Examples of org.apache.hadoop.gateway.security.PrimaryPrincipal

• org.apache.hadoop.gateway.security.PrimaryPrincipal

  public void testResolve() throws Exception {
    final UsernameFunctionProcessor processor = new UsernameFunctionProcessor();
    assertThat( processor.resolve( null, null ), nullValue() );
    assertThat( processor.resolve( null, Arrays.asList( "test-input" ) ), contains( "test-input" ) );
    Subject subject = new Subject();
    subject.getPrincipals().add( new PrimaryPrincipal( "test-username" ) );
    subject.setReadOnly();
    Subject.doAs( subject, new PrivilegedExceptionAction<Object>() {
      @Override
      public Object run() throws Exception {
        assertThat( processor.resolve( null, null ), contains( "test-username" ) );

    else {
      // something is amiss - authentication/federation providers should have run
      // before identity assertion and should have ensured that the appropriate
      // principals were added to the current subject
      // TODO: log as appropriate
      primaryPrincipal = new PrimaryPrincipal(((HttpServletRequest) request).getUserPrincipal().getName());
    }

    groupsMapped = areGroupsMappedForPrincipal(mappedPrincipalName) || !currentGroups.isEmpty();

    if (impersonationNeeded || groupsMapped) {

    HttpServletRequest httpRequest = (HttpServletRequest)request;
    String principal = getPrimaryPrincipal(httpRequest);
    if (principal != null) {
      if (isValid(httpRequest)) {
        Subject subject = new Subject();
        subject.getPrincipals().add(new PrimaryPrincipal(principal));
        addGroupPrincipals(httpRequest, subject.getPrincipals());
        doAs(httpRequest, response, chain, subject);
      }
      else {
        // TODO: log preauthenticated SSO validation failure

  private Subject createSubjectFromToken(JWTToken token) {
    final String principal = token.getPrincipal();

    HashSet emptySet = new HashSet();
    Set<Principal> principals = new HashSet<Principal>();
    Principal p = new PrimaryPrincipal(principal);
    principals.add(p);

//        The newly constructed Sets check whether this Subject has been set read-only
//        before permitting subsequent modifications. The newly created Sets also prevent
//        illegal modifications by ensuring that callers have sufficient permissions.

      };
      Subject shiroSubject = SecurityUtils.getSubject();
      final String principal = (String) shiroSubject.getPrincipal();
      HashSet emptySet = new HashSet();
      Set<Principal> principals = new HashSet<Principal>();
      Principal p = new PrimaryPrincipal(principal);
      principals.add(p);
      auditService.createContext().setUsername( principal );
      String sourceUri = (String)request.getAttribute( AbstractGatewayFilter.SOURCE_REQUEST_CONTEXT_URL_ATTRIBUTE_NAME );
      auditor.audit( Action.AUTHENTICATION , sourceUri, ResourceType.URI, ActionOutcome.SUCCESS );

      throws IOException, ServletException {
    HttpServletRequest httpRequest = (HttpServletRequest)request;
    String principal = httpRequest.getRemoteUser();
    if (principal != null) {
        Subject subject = new Subject();
        subject.getPrincipals().add(new PrimaryPrincipal(principal));
        log.hadoopAuthAssertedPrincipal(principal);
        doAs(httpRequest, response, chain, subject);
    }
    else {
      ((HttpServletResponse)response).sendError(HttpServletResponse.SC_FORBIDDEN, "User not authenticated");

      };
      Subject shiroSubject = SecurityUtils.getSubject();
      final String principal = (String) shiroSubject.getPrincipal();
      HashSet emptySet = new HashSet();
      Set<Principal> principals = new HashSet<Principal>();
      Principal p = new PrimaryPrincipal(principal);
      principals.add(p);
      auditService.getContext().setUsername( principal ); //KM: Audit Fix
      String sourceUri = (String)request.getAttribute( AbstractGatewayFilter.SOURCE_REQUEST_CONTEXT_URL_ATTRIBUTE_NAME );
      auditor.audit( Action.AUTHENTICATION , sourceUri, ResourceType.URI, ActionOutcome.SUCCESS );

    else {
      // something is amiss - authentication/federation providers should have run
      // before identity assertion and should have ensured that the appropriate
      // principals were added to the current subject
      // TODO: log as appropriate
      primaryPrincipal = new PrimaryPrincipal(((HttpServletRequest) request).getUserPrincipal().getName());
    }
    groupsMapped = areGroupsMappedForPrincipal(mappedPrincipalName);

    if (impersonationNeeded || groupsMapped) {
      // gonna need a new subject and doAs

      };
      Subject shiroSubject = SecurityUtils.getSubject();
      final String principal = (String) shiroSubject.getPrincipal();
      HashSet emptySet = new HashSet();
      Set<Principal> principals = new HashSet<Principal>();
      Principal p = new PrimaryPrincipal(principal);
      principals.add(p);

      // TODO: add groups through extended JndiLdapRealm implementation once Jira KNOX-4 is resolved

//      The newly constructed Sets check whether this Subject has been set read-only