modules/core/src/main/java/org/apache/ignite/internal/processors/authentication/AuthorizationContext.java - ignite - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package org.apache.ignite.internal.processors.authentication;

 /**
  * Ignite authentication context.
  */
 public class AuthorizationContext {
     /** User. */
     private final User user;

     /** Current authorization context. */
     private static ThreadLocal<AuthorizationContext> actx = new ThreadLocal<>();

     /**
      * Creates authentication context.
      *
      * @param user Authorized user.
      */
     public AuthorizationContext(User user) {
         assert user != null;

         this.user = user;
     }

     /**
      * @return Authorized user.
      */
     public String userName() {
         return user.name();
     }

     /**
      * @param op User operation to check.
      * @throws IgniteAccessControlException If operation check fails: user hasn't permissions for user management
      *      or try to remove default user.
      */
     public void checkUserOperation(UserManagementOperation op) throws IgniteAccessControlException {
         assert op != null;

         if (user == null)
             throw new IgniteAccessControlException("Operation not allowed: authorized context is empty.");

         if (!User.DFAULT_USER_NAME.equals(user.name())
             && !(UserManagementOperation.OperationType.UPDATE == op.type() && user.name().equals(op.user().name())))
             throw new IgniteAccessControlException("User management operations are not allowed for user. " +
                 "[curUser=" + user.name() + ']');

         if (op.type() == UserManagementOperation.OperationType.REMOVE
             && User.DFAULT_USER_NAME.equals(op.user().name()))
             throw new IgniteAccessControlException("Default user cannot be removed.");
     }

     /**
      * @param actx Authorization context to set.
      */
     public static void context(AuthorizationContext actx) {
         AuthorizationContext.actx.set(actx);
     }

     /**
      * Clear authentication context.
      */
     public static void clear() {
         actx.set(null);
     }

     /**
      * @return Current authorization context.
      */
     public static AuthorizationContext context() {
         return actx.get();
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.ignite.internal.processors.authentication;

	/**
	* Ignite authentication context.
	*/
	public class AuthorizationContext {
	/** User. */
	private final User user;

	/** Current authorization context. */
	private static ThreadLocal<AuthorizationContext> actx = new ThreadLocal<>();

	/**
	* Creates authentication context.
	*
	* @param user Authorized user.
	*/
	public AuthorizationContext(User user) {
	assert user != null;

	this.user = user;
	}

	/**
	* @return Authorized user.
	*/
	public String userName() {
	return user.name();
	}

	/**
	* @param op User operation to check.
	* @throws IgniteAccessControlException If operation check fails: user hasn't permissions for user management
	* or try to remove default user.
	*/
	public void checkUserOperation(UserManagementOperation op) throws IgniteAccessControlException {
	assert op != null;

	if (user == null)
	throw new IgniteAccessControlException("Operation not allowed: authorized context is empty.");

	if (!User.DFAULT_USER_NAME.equals(user.name())
	&& !(UserManagementOperation.OperationType.UPDATE == op.type() && user.name().equals(op.user().name())))
	throw new IgniteAccessControlException("User management operations are not allowed for user. " +
	"[curUser=" + user.name() + ']');

	if (op.type() == UserManagementOperation.OperationType.REMOVE
	&& User.DFAULT_USER_NAME.equals(op.user().name()))
	throw new IgniteAccessControlException("Default user cannot be removed.");
	}

	/**
	* @param actx Authorization context to set.
	*/
	public static void context(AuthorizationContext actx) {
	AuthorizationContext.actx.set(actx);
	}

	/**
	* Clear authentication context.
	*/
	public static void clear() {
	actx.set(null);
	}

	/**
	* @return Current authorization context.
	*/
	public static AuthorizationContext context() {
	return actx.get();
	}
	}