Example usage for org.apache.cassandra.auth DataResource root

List of usage examples for org.apache.cassandra.auth DataResource root

  1. HOME
  2. Java
  3. org.apache.cassandra
  4. org.apache.cassandra.auth.*
  5. DataResource
  6. root

Introduction

In this page you can find the example usage for org.apache.cassandra.auth DataResource root.

Prototype

public static DataResource root()

Source Link

Usage

From source file:org.wso2.carbon.cassandra.server.CarbonCassandraAuthorizer.java

License:Apache License

/**
 * Authorize the given user for performing actions on the given resource
 *
 * @param authenticatedUser <code>AuthenticatedUser</code> instance
 * @param resource          Cassandra's resource such as cf, keyspace
 * @return A set of <code>Permission</code> the given user allowed for the given resource
 * @see #authorize(org.apache.cassandra.auth.AuthenticatedUser, org.apache.cassandra.auth.IResource)
 *//*from w ww .  j ava2  s .c  o m*/
public Set<Permission> authorize(AuthenticatedUser authenticatedUser, IResource resource) {

    String resourcePath = null;
    if (resource instanceof DataResource) {
        resourcePath = resource.getName();
    } else {
        resourcePath = getResourcePath(resource);
    }

    resourcePath = AuthUtils.RESOURCE_PATH_PREFIX + File.separator + resourcePath;
    String rootPath = AuthUtils.RESOURCE_PATH_PREFIX + File.separator + DataResource.root().getName();
    if (!resourcePath.startsWith(rootPath)) {
        return Permission.NONE;
    }

    try {
        String user = authenticatedUser.getName();
        String domainName = MultitenantUtils.getTenantDomain(user);
        PrivilegedCarbonContext.startTenantFlow();
        PrivilegedCarbonContext cc = PrivilegedCarbonContext.getThreadLocalCarbonContext();
        if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(domainName)) {
            cc.setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
            cc.setTenantId(MultitenantConstants.SUPER_TENANT_ID);
        } else {
            UserRealmService realmService = CassandraServerDataHolder.getInstance().getRealmService();
            int tenantID = realmService.getTenantManager().getTenantId(domainName);
            cc.setTenantDomain(domainName);
            cc.setTenantId(tenantID);
        }
        UserRealm userRealm = getRealmForTenant(domainName);
        AuthorizationManager authorizationManager = userRealm.getAuthorizationManager();
        String tenantLessUsername = MultitenantUtils.getTenantAwareUsername(user);

        EnumSet<Permission> permissions = EnumSet.noneOf(Permission.class);

        for (String action : Action.ALL_ACTIONS_ARRAY) {
            try {
                boolean isAuthorized = authorizationManager.isUserAuthorized(tenantLessUsername, resourcePath,
                        action);
                if (isAuthorized) {
                    permissions.add(AuthUtils.getCassandraPermission(action));
                }
            } catch (UserStoreException ex) {
                log.error(ex.getMessage(), ex);
            }
        }

        if (permissions.isEmpty()) {
            return Permission.NONE;
        }
        return permissions;
    } catch (UserStoreException e) {
        log.error("Error during authorizing a user for a resource" + resourcePath, e);
        return Permission.NONE;
    } finally {
        PrivilegedCarbonContext.endTenantFlow();
    }
}