UserSessionBase sess = ContextUtil.getCurrentUserSession();
+ if (sess != null) {
+
+ // Admin
+ if (sess != null && sess.isUserAdmin()) {
+ return;
+ }
+
+ // Self
+ if (sess.getXXPortalUser().getId().equals(gjUser.getId())) {
+ return;
+ }
+
+ }
+ throw restErrorUtil.create403RESTException("User "
+ + " access denied. loggedInUser="
+ + (sess != null ? sess.getXXPortalUser().getId() : "Not Logged In")
+ + ", accessing user=" + gjUser.getId());
+
+ }
+
+ public String encrypt(String loginId, String password) {
+ String saltEncodedpasswd = md5Encoder.encodePassword(password, loginId);
+ return saltEncodedpasswd;
+ }
+
+ public VXPortalUser createUser(VXPortalUser userProfile) {
+ XXPortalUser xXPortalUser = this
+ .createUser(userProfile, XACommonEnums.STATUS_ENABLED);
+ return mapXXPortalUserVXPortalUser(xXPortalUser);
+ }
+
+ public VXPortalUser createDefaultAccountUser(VXPortalUser userProfile) {
+ if(userProfile.getPassword()==null||userProfile.getPassword().trim().isEmpty()){
+ userProfile.setUserSource(XACommonEnums.USER_EXTERNAL);
+ }
+ // access control
+ UserSessionBase session = ContextUtil.getCurrentUserSession();
+ if (session != null) {
+ if (!session.isUserAdmin()) {
+ throw restErrorUtil.create403RESTException("User "
+ + "creation denied. LoggedInUser="
+ + (session != null ? session.getXXPortalUser().getId()
+ : "Not Logged In")
+ + " ,isn't permitted to perform the action.");
+
+ }
+ }
+
+ XXPortalUser xXPortalUser = null;
+ String loginId = userProfile.getLoginId();
+ String emailAddress = userProfile.getEmailAddress();
+
+ if (loginId != null && !loginId.isEmpty()) {
+ xXPortalUser = this.findByLoginId(loginId);
+ if (xXPortalUser == null) {
+ if (emailAddress != null && !emailAddress.isEmpty()) {
+ xXPortalUser = this.findByEmailAddress(emailAddress);
+ if (xXPortalUser == null) {
+ xXPortalUser = this.createUser(userProfile,
+ XACommonEnums.STATUS_ENABLED);
+ } else {
+ throw restErrorUtil
+ .createRESTException(
+ "The email address "
+ + emailAddress
+ + " you've provided already exists. Please try again with different "
+ + "email address.",
+ MessageEnums.OPER_NOT_ALLOWED_FOR_STATE);
+ }
+ } else {
+ String randomEmail = GUIDUtil.genGUI();
+ userProfile.setEmailAddress(randomEmail);
+ xXPortalUser = this.createUser(userProfile,
+ XACommonEnums.STATUS_ENABLED);
+ }
+ } else {
+ /*throw restErrorUtil
+ .createRESTException(
+ "The login id "
+ + loginId
+ + " you've provided already exists. Please try again with different "
+ + "login id.",
+ MessageEnums.OPER_NOT_ALLOWED_FOR_STATE);*/
+ }
+ }
+
+ return mapXXPortalUserToVXPortalUserForDefaultAccount(xXPortalUser);
+ }
+
+ private VXPortalUser mapXXPortalUserToVXPortalUserForDefaultAccount(XXPortalUser user) {
+
+ VXPortalUser userProfile = new VXPortalUser();
+
+ userProfile.setLoginId(user.getLoginId());
+ userProfile.setEmailAddress(user.getEmailAddress());
+ userProfile.setStatus(user.getStatus());
+ userProfile.setUserRoleList(new ArrayList<String>());
+ userProfile.setId(user.getId());
+ userProfile.setFirstName(user.getFirstName());
+ userProfile.setLastName(user.getLastName());
+ userProfile.setPublicScreenName(user.getPublicScreenName());
+ userProfile.setEmailAddress(user.getEmailAddress());
+
+ List<XXPortalUserRole> gjUserRoleList = daoManager.getXXPortalUserRole()
+ .findByParentId(user.getId());
+
+ for (XXPortalUserRole gjUserRole : gjUserRoleList) {
+ userProfile.getUserRoleList().add(gjUserRole.getUserRole());
+ }
+
+ return userProfile;
+ }
+
+ public boolean isUserInRole(Long userId, String role) {
+ XXPortalUserRole xXPortalUserRole = daoManager.getXXPortalUserRole().findByRoleUserId(
+ userId, role);
+ if (xXPortalUserRole != null) {
+ String userRole = xXPortalUserRole.getUserRole();
+ if (userRole.equalsIgnoreCase(role)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ public XXPortalUser updateUserWithPass(VXPortalUser userProfile) {
+ String updatedPassword = userProfile.getPassword();
+ XXPortalUser xXPortalUser = this.updateUser(userProfile);
+
+ if (updatedPassword != null && !updatedPassword.isEmpty()) {
+ if (!stringUtil.validatePassword(updatedPassword,
+ new String[] { xXPortalUser.getFirstName(), xXPortalUser.getLastName(),
+ xXPortalUser.getLoginId() })) {
+ logger.warn("SECURITY:changePassword(). Invalid new password. userId="
+ + xXPortalUser.getId());
+
+ throw restErrorUtil.createRESTException(
+ "serverMsg.userMgrNewPassword",
+ MessageEnums.INVALID_PASSWORD, null, null,
+ "" + xXPortalUser.getId());
+ }
+
+ String encryptedNewPwd = encrypt(xXPortalUser.getLoginId(),
+ updatedPassword);
+ xXPortalUser.setPassword(encryptedNewPwd);
+ xXPortalUser = daoManager.getXXPortalUser().update(xXPortalUser);
+ }
+ return xXPortalUser;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/security-admin/src/main/java/org/apache/ranger/biz/UserMgrBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgrBase.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgrBase.java
new file mode 100644
index 0000000..568da26
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgrBase.java
@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+ package org.apache.ranger.biz;
+
+import org.apache.ranger.common.*;
+import org.apache.ranger.service.*;
+import org.apache.ranger.view.*;
+import org.springframework.beans.factory.annotation.Autowired;
+public class UserMgrBase {
+
+ @Autowired
+ RESTErrorUtil restErrorUtil;
+
+ @Autowired
+ XPortalUserService xPortalUserService;
+ public VXPortalUser getXPortalUser(Long id){
+ return (VXPortalUser)xPortalUserService.readResource(id);
+ }
+
+ public VXPortalUser createXPortalUser(VXPortalUser vXPortalUser){
+ vXPortalUser = (VXPortalUser)xPortalUserService.createResource(vXPortalUser);
+ return vXPortalUser;
+ }
+
+ public VXPortalUser updateXPortalUser(VXPortalUser vXPortalUser) {
+ vXPortalUser = (VXPortalUser)xPortalUserService.updateResource(vXPortalUser);
+ return vXPortalUser;
+ }
+
+ public void deleteXPortalUser(Long id, boolean force) {
+ if (force) {
+ xPortalUserService.deleteResource(id);
+ } else {
+ throw restErrorUtil.createRESTException(
+ "serverMsg.modelMgrBaseDeleteModel",
+ MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
+ }
+ }
+
+ public VXPortalUserList searchXPortalUsers(SearchCriteria searchCriteria) {
+ return xPortalUserService.searchXPortalUsers(searchCriteria);
+ }
+
+ public VXLong getXPortalUserSearchCount(SearchCriteria searchCriteria) {
+ return xPortalUserService.getSearchCount(searchCriteria,
+ xPortalUserService.searchFields);
+ }
+
+}