You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ga...@apache.org on 2015/11/28 18:46:18 UTC
incubator-ranger git commit: RANGER-743 : External users with Admin
Role should be allowed to create/update users
Repository: incubator-ranger
Updated Branches:
refs/heads/ranger-0.5 5a626203b -> 2073c0a9d
RANGER-743 : External users with Admin Role should be allowed to create/update users
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/2073c0a9
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/2073c0a9
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/2073c0a9
Branch: refs/heads/ranger-0.5
Commit: 2073c0a9d52ad5b002afa9b713419591d5f9e889
Parents: 5a62620
Author: Gautam Borad <ga...@apache.org>
Authored: Wed Nov 25 17:35:17 2015 +0530
Committer: Gautam Borad <ga...@apache.org>
Committed: Sat Nov 28 23:15:47 2015 +0530
----------------------------------------------------------------------
.../java/org/apache/ranger/biz/UserMgr.java | 67 ++++++++++++++++++--
.../java/org/apache/ranger/biz/XUserMgr.java | 51 ++++++++++++---
.../handler/RangerAuthenticationProvider.java | 28 +++++++-
3 files changed, 130 insertions(+), 16 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2073c0a9/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
index ee9d14b..571265c 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
@@ -254,6 +254,9 @@ public class UserMgr {
// }
// firstName
+ if("null".equalsIgnoreCase(userProfile.getFirstName())){
+ userProfile.setFirstName("");
+ }
if (!stringUtil.isEmpty(userProfile.getFirstName())
&& !userProfile.getFirstName().equals(gjUser.getFirstName())) {
userProfile.setFirstName(stringUtil.toCamelCaseAllWords(userProfile
@@ -261,8 +264,10 @@ public class UserMgr {
updateUser = true;
}
- // lastName allowed to be empty
- if (userProfile.getLastName() != null
+ if("null".equalsIgnoreCase(userProfile.getLastName())){
+ userProfile.setLastName("");
+ }
+ if (!stringUtil.isEmpty(userProfile.getLastName())
&& !userProfile.getLastName().equals(gjUser.getLastName())) {
userProfile.setLastName(stringUtil.toCamelCaseAllWords(userProfile
.getLastName()));
@@ -270,12 +275,16 @@ public class UserMgr {
}
// publicScreenName
- if (!stringUtil.isEmpty(userProfile.getPublicScreenName())
- && !userProfile.getPublicScreenName().equals(
- gjUser.getPublicScreenName())) {
+ if (userProfile.getFirstName() != null
+ && userProfile.getLastName() != null
+ && !userProfile.getFirstName().trim().isEmpty()
+ && !userProfile.getLastName().trim().isEmpty()) {
userProfile.setPublicScreenName(userProfile.getFirstName() + " "
+ userProfile.getLastName());
updateUser = true;
+ } else {
+ userProfile.setPublicScreenName(gjUser.getLoginId());
+ updateUser = true;
}
// notes
@@ -554,12 +563,34 @@ public class UserMgr {
public XXPortalUser mapVXPortalUserToXXPortalUser(VXPortalUser userProfile) {
XXPortalUser gjUser = new XXPortalUser();
gjUser.setEmailAddress(userProfile.getEmailAddress());
+ if("null".equalsIgnoreCase(userProfile.getFirstName())){
+ userProfile.setFirstName("");
+ }
gjUser.setFirstName(userProfile.getFirstName());
+ if("null".equalsIgnoreCase(userProfile.getLastName())){
+ userProfile.setLastName("");
+ }
gjUser.setLastName(userProfile.getLastName());
+ if (userProfile.getLoginId() == null
+ || userProfile.getLoginId().trim().isEmpty()
+ || "null".equalsIgnoreCase(userProfile.getLoginId())) {
+ throw restErrorUtil.createRESTException(
+ "LoginId should not be null or blank, It is",
+ MessageEnums.INVALID_INPUT_DATA);
+ }
gjUser.setLoginId(userProfile.getLoginId());
gjUser.setPassword(userProfile.getPassword());
gjUser.setUserSource(userProfile.getUserSource());
gjUser.setPublicScreenName(userProfile.getPublicScreenName());
+ if (userProfile.getFirstName() != null
+ && userProfile.getLastName() != null
+ && !userProfile.getFirstName().trim().isEmpty()
+ && !userProfile.getLastName().trim().isEmpty()) {
+ gjUser.setPublicScreenName(userProfile.getFirstName() + " "
+ + userProfile.getLastName());
+ } else {
+ gjUser.setPublicScreenName(userProfile.getLoginId());
+ }
return gjUser;
}
@@ -1237,4 +1268,30 @@ public class UserMgr {
throw restErrorUtil.create403RESTException("Operation not allowed." + " loggedInUser=" + (sess != null ? sess.getXXPortalUser().getId() : "Not Logged In"));
}
+ public Collection<String> getRolesByLoginId(String loginId) {
+ if (loginId == null || loginId.trim().isEmpty()){
+ return DEFAULT_ROLE_LIST;
+ }
+ XXPortalUser xXPortalUser=daoManager.getXXPortalUser().findByLoginId(loginId);
+ if(xXPortalUser==null){
+ return DEFAULT_ROLE_LIST;
+ }
+ Collection<XXPortalUserRole> xXPortalUserRoles = daoManager
+ .getXXPortalUserRole().findByUserId(xXPortalUser.getId());
+ if(xXPortalUserRoles==null){
+ return DEFAULT_ROLE_LIST;
+ }
+ Collection<String> roleList = new ArrayList<String>();
+ for (XXPortalUserRole role : xXPortalUserRoles) {
+ if(role!=null && VALID_ROLE_LIST.contains(role.getUserRole())){
+ if(!roleList.contains(role.getUserRole())){
+ roleList.add(role.getUserRole());
+ }
+ }
+ }
+ if(roleList==null || roleList.size()==0){
+ return DEFAULT_ROLE_LIST;
+ }
+ return roleList;
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2073c0a9/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 3f2c041..3784439 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -186,9 +186,11 @@ public class XUserMgr extends XUserMgrBase {
public VXUser createXUser(VXUser vXUser) {
checkAdminAccess();
String userName = vXUser.getName();
- if (userName == null || userName.isEmpty()) {
- throw restErrorUtil.createRESTException("Please provide a valid "
- + "username.", MessageEnums.INVALID_INPUT_DATA);
+ if (userName == null || "null".equalsIgnoreCase(userName)
+ || userName.trim().isEmpty()) {
+ throw restErrorUtil.createRESTException(
+ "Please provide a valid username.",
+ MessageEnums.INVALID_INPUT_DATA);
}
if (vXUser.getDescription() == null) {
@@ -200,10 +202,23 @@ public class XUserMgr extends XUserMgrBase {
VXPortalUser vXPortalUser = new VXPortalUser();
vXPortalUser.setLoginId(userName);
vXPortalUser.setFirstName(vXUser.getFirstName());
+ if("null".equalsIgnoreCase(vXPortalUser.getFirstName())){
+ vXPortalUser.setFirstName("");
+ }
vXPortalUser.setLastName(vXUser.getLastName());
+ if("null".equalsIgnoreCase(vXPortalUser.getLastName())){
+ vXPortalUser.setLastName("");
+ }
vXPortalUser.setEmailAddress(vXUser.getEmailAddress());
- vXPortalUser.setPublicScreenName(vXUser.getFirstName() + " "
- + vXUser.getLastName());
+ if (vXPortalUser.getFirstName() != null
+ && vXPortalUser.getLastName() != null
+ && !vXPortalUser.getFirstName().trim().isEmpty()
+ && !vXPortalUser.getLastName().trim().isEmpty()) {
+ vXPortalUser.setPublicScreenName(vXPortalUser.getFirstName() + " "
+ + vXPortalUser.getLastName());
+ } else {
+ vXPortalUser.setPublicScreenName(vXUser.getName());
+ }
vXPortalUser.setPassword(actualPassword);
vXPortalUser.setUserRoleList(vXUser.getUserRoleList());
vXPortalUser = userMgr.createDefaultAccountUser(vXPortalUser);
@@ -324,8 +339,11 @@ public class XUserMgr extends XUserMgrBase {
}
public VXUser updateXUser(VXUser vXUser) {
- if (vXUser == null || vXUser.getName() == null || vXUser.getName().trim().isEmpty()) {
- throw restErrorUtil.createRESTException("Please provide a valid " + "username.", MessageEnums.INVALID_INPUT_DATA);
+ if (vXUser == null || vXUser.getName() == null
+ || "null".equalsIgnoreCase(vXUser.getName())
+ || vXUser.getName().trim().isEmpty()) {
+ throw restErrorUtil.createRESTException("Please provide a valid "
+ + "username.", MessageEnums.INVALID_INPUT_DATA);
}
checkAccess(vXUser.getName());
VXPortalUser oldUserProfile = userMgr.getUserProfileByLoginId(vXUser
@@ -337,13 +355,26 @@ public class XUserMgr extends XUserMgrBase {
// TODO : There is a possibility that old user may not exist.
vXPortalUser.setFirstName(vXUser.getFirstName());
+ if("null".equalsIgnoreCase(vXPortalUser.getFirstName())){
+ vXPortalUser.setFirstName("");
+ }
vXPortalUser.setLastName(vXUser.getLastName());
+ if("null".equalsIgnoreCase(vXPortalUser.getLastName())){
+ vXPortalUser.setLastName("");
+ }
vXPortalUser.setEmailAddress(vXUser.getEmailAddress());
vXPortalUser.setLoginId(vXUser.getName());
vXPortalUser.setStatus(vXUser.getStatus());
vXPortalUser.setUserRoleList(vXUser.getUserRoleList());
- vXPortalUser.setPublicScreenName(vXUser.getFirstName() + " "
- + vXUser.getLastName());
+ if (vXPortalUser.getFirstName() != null
+ && vXPortalUser.getLastName() != null
+ && !vXPortalUser.getFirstName().trim().isEmpty()
+ && !vXPortalUser.getLastName().trim().isEmpty()) {
+ vXPortalUser.setPublicScreenName(vXPortalUser.getFirstName() + " "
+ + vXPortalUser.getLastName());
+ } else {
+ vXPortalUser.setPublicScreenName(vXUser.getName());
+ }
vXPortalUser.setUserSource(vXUser.getUserSource());
String hiddenPasswordString = PropertiesUtil.getProperty("ranger.password.hidden", "*****");
String password = vXUser.getPassword();
@@ -1247,6 +1278,7 @@ public class XUserMgr extends XUserMgrBase {
if(vXUser==null){
throw restErrorUtil.createRESTException("Please provide a valid ID", MessageEnums.INVALID_INPUT_DATA);
}
+ checkAccess(vXUser.getName());
List<XXPortalUserRole> portalUserRoleList =null;
VXPortalUser oldUserProfile = userMgr.getUserProfileByLoginId(vXUser.getName());
if(oldUserProfile!=null){
@@ -1260,6 +1292,7 @@ public class XUserMgr extends XUserMgrBase {
public VXStringList getUserRolesByName(String userName) {
VXPortalUser vXPortalUser=null;
if(userName!=null && !userName.trim().isEmpty()){
+ checkAccess(userName);
vXPortalUser = userMgr.getUserProfileByLoginId(userName);
if(vXPortalUser!=null && vXPortalUser.getUserRoleList()!=null){
List<XXPortalUserRole> portalUserRoleList = daoManager.getXXPortalUserRole().findByUserId(vXPortalUser.getId());
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2073c0a9/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
index 40b08c4..f7e5d40 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
@@ -20,6 +20,7 @@
package org.apache.ranger.security.handler;
import java.util.ArrayList;
+import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.HashMap;
@@ -230,6 +231,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
authentication = ldapAuthenticationProvider
.authenticate(finalAuthentication);
+ authentication=getAuthenticationWithGrantedAuthority(authentication);
return authentication;
} else {
return authentication;
@@ -272,6 +274,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
principal, userPassword, grantedAuths);
authentication = adAuthenticationProvider
.authenticate(finalAuthentication);
+ authentication=getAuthenticationWithGrantedAuthority(authentication);
return authentication;
} else {
return authentication;
@@ -323,6 +326,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
principal, userPassword, grantedAuths);
authentication = jaasAuthenticationProvider
.authenticate(finalAuthentication);
+ authentication=getAuthenticationWithGrantedAuthority(authentication);
return authentication;
} else {
return authentication;
@@ -399,6 +403,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);
authentication = ldapAuthenticationProvider.authenticate(finalAuthentication);
+ authentication=getAuthenticationWithGrantedAuthority(authentication);
return authentication;
} else {
return authentication;
@@ -464,6 +469,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);
authentication = ldapAuthenticationProvider.authenticate(finalAuthentication);
+ authentication=getAuthenticationWithGrantedAuthority(authentication);
return authentication;
} else {
return authentication;
@@ -499,8 +505,6 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
if (userName != null && userPassword != null && !userName.trim().isEmpty()&& !userPassword.trim().isEmpty()) {
final List<GrantedAuthority> grantedAuths = new ArrayList<>();
grantedAuths.add(new SimpleGrantedAuthority(rangerLdapDefaultRole));
- grantedAuths.add(new SimpleGrantedAuthority("ROLE_SYS_ADMIN"));
- grantedAuths.add(new SimpleGrantedAuthority("ROLE_KEY_ADMIN"));
final UserDetails principal = new User(userName, userPassword,grantedAuths);
final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);
authentication= authenticator.authenticate(finalAuthentication);
@@ -521,4 +525,24 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
}
return authentication;
}
+ private List<GrantedAuthority> getAuthorities(String username) {
+ Collection<String> roleList=userMgr.getRolesByLoginId(username);
+ final List<GrantedAuthority> grantedAuths = new ArrayList<>();
+ for(String role:roleList){
+ grantedAuths.add(new SimpleGrantedAuthority(role));
+ }
+ return grantedAuths;
+ }
+
+ public Authentication getAuthenticationWithGrantedAuthority(Authentication authentication){
+ UsernamePasswordAuthenticationToken result=null;
+ if(authentication!=null && authentication.isAuthenticated()){
+ final List<GrantedAuthority> grantedAuths=getAuthorities(authentication.getName().toString());
+ final UserDetails userDetails = new User(authentication.getName().toString(), authentication.getCredentials().toString(),grantedAuths);
+ result = new UsernamePasswordAuthenticationToken(userDetails,authentication.getCredentials(),grantedAuths);
+ result.setDetails(authentication.getDetails());
+ return result;
+ }
+ return authentication;
+ }
}