From fd2615e89562047daa004851015270007c6de746 Mon Sep 17 00:00:00 2001 From: prithvip Date: Wed, 28 Aug 2024 22:07:55 -0700 Subject: [PATCH] Add support for AuthorizedIdentity JWT claim --- presto-main/pom.xml | 1 - .../server/HttpRequestSessionContext.java | 10 ++ .../presto/server/QuerySessionSupplier.java | 3 +- .../presto/server/SessionContext.java | 6 ++ .../security/JsonWebTokenAuthenticator.java | 17 ++- .../server/security/ServletSecurityUtils.java | 37 +++++++ .../presto/server/MockHttpServletRequest.java | 6 +- .../server/TestHttpRequestSessionContext.java | 20 ++++ .../server/TestQuerySessionSupplier.java | 7 +- .../TestJsonWebTokenAuthenticator.java | 101 ++++++++++++++++++ .../spi/security/AuthorizedIdentity.java | 42 +++++++- 11 files changed, 241 insertions(+), 9 deletions(-) create mode 100644 presto-main/src/main/java/com/facebook/presto/server/security/ServletSecurityUtils.java create mode 100644 presto-main/src/test/java/com/facebook/presto/server/security/TestJsonWebTokenAuthenticator.java diff --git a/presto-main/pom.xml b/presto-main/pom.xml index f70774526669..2134ebca1e3a 100644 --- a/presto-main/pom.xml +++ b/presto-main/pom.xml @@ -369,7 +369,6 @@ io.jsonwebtoken jjwt-jackson - runtime diff --git a/presto-main/src/main/java/com/facebook/presto/server/HttpRequestSessionContext.java b/presto-main/src/main/java/com/facebook/presto/server/HttpRequestSessionContext.java index d98e6e431040..6fc8b9efbd66 100644 --- a/presto-main/src/main/java/com/facebook/presto/server/HttpRequestSessionContext.java +++ b/presto-main/src/main/java/com/facebook/presto/server/HttpRequestSessionContext.java @@ -20,6 +20,7 @@ import com.facebook.presto.metadata.SessionPropertyManager; import com.facebook.presto.spi.function.SqlFunctionId; import com.facebook.presto.spi.function.SqlInvokedFunction; +import com.facebook.presto.spi.security.AuthorizedIdentity; import com.facebook.presto.spi.security.Identity; import com.facebook.presto.spi.security.SelectedRole; import com.facebook.presto.spi.session.ResourceEstimates; @@ -76,6 +77,7 @@ import static com.facebook.presto.client.PrestoHeaders.PRESTO_TRACE_TOKEN; import static com.facebook.presto.client.PrestoHeaders.PRESTO_TRANSACTION_ID; import static com.facebook.presto.client.PrestoHeaders.PRESTO_USER; +import static com.facebook.presto.server.security.ServletSecurityUtils.authorizedIdentity; import static com.facebook.presto.sql.parser.ParsingOptions.DecimalLiteralTreatment.AS_DOUBLE; import static com.google.common.base.Strings.emptyToNull; import static com.google.common.base.Strings.isNullOrEmpty; @@ -99,6 +101,7 @@ public final class HttpRequestSessionContext private final String schema; private final Identity identity; + private final Optional authorizedIdentity; private final List certificates; private final String source; @@ -155,6 +158,7 @@ public HttpRequestSessionContext(HttpServletRequest servletRequest, SqlParserOpt ImmutableMap.of(), Optional.empty(), Optional.empty()); + authorizedIdentity = authorizedIdentity(servletRequest); X509Certificate[] certs = (X509Certificate[]) servletRequest.getAttribute(X509_ATTRIBUTE); if (certs != null && certs.length > 0) { @@ -404,6 +408,12 @@ public Identity getIdentity() return identity; } + @Override + public Optional getAuthorizedIdentity() + { + return authorizedIdentity; + } + @Override public List getCertificates() { diff --git a/presto-main/src/main/java/com/facebook/presto/server/QuerySessionSupplier.java b/presto-main/src/main/java/com/facebook/presto/server/QuerySessionSupplier.java index 8a36bc390d71..2d4062f56abe 100644 --- a/presto-main/src/main/java/com/facebook/presto/server/QuerySessionSupplier.java +++ b/presto-main/src/main/java/com/facebook/presto/server/QuerySessionSupplier.java @@ -138,7 +138,8 @@ else if (context.getTimeZoneId() != null) { private Identity authenticateIdentity(QueryId queryId, SessionContext context) { checkPermissions(accessControl, securityConfig, queryId, context); - Optional authorizedIdentity = getAuthorizedIdentity(accessControl, securityConfig, queryId, context); + Optional authorizedIdentity = context.getAuthorizedIdentity(); + authorizedIdentity = authorizedIdentity.isPresent() ? authorizedIdentity : getAuthorizedIdentity(accessControl, securityConfig, queryId, context); return authorizedIdentity.map(identity -> new Identity( context.getIdentity().getUser(), diff --git a/presto-main/src/main/java/com/facebook/presto/server/SessionContext.java b/presto-main/src/main/java/com/facebook/presto/server/SessionContext.java index 705707b5c30d..d40bb1548237 100644 --- a/presto-main/src/main/java/com/facebook/presto/server/SessionContext.java +++ b/presto-main/src/main/java/com/facebook/presto/server/SessionContext.java @@ -17,6 +17,7 @@ import com.facebook.presto.common.transaction.TransactionId; import com.facebook.presto.spi.function.SqlFunctionId; import com.facebook.presto.spi.function.SqlInvokedFunction; +import com.facebook.presto.spi.security.AuthorizedIdentity; import com.facebook.presto.spi.security.Identity; import com.facebook.presto.spi.session.ResourceEstimates; import com.facebook.presto.spi.tracing.Tracer; @@ -34,6 +35,11 @@ public interface SessionContext { Identity getIdentity(); + default Optional getAuthorizedIdentity() + { + return Optional.empty(); + } + default List getCertificates() { return ImmutableList.of(); diff --git a/presto-main/src/main/java/com/facebook/presto/server/security/JsonWebTokenAuthenticator.java b/presto-main/src/main/java/com/facebook/presto/server/security/JsonWebTokenAuthenticator.java index 8acde3d6331e..a8a209762f81 100644 --- a/presto-main/src/main/java/com/facebook/presto/server/security/JsonWebTokenAuthenticator.java +++ b/presto-main/src/main/java/com/facebook/presto/server/security/JsonWebTokenAuthenticator.java @@ -17,7 +17,9 @@ import com.facebook.airlift.http.server.Authenticator; import com.facebook.airlift.http.server.BasicPrincipal; import com.facebook.airlift.security.pem.PemReader; +import com.facebook.presto.spi.security.AuthorizedIdentity; import com.google.common.base.CharMatcher; +import com.google.common.collect.ImmutableMap; import io.jsonwebtoken.Claims; import io.jsonwebtoken.Jws; import io.jsonwebtoken.JwsHeader; @@ -28,6 +30,7 @@ import io.jsonwebtoken.SignatureException; import io.jsonwebtoken.SigningKeyResolver; import io.jsonwebtoken.UnsupportedJwtException; +import io.jsonwebtoken.jackson.io.JacksonDeserializer; import javax.crypto.spec.SecretKeySpec; import javax.inject.Inject; @@ -41,6 +44,8 @@ import java.util.concurrent.ConcurrentMap; import java.util.function.Function; +import static com.facebook.presto.server.security.ServletSecurityUtils.AUTHORIZED_IDENTITY_ATTRIBUTE; +import static com.facebook.presto.server.security.ServletSecurityUtils.setAuthorizedIdentity; import static com.google.common.base.CharMatcher.inRange; import static com.google.common.base.Preconditions.checkArgument; import static com.google.common.base.Strings.nullToEmpty; @@ -73,7 +78,8 @@ public JsonWebTokenAuthenticator(JsonWebTokenConfig config) keyLoader = new StaticKeyLoader(config.getKeyFile()); } - JwtParser jwtParser = Jwts.parser() + JwtParser jwtParser = Jwts.parserBuilder() + .deserializeJsonWith(new JacksonDeserializer<>(ImmutableMap.of(AUTHORIZED_IDENTITY_ATTRIBUTE, AuthorizedIdentity.class))) .setSigningKeyResolver(new SigningKeyResolver() { // interface uses raw types and this can not be fixed here @@ -90,7 +96,8 @@ public Key resolveSigningKey(JwsHeader header, String plaintext) { return keyLoader.apply(header); } - }); + }) + .build(); if (config.getRequiredIssuer() != null) { jwtParser.requireIssuer(config.getRequiredIssuer()); @@ -118,6 +125,12 @@ public Principal authenticate(HttpServletRequest request) try { Jws claimsJws = jwtParser.parseClaimsJws(token); + + AuthorizedIdentity authorizedIdentity = claimsJws.getBody().get(AUTHORIZED_IDENTITY_ATTRIBUTE, AuthorizedIdentity.class); + if (authorizedIdentity != null) { + setAuthorizedIdentity(request, authorizedIdentity); + } + String subject = claimsJws.getBody().getSubject(); return new BasicPrincipal(subject); } diff --git a/presto-main/src/main/java/com/facebook/presto/server/security/ServletSecurityUtils.java b/presto-main/src/main/java/com/facebook/presto/server/security/ServletSecurityUtils.java new file mode 100644 index 000000000000..950f5a19d1cc --- /dev/null +++ b/presto-main/src/main/java/com/facebook/presto/server/security/ServletSecurityUtils.java @@ -0,0 +1,37 @@ +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.facebook.presto.server.security; + +import com.facebook.presto.spi.security.AuthorizedIdentity; + +import javax.servlet.http.HttpServletRequest; + +import java.util.Optional; + +public class ServletSecurityUtils +{ + public static final String AUTHORIZED_IDENTITY_ATTRIBUTE = "presto.authorized-identity"; + + private ServletSecurityUtils() {} + + public static void setAuthorizedIdentity(HttpServletRequest servletRequest, AuthorizedIdentity authorizedIdentity) + { + servletRequest.setAttribute(AUTHORIZED_IDENTITY_ATTRIBUTE, authorizedIdentity); + } + + public static Optional authorizedIdentity(HttpServletRequest servletRequest) + { + return Optional.ofNullable((AuthorizedIdentity) servletRequest.getAttribute(AUTHORIZED_IDENTITY_ATTRIBUTE)); + } +} diff --git a/presto-main/src/test/java/com/facebook/presto/server/MockHttpServletRequest.java b/presto-main/src/test/java/com/facebook/presto/server/MockHttpServletRequest.java index ff27812a26a7..d43b34dd4eef 100644 --- a/presto-main/src/test/java/com/facebook/presto/server/MockHttpServletRequest.java +++ b/presto-main/src/test/java/com/facebook/presto/server/MockHttpServletRequest.java @@ -14,7 +14,6 @@ package com.facebook.presto.server; import com.google.common.collect.ImmutableListMultimap; -import com.google.common.collect.ImmutableMap; import com.google.common.collect.ListMultimap; import javax.servlet.AsyncContext; @@ -35,6 +34,7 @@ import java.security.Principal; import java.util.Collection; import java.util.Enumeration; +import java.util.HashMap; import java.util.Locale; import java.util.Map; @@ -53,7 +53,7 @@ public MockHttpServletRequest(ListMultimap headers, String remot { this.headers = ImmutableListMultimap.copyOf(requireNonNull(headers, "headers is null")); this.remoteAddress = requireNonNull(remoteAddress, "remoteAddress is null"); - this.attributes = ImmutableMap.copyOf(requireNonNull(attributes, "attributes is null")); + this.attributes = new HashMap<>(requireNonNull(attributes, "attributes is null")); } @Override @@ -371,7 +371,7 @@ public String getRemoteHost() @Override public void setAttribute(String name, Object o) { - throw new UnsupportedOperationException(); + attributes.put(name, o); } @Override diff --git a/presto-main/src/test/java/com/facebook/presto/server/TestHttpRequestSessionContext.java b/presto-main/src/test/java/com/facebook/presto/server/TestHttpRequestSessionContext.java index ee633cf2aeed..221950a2de9d 100644 --- a/presto-main/src/test/java/com/facebook/presto/server/TestHttpRequestSessionContext.java +++ b/presto-main/src/test/java/com/facebook/presto/server/TestHttpRequestSessionContext.java @@ -20,6 +20,7 @@ import com.facebook.presto.spi.function.RoutineCharacteristics; import com.facebook.presto.spi.function.SqlFunctionId; import com.facebook.presto.spi.function.SqlInvokedFunction; +import com.facebook.presto.spi.security.AuthorizedIdentity; import com.facebook.presto.spi.security.Identity; import com.facebook.presto.spi.security.SelectedRole; import com.facebook.presto.sql.parser.IdentifierSymbol; @@ -55,6 +56,7 @@ import static com.facebook.presto.client.PrestoHeaders.PRESTO_USER; import static com.facebook.presto.common.type.StandardTypes.INTEGER; import static com.facebook.presto.common.type.TypeSignature.parseTypeSignature; +import static com.facebook.presto.server.security.ServletSecurityUtils.AUTHORIZED_IDENTITY_ATTRIBUTE; import static com.facebook.presto.spi.function.FunctionVersion.notVersioned; import static com.facebook.presto.spi.function.RoutineCharacteristics.Determinism.DETERMINISTIC; import static com.facebook.presto.spi.function.RoutineCharacteristics.NullCallClause.RETURNS_NULL_ON_NULL_INPUT; @@ -211,6 +213,24 @@ public void testExtraCredentials() .build()); } + @Test + public void testAuthorizedIdentity() + { + AuthorizedIdentity authorizedIdentity = new AuthorizedIdentity("username", "reasonForSelect", false); + HttpServletRequest request = new MockHttpServletRequest( + ImmutableListMultimap.builder() + .put(PRESTO_USER, "testUser") + .put(PRESTO_SOURCE, "testSource") + .put(PRESTO_CATALOG, "testCatalog") + .put(PRESTO_SCHEMA, "testSchema") + .build(), + "testRemote", + ImmutableMap.of(AUTHORIZED_IDENTITY_ATTRIBUTE, authorizedIdentity)); + + HttpRequestSessionContext context = new HttpRequestSessionContext(request, new SqlParserOptions()); + assertEquals(context.getAuthorizedIdentity(), Optional.of(authorizedIdentity)); + } + protected static String urlEncode(String value) { try { diff --git a/presto-main/src/test/java/com/facebook/presto/server/TestQuerySessionSupplier.java b/presto-main/src/test/java/com/facebook/presto/server/TestQuerySessionSupplier.java index 62abaef88bb9..e8c4d37ca8c7 100644 --- a/presto-main/src/test/java/com/facebook/presto/server/TestQuerySessionSupplier.java +++ b/presto-main/src/test/java/com/facebook/presto/server/TestQuerySessionSupplier.java @@ -24,6 +24,7 @@ import com.facebook.presto.spi.function.SqlFunctionId; import com.facebook.presto.spi.function.SqlInvokedFunction; import com.facebook.presto.spi.security.AllowAllAccessControl; +import com.facebook.presto.spi.security.AuthorizedIdentity; import com.facebook.presto.sql.SqlEnvironmentConfig; import com.facebook.presto.sql.parser.SqlParserOptions; import com.google.common.collect.ImmutableListMultimap; @@ -54,6 +55,7 @@ import static com.facebook.presto.server.TestHttpRequestSessionContext.createFunctionAdd; import static com.facebook.presto.server.TestHttpRequestSessionContext.createSqlFunctionIdAdd; import static com.facebook.presto.server.TestHttpRequestSessionContext.urlEncode; +import static com.facebook.presto.server.security.ServletSecurityUtils.AUTHORIZED_IDENTITY_ATTRIBUTE; import static com.facebook.presto.transaction.InMemoryTransactionManager.createTestTransactionManager; import static java.lang.String.format; import static org.testng.Assert.assertEquals; @@ -64,6 +66,7 @@ public class TestQuerySessionSupplier private static final SqlInvokedFunction SQL_FUNCTION_ADD = createFunctionAdd(); private static final String SERIALIZED_SQL_FUNCTION_ID_ADD = jsonCodec(SqlFunctionId.class).toJson(SQL_FUNCTION_ID_ADD); private static final String SERIALIZED_SQL_FUNCTION_ADD = jsonCodec(SqlInvokedFunction.class).toJson(SQL_FUNCTION_ADD); + private static final AuthorizedIdentity AUTHORIZED_IDENTITY = new AuthorizedIdentity("userName", "reasonForSelect", false); private static final HttpServletRequest TEST_REQUEST = new MockHttpServletRequest( ImmutableListMultimap.builder() @@ -81,7 +84,7 @@ public class TestQuerySessionSupplier .put(PRESTO_SESSION_FUNCTION, format("%s=%s", urlEncode(SERIALIZED_SQL_FUNCTION_ID_ADD), urlEncode(SERIALIZED_SQL_FUNCTION_ADD))) .build(), "testRemote", - ImmutableMap.of()); + ImmutableMap.of(AUTHORIZED_IDENTITY_ATTRIBUTE, AUTHORIZED_IDENTITY)); @Test public void testCreateSession() @@ -123,6 +126,8 @@ public WarningCollector create(WarningHandlingLevel warningHandlingLevel) .put("query2", "select * from bar") .build()); assertEquals(session.getSessionFunctions(), ImmutableMap.of(SQL_FUNCTION_ID_ADD, SQL_FUNCTION_ADD)); + assertEquals(session.getIdentity().getSelectedUser().get(), AUTHORIZED_IDENTITY.getUserName()); + assertEquals(session.getIdentity().getReasonForSelect(), AUTHORIZED_IDENTITY.getReasonForSelect()); } @Test diff --git a/presto-main/src/test/java/com/facebook/presto/server/security/TestJsonWebTokenAuthenticator.java b/presto-main/src/test/java/com/facebook/presto/server/security/TestJsonWebTokenAuthenticator.java new file mode 100644 index 000000000000..761ac37033c9 --- /dev/null +++ b/presto-main/src/test/java/com/facebook/presto/server/security/TestJsonWebTokenAuthenticator.java @@ -0,0 +1,101 @@ +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.facebook.presto.server.security; + +import com.facebook.airlift.http.server.AuthenticationException; +import com.facebook.presto.server.MockHttpServletRequest; +import com.facebook.presto.spi.security.AuthorizedIdentity; +import com.google.common.collect.ImmutableListMultimap; +import com.google.common.collect.ImmutableMap; +import com.google.common.io.Files; +import io.jsonwebtoken.Jwts; +import org.testng.annotations.AfterTest; +import org.testng.annotations.BeforeTest; +import org.testng.annotations.Test; + +import javax.servlet.http.HttpServletRequest; + +import java.io.IOException; +import java.nio.file.Path; +import java.security.Principal; + +import static com.facebook.presto.server.security.ServletSecurityUtils.AUTHORIZED_IDENTITY_ATTRIBUTE; +import static com.facebook.presto.server.security.ServletSecurityUtils.authorizedIdentity; +import static com.facebook.presto.testing.assertions.Assert.assertEquals; +import static com.google.common.io.Files.createTempDir; +import static com.google.common.io.MoreFiles.deleteRecursively; +import static com.google.common.io.RecursiveDeleteOption.ALLOW_INSECURE; +import static com.google.common.net.HttpHeaders.AUTHORIZATION; +import static io.jsonwebtoken.JwsHeader.KEY_ID; +import static io.jsonwebtoken.SignatureAlgorithm.HS256; +import static io.jsonwebtoken.security.Keys.secretKeyFor; +import static java.nio.file.Files.readAllBytes; +import static java.util.Base64.getMimeDecoder; +import static java.util.Base64.getMimeEncoder; + +public class TestJsonWebTokenAuthenticator +{ + private static final String KEY_ID_FOO = "foo"; + private static final String TEST_PRINCIPAL = "testPrincipal"; + + private Path temporaryDirectory; + private Path keyFile; + private JsonWebTokenConfig jsonWebTokenConfig; + + @BeforeTest + public void setup() + throws IOException + { + temporaryDirectory = createTempDir().toPath(); + keyFile = temporaryDirectory.resolve(KEY_ID_FOO + ".key"); + byte[] key = getMimeEncoder().encode(secretKeyFor(HS256).getEncoded()); + Files.write(key, keyFile.toFile()); + jsonWebTokenConfig = new JsonWebTokenConfig().setKeyFile(keyFile.toAbsolutePath().toString()); + } + + @AfterTest(alwaysRun = true) + public void cleanup() + throws IOException + { + deleteRecursively(temporaryDirectory, ALLOW_INSECURE); + } + + @Test + public void testJsonWebTokenWithAuthorizedUserClaim() + throws IOException, AuthenticationException + { + AuthorizedIdentity authorizedIdentity = new AuthorizedIdentity("user", "reasonForSelect", false); + String jsonWebToken = createJsonWebToken(keyFile, TEST_PRINCIPAL, authorizedIdentity); + HttpServletRequest request = new MockHttpServletRequest( + ImmutableListMultimap.of(AUTHORIZATION, "Bearer " + jsonWebToken), + "remoteAddress", + ImmutableMap.of()); + Principal principal = new JsonWebTokenAuthenticator(jsonWebTokenConfig).authenticate(request); + + assertEquals(principal.getName(), TEST_PRINCIPAL); + assertEquals(authorizedIdentity(request).get(), authorizedIdentity); + } + + private static String createJsonWebToken(Path keyFile, String principal, AuthorizedIdentity authorizedIdentity) + throws IOException + { + byte[] key = getMimeDecoder().decode(readAllBytes(keyFile.toAbsolutePath())); + return Jwts.builder() + .signWith(HS256, key) + .setHeaderParam(KEY_ID, KEY_ID_FOO) + .setSubject(principal) + .claim(AUTHORIZED_IDENTITY_ATTRIBUTE, authorizedIdentity) + .compact(); + } +} diff --git a/presto-spi/src/main/java/com/facebook/presto/spi/security/AuthorizedIdentity.java b/presto-spi/src/main/java/com/facebook/presto/spi/security/AuthorizedIdentity.java index fa483419cf12..9b0e5fa5da9a 100644 --- a/presto-spi/src/main/java/com/facebook/presto/spi/security/AuthorizedIdentity.java +++ b/presto-spi/src/main/java/com/facebook/presto/spi/security/AuthorizedIdentity.java @@ -13,6 +13,10 @@ */ package com.facebook.presto.spi.security; +import com.fasterxml.jackson.annotation.JsonCreator; +import com.fasterxml.jackson.annotation.JsonProperty; + +import java.util.Objects; import java.util.Optional; import static java.util.Objects.requireNonNull; @@ -23,13 +27,18 @@ public class AuthorizedIdentity private final Optional reasonForSelect; private final Optional delegationCheckResult; - public AuthorizedIdentity(String userName, String reasonForSelect, Boolean delegationCheckResult) + @JsonCreator + public AuthorizedIdentity( + @JsonProperty("userName") String userName, + @JsonProperty("reasonForSelect") String reasonForSelect, + @JsonProperty("delegationCheckResult") Boolean delegationCheckResult) { this.userName = requireNonNull(userName, "userName is null"); this.reasonForSelect = Optional.ofNullable(reasonForSelect); this.delegationCheckResult = Optional.ofNullable(delegationCheckResult); } + @JsonProperty("userName") public String getUserName() { return userName; @@ -40,8 +49,39 @@ public Optional getReasonForSelect() return reasonForSelect; } + @JsonProperty("reasonForSelect") + public String getReasonForSelectValue() + { + return reasonForSelect.orElse(null); + } + public Optional getDelegationCheckResult() { return delegationCheckResult; } + + @JsonProperty("delegationCheckResult") + public Boolean getDelegationCheckResultValue() + { + return delegationCheckResult.orElse(null); + } + + @Override + public boolean equals(Object o) + { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + AuthorizedIdentity that = (AuthorizedIdentity) o; + return Objects.equals(userName, that.userName) && Objects.equals(reasonForSelect, that.reasonForSelect) && Objects.equals(delegationCheckResult, that.delegationCheckResult); + } + + @Override + public int hashCode() + { + return Objects.hash(userName, reasonForSelect, delegationCheckResult); + } }