ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rle...@apache.org
Subject [3/6] ambari git commit: AMBARI-20861. BE: Extend Ambari REST API to Support User Account Management Improvements (rlevas)
Date Wed, 19 Jul 2017 12:41:53 GMT
http://git-wip-us.apache.org/repos/asf/ambari/blob/317905e4/ambari-server/src/main/java/org/apache/ambari/server/api/services/BaseService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/services/BaseService.java b/ambari-server/src/main/java/org/apache/ambari/server/api/services/BaseService.java
index d24780b..d9b8577 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/api/services/BaseService.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/services/BaseService.java
@@ -49,46 +49,46 @@ import org.slf4j.LoggerFactory;
 public abstract class BaseService {
   public final static MediaType MEDIA_TYPE_TEXT_CSV_TYPE = new MediaType("text", "csv");
 
-  static final String MSG_SUCCESSFUL_OPERATION = "Successful operation";
-  static final String MSG_REQUEST_ACCEPTED = "Request is accepted, but not completely processed yet";
-  static final String MSG_INVALID_ARGUMENTS = "Invalid arguments";
-  static final String MSG_INVALID_REQUEST = "Invalid request";
-  static final String MSG_CLUSTER_NOT_FOUND = "Cluster not found";
-  static final String MSG_CLUSTER_OR_HOST_NOT_FOUND = "Cluster or host not found";
-  static final String MSG_NOT_AUTHENTICATED = "Not authenticated";
-  static final String MSG_PERMISSION_DENIED = "Not permitted to perform the operation";
-  static final String MSG_SERVER_ERROR = "Internal server error";
-  static final String MSG_RESOURCE_ALREADY_EXISTS = "The requested resource already exists.";
-  static final String MSG_RESOURCE_NOT_FOUND = "The requested resource doesn't exist.";
-
-  static final String QUERY_FIELDS = "fields";
-  static final String QUERY_FILTER_DESCRIPTION = "Filter fields in the response (identifier fields are mandatory)";
-  static final String QUERY_SORT = "sortBy";
-  static final String QUERY_SORT_DESCRIPTION = "Sort resources in result by (asc | desc)";
-  static final String QUERY_PAGE_SIZE = "page_size";
-  static final String QUERY_PAGE_SIZE_DESCRIPTION = "The number of resources to be returned for the paged response.";
-  static final String DEFAULT_PAGE_SIZE = "10";
-  static final String QUERY_FROM = "from";
-  static final String QUERY_FROM_DESCRIPTION = "The starting page resource (inclusive).  \"start\" is also accepted.";
-  static final String QUERY_FROM_VALUES = "range[0, infinity]";
-  static final String DEFAULT_FROM = "0";
-  static final String QUERY_TO = "to";
-  static final String QUERY_TO_DESCRIPTION = "The ending page resource (inclusive).  \"end\" is also accepted.";
-  static final String QUERY_TO_TYPE = "integer";
-  static final String QUERY_TO_VALUES = "range[1, infinity]";
-  static final String QUERY_PREDICATE = "{predicate}";
-  static final String QUERY_PREDICATE_DESCRIPTION = "The predicate to filter resources by. Omitting the predicate will " +
+  public static final String MSG_SUCCESSFUL_OPERATION = "Successful operation";
+  public static final String MSG_REQUEST_ACCEPTED = "Request is accepted, but not completely processed yet";
+  public static final String MSG_INVALID_ARGUMENTS = "Invalid arguments";
+  public static final String MSG_INVALID_REQUEST = "Invalid request";
+  public static final String MSG_CLUSTER_NOT_FOUND = "Cluster not found";
+  public static final String MSG_CLUSTER_OR_HOST_NOT_FOUND = "Cluster or host not found";
+  public static final String MSG_NOT_AUTHENTICATED = "Not authenticated";
+  public static final String MSG_PERMISSION_DENIED = "Not permitted to perform the operation";
+  public static final String MSG_SERVER_ERROR = "Internal server error";
+  public static final String MSG_RESOURCE_ALREADY_EXISTS = "The requested resource already exists.";
+  public static final String MSG_RESOURCE_NOT_FOUND = "The requested resource doesn't exist.";
+
+  public static final String QUERY_FIELDS = "fields";
+  public static final String QUERY_FILTER_DESCRIPTION = "Filter fields in the response (identifier fields are mandatory)";
+  public static final String QUERY_SORT = "sortBy";
+  public static final String QUERY_SORT_DESCRIPTION = "Sort resources in result by (asc | desc)";
+  public static final String QUERY_PAGE_SIZE = "page_size";
+  public static final String QUERY_PAGE_SIZE_DESCRIPTION = "The number of resources to be returned for the paged response.";
+  public static final String DEFAULT_PAGE_SIZE = "10";
+  public static final String QUERY_FROM = "from";
+  public static final String QUERY_FROM_DESCRIPTION = "The starting page resource (inclusive).  \"start\" is also accepted.";
+  public static final String QUERY_FROM_VALUES = "range[0, infinity]";
+  public static final String DEFAULT_FROM = "0";
+  public static final String QUERY_TO = "to";
+  public static final String QUERY_TO_DESCRIPTION = "The ending page resource (inclusive).  \"end\" is also accepted.";
+  public static final String QUERY_TO_TYPE = "integer";
+  public static final String QUERY_TO_VALUES = "range[1, infinity]";
+  public static final String QUERY_PREDICATE = "{predicate}";
+  public static final String QUERY_PREDICATE_DESCRIPTION = "The predicate to filter resources by. Omitting the predicate will " +
       "match all resources.";
 
-  static final String RESPONSE_CONTAINER_LIST = "List";
+  public static final String RESPONSE_CONTAINER_LIST = "List";
 
-  static final String DATA_TYPE_INT = "integer";
-  static final String DATA_TYPE_STRING = "string";
+  public static final String DATA_TYPE_INT = "integer";
+  public static final String DATA_TYPE_STRING = "string";
 
-  static final String PARAM_TYPE_QUERY = "query";
-  static final String PARAM_TYPE_BODY = "body";
+  public static final String PARAM_TYPE_QUERY = "query";
+  public static final String PARAM_TYPE_BODY = "body";
 
-  static final String FIELDS_SEPARATOR = ", ";
+  public static final String FIELDS_SEPARATOR = ", ";
 
   /**
    * Logger instance.

http://git-wip-us.apache.org/repos/asf/ambari/blob/317905e4/ambari-server/src/main/java/org/apache/ambari/server/api/services/users/UserAuthenticationSourceService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/services/users/UserAuthenticationSourceService.java b/ambari-server/src/main/java/org/apache/ambari/server/api/services/users/UserAuthenticationSourceService.java
new file mode 100644
index 0000000..8600bbf
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/services/users/UserAuthenticationSourceService.java
@@ -0,0 +1,223 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.api.services.users;
+
+import static org.apache.ambari.server.controller.internal.UserAuthenticationSourceResourceProvider.AUTHENTICATION_AUTHENTICATION_SOURCE_ID_PROPERTY_ID;
+import static org.apache.ambari.server.controller.internal.UserAuthenticationSourceResourceProvider.AUTHENTICATION_SOURCE_RESOURCE_CATEGORY;
+import static org.apache.ambari.server.controller.internal.UserAuthenticationSourceResourceProvider.AUTHENTICATION_USER_NAME_PROPERTY_ID;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.ws.rs.DELETE;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriInfo;
+
+import org.apache.ambari.server.api.resources.ResourceInstance;
+import org.apache.ambari.server.api.services.BaseService;
+import org.apache.ambari.server.api.services.Request;
+import org.apache.ambari.server.controller.UserAuthenticationSourceResponse;
+import org.apache.ambari.server.controller.spi.Resource;
+import org.apache.commons.lang.StringUtils;
+import org.apache.http.HttpStatus;
+
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiImplicitParam;
+import io.swagger.annotations.ApiImplicitParams;
+import io.swagger.annotations.ApiOperation;
+import io.swagger.annotations.ApiParam;
+import io.swagger.annotations.ApiResponse;
+import io.swagger.annotations.ApiResponses;
+
+/**
+ * Service responsible for user authentication source resource requests.
+ */
+@Path("/users/{userName}/sources")
+@Api(value = "User Authentication Sources", description = "Endpoint for user specific authentication source operations")
+public class UserAuthenticationSourceService extends BaseService {
+
+  private static final String CREATE_REQUEST_TYPE = "org.apache.ambari.server.controller.UserAuthenticationSourceRequestCreateSwagger";
+  private static final String UPDATE_REQUEST_TYPE = "org.apache.ambari.server.controller.UserAuthenticationSourceRequestUpdateSwagger";
+  private static final String AUTHENTICATION_SOURCE_DEFAULT_SORT = AUTHENTICATION_AUTHENTICATION_SOURCE_ID_PROPERTY_ID + ".asc";
+
+  /**
+   * Handles: GET  /users/{userName}/sources
+   * Get all authentication sources for the user.
+   *
+   * @param headers  http headers
+   * @param ui       uri info
+   * @param userName user name
+   * @return user resource instance representation
+   */
+  @GET
+  @Produces("text/plain")
+  @ApiOperation(value = "Get all authentication sources", response = UserAuthenticationSourceResponse.UserAuthenticationSourceResponseSwagger.class, responseContainer = "List")
+  @ApiImplicitParams({
+      @ApiImplicitParam(name = QUERY_FIELDS, value = QUERY_FILTER_DESCRIPTION, dataType = DATA_TYPE_STRING, paramType = PARAM_TYPE_QUERY, defaultValue = AUTHENTICATION_AUTHENTICATION_SOURCE_ID_PROPERTY_ID + "," + AUTHENTICATION_USER_NAME_PROPERTY_ID),
+      @ApiImplicitParam(name = QUERY_SORT, value = QUERY_SORT_DESCRIPTION, dataType = DATA_TYPE_STRING, paramType = PARAM_TYPE_QUERY, defaultValue = AUTHENTICATION_SOURCE_DEFAULT_SORT),
+      @ApiImplicitParam(name = QUERY_PAGE_SIZE, value = QUERY_PAGE_SIZE_DESCRIPTION, defaultValue = DEFAULT_PAGE_SIZE, dataType = DATA_TYPE_INT, paramType = PARAM_TYPE_QUERY),
+      @ApiImplicitParam(name = QUERY_FROM, value = QUERY_FROM_DESCRIPTION, allowableValues = QUERY_FROM_VALUES, defaultValue = DEFAULT_FROM, dataType = DATA_TYPE_INT, paramType = PARAM_TYPE_QUERY),
+      @ApiImplicitParam(name = QUERY_TO, value = QUERY_TO_DESCRIPTION, allowableValues = QUERY_TO_VALUES, dataType = DATA_TYPE_INT, paramType = PARAM_TYPE_QUERY),
+  })
+  @ApiResponses({
+      @ApiResponse(code = HttpStatus.SC_OK, message = MSG_SUCCESSFUL_OPERATION),
+      @ApiResponse(code = HttpStatus.SC_NOT_FOUND, message = MSG_RESOURCE_NOT_FOUND),
+      @ApiResponse(code = HttpStatus.SC_UNAUTHORIZED, message = MSG_NOT_AUTHENTICATED),
+      @ApiResponse(code = HttpStatus.SC_FORBIDDEN, message = MSG_PERMISSION_DENIED),
+      @ApiResponse(code = HttpStatus.SC_INTERNAL_SERVER_ERROR, message = MSG_SERVER_ERROR),
+  })
+  public Response getAuthenticationSources(@Context HttpHeaders headers, @Context UriInfo ui,
+                                           @ApiParam(value = "user name", required = true) @PathParam("userName") String userName) {
+    return handleRequest(headers, null, ui, Request.Type.GET, createResource(userName, null));
+  }
+
+  /**
+   * Handles: GET /users/{userName}/sources/{sourceID}
+   * Get a specific authentication source.
+   *
+   * @param headers  http headers
+   * @param ui       uri info
+   * @param userName user name
+   * @param sourceId authentication source id
+   * @return authentication source instance representation
+   */
+  @GET
+  @Path("{sourceId}")
+  @Produces("text/plain")
+  @ApiOperation(value = "Get user authentication source", response = UserAuthenticationSourceResponse.UserAuthenticationSourceResponseSwagger.class)
+  @ApiImplicitParams({
+      @ApiImplicitParam(name = QUERY_FIELDS, value = QUERY_FILTER_DESCRIPTION, dataType = DATA_TYPE_STRING, paramType = PARAM_TYPE_QUERY, defaultValue = AUTHENTICATION_SOURCE_RESOURCE_CATEGORY + "/*"),
+  })
+  @ApiResponses({
+      @ApiResponse(code = HttpStatus.SC_OK, message = MSG_SUCCESSFUL_OPERATION),
+      @ApiResponse(code = HttpStatus.SC_NOT_FOUND, message = MSG_RESOURCE_NOT_FOUND),
+      @ApiResponse(code = HttpStatus.SC_UNAUTHORIZED, message = MSG_NOT_AUTHENTICATED),
+      @ApiResponse(code = HttpStatus.SC_FORBIDDEN, message = MSG_PERMISSION_DENIED),
+      @ApiResponse(code = HttpStatus.SC_INTERNAL_SERVER_ERROR, message = MSG_SERVER_ERROR),
+  })
+  public Response getAuthenticationSource(@Context HttpHeaders headers, @Context UriInfo ui,
+                                          @ApiParam(value = "user name", required = true) @PathParam("userName") String userName,
+                                          @ApiParam(value = "source id", required = true) @PathParam("sourceId") String sourceId) {
+    return handleRequest(headers, null, ui, Request.Type.GET, createResource(userName, sourceId));
+  }
+
+  /**
+   * Creates an authentication source.
+   * Handles: POST /users/{userName}/sources
+   *
+   * @param headers  http headers
+   * @param ui       uri info
+   * @param userName user name
+   * @return information regarding the created user
+   */
+  @POST
+  @Produces("text/plain")
+  @ApiOperation(value = "Create one or more new authentication sources for a user")
+  @ApiImplicitParams({
+      @ApiImplicitParam(dataType = CREATE_REQUEST_TYPE, paramType = PARAM_TYPE_BODY, allowMultiple = true)
+  })
+  @ApiResponses({
+      @ApiResponse(code = HttpStatus.SC_CREATED, message = MSG_SUCCESSFUL_OPERATION),
+      @ApiResponse(code = HttpStatus.SC_ACCEPTED, message = MSG_REQUEST_ACCEPTED),
+      @ApiResponse(code = HttpStatus.SC_BAD_REQUEST, message = MSG_INVALID_ARGUMENTS),
+      @ApiResponse(code = HttpStatus.SC_NOT_FOUND, message = MSG_RESOURCE_NOT_FOUND),
+      @ApiResponse(code = HttpStatus.SC_CONFLICT, message = MSG_RESOURCE_ALREADY_EXISTS),
+      @ApiResponse(code = HttpStatus.SC_UNAUTHORIZED, message = MSG_NOT_AUTHENTICATED),
+      @ApiResponse(code = HttpStatus.SC_FORBIDDEN, message = MSG_PERMISSION_DENIED),
+      @ApiResponse(code = HttpStatus.SC_INTERNAL_SERVER_ERROR, message = MSG_SERVER_ERROR),
+  })
+  public Response createAuthenticationSources(String body, @Context HttpHeaders headers, @Context UriInfo ui,
+                                              @ApiParam(value = "user name", required = true) @PathParam("userName") String userName) {
+    return handleRequest(headers, body, ui, Request.Type.POST, createResource(userName, null));
+  }
+
+  /**
+   * Creates an authentication source.
+   * Handles: PUT /users/{userName}/sources/{sourceId}
+   *
+   * @param headers  http headers
+   * @param ui       uri info
+   * @param userName user name
+   * @param sourceId authentication source id
+   * @return information regarding the created user
+   */
+  @PUT
+  @Path("{sourceId}")
+  @Produces("text/plain")
+  @ApiOperation(value = "Updates an existing authentication source")
+  @ApiImplicitParams({
+      @ApiImplicitParam(dataType = UPDATE_REQUEST_TYPE, paramType = PARAM_TYPE_BODY)
+  })
+  @ApiResponses({
+      @ApiResponse(code = HttpStatus.SC_ACCEPTED, message = MSG_REQUEST_ACCEPTED),
+      @ApiResponse(code = HttpStatus.SC_BAD_REQUEST, message = MSG_INVALID_ARGUMENTS),
+      @ApiResponse(code = HttpStatus.SC_NOT_FOUND, message = MSG_RESOURCE_NOT_FOUND),
+      @ApiResponse(code = HttpStatus.SC_CONFLICT, message = MSG_RESOURCE_ALREADY_EXISTS),
+      @ApiResponse(code = HttpStatus.SC_UNAUTHORIZED, message = MSG_NOT_AUTHENTICATED),
+      @ApiResponse(code = HttpStatus.SC_FORBIDDEN, message = MSG_PERMISSION_DENIED),
+      @ApiResponse(code = HttpStatus.SC_INTERNAL_SERVER_ERROR, message = MSG_SERVER_ERROR),
+  })
+  public Response updateAuthenticationSource(String body, @Context HttpHeaders headers, @Context UriInfo ui,
+                                             @ApiParam(value = "user name", required = true) @PathParam("userName") String userName,
+                                             @ApiParam(value = "source id", required = true) @PathParam("sourceId") String sourceId) {
+    return handleRequest(headers, body, ui, Request.Type.PUT, createResource(userName, sourceId));
+  }
+
+  /**
+   * Delete an authentication source.
+   * Handles: DELETE /users/{userName}/sources/{sourceId}
+   *
+   * @param headers  http headers
+   * @param ui       uri info
+   * @param userName user name
+   * @param sourceId authentication source id
+   * @return information regarding the created user
+   */
+  @DELETE
+  @Path("{sourceId}")
+  @Produces("text/plain")
+  @ApiOperation(value = "Deletes an existing authentication source")
+  @ApiResponses({
+      @ApiResponse(code = HttpStatus.SC_OK, message = MSG_SUCCESSFUL_OPERATION),
+      @ApiResponse(code = HttpStatus.SC_NOT_FOUND, message = MSG_RESOURCE_NOT_FOUND),
+      @ApiResponse(code = HttpStatus.SC_UNAUTHORIZED, message = MSG_NOT_AUTHENTICATED),
+      @ApiResponse(code = HttpStatus.SC_FORBIDDEN, message = MSG_PERMISSION_DENIED),
+      @ApiResponse(code = HttpStatus.SC_INTERNAL_SERVER_ERROR, message = MSG_SERVER_ERROR),
+  })
+  public Response deleteAuthenticationSource(String body, @Context HttpHeaders headers, @Context UriInfo ui,
+                                             @ApiParam(value = "user name", required = true) @PathParam("userName") String userName,
+                                             @ApiParam(value = "source id", required = true) @PathParam("sourceId") String sourceId) {
+    return handleRequest(headers, body, ui, Request.Type.DELETE, createResource(userName, sourceId));
+  }
+
+  protected ResourceInstance createResource(String userName, String sourceId) {
+    final Map<Resource.Type, String> mapIds = new HashMap<>();
+    mapIds.put(Resource.Type.User, StringUtils.lowerCase(userName));
+    mapIds.put(Resource.Type.UserAuthenticationSource, sourceId);
+    return createResource(Resource.Type.UserAuthenticationSource, mapIds);
+  }
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/317905e4/ambari-server/src/main/java/org/apache/ambari/server/api/services/users/UserService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/services/users/UserService.java b/ambari-server/src/main/java/org/apache/ambari/server/api/services/users/UserService.java
index a69ed4e..4eb8587 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/api/services/users/UserService.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/services/users/UserService.java
@@ -17,6 +17,9 @@
  */
 package org.apache.ambari.server.api.services.users;
 
+import static org.apache.ambari.server.controller.internal.UserResourceProvider.USER_RESOURCE_CATEGORY;
+import static org.apache.ambari.server.controller.internal.UserResourceProvider.USER_USERNAME_PROPERTY_ID;
+
 import java.util.Collections;
 
 import javax.ws.rs.DELETE;
@@ -31,12 +34,12 @@ import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriInfo;
 
-import org.apache.ambari.annotations.ApiIgnore;
 import org.apache.ambari.server.api.resources.ResourceInstance;
 import org.apache.ambari.server.api.services.BaseService;
 import org.apache.ambari.server.api.services.Request;
 import org.apache.ambari.server.controller.UserResponse;
 import org.apache.ambari.server.controller.spi.Resource;
+import org.apache.http.HttpStatus;
 
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
@@ -53,23 +56,32 @@ import io.swagger.annotations.ApiResponses;
 @Api(value = "Users", description = "Endpoint for user specific operations")
 public class UserService extends BaseService {
 
+  private static final String UPDATE_USER_REQUEST_TYPE = "org.apache.ambari.server.controller.UserRequestUpdateUserSwagger";
+  private static final String CREATE_USER_REQUEST_TYPE = "org.apache.ambari.server.controller.UserRequestCreateUserSwagger";
+  private static final String CREATE_USERS_REQUEST_TYPE = "org.apache.ambari.server.controller.UserRequestCreateUsersSwagger";;
+  private static final String USER_DEFAULT_SORT = USER_USERNAME_PROPERTY_ID + ".asc";
+
   /**
    * Gets all users.
    * Handles: GET /users requests.
    */
   @GET
   @Produces("text/plain")
-  @ApiOperation(value = "Get all users", nickname = "UserService#getUsers", notes = "Returns details of all users.", response = UserResponse.class, responseContainer = "List")
+  @ApiOperation(value = "Get all users", response = UserResponse.UserResponseSwagger.class, responseContainer = "List")
   @ApiImplicitParams({
-    @ApiImplicitParam(name = "fields", value = "Filter user details", defaultValue = "Users/*", dataType = "string", paramType = "query"),
-    @ApiImplicitParam(name = "sortBy", value = "Sort users (asc | desc)", defaultValue = "Users/user_name.asc", dataType = "string", paramType = "query"),
-    @ApiImplicitParam(name = "page_size", value = "The number of resources to be returned for the paged response.", defaultValue = "10", dataType = "integer", paramType = "query"),
-    @ApiImplicitParam(name = "from", value = "The starting page resource (inclusive). Valid values are :offset | \"start\"", defaultValue = "0", dataType = "string", paramType = "query"),
-    @ApiImplicitParam(name = "to", value = "The ending page resource (inclusive). Valid values are :offset | \"end\"", dataType = "string", paramType = "query")
+      @ApiImplicitParam(name = QUERY_FIELDS, value = QUERY_FILTER_DESCRIPTION, dataType = DATA_TYPE_STRING, paramType = PARAM_TYPE_QUERY, defaultValue = USER_USERNAME_PROPERTY_ID),
+      @ApiImplicitParam(name = QUERY_SORT, value = QUERY_SORT_DESCRIPTION, dataType = DATA_TYPE_STRING, paramType = PARAM_TYPE_QUERY, defaultValue = USER_DEFAULT_SORT),
+      @ApiImplicitParam(name = QUERY_PAGE_SIZE, value = QUERY_PAGE_SIZE_DESCRIPTION, defaultValue = DEFAULT_PAGE_SIZE, dataType = DATA_TYPE_INT, paramType = PARAM_TYPE_QUERY),
+      @ApiImplicitParam(name = QUERY_FROM, value = QUERY_FROM_DESCRIPTION, allowableValues = QUERY_FROM_VALUES, defaultValue = DEFAULT_FROM, dataType = DATA_TYPE_INT, paramType = PARAM_TYPE_QUERY),
+      @ApiImplicitParam(name = QUERY_TO, value = QUERY_TO_DESCRIPTION, allowableValues = QUERY_TO_VALUES, dataType = DATA_TYPE_INT, paramType = PARAM_TYPE_QUERY),
+  })
+  @ApiResponses({
+      @ApiResponse(code = HttpStatus.SC_OK, message = MSG_SUCCESSFUL_OPERATION),
+      @ApiResponse(code = HttpStatus.SC_NOT_FOUND, message = MSG_RESOURCE_NOT_FOUND),
+      @ApiResponse(code = HttpStatus.SC_UNAUTHORIZED, message = MSG_NOT_AUTHENTICATED),
+      @ApiResponse(code = HttpStatus.SC_FORBIDDEN, message = MSG_PERMISSION_DENIED),
+      @ApiResponse(code = HttpStatus.SC_INTERNAL_SERVER_ERROR, message = MSG_SERVER_ERROR),
   })
-  @ApiResponses(value = {
-    @ApiResponse(code = 200, message = "Successful operation", response = UserResponse.class, responseContainer = "List")}
-  )
   public Response getUsers(String body, @Context HttpHeaders headers, @Context UriInfo ui) {
     return handleRequest(headers, body, ui, Request.Type.GET, createUserResource(null));
   }
@@ -78,23 +90,27 @@ public class UserService extends BaseService {
    * Gets a single user.
    * Handles: GET /users/{username} requests
    *
-   * @param headers     http headers
-   * @param ui          uri info
-   * @param userName    the username
+   * @param headers  http headers
+   * @param ui       uri info
+   * @param userName the username
    * @return information regarding the created user
    */
   @GET
   @Path("{userName}")
   @Produces("text/plain")
-  @ApiOperation(value = "Get single user", nickname = "UserService#getUser", notes = "Returns user details.", response = UserResponse.class)
+  @ApiOperation(value = "Get single user", response = UserResponse.UserResponseSwagger.class)
   @ApiImplicitParams({
-    @ApiImplicitParam(name = "fields", value = "Filter user details", defaultValue = "Users", dataType = "string", paramType = "query")
+      @ApiImplicitParam(name = QUERY_FIELDS, value = QUERY_FILTER_DESCRIPTION, dataType = DATA_TYPE_STRING, paramType = PARAM_TYPE_QUERY, defaultValue = USER_RESOURCE_CATEGORY + "/*"),
+  })
+  @ApiResponses({
+      @ApiResponse(code = HttpStatus.SC_OK, message = MSG_SUCCESSFUL_OPERATION),
+      @ApiResponse(code = HttpStatus.SC_NOT_FOUND, message = MSG_RESOURCE_NOT_FOUND),
+      @ApiResponse(code = HttpStatus.SC_UNAUTHORIZED, message = MSG_NOT_AUTHENTICATED),
+      @ApiResponse(code = HttpStatus.SC_FORBIDDEN, message = MSG_PERMISSION_DENIED),
+      @ApiResponse(code = HttpStatus.SC_INTERNAL_SERVER_ERROR, message = MSG_SERVER_ERROR),
   })
-  @ApiResponses(value = {
-    @ApiResponse(code = 200, message = "Successful operation", response = UserResponse.class)}
-  )
   public Response getUser(String body, @Context HttpHeaders headers, @Context UriInfo ui,
-                          @ApiParam(value = "user name", required = true, defaultValue = "admin") @PathParam("userName") String userName) {
+                          @ApiParam(value = "user name", required = true) @PathParam("userName") String userName) {
     return handleRequest(headers, body, ui, Request.Type.GET, createUserResource(userName));
   }
 
@@ -102,13 +118,27 @@ public class UserService extends BaseService {
    * Creates a user.
    * Handles: POST /users
    *
-   * @param headers     http headers
-   * @param ui          uri info
+   * @param headers http headers
+   * @param ui      uri info
    * @return information regarding the created user
    */
-  @POST @ApiIgnore // until documented
+  @POST
   @Produces("text/plain")
-  public Response createUser(String body, @Context HttpHeaders headers, @Context UriInfo ui) {
+  @ApiOperation(value = "Creates one or more users in a single request")
+  @ApiImplicitParams({
+      @ApiImplicitParam(dataType = CREATE_USERS_REQUEST_TYPE, paramType = PARAM_TYPE_BODY, allowMultiple = true)
+  })
+  @ApiResponses({
+      @ApiResponse(code = HttpStatus.SC_CREATED, message = MSG_SUCCESSFUL_OPERATION),
+      @ApiResponse(code = HttpStatus.SC_ACCEPTED, message = MSG_REQUEST_ACCEPTED),
+      @ApiResponse(code = HttpStatus.SC_BAD_REQUEST, message = MSG_INVALID_ARGUMENTS),
+      @ApiResponse(code = HttpStatus.SC_NOT_FOUND, message = MSG_RESOURCE_NOT_FOUND),
+      @ApiResponse(code = HttpStatus.SC_CONFLICT, message = MSG_RESOURCE_ALREADY_EXISTS),
+      @ApiResponse(code = HttpStatus.SC_UNAUTHORIZED, message = MSG_NOT_AUTHENTICATED),
+      @ApiResponse(code = HttpStatus.SC_FORBIDDEN, message = MSG_PERMISSION_DENIED),
+      @ApiResponse(code = HttpStatus.SC_INTERNAL_SERVER_ERROR, message = MSG_SERVER_ERROR),
+  })
+  public Response createUsers(String body, @Context HttpHeaders headers, @Context UriInfo ui) {
     return handleRequest(headers, body, ui, Request.Type.POST, createUserResource(null));
   }
 
@@ -116,22 +146,28 @@ public class UserService extends BaseService {
    * Creates a user.
    * Handles: POST /users/{username}
    *
-   * @param headers     http headers
-   * @param ui          uri info
-   * @param userName    the username
+   * @param headers  http headers
+   * @param ui       uri info
+   * @param userName the username
    * @return information regarding the created user
    */
   @POST
   @Path("{userName}")
   @Produces("text/plain")
-  @ApiOperation(value = "Create new user", nickname = "UserService#createUser", notes = "Creates user resource.")
+  @ApiOperation(value = "Create new user")
   @ApiImplicitParams({
-    @ApiImplicitParam(name = "body", value = "input parameters in json form", required = true, dataType = "org.apache.ambari.server.controller.UserRequest", paramType = "body")
+      @ApiImplicitParam(dataType = CREATE_USER_REQUEST_TYPE, paramType = PARAM_TYPE_BODY)
+  })
+  @ApiResponses({
+      @ApiResponse(code = HttpStatus.SC_CREATED, message = MSG_SUCCESSFUL_OPERATION),
+      @ApiResponse(code = HttpStatus.SC_ACCEPTED, message = MSG_REQUEST_ACCEPTED),
+      @ApiResponse(code = HttpStatus.SC_BAD_REQUEST, message = MSG_INVALID_ARGUMENTS),
+      @ApiResponse(code = HttpStatus.SC_NOT_FOUND, message = MSG_RESOURCE_NOT_FOUND),
+      @ApiResponse(code = HttpStatus.SC_CONFLICT, message = MSG_RESOURCE_ALREADY_EXISTS),
+      @ApiResponse(code = HttpStatus.SC_UNAUTHORIZED, message = MSG_NOT_AUTHENTICATED),
+      @ApiResponse(code = HttpStatus.SC_FORBIDDEN, message = MSG_PERMISSION_DENIED),
+      @ApiResponse(code = HttpStatus.SC_INTERNAL_SERVER_ERROR, message = MSG_SERVER_ERROR),
   })
-  @ApiResponses(value = {
-    @ApiResponse(code = 200, message = "Successful operation"),
-    @ApiResponse(code = 500, message = "Server Error")}
-  )
   public Response createUser(String body, @Context HttpHeaders headers, @Context UriInfo ui,
                              @ApiParam(value = "user name", required = true) @PathParam("userName") String userName) {
     return handleRequest(headers, body, ui, Request.Type.POST, createUserResource(userName));
@@ -141,22 +177,27 @@ public class UserService extends BaseService {
    * Updates a specific user.
    * Handles: PUT /users/{userName}
    *
-   * @param headers     http headers
-   * @param ui          uri info
-   * @param userName   the username
+   * @param headers  http headers
+   * @param ui       uri info
+   * @param userName the username
    * @return information regarding the updated user
    */
   @PUT
   @Path("{userName}")
   @Produces("text/plain")
-  @ApiOperation(value = "Update user detail", nickname = "UserService#updateUser", notes = "Updates user resource.")
+  @ApiOperation(value = "Update user details")
   @ApiImplicitParams({
-    @ApiImplicitParam(name = "body", value = "input parameters in json form", required = true, dataType = "org.apache.ambari.server.controller.UserRequest", paramType = "body")
+      @ApiImplicitParam(dataType = UPDATE_USER_REQUEST_TYPE, paramType = PARAM_TYPE_BODY)
+  })
+  @ApiResponses({
+      @ApiResponse(code = HttpStatus.SC_ACCEPTED, message = MSG_REQUEST_ACCEPTED),
+      @ApiResponse(code = HttpStatus.SC_BAD_REQUEST, message = MSG_INVALID_ARGUMENTS),
+      @ApiResponse(code = HttpStatus.SC_NOT_FOUND, message = MSG_RESOURCE_NOT_FOUND),
+      @ApiResponse(code = HttpStatus.SC_CONFLICT, message = MSG_RESOURCE_ALREADY_EXISTS),
+      @ApiResponse(code = HttpStatus.SC_UNAUTHORIZED, message = MSG_NOT_AUTHENTICATED),
+      @ApiResponse(code = HttpStatus.SC_FORBIDDEN, message = MSG_PERMISSION_DENIED),
+      @ApiResponse(code = HttpStatus.SC_INTERNAL_SERVER_ERROR, message = MSG_SERVER_ERROR),
   })
-  @ApiResponses(value = {
-    @ApiResponse(code = 200, message = "Successful operation"),
-    @ApiResponse(code = 500, message = "Server Error")}
-  )
   public Response updateUser(String body, @Context HttpHeaders headers, @Context UriInfo ui,
                              @ApiParam(value = "user name", required = true) @PathParam("userName") String userName) {
 
@@ -170,10 +211,10 @@ public class UserService extends BaseService {
   @DELETE
   @Path("{userName}")
   @Produces("text/plain")
-  @ApiOperation(value = "Delete single user", nickname = "UserService#deleteUser", notes = "Delete user resource.")
+  @ApiOperation(value = "Delete single user")
   @ApiResponses(value = {
-    @ApiResponse(code = 200, message = "Successful operation"),
-    @ApiResponse(code = 500, message = "Server Error")}
+      @ApiResponse(code = 200, message = "Successful operation"),
+      @ApiResponse(code = 500, message = "Server Error")}
   )
   public Response deleteUser(@Context HttpHeaders headers, @Context UriInfo ui,
                              @ApiParam(value = "user name", required = true) @PathParam("userName") String userName) {
@@ -183,8 +224,7 @@ public class UserService extends BaseService {
   /**
    * Create a user resource instance.
    *
-   * @param userName  user name
-   *
+   * @param userName user name
    * @return a user resource instance
    */
   private ResourceInstance createUserResource(String userName) {

http://git-wip-us.apache.org/repos/asf/ambari/blob/317905e4/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java
index 25d12c7..f2fba6c 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java
@@ -72,6 +72,7 @@ import org.apache.ambari.server.controller.internal.MemberResourceProvider;
 import org.apache.ambari.server.controller.internal.RepositoryVersionResourceProvider;
 import org.apache.ambari.server.controller.internal.ServiceResourceProvider;
 import org.apache.ambari.server.controller.internal.UpgradeResourceProvider;
+import org.apache.ambari.server.controller.internal.UserAuthenticationSourceResourceProvider;
 import org.apache.ambari.server.controller.internal.UserResourceProvider;
 import org.apache.ambari.server.controller.logging.LoggingRequestHelperFactory;
 import org.apache.ambari.server.controller.logging.LoggingRequestHelperFactoryImpl;
@@ -466,6 +467,7 @@ public class ControllerModule extends AbstractModule {
         .implement(ResourceProvider.class, Names.named("repositoryVersion"), RepositoryVersionResourceProvider.class)
         .implement(ResourceProvider.class, Names.named("hostKerberosIdentity"), HostKerberosIdentityResourceProvider.class)
         .implement(ResourceProvider.class, Names.named("user"), UserResourceProvider.class)
+        .implement(ResourceProvider.class, Names.named("userAuthenticationSource"), UserAuthenticationSourceResourceProvider.class)
         .implement(ResourceProvider.class, Names.named("credential"), CredentialResourceProvider.class)
         .implement(ResourceProvider.class, Names.named("kerberosDescriptor"), KerberosDescriptorResourceProvider.class)
         .implement(ResourceProvider.class, Names.named("upgrade"), UpgradeResourceProvider.class)

http://git-wip-us.apache.org/repos/asf/ambari/blob/317905e4/ambari-server/src/main/java/org/apache/ambari/server/controller/ResourceProviderFactory.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/ResourceProviderFactory.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/ResourceProviderFactory.java
index 2454bf7..d5bebf0 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/ResourceProviderFactory.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/ResourceProviderFactory.java
@@ -52,9 +52,10 @@ public interface ResourceProviderFactory {
       AmbariManagementController managementController);
 
   @Named("user")
-  ResourceProvider getUserResourceProvider(Set<String> propertyIds,
-                                           Map<Type, String> keyPropertyIds,
-                                           AmbariManagementController managementController);
+  ResourceProvider getUserResourceProvider(AmbariManagementController managementController);
+
+  @Named("userAuthenticationSource")
+  ResourceProvider getUserAuthenticationSourceResourceProvider();
 
   @Named("hostKerberosIdentity")
   ResourceProvider getHostKerberosIdentityResourceProvider(AmbariManagementController managementController);

http://git-wip-us.apache.org/repos/asf/ambari/blob/317905e4/ambari-server/src/main/java/org/apache/ambari/server/controller/UserAuthenticationSourceRequest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/UserAuthenticationSourceRequest.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/UserAuthenticationSourceRequest.java
new file mode 100644
index 0000000..17297be
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/UserAuthenticationSourceRequest.java
@@ -0,0 +1,82 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.controller;
+
+import org.apache.ambari.server.controller.internal.UserAuthenticationSourceResourceProvider;
+import org.apache.ambari.server.security.authorization.UserAuthenticationType;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+
+/**
+ * Represents a user authentication source request.
+ */
+@ApiModel
+public class UserAuthenticationSourceRequest {
+  private final String username;
+  private final Long sourceId;
+  private final UserAuthenticationType authenticationType;
+  private final String key;
+  private final String oldKey;
+
+  public UserAuthenticationSourceRequest(String username, Long sourceId) {
+    this(username, sourceId, null, null);
+
+  }
+
+  public UserAuthenticationSourceRequest(String username, Long sourceId, UserAuthenticationType authenticationType) {
+    this(username, sourceId, authenticationType, null);
+  }
+
+  public UserAuthenticationSourceRequest(String username, Long sourceId, UserAuthenticationType authenticationType, String key) {
+    this(username, sourceId, authenticationType, key, null);
+  }
+
+  public UserAuthenticationSourceRequest(String username, Long sourceId, UserAuthenticationType authenticationType, String key, String oldKey) {
+    this.username = username;
+    this.sourceId = sourceId;
+    this.authenticationType = authenticationType;
+    this.key = key;
+    this.oldKey = oldKey;
+  }
+
+  @ApiModelProperty(name = UserAuthenticationSourceResourceProvider.USER_NAME_PROPERTY_ID, hidden = true)
+  public String getUsername() {
+    return username;
+  }
+
+  @ApiModelProperty(name = UserAuthenticationSourceResourceProvider.AUTHENTICATION_SOURCE_ID_PROPERTY_ID)
+  public Long getSourceId() {
+    return sourceId;
+  }
+
+  @ApiModelProperty(name = UserAuthenticationSourceResourceProvider.AUTHENTICATION_TYPE_PROPERTY_ID)
+  public UserAuthenticationType getAuthenticationType() {
+    return authenticationType;
+  }
+
+  @ApiModelProperty(name = UserAuthenticationSourceResourceProvider.KEY_PROPERTY_ID)
+  public String getKey() {
+    return key;
+  }
+
+  @ApiModelProperty(name = UserAuthenticationSourceResourceProvider.OLD_KEY_PROPERTY_ID)
+  public String getOldKey() {
+    return oldKey;
+  }
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/317905e4/ambari-server/src/main/java/org/apache/ambari/server/controller/UserAuthenticationSourceRequestCreateSwagger.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/UserAuthenticationSourceRequestCreateSwagger.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/UserAuthenticationSourceRequestCreateSwagger.java
new file mode 100644
index 0000000..72f010a
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/UserAuthenticationSourceRequestCreateSwagger.java
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.controller;
+
+import org.apache.ambari.server.controller.internal.UserAuthenticationSourceResourceProvider;
+import org.apache.ambari.server.security.authorization.UserAuthenticationType;
+
+import io.swagger.annotations.ApiModelProperty;
+
+/**
+ * Interface to help correct Swagger documentation generation
+ */
+public interface UserAuthenticationSourceRequestCreateSwagger extends ApiModel {
+  @ApiModelProperty(name = UserAuthenticationSourceResourceProvider.AUTHENTICATION_SOURCE_RESOURCE_CATEGORY)
+  CreateUserAuthenticationSourceInfo getCreateUserAuthenticationSourceRequest();
+
+  interface CreateUserAuthenticationSourceInfo {
+    @ApiModelProperty(name = UserAuthenticationSourceResourceProvider.AUTHENTICATION_TYPE_PROPERTY_ID, required = true)
+    public UserAuthenticationType getAuthenticationType();
+
+    @ApiModelProperty(name = UserAuthenticationSourceResourceProvider.KEY_PROPERTY_ID, required = true)
+    public String getKey();
+  }
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/317905e4/ambari-server/src/main/java/org/apache/ambari/server/controller/UserAuthenticationSourceRequestUpdateSwagger.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/UserAuthenticationSourceRequestUpdateSwagger.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/UserAuthenticationSourceRequestUpdateSwagger.java
new file mode 100644
index 0000000..3e1aa8c
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/UserAuthenticationSourceRequestUpdateSwagger.java
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.controller;
+
+import org.apache.ambari.server.controller.internal.UserAuthenticationSourceResourceProvider;
+
+import io.swagger.annotations.ApiModelProperty;
+
+/**
+ * Interface to help correct Swagger documentation generation
+ */
+public interface UserAuthenticationSourceRequestUpdateSwagger extends ApiModel {
+  @ApiModelProperty(name = UserAuthenticationSourceResourceProvider.AUTHENTICATION_SOURCE_RESOURCE_CATEGORY)
+  UserAuthenticationSourceRequestUpdateInfo getUpdateUserAuthenticationSourceRequest();
+
+  interface UserAuthenticationSourceRequestUpdateInfo {
+
+    @ApiModelProperty(name = UserAuthenticationSourceResourceProvider.KEY_PROPERTY_ID, required = true)
+    public String getKey();
+
+    @ApiModelProperty(name = UserAuthenticationSourceResourceProvider.OLD_KEY_PROPERTY_ID, required = false)
+    public String getOldKey();
+  }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/317905e4/ambari-server/src/main/java/org/apache/ambari/server/controller/UserAuthenticationSourceResponse.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/UserAuthenticationSourceResponse.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/UserAuthenticationSourceResponse.java
new file mode 100644
index 0000000..6717ad6
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/UserAuthenticationSourceResponse.java
@@ -0,0 +1,127 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.controller;
+
+import java.util.Date;
+
+import org.apache.ambari.server.controller.internal.UserAuthenticationSourceResourceProvider;
+import org.apache.ambari.server.security.authorization.UserAuthenticationType;
+import org.apache.commons.lang.builder.EqualsBuilder;
+import org.apache.commons.lang.builder.HashCodeBuilder;
+
+import io.swagger.annotations.ApiModelProperty;
+
+/**
+ * Represents a user authentication source.
+ */
+public class UserAuthenticationSourceResponse implements ApiModel {
+
+  private final String userName;
+  private final Long sourceId;
+  private final UserAuthenticationType authenticationType;
+  private final String key;
+
+  private final Date createTime;
+  private final Date updateTime;
+
+  public UserAuthenticationSourceResponse(String userName, Long sourceId, UserAuthenticationType authenticationType, String key, Date createTime, Date updateTime) {
+    this.userName = userName;
+    this.sourceId = sourceId;
+    this.authenticationType = authenticationType;
+    this.key = key;
+    this.createTime = createTime;
+    this.updateTime = updateTime;
+  }
+
+  /**
+   * Returns user name
+   *
+   * @return user name
+   */
+  @ApiModelProperty(name = UserAuthenticationSourceResourceProvider.USER_NAME_PROPERTY_ID, required = true)
+  public String getUserName() {
+    return userName;
+  }
+
+
+  @ApiModelProperty(name = UserAuthenticationSourceResourceProvider.AUTHENTICATION_SOURCE_ID_PROPERTY_ID, required = true)
+  public Long getSourceId() {
+    return sourceId;
+  }
+
+  @ApiModelProperty(name = UserAuthenticationSourceResourceProvider.AUTHENTICATION_TYPE_PROPERTY_ID, required = true)
+  public UserAuthenticationType getAuthenticationType() {
+    return authenticationType;
+  }
+
+  @ApiModelProperty(name = UserAuthenticationSourceResourceProvider.KEY_PROPERTY_ID)
+  public String getKey() {
+    return key;
+  }
+
+  @ApiModelProperty(name = UserAuthenticationSourceResourceProvider.CREATED_PROPERTY_ID)
+  public Date getCreateTime() {
+    return createTime;
+  }
+
+  @ApiModelProperty(name = UserAuthenticationSourceResourceProvider.UPDATED_PROPERTY_ID)
+  public Date getUpdateTime() {
+    return updateTime;
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (this == o) {
+      return true;
+    } else if (o == null || getClass() != o.getClass()) {
+      return false;
+    } else {
+      UserAuthenticationSourceResponse that = (UserAuthenticationSourceResponse) o;
+
+      EqualsBuilder equalsBuilder = new EqualsBuilder();
+      equalsBuilder.append(userName, that.userName);
+      equalsBuilder.append(sourceId, that.sourceId);
+      equalsBuilder.append(authenticationType, that.authenticationType);
+      equalsBuilder.append(key, that.key);
+      equalsBuilder.append(createTime, that.createTime);
+      equalsBuilder.append(updateTime, that.updateTime);
+      return equalsBuilder.isEquals();
+    }
+  }
+
+  @Override
+  public int hashCode() {
+    HashCodeBuilder hashCodeBuilder = new HashCodeBuilder();
+    hashCodeBuilder.append(userName);
+    hashCodeBuilder.append(sourceId);
+    hashCodeBuilder.append(authenticationType);
+    hashCodeBuilder.append(key);
+    hashCodeBuilder.append(createTime);
+    hashCodeBuilder.append(updateTime);
+    return hashCodeBuilder.toHashCode();
+  }
+
+  /**
+   * Interface to help correct Swagger documentation generation
+   */
+  public interface UserAuthenticationSourceResponseSwagger {
+    @ApiModelProperty(name = UserAuthenticationSourceResourceProvider.AUTHENTICATION_SOURCE_RESOURCE_CATEGORY)
+    @SuppressWarnings("unused")
+    UserAuthenticationSourceResponse getUserAuthenticationSourceResponse();
+  }
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/317905e4/ambari-server/src/main/java/org/apache/ambari/server/controller/UserRequest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/UserRequest.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/UserRequest.java
index 3011d01..d0836a9 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/UserRequest.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/UserRequest.java
@@ -17,6 +17,8 @@
  */
 package org.apache.ambari.server.controller;
 
+import org.apache.ambari.server.controller.internal.UserResourceProvider;
+
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 
@@ -38,12 +40,12 @@ public class UserRequest {
     this.userName = name;
   }
 
-  @ApiModelProperty(name = "Users/user_name",hidden = true)
+  @ApiModelProperty(name = UserResourceProvider.USERNAME_PROPERTY_ID)
   public String getUsername() {
     return userName;
   }
 
-  @ApiModelProperty(name = "Users/password")
+  @ApiModelProperty(name = UserResourceProvider.PASSWORD_PROPERTY_ID)
   public String getPassword() {
     return password;
   }
@@ -52,7 +54,7 @@ public class UserRequest {
     password = userPass;
   }
 
-  @ApiModelProperty(name = "Users/old_password")
+  @ApiModelProperty(name = UserResourceProvider.OLD_PASSWORD_PROPERTY_ID)
   public String getOldPassword() {
     return oldPassword;
   }
@@ -61,7 +63,7 @@ public class UserRequest {
     oldPassword = oldUserPass;
   }
 
-  @ApiModelProperty(name = "Users/active")
+  @ApiModelProperty(name = UserResourceProvider.ACTIVE_PROPERTY_ID)
   public Boolean isActive() {
     return active;
   }
@@ -70,7 +72,7 @@ public class UserRequest {
     this.active = active;
   }
 
-  @ApiModelProperty(name = "Users/admin")
+  @ApiModelProperty(name = UserResourceProvider.ADMIN_PROPERTY_ID)
   public Boolean isAdmin() {
     return admin;
   }
@@ -79,7 +81,7 @@ public class UserRequest {
     this.admin = admin;
   }
 
-  @ApiModelProperty(name = "Users/display_name")
+  @ApiModelProperty(name = UserResourceProvider.DISPLAY_NAME_PROPERTY_ID)
   public String getDisplayName() {
     return displayName;
   }
@@ -88,7 +90,7 @@ public class UserRequest {
     this.displayName = displayName;
   }
 
-  @ApiModelProperty(name = "Users/local_user_name")
+  @ApiModelProperty(name = UserResourceProvider.LOCAL_USERNAME_PROPERTY_ID)
   public String getLocalUserName() {
     return localUserName;
   }
@@ -103,5 +105,4 @@ public class UserRequest {
     sb.append("User, username=").append(userName);
     return sb.toString();
   }
-
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/317905e4/ambari-server/src/main/java/org/apache/ambari/server/controller/UserRequestCreateUserSwagger.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/UserRequestCreateUserSwagger.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/UserRequestCreateUserSwagger.java
new file mode 100644
index 0000000..44b6410
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/UserRequestCreateUserSwagger.java
@@ -0,0 +1,49 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.controller;
+
+import org.apache.ambari.server.controller.internal.UserResourceProvider;
+
+import io.swagger.annotations.ApiModelProperty;
+
+/**
+ * Interface to help correct Swagger documentation generation
+ */
+public interface UserRequestCreateUserSwagger extends ApiModel {
+
+  @ApiModelProperty(name = UserResourceProvider.USER_RESOURCE_CATEGORY)
+  CreateUserInfo getCreateUserRequest();
+
+  interface CreateUserInfo {
+    @ApiModelProperty(name = UserResourceProvider.PASSWORD_PROPERTY_ID)
+    String getPassword();
+
+    @ApiModelProperty(name = UserResourceProvider.ACTIVE_PROPERTY_ID)
+    Boolean isActive();
+
+    @ApiModelProperty(name = UserResourceProvider.ADMIN_PROPERTY_ID)
+    Boolean isAdmin();
+
+    @ApiModelProperty(name = UserResourceProvider.DISPLAY_NAME_PROPERTY_ID)
+    String getDisplayName();
+
+    @ApiModelProperty(name = UserResourceProvider.LOCAL_USERNAME_PROPERTY_ID)
+    String getLocalUserName();
+  }
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/317905e4/ambari-server/src/main/java/org/apache/ambari/server/controller/UserRequestCreateUsersSwagger.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/UserRequestCreateUsersSwagger.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/UserRequestCreateUsersSwagger.java
new file mode 100644
index 0000000..f26ae14
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/UserRequestCreateUsersSwagger.java
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.controller;
+
+import org.apache.ambari.server.controller.internal.UserResourceProvider;
+
+import io.swagger.annotations.ApiModelProperty;
+
+/**
+ * Interface to help correct Swagger documentation generation
+ */
+public interface UserRequestCreateUsersSwagger extends ApiModel {
+
+  @ApiModelProperty(name = UserResourceProvider.USER_RESOURCE_CATEGORY)
+  CreateUsersInfo getCreateUsersRequest();
+
+  interface CreateUsersInfo {
+    @ApiModelProperty(name = UserResourceProvider.USERNAME_PROPERTY_ID )
+    String getUsername();
+
+    @ApiModelProperty(name = UserResourceProvider.PASSWORD_PROPERTY_ID)
+    String getPassword();
+
+    @ApiModelProperty(name = UserResourceProvider.ACTIVE_PROPERTY_ID)
+    Boolean isActive();
+
+    @ApiModelProperty(name = UserResourceProvider.ADMIN_PROPERTY_ID)
+    Boolean isAdmin();
+
+    @ApiModelProperty(name = UserResourceProvider.DISPLAY_NAME_PROPERTY_ID)
+    String getDisplayName();
+
+    @ApiModelProperty(name = UserResourceProvider.LOCAL_USERNAME_PROPERTY_ID)
+    String getLocalUserName();
+  }
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/317905e4/ambari-server/src/main/java/org/apache/ambari/server/controller/UserRequestUpdateUserSwagger.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/UserRequestUpdateUserSwagger.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/UserRequestUpdateUserSwagger.java
new file mode 100644
index 0000000..f2b2d84
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/UserRequestUpdateUserSwagger.java
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.controller;
+
+import org.apache.ambari.server.controller.internal.UserResourceProvider;
+
+import io.swagger.annotations.ApiModelProperty;
+
+/**
+ * Interface to help correct Swagger documentation generation
+ */
+public interface UserRequestUpdateUserSwagger extends ApiModel {
+
+  @ApiModelProperty(name = UserResourceProvider.USER_RESOURCE_CATEGORY)
+  UpdateUserInfo getUpdateUserRequest();
+
+  interface UpdateUserInfo {
+    @ApiModelProperty(name = UserResourceProvider.OLD_PASSWORD_PROPERTY_ID)
+    String getOldPassword();
+
+    @ApiModelProperty(name = UserResourceProvider.PASSWORD_PROPERTY_ID)
+    String getPassword();
+
+    @ApiModelProperty(name = UserResourceProvider.ACTIVE_PROPERTY_ID)
+    Boolean isActive();
+
+    @ApiModelProperty(name = UserResourceProvider.ADMIN_PROPERTY_ID)
+    Boolean isAdmin();
+
+    @ApiModelProperty(name = UserResourceProvider.DISPLAY_NAME_PROPERTY_ID)
+    String getDisplayName();
+
+    @ApiModelProperty(name = UserResourceProvider.LOCAL_USERNAME_PROPERTY_ID)
+    String getLocalUserName();
+  }
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/317905e4/ambari-server/src/main/java/org/apache/ambari/server/controller/UserResponse.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/UserResponse.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/UserResponse.java
index bcb3aaf..6204aac 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/UserResponse.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/UserResponse.java
@@ -18,8 +18,10 @@
 package org.apache.ambari.server.controller;
 
 import java.util.Collections;
+import java.util.Date;
 import java.util.Set;
 
+import org.apache.ambari.server.controller.internal.UserResourceProvider;
 import org.apache.ambari.server.security.authorization.UserAuthenticationType;
 
 import io.swagger.annotations.ApiModelProperty;
@@ -27,38 +29,48 @@ import io.swagger.annotations.ApiModelProperty;
 /**
  * Represents a user maintenance request.
  */
-public class
-UserResponse implements ApiModel {
+public class UserResponse implements ApiModel {
 
   private final String userName;
+  private final String displayName;
+  private final String localUserName;
   private final UserAuthenticationType authenticationType;
   private final boolean isLdapUser;
   private final boolean isActive;
   private final boolean isAdmin;
   private Set<String> groups = Collections.emptySet();
 
-  public UserResponse(String userName, UserAuthenticationType userType, boolean isLdapUser, boolean isActive, boolean isAdmin) {
+  private final Date createTime;
+  private final Integer consecutiveFailures;
+
+  public UserResponse(String userName, String displayName, String localUserName, UserAuthenticationType userType, boolean isLdapUser, boolean isActive, boolean isAdmin, Integer consecutiveFailures, Date createTime) {
     this.userName = userName;
+    this.displayName = displayName;
+    this.localUserName = localUserName;
     this.authenticationType = userType;
     this.isLdapUser = isLdapUser;
     this.isActive = isActive;
     this.isAdmin = isAdmin;
+    this.consecutiveFailures = consecutiveFailures;
+    this.createTime = createTime;
   }
 
-  public UserResponse(String name, boolean isLdapUser, boolean isActive, boolean isAdmin) {
-    this.userName = name;
-    this.isLdapUser = isLdapUser;
-    this.isActive = isActive;
-    this.isAdmin = isAdmin;
-    this.authenticationType = UserAuthenticationType.LOCAL;
-  }
-
-  @ApiModelProperty(name = "Users/user_name",required = true)
+  @ApiModelProperty(name = UserResourceProvider.USERNAME_PROPERTY_ID)
   public String getUsername() {
     return userName;
   }
 
-  @ApiModelProperty(name = "Users/groups")
+  @ApiModelProperty(name = UserResourceProvider.DISPLAY_NAME_PROPERTY_ID)
+  public String getDisplayName() {
+    return displayName;
+  }
+
+  @ApiModelProperty(name = UserResourceProvider.LOCAL_USERNAME_PROPERTY_ID)
+  public String getLocalUsername() {
+    return localUserName;
+  }
+
+  @ApiModelProperty(name = UserResourceProvider.GROUPS_PROPERTY_ID)
   public Set<String> getGroups() {
     return groups;
   }
@@ -70,34 +82,50 @@ UserResponse implements ApiModel {
   /**
    * @return the isLdapUser
    */
-  @ApiModelProperty(name = "Users/ldap_user")
+  @ApiModelProperty(name = UserResourceProvider.LDAP_USER_PROPERTY_ID)
   public boolean isLdapUser() {
     return isLdapUser;
   }
 
-  @ApiModelProperty(name = "Users/active")
+  @ApiModelProperty(name = UserResourceProvider.ACTIVE_PROPERTY_ID)
   public boolean isActive() {
     return isActive;
   }
 
-  @ApiModelProperty(name = "Users/admin")
+  @ApiModelProperty(name = UserResourceProvider.ADMIN_PROPERTY_ID)
   public boolean isAdmin() {
     return isAdmin;
   }
 
-  @ApiModelProperty(name = "Users/authentication_type")
+  @ApiModelProperty(name = UserResourceProvider.USER_TYPE_PROPERTY_ID)
   public UserAuthenticationType getAuthenticationType() {
     return authenticationType;
   }
 
+  @ApiModelProperty(name = UserResourceProvider.CONSECUTIVE_FAILURES_PROPERTY_ID)
+  public Integer getConsecutiveFailures() {
+    return consecutiveFailures;
+  }
+
+  @ApiModelProperty(name = UserResourceProvider.CREATE_TIME_PROPERTY_ID)
+  public Date getCreateTime() {
+    return createTime;
+  }
+
   @Override
   public boolean equals(Object o) {
-    if (this == o) return true;
-    if (o == null || getClass() != o.getClass()) return false;
+    if (this == o) {
+      return true;
+    }
+    if (o == null || getClass() != o.getClass()) {
+      return false;
+    }
 
     UserResponse that = (UserResponse) o;
 
-    if (userName != null ? !userName.equals(that.userName) : that.userName != null) return false;
+    if (userName != null ? !userName.equals(that.userName) : that.userName != null) {
+      return false;
+    }
     return authenticationType == that.authenticationType;
 
   }
@@ -108,4 +136,12 @@ UserResponse implements ApiModel {
     result = 31 * result + (authenticationType != null ? authenticationType.hashCode() : 0);
     return result;
   }
+
+  /**
+   * Interface to help correct Swagger documentation generation
+   */
+  public interface UserResponseSwagger {
+    @ApiModelProperty(name = UserResourceProvider.USER_RESOURCE_CATEGORY)
+    UserResponse getUserResponse();
+  }
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/317905e4/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java
index 595b7f9..af2c0e8 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java
@@ -171,7 +171,9 @@ public abstract class AbstractControllerResourceProvider extends AbstractAuthori
       case Task:
         return new TaskResourceProvider(propertyIds, keyPropertyIds, managementController);
       case User:
-        return resourceProviderFactory.getUserResourceProvider(propertyIds, keyPropertyIds, managementController);
+        return resourceProviderFactory.getUserResourceProvider(managementController);
+      case UserAuthenticationSource:
+        return resourceProviderFactory.getUserAuthenticationSourceResourceProvider();
       case Group:
         return new GroupResourceProvider(propertyIds, keyPropertyIds, managementController);
       case Member:

http://git-wip-us.apache.org/repos/asf/ambari/blob/317905e4/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserAuthenticationSourceResourceProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserAuthenticationSourceResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserAuthenticationSourceResourceProvider.java
new file mode 100644
index 0000000..6a5f528
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserAuthenticationSourceResourceProvider.java
@@ -0,0 +1,417 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.controller.internal;
+
+import java.util.Collection;
+import java.util.EnumSet;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.ambari.server.AmbariException;
+import org.apache.ambari.server.controller.PrivilegeResponse;
+import org.apache.ambari.server.controller.UserAuthenticationSourceRequest;
+import org.apache.ambari.server.controller.UserAuthenticationSourceResponse;
+import org.apache.ambari.server.controller.spi.NoSuchParentResourceException;
+import org.apache.ambari.server.controller.spi.NoSuchResourceException;
+import org.apache.ambari.server.controller.spi.Predicate;
+import org.apache.ambari.server.controller.spi.Request;
+import org.apache.ambari.server.controller.spi.RequestStatus;
+import org.apache.ambari.server.controller.spi.Resource;
+import org.apache.ambari.server.controller.spi.ResourceAlreadyExistsException;
+import org.apache.ambari.server.controller.spi.SystemException;
+import org.apache.ambari.server.controller.spi.UnsupportedPropertyException;
+import org.apache.ambari.server.orm.entities.UserAuthenticationEntity;
+import org.apache.ambari.server.orm.entities.UserEntity;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
+import org.apache.ambari.server.security.authorization.AuthorizationHelper;
+import org.apache.ambari.server.security.authorization.ResourceType;
+import org.apache.ambari.server.security.authorization.RoleAuthorization;
+import org.apache.ambari.server.security.authorization.UserAuthenticationType;
+import org.apache.ambari.server.security.authorization.Users;
+import org.apache.commons.lang.StringUtils;
+import org.apache.velocity.exception.ResourceNotFoundException;
+
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
+import com.google.inject.Inject;
+
+/**
+ * Resource provider for user authentication source resources.
+ */
+public class UserAuthenticationSourceResourceProvider extends AbstractAuthorizedResourceProvider {
+
+  public static final String AUTHENTICATION_SOURCE_RESOURCE_CATEGORY = "AuthenticationSourceInfo";
+
+  public static final String AUTHENTICATION_SOURCE_ID_PROPERTY_ID = "source_id";
+  public static final String USER_NAME_PROPERTY_ID = "user_name";
+  public static final String AUTHENTICATION_TYPE_PROPERTY_ID = "authentication_type";
+  public static final String KEY_PROPERTY_ID = "key";
+  public static final String OLD_KEY_PROPERTY_ID = "old_key";
+  public static final String CREATED_PROPERTY_ID = "created";
+  public static final String UPDATED_PROPERTY_ID = "updated";
+
+  public static final String AUTHENTICATION_AUTHENTICATION_SOURCE_ID_PROPERTY_ID = AUTHENTICATION_SOURCE_RESOURCE_CATEGORY + "/" + AUTHENTICATION_SOURCE_ID_PROPERTY_ID;
+  public static final String AUTHENTICATION_USER_NAME_PROPERTY_ID = AUTHENTICATION_SOURCE_RESOURCE_CATEGORY + "/" + USER_NAME_PROPERTY_ID;
+  public static final String AUTHENTICATION_AUTHENTICATION_TYPE_PROPERTY_ID = AUTHENTICATION_SOURCE_RESOURCE_CATEGORY + "/" + AUTHENTICATION_TYPE_PROPERTY_ID;
+  public static final String AUTHENTICATION_KEY_PROPERTY_ID = AUTHENTICATION_SOURCE_RESOURCE_CATEGORY + "/" + KEY_PROPERTY_ID;
+  public static final String AUTHENTICATION_OLD_KEY_PROPERTY_ID = AUTHENTICATION_SOURCE_RESOURCE_CATEGORY + "/" + OLD_KEY_PROPERTY_ID;
+  public static final String AUTHENTICATION_CREATED_PROPERTY_ID = AUTHENTICATION_SOURCE_RESOURCE_CATEGORY + "/" + CREATED_PROPERTY_ID;
+  public static final String AUTHENTICATION_UPDATED_PROPERTY_ID = AUTHENTICATION_SOURCE_RESOURCE_CATEGORY + "/" + UPDATED_PROPERTY_ID;
+
+  private static final Set<String> PK_PROPERTY_IDS = ImmutableSet.of(
+      AUTHENTICATION_AUTHENTICATION_SOURCE_ID_PROPERTY_ID
+  );
+  private static final Set<String> PROPERTY_IDS = ImmutableSet.of(
+      AUTHENTICATION_AUTHENTICATION_SOURCE_ID_PROPERTY_ID,
+      AUTHENTICATION_USER_NAME_PROPERTY_ID,
+      AUTHENTICATION_AUTHENTICATION_TYPE_PROPERTY_ID,
+      AUTHENTICATION_KEY_PROPERTY_ID,
+      AUTHENTICATION_OLD_KEY_PROPERTY_ID,
+      AUTHENTICATION_CREATED_PROPERTY_ID,
+      AUTHENTICATION_UPDATED_PROPERTY_ID
+  );
+  private static final Map<Resource.Type, String> KEY_PROPERTY_IDS = ImmutableMap.of(
+      Resource.Type.User, AUTHENTICATION_USER_NAME_PROPERTY_ID,
+      Resource.Type.UserAuthenticationSource, AUTHENTICATION_AUTHENTICATION_SOURCE_ID_PROPERTY_ID
+  );
+
+  @Inject
+  private Users users;
+
+  /**
+   * Constructor.
+   */
+  public UserAuthenticationSourceResourceProvider() {
+    super(Resource.Type.UserAuthenticationSource, PROPERTY_IDS, KEY_PROPERTY_IDS);
+
+    EnumSet<RoleAuthorization> requiredAuthorizations = EnumSet.of(RoleAuthorization.AMBARI_MANAGE_USERS);
+    setRequiredCreateAuthorizations(requiredAuthorizations);
+    setRequiredDeleteAuthorizations(requiredAuthorizations);
+    setRequiredGetAuthorizations(requiredAuthorizations);
+    setRequiredUpdateAuthorizations(requiredAuthorizations);
+  }
+
+  // ----- PrivilegeResourceProvider -----------------------------------------
+
+  @Override
+  protected Set<String> getPKPropertyIds() {
+    return PK_PROPERTY_IDS;
+  }
+
+  @Override
+  public RequestStatus createResourcesAuthorized(Request request)
+      throws SystemException, UnsupportedPropertyException, ResourceAlreadyExistsException, NoSuchParentResourceException {
+    final Set<UserAuthenticationSourceRequest> requests = new HashSet<>();
+    for (Map<String, Object> propertyMap : request.getProperties()) {
+      requests.add(getRequest(propertyMap));
+    }
+
+    createResources(new Command<Void>() {
+      @Override
+      public Void invoke() throws AmbariException {
+        createUserAuthenticationSources(requests);
+        return null;
+      }
+    });
+
+    return getRequestStatus(null);
+  }
+
+  @Override
+  public Set<Resource> getResources(Request request, Predicate predicate)
+      throws SystemException, UnsupportedPropertyException, NoSuchResourceException, NoSuchParentResourceException {
+
+    final Set<UserAuthenticationSourceRequest> requests = new HashSet<>();
+    if (predicate == null) {
+      requests.add(getRequest(null));
+    } else {
+      for (Map<String, Object> propertyMap : getPropertyMaps(predicate)) {
+        requests.add(getRequest(propertyMap));
+      }
+    }
+
+    Set<UserAuthenticationSourceResponse> responses = getResources(new Command<Set<UserAuthenticationSourceResponse>>() {
+      @Override
+      public Set<UserAuthenticationSourceResponse> invoke() throws AmbariException, AuthorizationException {
+        return getUserAuthenticationSources(requests);
+      }
+    });
+
+    Set<String> requestedIds = getRequestPropertyIds(request, predicate);
+    Set<Resource> resources = new HashSet<>();
+
+    for (UserAuthenticationSourceResponse response : responses) {
+      resources.add(toResource(response, requestedIds));
+    }
+
+    return resources;
+  }
+
+  @Override
+  public RequestStatus updateResources(Request request, Predicate predicate)
+      throws SystemException, UnsupportedPropertyException, NoSuchResourceException, NoSuchParentResourceException {
+    final Set<UserAuthenticationSourceRequest> requests = new HashSet<>();
+
+    for (Map<String, Object> propertyMap : getPropertyMaps(request.getProperties().iterator().next(), predicate)) {
+      requests.add(getRequest(propertyMap));
+    }
+
+    modifyResources(new Command<Void>() {
+      @Override
+      public Void invoke() throws AmbariException, AuthorizationException {
+        updateUserAuthenticationSources(requests);
+        return null;
+      }
+    });
+
+    return getRequestStatus(null);
+  }
+
+  @Override
+  public RequestStatus deleteResourcesAuthorized(Request request, Predicate predicate)
+      throws SystemException, UnsupportedPropertyException, NoSuchResourceException, NoSuchParentResourceException {
+    final Set<UserAuthenticationSourceRequest> requests = new HashSet<>();
+
+    for (Map<String, Object> propertyMap : getPropertyMaps(predicate)) {
+      requests.add(getRequest(propertyMap));
+    }
+
+    modifyResources(new Command<Void>() {
+      @Override
+      public Void invoke() throws AmbariException, AuthorizationException {
+        deleteUserAuthenticationSources(requests);
+        return null;
+      }
+    });
+
+    return getRequestStatus(null);
+  }
+
+  private UserAuthenticationSourceRequest getRequest(Map<String, Object> properties) {
+    String username;
+    Long sourceId;
+    UserAuthenticationType authenticationType;
+    String key;
+    String oldKey;
+
+    if (properties == null) {
+      username = null;
+      sourceId = null;
+      authenticationType = null;
+      key = null;
+      oldKey = null;
+    } else {
+      String tmp;
+
+      username = (String) properties.get(AUTHENTICATION_USER_NAME_PROPERTY_ID);
+      key = (String) properties.get(AUTHENTICATION_KEY_PROPERTY_ID);
+      oldKey = (String) properties.get(AUTHENTICATION_OLD_KEY_PROPERTY_ID);
+
+      tmp = (String) properties.get(AUTHENTICATION_AUTHENTICATION_SOURCE_ID_PROPERTY_ID);
+
+      if (StringUtils.isEmpty(tmp)) {
+        sourceId = null;
+      } else {
+        sourceId = Long.parseLong(tmp);
+      }
+
+      tmp = (String) properties.get(AUTHENTICATION_AUTHENTICATION_TYPE_PROPERTY_ID);
+      if (StringUtils.isEmpty(tmp)) {
+        authenticationType = null;
+      } else {
+        authenticationType = UserAuthenticationType.valueOf(tmp.trim().toUpperCase());
+      }
+    }
+
+    return new UserAuthenticationSourceRequest(username, sourceId, authenticationType, key, oldKey);
+  }
+
+  /**
+   * Creates user authentication sources.
+   *
+   * @param requests the request objects which define the user authentication source.
+   * @throws AmbariException when the user authentication source cannot be created.
+   */
+  private void createUserAuthenticationSources(Set<UserAuthenticationSourceRequest> requests) throws AmbariException {
+    for (UserAuthenticationSourceRequest request : requests) {
+      String username = request.getUsername();
+      if (StringUtils.isEmpty(username)) {
+        throw new AmbariException("Username must be supplied.");
+      }
+
+      UserAuthenticationType authenticationType = request.getAuthenticationType();
+      if (authenticationType == null) {
+        throw new AmbariException("A value authentication type must be supplied.");
+      }
+
+      UserEntity userEntity = users.getUserEntity(username);
+      if (userEntity == null) {
+        throw new AmbariException("There is no user with the supplied username");
+      }
+
+      users.addAuthentication(userEntity, authenticationType, request.getKey());
+    }
+  }
+
+  /**
+   * Gets the users authentication sources identified by the given request objects.
+   *
+   * @param requests the request objects
+   * @return a set of user responses
+   * @throws AmbariException if the user authentication sources could not be read
+   */
+  private Set<UserAuthenticationSourceResponse> getUserAuthenticationSources(Set<UserAuthenticationSourceRequest> requests)
+      throws AmbariException, AuthorizationException {
+
+    Set<UserAuthenticationSourceResponse> responses = new HashSet<>();
+
+    for (UserAuthenticationSourceRequest request : requests) {
+
+      String requestedUsername = request.getUsername();
+      String authenticatedUsername = AuthorizationHelper.getAuthenticatedName();
+
+      // A user authentication source resource may be retrieved by an administrator or the same user.
+      if (!AuthorizationHelper.isAuthorized(ResourceType.AMBARI, null, RoleAuthorization.AMBARI_MANAGE_USERS)) {
+        if (null == requestedUsername) {
+          // Since the authenticated user is not the administrator, force only that user's resource
+          // to be returned
+          requestedUsername = authenticatedUsername;
+        } else if (!requestedUsername.equalsIgnoreCase(authenticatedUsername)) {
+          // Since the authenticated user is not the administrator and is asking for a different user,
+          // throw an AuthorizationException
+          throw new AuthorizationException();
+        }
+      }
+
+      Collection<UserAuthenticationEntity> authenticationEntities = users.getUserAuthenticationEntities(requestedUsername, request.getAuthenticationType());
+      if (authenticationEntities != null) {
+        for (UserAuthenticationEntity authenticationEntity : authenticationEntities) {
+          responses.add(createUserAuthenticationSourceResponse(authenticationEntity));
+        }
+      }
+    }
+
+    return responses;
+  }
+
+  /**
+   * Delete the users authentication sources identified by the given request objects.
+   * <p>
+   * It ia assumed that the user has previously been authorized to perform this operation.
+   *
+   * @param requests the request objects
+   * @throws AmbariException if the user authentication sources could not be read
+   */
+  private void deleteUserAuthenticationSources(Set<UserAuthenticationSourceRequest> requests)
+      throws AmbariException, AuthorizationException {
+
+    for (UserAuthenticationSourceRequest r : requests) {
+      String username = r.getUsername();
+      Long sourceId = r.getSourceId();
+      if (!StringUtils.isEmpty(username) && (sourceId != null)) {
+        users.removeAuthentication(username, sourceId);
+      }
+    }
+  }
+
+  private void updateUserAuthenticationSources(Set<UserAuthenticationSourceRequest> requests) throws AuthorizationException, AmbariException {
+
+    Integer authenticatedUserId = AuthorizationHelper.getAuthenticatedId();
+
+
+    for (UserAuthenticationSourceRequest request : requests) {
+      String requestedUsername = request.getUsername();
+
+      UserEntity userEntity = users.getUserEntity(requestedUsername);
+      if (null == userEntity) {
+        continue;
+      }
+
+      boolean isSelf = authenticatedUserId.equals(userEntity.getUserId());
+      /* **************************************************
+       * Ensure that the authenticated user can change the password for the subject user. At least one
+       * of the following must be true
+       *  * The authenticate user is requesting to change his/her own password for a local authentication source
+       *  * The authenticated user has permissions to manage users
+       *  ************************************************** */
+      if (!isSelf && !AuthorizationHelper.isAuthorized(ResourceType.AMBARI, null, RoleAuthorization.AMBARI_MANAGE_USERS)) {
+        throw new AuthorizationException("You are not authorized perform this operation");
+      }
+
+      UserAuthenticationEntity userAuthenticationEntity = null;
+      Long sourceId = request.getSourceId();
+
+      if (sourceId != null) {
+        List<UserAuthenticationEntity> authenticationEntities = userEntity.getAuthenticationEntities();
+        // Find the relevant authentication entity...
+        for (UserAuthenticationEntity authenticationEntity : authenticationEntities) {
+          if (sourceId.equals(authenticationEntity.getUserAuthenticationId())) {
+            userAuthenticationEntity = authenticationEntity;
+            break;
+          }
+        }
+      }
+
+      if (userAuthenticationEntity == null) {
+        // The requested authentication record was not found....
+        throw new ResourceNotFoundException("The requested authentication source was not found.");
+      }
+
+      // If the authentication_type is set, use it to verify that the found authentication source matches it...
+      if ((request.getAuthenticationType() != null) && (request.getAuthenticationType() != userAuthenticationEntity.getAuthenticationType())) {
+        throw new ResourceNotFoundException("The requested authentication source was not found - mismatch on authentication type");
+      }
+
+      users.modifyAuthentication(userAuthenticationEntity, request.getOldKey(), request.getKey(), isSelf);
+    }
+  }
+
+  private UserAuthenticationSourceResponse createUserAuthenticationSourceResponse(UserAuthenticationEntity entity) {
+    return new UserAuthenticationSourceResponse(entity.getUser().getUserName(),
+        entity.getUserAuthenticationId(),
+        entity.getAuthenticationType(),
+        entity.getAuthenticationKey(),
+        entity.getCreateTime(),
+        entity.getUpdateTime());
+  }
+
+
+  /**
+   * Translate the Response into a Resource
+   *
+   * @param response     {@link PrivilegeResponse}
+   * @param requestedIds the relevant request ids
+   * @return a resource
+   */
+  private Resource toResource(UserAuthenticationSourceResponse response, Set<String> requestedIds) {
+    final ResourceImpl resource = new ResourceImpl(Resource.Type.UserAuthenticationSource);
+
+    setResourceProperty(resource, AUTHENTICATION_USER_NAME_PROPERTY_ID, response.getUserName(), requestedIds);
+    setResourceProperty(resource, AUTHENTICATION_AUTHENTICATION_SOURCE_ID_PROPERTY_ID, response.getSourceId(), requestedIds);
+    setResourceProperty(resource, AUTHENTICATION_AUTHENTICATION_TYPE_PROPERTY_ID, response.getAuthenticationType().name(), requestedIds);
+    setResourceProperty(resource, AUTHENTICATION_CREATED_PROPERTY_ID, response.getCreateTime(), requestedIds);
+    setResourceProperty(resource, AUTHENTICATION_UPDATED_PROPERTY_ID, response.getUpdateTime(), requestedIds);
+
+    // NOTE, AUTHENTICATION_KEY_PROPERTY_ID is not being returned here since we don't want to return
+    // any sensitive information.  Once set that data should stay internal to Ambari.
+
+    return resource;
+  }
+}
\ No newline at end of file


Mime
View raw message