org.apache.ambari.server.security.authorization

Class Users

java.lang.Object

org.apache.ambari.server.security.authorization.Users

public class Users
extends Object

Provides high-level access to Users and Roles in database

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static interface	Users.Command Command is an interface used to perform operations on a UserEntity while safely updating a UserEntity object.

Field Summary

Fields

Modifier and Type	Field and Description
protected Configuration	configuration
protected AmbariLdapConfigurationProvider	ldapConfigurationProvider

Constructor Summary

Constructors

Constructor and Description
Users()

Method Summary

Modifier and Type	Method and Description
void	addAuthentication(UserEntity userEntity, UserAuthenticationType authenticationType, String key) Adds a new authentication type for the given user.
void	addJWTAuthentication(UserEntity userEntity, String key) Adds the ability for a user to authenticate using a JWT token.
void	addJWTAuthentication(UserEntity userEntity, String key, boolean persist) Adds the ability for a user to authenticate using a JWT token.
void	addKerberosAuthentication(UserEntity userEntity, String principalName) Adds the ability for a user to authenticate using a Kerberos token.
void	addKerberosAuthentication(UserEntity userEntity, String principalName, boolean persist) Adds the ability for a user to authenticate using a Kerberos token.
void	addLdapAuthentication(UserEntity userEntity, String dn) Adds the ability for a user to authenticate using a remote LDAP server
void	addLdapAuthentication(UserEntity userEntity, String dn, boolean persist) Adds the ability for a user to authenticate using a remote LDAP server
void	addLocalAuthentication(UserEntity userEntity, String password) Adds the ability for a user to authenticate using a password stored in Ambari's database
void	addLocalAuthentication(UserEntity userEntity, String password, boolean persist) Adds the ability for a user to authenticate using a password stored in Ambari's database
void	addMemberToGroup(GroupEntity groupEntity, UserEntity userEntity)
void	addMemberToGroup(String groupName, String userName)
void	addPamAuthentication(UserEntity userEntity, String userName) Adds the ability for a user to authenticate using Pam
void	addPamAuthentication(UserEntity userEntity, String userName, boolean persist) Adds the ability for a user to authenticate using Pam
void	clearConsecutiveAuthenticationFailures(String username) Resets the named user's consecutive authentication failure count to 0.
void	clearConsecutiveAuthenticationFailures(UserEntity userEntity) Resets the named user's consecutive authentication failure count to 0.
GroupEntity	createGroup(String groupName, GroupType groupType) Creates new group with provided name & type
UserEntity	createUser(String userName, String localUserName, String displayName) Creates new, active, user with provided userName, local username, and display name.
UserEntity	createUser(String userName, String localUserName, String displayName, Boolean active) Creates new, user with provided userName, local username, and display name.
void	executeUserHook(Map<String,Set<String>> userGroupsMap) Triggers the post user creation hook, if enabled
void	executeUserHook(String username) Triggers the post user creation hook, if enabled
List<Group>	getAllGroups() Gets all groups.
List<String>	getAllMembers(String groupName) Gets all members of a group specified.
List<UserEntity>	getAllUserEntities()
List<User>	getAllUsers()
Group	getGroup(String groupName) Gets group by given name.
Group	getGroup(String groupName, GroupType groupType) Gets group by given name & type.
GroupEntity	getGroupEntity(String groupName, GroupType groupType) Gets a GroupEntity by name and type.
Collection<User>	getGroupMembers(String groupName) Gets group members.
Collection<PrivilegeEntity>	getGroupPrivileges(GroupEntity groupEntity) Gets the explicit and implicit privileges for the given group.
User	getUser(Integer userId)
User	getUser(String userName)
User	getUser(UserEntity userEntity)
Collection<UserAuthenticationEntity>	getUserAuthenticationEntities(String username, UserAuthenticationType authenticationType) Gets the collection of UserAuthenticationEntitys for a given user.
Collection<UserAuthenticationEntity>	getUserAuthenticationEntities(UserAuthenticationType authenticationType, String key) Find the UserAuthenticationEntity items for a specific UserAuthenticationType and key value.
Collection<UserAuthenticationEntity>	getUserAuthenticationEntities(UserEntity userEntity, UserAuthenticationType authenticationType) Gets the collection of UserAuthenticationEntitys for a given user.
Collection<AmbariGrantedAuthority>	getUserAuthorities(String userName) Gets the explicit and implicit authorities for the given user.
Collection<AmbariGrantedAuthority>	getUserAuthorities(UserEntity userEntity) Gets the explicit and implicit authorities for the given user.
UserEntity	getUserEntity(Integer userId)
UserEntity	getUserEntity(String userName)
Collection<PrivilegeEntity>	getUserPrivileges(UserEntity userEntity) Gets the explicit and implicit privileges for the given user.
void	grantAdminPrivilege(Integer userId) Grants Ambari Administrator privilege to provided user.
void	grantAdminPrivilege(UserEntity userEntity) Grants Ambari Administrator privilege to provided user.
void	grantPrivilegeToGroup(Integer groupId, Long resourceId, ResourceType resourceType, String permissionName) Grants privilege to provided group.
boolean	hasAdminPrivilege(UserEntity userEntity) Test the user for Ambari Admistrator privileges.
Integer	incrementConsecutiveAuthenticationFailures(String username) Increments the named user's consecutive authentication failure count by 1.
Integer	incrementConsecutiveAuthenticationFailures(UserEntity userEntity) Increments the named user's consecutive authentication failure count by 1.
boolean	isUserCanBeRemoved(UserEntity userEntity) Performs a check if the user can be removed.
boolean	isUserInGroup(UserEntity userEntity, GroupEntity groupEntity) Performs a check if given user belongs to given group.
void	modifyAuthentication(UserAuthenticationEntity userAuthenticationEntity, String currentKey, String newKey, boolean isSelf) Modifies authentication key of an authentication source for a user
void	processLdapSync(LdapBatchDto batchInfo) Executes batch queries to database to insert large amounts of LDAP data.
void	removeAuthentication(String username, Long authenticationId)
void	removeAuthentication(UserEntity userEntity, Long authenticationId)
void	removeGroup(Group group)
void	removeMemberFromGroup(GroupEntity groupEntity, UserEntity userEntity)
void	removeMemberFromGroup(String groupName, String userName)
void	removeUser(User user) Removes a user from the Ambari database.
void	removeUser(UserEntity userEntity) Removes a user from the Ambari database.
void	revokeAdminPrivilege(Integer userId) Revokes Ambari Administrator privileges from provided user.
void	revokeAdminPrivilege(UserEntity userEntity) Revokes Ambari Administrator privileges from provided user.
UserEntity	safelyUpdateUserEntity(UserEntity userEntity, Users.Command command) Attempts to update the specified UserEntity while handling OptimisticLockExceptions by obtaining the latest version of the UserEntity and retrying the operation.
UserEntity	safelyUpdateUserEntity(UserEntity userEntity, Users.Command command, int maxRetries) Attempts to update the specified UserEntity while handling OptimisticLockExceptions by obtaining the latest version of the UserEntity and retrying the operation.
void	setGroupLdap(String groupName) Converts group to LDAP group.
void	setUserActive(String userName, boolean active) Enables/disables user.
void	setUserActive(UserEntity userEntity, boolean active) Enables/disables user.
void	validateLogin(UserEntity userEntity, String userName) Validates the user account such that the user is allowed to log in.
void	validatePassword(String password) Validates the password meets configured requirements according ambari.properties.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ldapConfigurationProvider

@Inject
protected AmbariLdapConfigurationProvider ldapConfigurationProvider

configuration

@Inject
protected Configuration configuration

Constructor Detail

Users

public Users()

Method Detail

getAllUsers

public List<User> getAllUsers()

getAllUserEntities

public List<UserEntity> getAllUserEntities()

getUserEntity

public UserEntity getUserEntity(String userName)

getUserEntity

public UserEntity getUserEntity(Integer userId)

getUser

public User getUser(UserEntity userEntity)

getUser

public User getUser(Integer userId)

getUser

public User getUser(String userName)

setUserActive

public void setUserActive(String userName,
                          boolean active)
                   throws org.apache.ambari.server.AmbariException

Enables/disables user.

Parameters:

userName - user name

active - true if active; false if not active

Throws:

org.apache.ambari.server.AmbariException - if user does not exist

setUserActive

public void setUserActive(UserEntity userEntity,
                          boolean active)
                   throws org.apache.ambari.server.AmbariException

Enables/disables user.

Parameters:

userEntity - the user

active - true if active; false if not active

Throws:

org.apache.ambari.server.AmbariException - if user does not exist

validateLogin

public void validateLogin(UserEntity userEntity,
                          String userName)

Validates the user account such that the user is allowed to log in.

Parameters:

userEntity - the user entity

userName - the Ambari username

setGroupLdap

public void setGroupLdap(String groupName)
                  throws org.apache.ambari.server.AmbariException

Converts group to LDAP group.

Parameters:

groupName - group name

Throws:

org.apache.ambari.server.AmbariException - if group does not exist

createUser

public UserEntity createUser(String userName,
                             String localUserName,
                             String displayName)
                      throws org.apache.ambari.server.AmbariException

Creates new, active, user with provided userName, local username, and display name.

Parameters:

userName - user name

localUserName - the local username to use; if null or empty, userName will be used

displayName - the name to display for presentation; if null or empty, userName will be used

Returns:

the new UserEntity

Throws:

org.apache.ambari.server.AmbariException - if user already exists

createUser

public UserEntity createUser(String userName,
                             String localUserName,
                             String displayName,
                             Boolean active)
                      throws org.apache.ambari.server.AmbariException

Creates new, user with provided userName, local username, and display name.

Parameters:

userName - user name

localUserName - the local username to use; if null or empty, userName will be used

displayName - the name to display for presentation; if null or empty, userName will be used

active - is user active

Returns:

the new UserEntity

Throws:

org.apache.ambari.server.AmbariException - if user already exists

executeUserHook

public void executeUserHook(String username)

Triggers the post user creation hook, if enabled

Parameters:

username - the username of the user to process

executeUserHook

public void executeUserHook(Map<String,Set<String>> userGroupsMap)

Triggers the post user creation hook, if enabled

Parameters:

userGroupsMap - a map of user names to relevant groups

removeUser

public void removeUser(User user)
                throws org.apache.ambari.server.AmbariException

Removes a user from the Ambari database.

It is expected that the associated user authentication records are removed by this operation as well.

Parameters:

user - the user to remove

Throws:

org.apache.ambari.server.AmbariException

removeUser

public void removeUser(UserEntity userEntity)
                throws org.apache.ambari.server.AmbariException

Removes a user from the Ambari database.

It is expected that the associated user authentication records are removed by this operation as well.

Parameters:

userEntity - the user to remove

Throws:

org.apache.ambari.server.AmbariException

getGroup

public Group getGroup(String groupName)

Gets group by given name.

Parameters:

groupName - group name

Returns:

group

getGroup

public Group getGroup(String groupName,
                      GroupType groupType)

Gets group by given name & type.

Parameters:

groupName - group name

groupType - group type

Returns:

group

getGroupEntity

public GroupEntity getGroupEntity(String groupName,
                                  GroupType groupType)

Gets a GroupEntity by name and type.

Parameters:

groupName - group name

groupType - group type

Returns:

group

getGroupMembers

public Collection<User> getGroupMembers(String groupName)

Gets group members.

Parameters:

groupName - group name

Returns:

list of members

createGroup

public GroupEntity createGroup(String groupName,
                               GroupType groupType)

Creates new group with provided name & type

getAllGroups

public List<Group> getAllGroups()

Gets all groups.

Returns:

list of groups

getAllMembers

public List<String> getAllMembers(String groupName)
                           throws org.apache.ambari.server.AmbariException

Gets all members of a group specified.

Parameters:

groupName - group name

Returns:

list of user names

Throws:

org.apache.ambari.server.AmbariException

removeGroup

public void removeGroup(Group group)
                 throws org.apache.ambari.server.AmbariException

Throws:

org.apache.ambari.server.AmbariException

hasAdminPrivilege

public boolean hasAdminPrivilege(UserEntity userEntity)

Test the user for Ambari Admistrator privileges.

Parameters:

userEntity - the user to test

Returns:

true if the user has Ambari Administrator privileges; otherwise false

grantAdminPrivilege

public void grantAdminPrivilege(Integer userId)

Grants Ambari Administrator privilege to provided user.

Parameters:

userId - user id

grantAdminPrivilege

public void grantAdminPrivilege(UserEntity userEntity)

Grants Ambari Administrator privilege to provided user.

Parameters:

userEntity - the user

grantPrivilegeToGroup

public void grantPrivilegeToGroup(Integer groupId,
                                  Long resourceId,
                                  ResourceType resourceType,
                                  String permissionName)

Grants privilege to provided group.

Parameters:

groupId - group id

resourceId - resource id

resourceType - resource type

permissionName - permission name

revokeAdminPrivilege

public void revokeAdminPrivilege(Integer userId)

Revokes Ambari Administrator privileges from provided user.

Parameters:

userId - user id

revokeAdminPrivilege

public void revokeAdminPrivilege(UserEntity userEntity)

Revokes Ambari Administrator privileges from provided user.

Parameters:

userEntity - the user

addMemberToGroup

public void addMemberToGroup(String groupName,
                             String userName)
                      throws org.apache.ambari.server.AmbariException

Throws:

org.apache.ambari.server.AmbariException

addMemberToGroup

public void addMemberToGroup(GroupEntity groupEntity,
                             UserEntity userEntity)
                      throws org.apache.ambari.server.AmbariException

Throws:

org.apache.ambari.server.AmbariException

removeMemberFromGroup

public void removeMemberFromGroup(String groupName,
                                  String userName)
                           throws org.apache.ambari.server.AmbariException

Throws:

org.apache.ambari.server.AmbariException

removeMemberFromGroup

public void removeMemberFromGroup(GroupEntity groupEntity,
                                  UserEntity userEntity)
                           throws org.apache.ambari.server.AmbariException

Throws:

org.apache.ambari.server.AmbariException

isUserCanBeRemoved

public boolean isUserCanBeRemoved(UserEntity userEntity)

Performs a check if the user can be removed. Do not allow removing all admins from database.

Parameters:

userEntity - user to be checked

Returns:

true if user can be removed

isUserInGroup

public boolean isUserInGroup(UserEntity userEntity,
                             GroupEntity groupEntity)

Performs a check if given user belongs to given group.

Parameters:

userEntity - user entity

groupEntity - group entity

Returns:

true if user presents in group

processLdapSync

public void processLdapSync(LdapBatchDto batchInfo)

Executes batch queries to database to insert large amounts of LDAP data.

Parameters:

batchInfo - DTO with batch information

getUserPrivileges

public Collection<PrivilegeEntity> getUserPrivileges(UserEntity userEntity)

Gets the explicit and implicit privileges for the given user.

The explicit privileges are the privileges that have be explicitly set by assigning roles to a user. For example the Cluster Operator role on a given cluster gives that the ability to start and stop services in that cluster, among other privileges for that particular cluster.

The implicit privileges are the privileges that have been given to the roles themselves which in turn are granted to the users that have been assigned those roles. For example if the Cluster User role for a given cluster has been given View User access on a specified File View instance, then all users who have the Cluster User role for that cluster will implicitly be granted View User access on that File View instance.

Parameters:

userEntity - the relevant user

Returns:

the collection of implicit and explicit privileges

getGroupPrivileges

public Collection<PrivilegeEntity> getGroupPrivileges(GroupEntity groupEntity)

Gets the explicit and implicit privileges for the given group.

The explicit privileges are the privileges that have be explicitly set by assigning roles to a group. For example the Cluster Operator role on a given cluster gives that the ability to start and stop services in that cluster, among other privileges for that particular cluster.

The implicit privileges are the privileges that have been given to the roles themselves which in turn are granted to the groups that have been assigned those roles. For example if the Cluster User role for a given cluster has been given View User access on a specified File View instance, then all groups that have the Cluster User role for that cluster will implicitly be granted View User access on that File View instance.

Parameters:

groupEntity - the relevant group

Returns:

the collection of implicit and explicit privileges

getUserAuthorities

public Collection<AmbariGrantedAuthority> getUserAuthorities(String userName)

Gets the explicit and implicit authorities for the given user.

The explicit authorities are the authorities that have be explicitly set by assigning roles to a user. For example the Cluster Operator role on a given cluster gives that the ability to start and stop services in that cluster, among other privileges for that particular cluster.

The implicit authorities are the authorities that have been given to the roles themselves which in turn are granted to the users that have been assigned those roles. For example if the Cluster User role for a given cluster has been given View User access on a specified File View instance, then all users who have the Cluster User role for that cluster will implicitly be granted View User access on that File View instance.

Parameters:

userName - the username for the relevant user

Returns:

the users collection of implicit and explicit granted authorities

getUserAuthorities

public Collection<AmbariGrantedAuthority> getUserAuthorities(UserEntity userEntity)

Gets the explicit and implicit authorities for the given user.

The explicit authorities are the authorities that have be explicitly set by assigning roles to a user. For example the Cluster Operator role on a given cluster gives that the ability to start and stop services in that cluster, among other privileges for that particular cluster.

The implicit authorities are the authorities that have been given to the roles themselves which in turn are granted to the users that have been assigned those roles. For example if the Cluster User role for a given cluster has been given View User access on a specified File View instance, then all users who have the Cluster User role for that cluster will implicitly be granted View User access on that File View instance.

Parameters:

userEntity - the relevant user

Returns:

the users collection of implicit and explicit granted authorities

getUserAuthenticationEntities

public Collection<UserAuthenticationEntity> getUserAuthenticationEntities(String username,
                                                                          UserAuthenticationType authenticationType)

Gets the collection of UserAuthenticationEntitys for a given user.

Parameters:

username - the username of a user; if null assumes all users

authenticationType - the authentication type, if null assumes all

Returns:

a collection of the requested UserAuthenticationEntitys

getUserAuthenticationEntities

public Collection<UserAuthenticationEntity> getUserAuthenticationEntities(UserEntity userEntity,
                                                                          UserAuthenticationType authenticationType)

Gets the collection of UserAuthenticationEntitys for a given user.

Parameters:

userEntity - the user; if null assumes all users

authenticationType - the authentication type, if null assumes all

Returns:

a collection of the requested UserAuthenticationEntitys

getUserAuthenticationEntities

public Collection<UserAuthenticationEntity> getUserAuthenticationEntities(UserAuthenticationType authenticationType,
                                                                          String key)

Find the UserAuthenticationEntity items for a specific UserAuthenticationType and key value.

Parameters:

authenticationType - the authentication type

key - the key value

Returns:

the found collection of UserAuthenticationEntity values

modifyAuthentication

public void modifyAuthentication(UserAuthenticationEntity userAuthenticationEntity,
                                 String currentKey,
                                 String newKey,
                                 boolean isSelf)
                          throws org.apache.ambari.server.AmbariException

Modifies authentication key of an authentication source for a user

Throws:

org.apache.ambari.server.AmbariException

removeAuthentication

public void removeAuthentication(String username,
                                 Long authenticationId)

removeAuthentication

public void removeAuthentication(UserEntity userEntity,
                                 Long authenticationId)

addAuthentication

public void addAuthentication(UserEntity userEntity,
                              UserAuthenticationType authenticationType,
                              String key)
                       throws org.apache.ambari.server.AmbariException

Adds a new authentication type for the given user.

Parameters:

userEntity - the user

authenticationType - the authentication type

key - the relevant key

Throws:

org.apache.ambari.server.AmbariException

See Also:

addLocalAuthentication(UserEntity, String), addLdapAuthentication(UserEntity, String), addJWTAuthentication(UserEntity, String), addKerberosAuthentication(UserEntity, String), addPamAuthentication(UserEntity, String)

addJWTAuthentication

public void addJWTAuthentication(UserEntity userEntity,
                                 String key)
                          throws org.apache.ambari.server.AmbariException

Adds the ability for a user to authenticate using a JWT token.

The key for this authentication mechanism is the username expected to be in the JWT token.

The created UserAuthenticationEntity and the supplied UserEntity are persisted.

Parameters:

userEntity - the user

key - the relevant key

Throws:

org.apache.ambari.server.AmbariException

See Also:

addJWTAuthentication(UserEntity, String, boolean)

addJWTAuthentication

public void addJWTAuthentication(UserEntity userEntity,
                                 String key,
                                 boolean persist)
                          throws org.apache.ambari.server.AmbariException

Adds the ability for a user to authenticate using a JWT token.

The key for this authentication mechanism is the username expected to be in the JWT token.

Parameters:

userEntity - the user

key - the relevant key

persist - true, to persist the created entity; false, to not persist the created entity

Throws:

org.apache.ambari.server.AmbariException

addKerberosAuthentication

public void addKerberosAuthentication(UserEntity userEntity,
                                      String principalName)
                               throws org.apache.ambari.server.AmbariException

Adds the ability for a user to authenticate using a Kerberos token.

The created UserAuthenticationEntity and the supplied UserEntity are persisted.

Parameters:

userEntity - the user

principalName - the user's principal name

Throws:

org.apache.ambari.server.AmbariException

See Also:

addKerberosAuthentication(UserEntity, String, boolean)

addKerberosAuthentication

public void addKerberosAuthentication(UserEntity userEntity,
                                      String principalName,
                                      boolean persist)
                               throws org.apache.ambari.server.AmbariException

Adds the ability for a user to authenticate using a Kerberos token.

Parameters:

userEntity - the user

principalName - the user's principal name

persist - true, to persist the created entity; false, to not persist the created entity

Throws:

org.apache.ambari.server.AmbariException

addLocalAuthentication

public void addLocalAuthentication(UserEntity userEntity,
                                   String password)
                            throws org.apache.ambari.server.AmbariException

Adds the ability for a user to authenticate using a password stored in Ambari's database

The supplied plaintext password will be encoded before storing.

The created UserAuthenticationEntity and the supplied UserEntity are persisted.

Parameters:

userEntity - the user

password - the user's plaintext password

Throws:

org.apache.ambari.server.AmbariException

See Also:

addLocalAuthentication(UserEntity, String, boolean)

addLocalAuthentication

public void addLocalAuthentication(UserEntity userEntity,
                                   String password,
                                   boolean persist)
                            throws org.apache.ambari.server.AmbariException

Adds the ability for a user to authenticate using a password stored in Ambari's database

The supplied plaintext password will be encoded before storing.

Parameters:

userEntity - the user

password - the user's plaintext password

persist - true, to persist the created entity; false, to not persist the created entity

Throws:

org.apache.ambari.server.AmbariException

addPamAuthentication

public void addPamAuthentication(UserEntity userEntity,
                                 String userName)
                          throws org.apache.ambari.server.AmbariException

Adds the ability for a user to authenticate using Pam

The created UserAuthenticationEntity and the supplied UserEntity are persisted.

Parameters:

userEntity - the user

userName - the user's os-level username

Throws:

org.apache.ambari.server.AmbariException

See Also:

addPamAuthentication(UserEntity, String, boolean)

addPamAuthentication

public void addPamAuthentication(UserEntity userEntity,
                                 String userName,
                                 boolean persist)
                          throws org.apache.ambari.server.AmbariException

Adds the ability for a user to authenticate using Pam

Parameters:

userEntity - the user

userName - the user's os-level username

persist - true, to persist the created entity; false, to not persist the created entity

Throws:

org.apache.ambari.server.AmbariException

addLdapAuthentication

public void addLdapAuthentication(UserEntity userEntity,
                                  String dn)
                           throws org.apache.ambari.server.AmbariException

Adds the ability for a user to authenticate using a remote LDAP server

The created UserAuthenticationEntity and the supplied UserEntity are persisted.

Parameters:

userEntity - the user

dn - the user's distinguished name

Throws:

org.apache.ambari.server.AmbariException

See Also:

addLdapAuthentication(UserEntity, String, boolean)

addLdapAuthentication

public void addLdapAuthentication(UserEntity userEntity,
                                  String dn,
                                  boolean persist)
                           throws org.apache.ambari.server.AmbariException

Adds the ability for a user to authenticate using a remote LDAP server

Parameters:

userEntity - the user

dn - the user's distinguished name

persist - true, to persist the created entity; false, to not persist the created entity

Throws:

org.apache.ambari.server.AmbariException

incrementConsecutiveAuthenticationFailures

public Integer incrementConsecutiveAuthenticationFailures(String username)

Increments the named user's consecutive authentication failure count by 1.

This operation is safe when concurrent authentication attempts by the same username are made due to UserEntity.version and optimistic locking.

Parameters:

username - the user's username

Returns:

the updated number of consecutive authentication failures; or null if the user does not exist

incrementConsecutiveAuthenticationFailures

public Integer incrementConsecutiveAuthenticationFailures(UserEntity userEntity)

Increments the named user's consecutive authentication failure count by 1.

This operation is safe when concurrent authentication attempts by the same username are made due to UserEntity.version and optimistic locking.

Parameters:

userEntity - the user

Returns:

the updated number of consecutive authentication failures; or null if the user does not exist

clearConsecutiveAuthenticationFailures

public void clearConsecutiveAuthenticationFailures(String username)

Resets the named user's consecutive authentication failure count to 0.

This operation is safe when concurrent authentication attempts by the same username are made due to UserEntity.version and optimistic locking.

Parameters:

username - the user's username

clearConsecutiveAuthenticationFailures

public void clearConsecutiveAuthenticationFailures(UserEntity userEntity)

Resets the named user's consecutive authentication failure count to 0.

This operation is safe when concurrent authentication attempts by the same username are made due to UserEntity.version and optimistic locking.

Parameters:

userEntity - the user

safelyUpdateUserEntity

public UserEntity safelyUpdateUserEntity(UserEntity userEntity,
                                         Users.Command command)

Attempts to update the specified UserEntity while handling OptimisticLockExceptions by obtaining the latest version of the UserEntity and retrying the operation. If the maximum number of retries is exceeded (see MAX_RETRIES), then the operation will fail by rethrowing the last exception encountered.

Parameters:

userEntity - the user entity

command - a command to perform on the user entity object that changes it state thus needing to be persisted

safelyUpdateUserEntity

public UserEntity safelyUpdateUserEntity(UserEntity userEntity,
                                         Users.Command command,
                                         int maxRetries)

Attempts to update the specified UserEntity while handling OptimisticLockExceptions by obtaining the latest version of the UserEntity and retrying the operation. If the maximum number of retries is exceeded, then the operation will fail by rethrowing the last exception encountered.

Parameters:

userEntity - the user entity

command - a command to perform on the user entity object that changes it state thus needing to be persisted

maxRetries - the maximum number of reties to peform before failing

validatePassword

public void validatePassword(String password)

Validates the password meets configured requirements according ambari.properties.

Parameters:

password - the password

Throws:

IllegalArgumentException - if password does not meet the password policy requirements