/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.ranger.rest;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import org.apache.log4j.Logger;
import org.apache.ranger.biz.UserMgr;
import org.apache.ranger.biz.XUserMgr;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.RangerConfigUtil;
import org.apache.ranger.common.RangerConstants;
import org.apache.ranger.common.SearchCriteria;
import org.apache.ranger.common.SearchUtil;
import org.apache.ranger.common.StringUtil;
import org.apache.ranger.common.annotation.RangerAnnotationClassName;
import org.apache.ranger.common.annotation.RangerAnnotationJSMgrName;
import org.apache.ranger.common.annotation.RangerAnnotationRestAPI;
import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.entity.XXPortalUser;
import org.apache.ranger.security.context.RangerAPIList;
import org.apache.ranger.util.RangerRestUtil;
import org.apache.ranger.view.VXPasswordChange;
import org.apache.ranger.view.VXPortalUser;
import org.apache.ranger.view.VXPortalUserList;
import org.apache.ranger.view.VXResponse;
import org.apache.ranger.view.VXStringList;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;
@Path("users")
@Component
@Scope("request")
@RangerAnnotationJSMgrName("UserMgr")
@Transactional(propagation = Propagation.REQUIRES_NEW)
public class UserREST {
private static final Logger logger = Logger.getLogger(UserREST.class);
@Autowired
StringUtil stringUtil;
@Autowired
RangerDaoManager daoManager;
@Autowired
RangerConfigUtil configUtil;
@Autowired
RESTErrorUtil restErrorUtil;
@Autowired
SearchUtil searchUtil;
@Autowired
UserMgr userManager;
@Autowired
RangerRestUtil msRestUtil;
@Autowired
XUserMgr xUserMgr;
/**
* Implements the traditional search functionalities for UserProfile
*
* @param request
* @return
*/
@GET
@Produces({ "application/xml", "application/json" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.SEARCH_USERS + "\")")
public VXPortalUserList searchUsers(@Context HttpServletRequest request) {
String[] approvedSortByParams = new String[] { "requestDate",
"approvedDate", "activationDate", "emailAddress", "firstName",
"lastName" };
@SuppressWarnings("deprecation")
SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
request, approvedSortByParams);
// userId
searchUtil.extractLong(request, searchCriteria, "userId", "User Id");
// loginId
searchUtil.extractString(request, searchCriteria, "loginId",
"Login Id", null);
// emailAddress
searchUtil.extractString(request, searchCriteria, "emailAddress",
"Email Address", null);
// firstName
searchUtil.extractString(request, searchCriteria, "firstName",
"First Name", StringUtil.VALIDATION_NAME);
// lastName
searchUtil.extractString(request, searchCriteria, "lastName",
"Last Name", StringUtil.VALIDATION_NAME);
// status
searchUtil.extractEnum(request, searchCriteria, "status", "Status",
"statusList", RangerConstants.ActivationStatus_MAX);
// publicScreenName
searchUtil.extractString(request, searchCriteria, "publicScreenName",
"Public Screen Name", StringUtil.VALIDATION_NAME);
// roles
searchUtil.extractStringList(request, searchCriteria, "role", "Role",
"roleList", configUtil.getRoles(), StringUtil.VALIDATION_NAME);
return userManager.searchUsers(searchCriteria);
}
/**
* Return the VUserProfile for the given userId
*
* @param userId
* @return
*/
@GET
@Path("{userId}")
@Produces({ "application/xml", "application/json" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.GET_USER_PROFILE_FOR_USER + "\")")
public VXPortalUser getUserProfileForUser(@PathParam("userId") Long userId) {
try {
VXPortalUser userProfile = userManager.getUserProfile(userId);
if (userProfile != null) {
if (logger.isDebugEnabled()) {
logger.debug("getUserProfile() Found User userId=" + userId);
}
} else {
logger.debug("getUserProfile() Not found userId=" + userId);
}
return userProfile;
} catch (Throwable t) {
logger.error("getUserProfile() no user session. error="
+ t.toString());
}
return null;
}
@POST
@Consumes({ "application/json", "application/xml" })
@Produces({ "application/xml", "application/json" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.CREATE + "\")")
public VXPortalUser create(VXPortalUser userProfile,
@Context HttpServletRequest servletRequest) {
logger.info("create:" + userProfile.getEmailAddress());
return userManager.createUser(userProfile);
}
// API to add user with default account
@POST
@Path("/default")
@Consumes({ "application/json", "application/xml" })
@Produces({ "application/xml", "application/json" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.CREATE_DEFAULT_ACCOUNT_USER + "\")")
public VXPortalUser createDefaultAccountUser(VXPortalUser userProfile,
@Context HttpServletRequest servletRequest) {
VXPortalUser vxPortalUser;
vxPortalUser=userManager.createDefaultAccountUser(userProfile);
if(vxPortalUser!=null)
{
xUserMgr.assignPermissionToUser(vxPortalUser, true);
}
return vxPortalUser;
}
@PUT
@Consumes({ "application/json", "application/xml" })
@Produces({ "application/xml", "application/json" })
@RangerAnnotationRestAPI(updates_classes = "VUserProfile")
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.UPDATE + "\")")
public VXPortalUser update(VXPortalUser userProfile,
@Context HttpServletRequest servletRequest) {
logger.info("update:" + userProfile.getEmailAddress());
XXPortalUser gjUser = daoManager.getXXPortalUser().getById(userProfile.getId());
userManager.checkAccess(gjUser);
if (gjUser != null) {
msRestUtil.validateVUserProfileForUpdate(gjUser, userProfile);
gjUser = userManager.updateUser(userProfile);
return userManager.mapXXPortalUserVXPortalUser(gjUser);
} else {
logger.info("update(): Invalid userId provided: userId="
+ userProfile.getId());
throw restErrorUtil.createRESTException("serverMsg.userRestUser",
MessageEnums.DATA_NOT_FOUND, null, null,
userProfile.toString());
}
}
@PUT
@Path("/{userId}/roles")
@Produces({ "application/xml", "application/json" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.SET_USER_ROLES + "\")")
public VXResponse setUserRoles(@PathParam("userId") Long userId,
VXStringList roleList) {
userManager.checkAccess(userId);
userManager.setUserRoles(userId, roleList.getVXStrings());
VXResponse response = new VXResponse();
response.setStatusCode(VXResponse.STATUS_SUCCESS);
return response;
}
/**
* Deactivate the user
*
* @param userId
* @return
*/
@POST
@Path("{userId}/deactivate")
@Produces({ "application/xml", "application/json" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.DEACTIVATE_USER + "\")")
@RangerAnnotationClassName(class_name = VXPortalUser.class)
public VXPortalUser deactivateUser(@PathParam("userId") Long userId) {
XXPortalUser gjUser = daoManager.getXXPortalUser().getById(userId);
if (gjUser == null) {
logger.info("update(): Invalid userId provided: userId=" + userId);
throw restErrorUtil.createRESTException("serverMsg.userRestUser",
MessageEnums.DATA_NOT_FOUND, null, null, "" + userId);
}
return userManager.deactivateUser(gjUser);
}
/**
* This method returns the VUserProfile for the current session
*
* @param request
* @return
*/
@GET
@Path("/profile")
@Produces({ "application/xml", "application/json" })
public VXPortalUser getUserProfile(@Context HttpServletRequest request) {
try {
logger.debug("getUserProfile(). httpSessionId="
+ request.getSession().getId());
VXPortalUser userProfile = userManager.getUserProfileByLoginId();
return userProfile;
} catch (Throwable t) {
logger.error(
"getUserProfile() no user session. error=" + t.toString(),
t);
}
return null;
}
@GET
@Path("/firstnames")
@Produces({ "application/xml", "application/json" })
public String suggestUserFirstName(@QueryParam("letters") String letters,
@Context HttpServletRequest req) {
return null;
}
/**
* @param userId
* @param changePassword
* @return
*/
@POST
@Path("{userId}/passwordchange")
@Produces({ "application/xml", "application/json" })
public VXResponse changePassword(@PathParam("userId") Long userId,
VXPasswordChange changePassword) {
if(changePassword==null || stringUtil.isEmpty(changePassword.getLoginId())){
logger.warn("SECURITY:changePassword(): Invalid loginId provided. loginId was empty or null");
throw restErrorUtil.createRESTException("serverMsg.userRestUser",MessageEnums.DATA_NOT_FOUND, null, null,"");
}
logger.info("changePassword:" + changePassword.getLoginId());
XXPortalUser gjUser = daoManager.getXXPortalUser().findByLoginId(changePassword.getLoginId());
if (gjUser == null) {
logger.warn("SECURITY:changePassword(): Invalid loginId provided: loginId="+ changePassword.getLoginId());
throw restErrorUtil.createRESTException("serverMsg.userRestUser",MessageEnums.DATA_NOT_FOUND, null, null, changePassword.getLoginId());
}
userManager.checkAccessForUpdate(gjUser);
changePassword.setId(gjUser.getId());
VXResponse ret = userManager.changePassword(changePassword);
return ret;
}
/**
*
* @param userId
* @param changeEmail
* @return
*/
@POST
@Path("{userId}/emailchange")
@Produces({ "application/xml", "application/json" })
public VXPortalUser changeEmailAddress(@PathParam("userId") Long userId,
VXPasswordChange changeEmail) {
if(changeEmail==null || stringUtil.isEmpty(changeEmail.getLoginId())){
logger.warn("SECURITY:changeEmail(): Invalid loginId provided. loginId was empty or null");
throw restErrorUtil.createRESTException("serverMsg.userRestUser",MessageEnums.DATA_NOT_FOUND, null, null,"");
}
logger.info("changeEmail:" + changeEmail.getLoginId());
XXPortalUser gjUser = daoManager.getXXPortalUser().findByLoginId(changeEmail.getLoginId());
if (gjUser == null) {
logger.warn("SECURITY:changeEmail(): Invalid loginId provided: loginId="+ changeEmail.getLoginId());
throw restErrorUtil.createRESTException("serverMsg.userRestUser",MessageEnums.DATA_NOT_FOUND, null, null, changeEmail.getLoginId());
}
userManager.checkAccessForUpdate(gjUser);
changeEmail.setId(gjUser.getId());
VXPortalUser ret = userManager.changeEmailAddress(gjUser, changeEmail);
return ret;
}
}