diff --git a/presto-main/pom.xml b/presto-main/pom.xml
index f70774526669..2134ebca1e3a 100644
--- a/presto-main/pom.xml
+++ b/presto-main/pom.xml
@@ -369,7 +369,6 @@
io.jsonwebtoken
jjwt-jackson
- runtime
diff --git a/presto-main/src/main/java/com/facebook/presto/server/HttpRequestSessionContext.java b/presto-main/src/main/java/com/facebook/presto/server/HttpRequestSessionContext.java
index d98e6e431040..6fc8b9efbd66 100644
--- a/presto-main/src/main/java/com/facebook/presto/server/HttpRequestSessionContext.java
+++ b/presto-main/src/main/java/com/facebook/presto/server/HttpRequestSessionContext.java
@@ -20,6 +20,7 @@
import com.facebook.presto.metadata.SessionPropertyManager;
import com.facebook.presto.spi.function.SqlFunctionId;
import com.facebook.presto.spi.function.SqlInvokedFunction;
+import com.facebook.presto.spi.security.AuthorizedIdentity;
import com.facebook.presto.spi.security.Identity;
import com.facebook.presto.spi.security.SelectedRole;
import com.facebook.presto.spi.session.ResourceEstimates;
@@ -76,6 +77,7 @@
import static com.facebook.presto.client.PrestoHeaders.PRESTO_TRACE_TOKEN;
import static com.facebook.presto.client.PrestoHeaders.PRESTO_TRANSACTION_ID;
import static com.facebook.presto.client.PrestoHeaders.PRESTO_USER;
+import static com.facebook.presto.server.security.ServletSecurityUtils.authorizedIdentity;
import static com.facebook.presto.sql.parser.ParsingOptions.DecimalLiteralTreatment.AS_DOUBLE;
import static com.google.common.base.Strings.emptyToNull;
import static com.google.common.base.Strings.isNullOrEmpty;
@@ -99,6 +101,7 @@ public final class HttpRequestSessionContext
private final String schema;
private final Identity identity;
+ private final Optional authorizedIdentity;
private final List certificates;
private final String source;
@@ -155,6 +158,7 @@ public HttpRequestSessionContext(HttpServletRequest servletRequest, SqlParserOpt
ImmutableMap.of(),
Optional.empty(),
Optional.empty());
+ authorizedIdentity = authorizedIdentity(servletRequest);
X509Certificate[] certs = (X509Certificate[]) servletRequest.getAttribute(X509_ATTRIBUTE);
if (certs != null && certs.length > 0) {
@@ -404,6 +408,12 @@ public Identity getIdentity()
return identity;
}
+ @Override
+ public Optional getAuthorizedIdentity()
+ {
+ return authorizedIdentity;
+ }
+
@Override
public List getCertificates()
{
diff --git a/presto-main/src/main/java/com/facebook/presto/server/QuerySessionSupplier.java b/presto-main/src/main/java/com/facebook/presto/server/QuerySessionSupplier.java
index 8a36bc390d71..2d4062f56abe 100644
--- a/presto-main/src/main/java/com/facebook/presto/server/QuerySessionSupplier.java
+++ b/presto-main/src/main/java/com/facebook/presto/server/QuerySessionSupplier.java
@@ -138,7 +138,8 @@ else if (context.getTimeZoneId() != null) {
private Identity authenticateIdentity(QueryId queryId, SessionContext context)
{
checkPermissions(accessControl, securityConfig, queryId, context);
- Optional authorizedIdentity = getAuthorizedIdentity(accessControl, securityConfig, queryId, context);
+ Optional authorizedIdentity = context.getAuthorizedIdentity();
+ authorizedIdentity = authorizedIdentity.isPresent() ? authorizedIdentity : getAuthorizedIdentity(accessControl, securityConfig, queryId, context);
return authorizedIdentity.map(identity -> new Identity(
context.getIdentity().getUser(),
diff --git a/presto-main/src/main/java/com/facebook/presto/server/SessionContext.java b/presto-main/src/main/java/com/facebook/presto/server/SessionContext.java
index 705707b5c30d..d40bb1548237 100644
--- a/presto-main/src/main/java/com/facebook/presto/server/SessionContext.java
+++ b/presto-main/src/main/java/com/facebook/presto/server/SessionContext.java
@@ -17,6 +17,7 @@
import com.facebook.presto.common.transaction.TransactionId;
import com.facebook.presto.spi.function.SqlFunctionId;
import com.facebook.presto.spi.function.SqlInvokedFunction;
+import com.facebook.presto.spi.security.AuthorizedIdentity;
import com.facebook.presto.spi.security.Identity;
import com.facebook.presto.spi.session.ResourceEstimates;
import com.facebook.presto.spi.tracing.Tracer;
@@ -34,6 +35,11 @@ public interface SessionContext
{
Identity getIdentity();
+ default Optional getAuthorizedIdentity()
+ {
+ return Optional.empty();
+ }
+
default List getCertificates()
{
return ImmutableList.of();
diff --git a/presto-main/src/main/java/com/facebook/presto/server/security/JsonWebTokenAuthenticator.java b/presto-main/src/main/java/com/facebook/presto/server/security/JsonWebTokenAuthenticator.java
index 8acde3d6331e..a8a209762f81 100644
--- a/presto-main/src/main/java/com/facebook/presto/server/security/JsonWebTokenAuthenticator.java
+++ b/presto-main/src/main/java/com/facebook/presto/server/security/JsonWebTokenAuthenticator.java
@@ -17,7 +17,9 @@
import com.facebook.airlift.http.server.Authenticator;
import com.facebook.airlift.http.server.BasicPrincipal;
import com.facebook.airlift.security.pem.PemReader;
+import com.facebook.presto.spi.security.AuthorizedIdentity;
import com.google.common.base.CharMatcher;
+import com.google.common.collect.ImmutableMap;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwsHeader;
@@ -28,6 +30,7 @@
import io.jsonwebtoken.SignatureException;
import io.jsonwebtoken.SigningKeyResolver;
import io.jsonwebtoken.UnsupportedJwtException;
+import io.jsonwebtoken.jackson.io.JacksonDeserializer;
import javax.crypto.spec.SecretKeySpec;
import javax.inject.Inject;
@@ -41,6 +44,8 @@
import java.util.concurrent.ConcurrentMap;
import java.util.function.Function;
+import static com.facebook.presto.server.security.ServletSecurityUtils.AUTHORIZED_IDENTITY_ATTRIBUTE;
+import static com.facebook.presto.server.security.ServletSecurityUtils.setAuthorizedIdentity;
import static com.google.common.base.CharMatcher.inRange;
import static com.google.common.base.Preconditions.checkArgument;
import static com.google.common.base.Strings.nullToEmpty;
@@ -73,7 +78,8 @@ public JsonWebTokenAuthenticator(JsonWebTokenConfig config)
keyLoader = new StaticKeyLoader(config.getKeyFile());
}
- JwtParser jwtParser = Jwts.parser()
+ JwtParser jwtParser = Jwts.parserBuilder()
+ .deserializeJsonWith(new JacksonDeserializer<>(ImmutableMap.of(AUTHORIZED_IDENTITY_ATTRIBUTE, AuthorizedIdentity.class)))
.setSigningKeyResolver(new SigningKeyResolver()
{
// interface uses raw types and this can not be fixed here
@@ -90,7 +96,8 @@ public Key resolveSigningKey(JwsHeader header, String plaintext)
{
return keyLoader.apply(header);
}
- });
+ })
+ .build();
if (config.getRequiredIssuer() != null) {
jwtParser.requireIssuer(config.getRequiredIssuer());
@@ -118,6 +125,12 @@ public Principal authenticate(HttpServletRequest request)
try {
Jws claimsJws = jwtParser.parseClaimsJws(token);
+
+ AuthorizedIdentity authorizedIdentity = claimsJws.getBody().get(AUTHORIZED_IDENTITY_ATTRIBUTE, AuthorizedIdentity.class);
+ if (authorizedIdentity != null) {
+ setAuthorizedIdentity(request, authorizedIdentity);
+ }
+
String subject = claimsJws.getBody().getSubject();
return new BasicPrincipal(subject);
}
diff --git a/presto-main/src/main/java/com/facebook/presto/server/security/ServletSecurityUtils.java b/presto-main/src/main/java/com/facebook/presto/server/security/ServletSecurityUtils.java
new file mode 100644
index 000000000000..950f5a19d1cc
--- /dev/null
+++ b/presto-main/src/main/java/com/facebook/presto/server/security/ServletSecurityUtils.java
@@ -0,0 +1,37 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.facebook.presto.server.security;
+
+import com.facebook.presto.spi.security.AuthorizedIdentity;
+
+import javax.servlet.http.HttpServletRequest;
+
+import java.util.Optional;
+
+public class ServletSecurityUtils
+{
+ public static final String AUTHORIZED_IDENTITY_ATTRIBUTE = "presto.authorized-identity";
+
+ private ServletSecurityUtils() {}
+
+ public static void setAuthorizedIdentity(HttpServletRequest servletRequest, AuthorizedIdentity authorizedIdentity)
+ {
+ servletRequest.setAttribute(AUTHORIZED_IDENTITY_ATTRIBUTE, authorizedIdentity);
+ }
+
+ public static Optional authorizedIdentity(HttpServletRequest servletRequest)
+ {
+ return Optional.ofNullable((AuthorizedIdentity) servletRequest.getAttribute(AUTHORIZED_IDENTITY_ATTRIBUTE));
+ }
+}
diff --git a/presto-main/src/test/java/com/facebook/presto/server/MockHttpServletRequest.java b/presto-main/src/test/java/com/facebook/presto/server/MockHttpServletRequest.java
index ff27812a26a7..d43b34dd4eef 100644
--- a/presto-main/src/test/java/com/facebook/presto/server/MockHttpServletRequest.java
+++ b/presto-main/src/test/java/com/facebook/presto/server/MockHttpServletRequest.java
@@ -14,7 +14,6 @@
package com.facebook.presto.server;
import com.google.common.collect.ImmutableListMultimap;
-import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ListMultimap;
import javax.servlet.AsyncContext;
@@ -35,6 +34,7 @@
import java.security.Principal;
import java.util.Collection;
import java.util.Enumeration;
+import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
@@ -53,7 +53,7 @@ public MockHttpServletRequest(ListMultimap headers, String remot
{
this.headers = ImmutableListMultimap.copyOf(requireNonNull(headers, "headers is null"));
this.remoteAddress = requireNonNull(remoteAddress, "remoteAddress is null");
- this.attributes = ImmutableMap.copyOf(requireNonNull(attributes, "attributes is null"));
+ this.attributes = new HashMap<>(requireNonNull(attributes, "attributes is null"));
}
@Override
@@ -371,7 +371,7 @@ public String getRemoteHost()
@Override
public void setAttribute(String name, Object o)
{
- throw new UnsupportedOperationException();
+ attributes.put(name, o);
}
@Override
diff --git a/presto-main/src/test/java/com/facebook/presto/server/TestHttpRequestSessionContext.java b/presto-main/src/test/java/com/facebook/presto/server/TestHttpRequestSessionContext.java
index ee633cf2aeed..221950a2de9d 100644
--- a/presto-main/src/test/java/com/facebook/presto/server/TestHttpRequestSessionContext.java
+++ b/presto-main/src/test/java/com/facebook/presto/server/TestHttpRequestSessionContext.java
@@ -20,6 +20,7 @@
import com.facebook.presto.spi.function.RoutineCharacteristics;
import com.facebook.presto.spi.function.SqlFunctionId;
import com.facebook.presto.spi.function.SqlInvokedFunction;
+import com.facebook.presto.spi.security.AuthorizedIdentity;
import com.facebook.presto.spi.security.Identity;
import com.facebook.presto.spi.security.SelectedRole;
import com.facebook.presto.sql.parser.IdentifierSymbol;
@@ -55,6 +56,7 @@
import static com.facebook.presto.client.PrestoHeaders.PRESTO_USER;
import static com.facebook.presto.common.type.StandardTypes.INTEGER;
import static com.facebook.presto.common.type.TypeSignature.parseTypeSignature;
+import static com.facebook.presto.server.security.ServletSecurityUtils.AUTHORIZED_IDENTITY_ATTRIBUTE;
import static com.facebook.presto.spi.function.FunctionVersion.notVersioned;
import static com.facebook.presto.spi.function.RoutineCharacteristics.Determinism.DETERMINISTIC;
import static com.facebook.presto.spi.function.RoutineCharacteristics.NullCallClause.RETURNS_NULL_ON_NULL_INPUT;
@@ -211,6 +213,24 @@ public void testExtraCredentials()
.build());
}
+ @Test
+ public void testAuthorizedIdentity()
+ {
+ AuthorizedIdentity authorizedIdentity = new AuthorizedIdentity("username", "reasonForSelect", false);
+ HttpServletRequest request = new MockHttpServletRequest(
+ ImmutableListMultimap.builder()
+ .put(PRESTO_USER, "testUser")
+ .put(PRESTO_SOURCE, "testSource")
+ .put(PRESTO_CATALOG, "testCatalog")
+ .put(PRESTO_SCHEMA, "testSchema")
+ .build(),
+ "testRemote",
+ ImmutableMap.of(AUTHORIZED_IDENTITY_ATTRIBUTE, authorizedIdentity));
+
+ HttpRequestSessionContext context = new HttpRequestSessionContext(request, new SqlParserOptions());
+ assertEquals(context.getAuthorizedIdentity(), Optional.of(authorizedIdentity));
+ }
+
protected static String urlEncode(String value)
{
try {
diff --git a/presto-main/src/test/java/com/facebook/presto/server/TestQuerySessionSupplier.java b/presto-main/src/test/java/com/facebook/presto/server/TestQuerySessionSupplier.java
index 62abaef88bb9..e8c4d37ca8c7 100644
--- a/presto-main/src/test/java/com/facebook/presto/server/TestQuerySessionSupplier.java
+++ b/presto-main/src/test/java/com/facebook/presto/server/TestQuerySessionSupplier.java
@@ -24,6 +24,7 @@
import com.facebook.presto.spi.function.SqlFunctionId;
import com.facebook.presto.spi.function.SqlInvokedFunction;
import com.facebook.presto.spi.security.AllowAllAccessControl;
+import com.facebook.presto.spi.security.AuthorizedIdentity;
import com.facebook.presto.sql.SqlEnvironmentConfig;
import com.facebook.presto.sql.parser.SqlParserOptions;
import com.google.common.collect.ImmutableListMultimap;
@@ -54,6 +55,7 @@
import static com.facebook.presto.server.TestHttpRequestSessionContext.createFunctionAdd;
import static com.facebook.presto.server.TestHttpRequestSessionContext.createSqlFunctionIdAdd;
import static com.facebook.presto.server.TestHttpRequestSessionContext.urlEncode;
+import static com.facebook.presto.server.security.ServletSecurityUtils.AUTHORIZED_IDENTITY_ATTRIBUTE;
import static com.facebook.presto.transaction.InMemoryTransactionManager.createTestTransactionManager;
import static java.lang.String.format;
import static org.testng.Assert.assertEquals;
@@ -64,6 +66,7 @@ public class TestQuerySessionSupplier
private static final SqlInvokedFunction SQL_FUNCTION_ADD = createFunctionAdd();
private static final String SERIALIZED_SQL_FUNCTION_ID_ADD = jsonCodec(SqlFunctionId.class).toJson(SQL_FUNCTION_ID_ADD);
private static final String SERIALIZED_SQL_FUNCTION_ADD = jsonCodec(SqlInvokedFunction.class).toJson(SQL_FUNCTION_ADD);
+ private static final AuthorizedIdentity AUTHORIZED_IDENTITY = new AuthorizedIdentity("userName", "reasonForSelect", false);
private static final HttpServletRequest TEST_REQUEST = new MockHttpServletRequest(
ImmutableListMultimap.builder()
@@ -81,7 +84,7 @@ public class TestQuerySessionSupplier
.put(PRESTO_SESSION_FUNCTION, format("%s=%s", urlEncode(SERIALIZED_SQL_FUNCTION_ID_ADD), urlEncode(SERIALIZED_SQL_FUNCTION_ADD)))
.build(),
"testRemote",
- ImmutableMap.of());
+ ImmutableMap.of(AUTHORIZED_IDENTITY_ATTRIBUTE, AUTHORIZED_IDENTITY));
@Test
public void testCreateSession()
@@ -123,6 +126,8 @@ public WarningCollector create(WarningHandlingLevel warningHandlingLevel)
.put("query2", "select * from bar")
.build());
assertEquals(session.getSessionFunctions(), ImmutableMap.of(SQL_FUNCTION_ID_ADD, SQL_FUNCTION_ADD));
+ assertEquals(session.getIdentity().getSelectedUser().get(), AUTHORIZED_IDENTITY.getUserName());
+ assertEquals(session.getIdentity().getReasonForSelect(), AUTHORIZED_IDENTITY.getReasonForSelect());
}
@Test
diff --git a/presto-main/src/test/java/com/facebook/presto/server/security/TestJsonWebTokenAuthenticator.java b/presto-main/src/test/java/com/facebook/presto/server/security/TestJsonWebTokenAuthenticator.java
new file mode 100644
index 000000000000..761ac37033c9
--- /dev/null
+++ b/presto-main/src/test/java/com/facebook/presto/server/security/TestJsonWebTokenAuthenticator.java
@@ -0,0 +1,101 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.facebook.presto.server.security;
+
+import com.facebook.airlift.http.server.AuthenticationException;
+import com.facebook.presto.server.MockHttpServletRequest;
+import com.facebook.presto.spi.security.AuthorizedIdentity;
+import com.google.common.collect.ImmutableListMultimap;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.io.Files;
+import io.jsonwebtoken.Jwts;
+import org.testng.annotations.AfterTest;
+import org.testng.annotations.BeforeTest;
+import org.testng.annotations.Test;
+
+import javax.servlet.http.HttpServletRequest;
+
+import java.io.IOException;
+import java.nio.file.Path;
+import java.security.Principal;
+
+import static com.facebook.presto.server.security.ServletSecurityUtils.AUTHORIZED_IDENTITY_ATTRIBUTE;
+import static com.facebook.presto.server.security.ServletSecurityUtils.authorizedIdentity;
+import static com.facebook.presto.testing.assertions.Assert.assertEquals;
+import static com.google.common.io.Files.createTempDir;
+import static com.google.common.io.MoreFiles.deleteRecursively;
+import static com.google.common.io.RecursiveDeleteOption.ALLOW_INSECURE;
+import static com.google.common.net.HttpHeaders.AUTHORIZATION;
+import static io.jsonwebtoken.JwsHeader.KEY_ID;
+import static io.jsonwebtoken.SignatureAlgorithm.HS256;
+import static io.jsonwebtoken.security.Keys.secretKeyFor;
+import static java.nio.file.Files.readAllBytes;
+import static java.util.Base64.getMimeDecoder;
+import static java.util.Base64.getMimeEncoder;
+
+public class TestJsonWebTokenAuthenticator
+{
+ private static final String KEY_ID_FOO = "foo";
+ private static final String TEST_PRINCIPAL = "testPrincipal";
+
+ private Path temporaryDirectory;
+ private Path keyFile;
+ private JsonWebTokenConfig jsonWebTokenConfig;
+
+ @BeforeTest
+ public void setup()
+ throws IOException
+ {
+ temporaryDirectory = createTempDir().toPath();
+ keyFile = temporaryDirectory.resolve(KEY_ID_FOO + ".key");
+ byte[] key = getMimeEncoder().encode(secretKeyFor(HS256).getEncoded());
+ Files.write(key, keyFile.toFile());
+ jsonWebTokenConfig = new JsonWebTokenConfig().setKeyFile(keyFile.toAbsolutePath().toString());
+ }
+
+ @AfterTest(alwaysRun = true)
+ public void cleanup()
+ throws IOException
+ {
+ deleteRecursively(temporaryDirectory, ALLOW_INSECURE);
+ }
+
+ @Test
+ public void testJsonWebTokenWithAuthorizedUserClaim()
+ throws IOException, AuthenticationException
+ {
+ AuthorizedIdentity authorizedIdentity = new AuthorizedIdentity("user", "reasonForSelect", false);
+ String jsonWebToken = createJsonWebToken(keyFile, TEST_PRINCIPAL, authorizedIdentity);
+ HttpServletRequest request = new MockHttpServletRequest(
+ ImmutableListMultimap.of(AUTHORIZATION, "Bearer " + jsonWebToken),
+ "remoteAddress",
+ ImmutableMap.of());
+ Principal principal = new JsonWebTokenAuthenticator(jsonWebTokenConfig).authenticate(request);
+
+ assertEquals(principal.getName(), TEST_PRINCIPAL);
+ assertEquals(authorizedIdentity(request).get(), authorizedIdentity);
+ }
+
+ private static String createJsonWebToken(Path keyFile, String principal, AuthorizedIdentity authorizedIdentity)
+ throws IOException
+ {
+ byte[] key = getMimeDecoder().decode(readAllBytes(keyFile.toAbsolutePath()));
+ return Jwts.builder()
+ .signWith(HS256, key)
+ .setHeaderParam(KEY_ID, KEY_ID_FOO)
+ .setSubject(principal)
+ .claim(AUTHORIZED_IDENTITY_ATTRIBUTE, authorizedIdentity)
+ .compact();
+ }
+}
diff --git a/presto-spi/src/main/java/com/facebook/presto/spi/security/AuthorizedIdentity.java b/presto-spi/src/main/java/com/facebook/presto/spi/security/AuthorizedIdentity.java
index fa483419cf12..9b0e5fa5da9a 100644
--- a/presto-spi/src/main/java/com/facebook/presto/spi/security/AuthorizedIdentity.java
+++ b/presto-spi/src/main/java/com/facebook/presto/spi/security/AuthorizedIdentity.java
@@ -13,6 +13,10 @@
*/
package com.facebook.presto.spi.security;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import java.util.Objects;
import java.util.Optional;
import static java.util.Objects.requireNonNull;
@@ -23,13 +27,18 @@ public class AuthorizedIdentity
private final Optional reasonForSelect;
private final Optional delegationCheckResult;
- public AuthorizedIdentity(String userName, String reasonForSelect, Boolean delegationCheckResult)
+ @JsonCreator
+ public AuthorizedIdentity(
+ @JsonProperty("userName") String userName,
+ @JsonProperty("reasonForSelect") String reasonForSelect,
+ @JsonProperty("delegationCheckResult") Boolean delegationCheckResult)
{
this.userName = requireNonNull(userName, "userName is null");
this.reasonForSelect = Optional.ofNullable(reasonForSelect);
this.delegationCheckResult = Optional.ofNullable(delegationCheckResult);
}
+ @JsonProperty("userName")
public String getUserName()
{
return userName;
@@ -40,8 +49,39 @@ public Optional getReasonForSelect()
return reasonForSelect;
}
+ @JsonProperty("reasonForSelect")
+ public String getReasonForSelectValue()
+ {
+ return reasonForSelect.orElse(null);
+ }
+
public Optional getDelegationCheckResult()
{
return delegationCheckResult;
}
+
+ @JsonProperty("delegationCheckResult")
+ public Boolean getDelegationCheckResultValue()
+ {
+ return delegationCheckResult.orElse(null);
+ }
+
+ @Override
+ public boolean equals(Object o)
+ {
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
+ }
+ AuthorizedIdentity that = (AuthorizedIdentity) o;
+ return Objects.equals(userName, that.userName) && Objects.equals(reasonForSelect, that.reasonForSelect) && Objects.equals(delegationCheckResult, that.delegationCheckResult);
+ }
+
+ @Override
+ public int hashCode()
+ {
+ return Objects.hash(userName, reasonForSelect, delegationCheckResult);
+ }
}