Class OpenIdAuthorizer
- java.lang.Object
-
- org.apache.iotdb.commons.auth.authorizer.BasicAuthorizer
-
- org.apache.iotdb.commons.auth.authorizer.OpenIdAuthorizer
-
- All Implemented Interfaces:
IAuthorizer,IService,SnapshotProcessor
public class OpenIdAuthorizer extends BasicAuthorizer
Uses an OpenID Connect provider for Authorization / Authentication.
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.StringIOTDB_ADMIN_ROLE_NAMEstatic java.lang.StringOPENID_USER_PREFIX
-
Constructor Summary
Constructors Constructor Description OpenIdAuthorizer()OpenIdAuthorizer(java.lang.String providerUrl)OpenIdAuthorizer(net.minidev.json.JSONObject jwk)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description booleancheckUserPrivileges(java.lang.String username, PartialPath path, int privilegeId)Check if the user have the privilege on the seriesPath.voidcreateUser(java.lang.String username, java.lang.String password)Create a user with given username and password.voiddeleteUser(java.lang.String username)Delete a user.java.lang.StringgetIoTDBUserName(java.lang.String token)booleanisAdmin(java.lang.String token)So not with the token!booleanlogin(java.lang.String token, java.lang.String password)Login for a user.voidupdateUserPassword(java.lang.String username, java.lang.String newPassword)Modify the password of a user.-
Methods inherited from class org.apache.iotdb.commons.auth.authorizer.BasicAuthorizer
createRole, deleteRole, getAllRoles, getAllUsers, getAllUserWaterMarkStatus, getID, getInstance, getPrivileges, getRole, getUser, grantPrivilegeToRole, grantPrivilegeToUser, grantRoleToUser, init, isUserUseWaterMark, listAllRoles, listAllUsers, processLoadSnapshot, processTakeSnapshot, replaceAllRoles, replaceAllUsers, reset, revokePrivilegeFromRole, revokePrivilegeFromUser, revokeRoleFromUser, setUserUseWaterMark, start, stop
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.apache.iotdb.commons.service.IService
shutdown, waitAndStop
-
-
-
-
Field Detail
-
IOTDB_ADMIN_ROLE_NAME
public static final java.lang.String IOTDB_ADMIN_ROLE_NAME
- See Also:
- Constant Field Values
-
OPENID_USER_PREFIX
public static final java.lang.String OPENID_USER_PREFIX
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
OpenIdAuthorizer
public OpenIdAuthorizer() throws AuthException, com.nimbusds.oauth2.sdk.ParseException, java.io.IOException, java.net.URISyntaxException- Throws:
AuthExceptioncom.nimbusds.oauth2.sdk.ParseExceptionjava.io.IOExceptionjava.net.URISyntaxException
-
OpenIdAuthorizer
public OpenIdAuthorizer(net.minidev.json.JSONObject jwk) throws AuthException- Throws:
AuthException
-
OpenIdAuthorizer
public OpenIdAuthorizer(java.lang.String providerUrl) throws AuthException, java.net.URISyntaxException, com.nimbusds.oauth2.sdk.ParseException, java.io.IOException- Throws:
AuthExceptionjava.net.URISyntaxExceptioncom.nimbusds.oauth2.sdk.ParseExceptionjava.io.IOException
-
-
Method Detail
-
login
public boolean login(java.lang.String token, java.lang.String password) throws AuthExceptionDescription copied from interface:IAuthorizerLogin for a user.- Specified by:
loginin interfaceIAuthorizer- Overrides:
loginin classBasicAuthorizer- Parameters:
token- The username of the user.password- The password of the user.- Returns:
- True if such user exists and the given password is correct, else return false.
- Throws:
AuthException- if exception raised when searching for the user.
-
getIoTDBUserName
public java.lang.String getIoTDBUserName(java.lang.String token)
-
createUser
public void createUser(java.lang.String username, java.lang.String password)Description copied from interface:IAuthorizerCreate a user with given username and password. New users will only be granted no privileges.- Specified by:
createUserin interfaceIAuthorizer- Overrides:
createUserin classBasicAuthorizer- Parameters:
username- is not null or emptypassword- is not null or empty
-
deleteUser
public void deleteUser(java.lang.String username)
Description copied from interface:IAuthorizerDelete a user.- Specified by:
deleteUserin interfaceIAuthorizer- Overrides:
deleteUserin classBasicAuthorizer- Parameters:
username- the username of the user.
-
isAdmin
public boolean isAdmin(java.lang.String token)
So not with the token!- Parameters:
token- Usually the JWT but could also be just the name of the user.- Returns:
- true if the user is an admin
-
checkUserPrivileges
public boolean checkUserPrivileges(java.lang.String username, PartialPath path, int privilegeId) throws AuthExceptionDescription copied from interface:IAuthorizerCheck if the user have the privilege on the seriesPath.- Specified by:
checkUserPrivilegesin interfaceIAuthorizer- Overrides:
checkUserPrivilegesin classBasicAuthorizer- Parameters:
username- The name of the user whose privileges are checked.path- The seriesPath on which the privilege takes effect. If the privilege is a seriesPath-free privilege, this should be "root".privilegeId- An integer that represents a privilege.- Returns:
- True if the user has such privilege, false if the user does not have such privilege.
- Throws:
AuthException- If the seriesPath or the privilege is illegal.
-
updateUserPassword
public void updateUserPassword(java.lang.String username, java.lang.String newPassword)Description copied from interface:IAuthorizerModify the password of a user.- Specified by:
updateUserPasswordin interfaceIAuthorizer- Overrides:
updateUserPasswordin classBasicAuthorizer- Parameters:
username- The user whose password is to be modified.newPassword- The new password.
-
-