List of usage examples for org.apache.cassandra.auth DataResource root
public static DataResource root()
From source file:org.wso2.carbon.cassandra.server.CarbonCassandraAuthorizer.java
License:Apache License
/** * Authorize the given user for performing actions on the given resource * * @param authenticatedUser <code>AuthenticatedUser</code> instance * @param resource Cassandra's resource such as cf, keyspace * @return A set of <code>Permission</code> the given user allowed for the given resource * @see #authorize(org.apache.cassandra.auth.AuthenticatedUser, org.apache.cassandra.auth.IResource) *//*from w ww . j ava2 s .c o m*/ public Set<Permission> authorize(AuthenticatedUser authenticatedUser, IResource resource) { String resourcePath = null; if (resource instanceof DataResource) { resourcePath = resource.getName(); } else { resourcePath = getResourcePath(resource); } resourcePath = AuthUtils.RESOURCE_PATH_PREFIX + File.separator + resourcePath; String rootPath = AuthUtils.RESOURCE_PATH_PREFIX + File.separator + DataResource.root().getName(); if (!resourcePath.startsWith(rootPath)) { return Permission.NONE; } try { String user = authenticatedUser.getName(); String domainName = MultitenantUtils.getTenantDomain(user); PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext cc = PrivilegedCarbonContext.getThreadLocalCarbonContext(); if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(domainName)) { cc.setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); cc.setTenantId(MultitenantConstants.SUPER_TENANT_ID); } else { UserRealmService realmService = CassandraServerDataHolder.getInstance().getRealmService(); int tenantID = realmService.getTenantManager().getTenantId(domainName); cc.setTenantDomain(domainName); cc.setTenantId(tenantID); } UserRealm userRealm = getRealmForTenant(domainName); AuthorizationManager authorizationManager = userRealm.getAuthorizationManager(); String tenantLessUsername = MultitenantUtils.getTenantAwareUsername(user); EnumSet<Permission> permissions = EnumSet.noneOf(Permission.class); for (String action : Action.ALL_ACTIONS_ARRAY) { try { boolean isAuthorized = authorizationManager.isUserAuthorized(tenantLessUsername, resourcePath, action); if (isAuthorized) { permissions.add(AuthUtils.getCassandraPermission(action)); } } catch (UserStoreException ex) { log.error(ex.getMessage(), ex); } } if (permissions.isEmpty()) { return Permission.NONE; } return permissions; } catch (UserStoreException e) { log.error("Error during authorizing a user for a resource" + resourcePath, e); return Permission.NONE; } finally { PrivilegedCarbonContext.endTenantFlow(); } }