Examples with AuthenticatorMapper org.apache.druid.server.security.AuthenticatorMapper used on opensource projects

Example 1 with AuthenticatorMapper

use of org.apache.druid.server.security.AuthenticatorMapper in project druid by druid-io.

the class MiddleManagerJettyServerInitializer method initialize.

@Override
public void initialize(Server server, Injector injector) {
    final ServletContextHandler root = new ServletContextHandler(ServletContextHandler.SESSIONS);
    root.addServlet(new ServletHolder(new DefaultServlet()), "/*");
    final AuthConfig authConfig = injector.getInstance(AuthConfig.class);
    final ObjectMapper jsonMapper = injector.getInstance(Key.get(ObjectMapper.class, Json.class));
    final AuthenticatorMapper authenticatorMapper = injector.getInstance(AuthenticatorMapper.class);
    AuthenticationUtils.addSecuritySanityCheckFilter(root, jsonMapper);
    // perform no-op authorization/authentication for these resources
    AuthenticationUtils.addNoopAuthenticationAndAuthorizationFilters(root, UNSECURED_PATHS);
    AuthenticationUtils.addNoopAuthenticationAndAuthorizationFilters(root, authConfig.getUnsecuredPaths());
    final List<Authenticator> authenticators = authenticatorMapper.getAuthenticatorChain();
    AuthenticationUtils.addAuthenticationFilterChain(root, authenticators);
    AuthenticationUtils.addAllowOptionsFilter(root, authConfig.isAllowUnauthenticatedHttpOptions());
    JettyServerInitUtils.addAllowHttpMethodsFilter(root, serverConfig.getAllowedHttpMethods());
    JettyServerInitUtils.addExtensionFilters(root, injector);
    // Check that requests were authorized before sending responses
    AuthenticationUtils.addPreResponseAuthorizationCheckFilter(root, authenticators, jsonMapper);
    root.addFilter(GuiceFilter.class, "/*", null);
    final HandlerList handlerList = new HandlerList();
    handlerList.setHandlers(new Handler[] { JettyServerInitUtils.getJettyRequestLogHandler(), JettyServerInitUtils.wrapWithDefaultGzipHandler(root, serverConfig.getInflateBufferSize(), serverConfig.getCompressionLevel()), new DefaultHandler() });
    server.setHandler(handlerList);
}

Example 2 with AuthenticatorMapper

use of org.apache.druid.server.security.AuthenticatorMapper in project druid by druid-io.

the class QueryJettyServerInitializer method initialize.

@Override
public void initialize(Server server, Injector injector) {
    final ServletContextHandler root = new ServletContextHandler(ServletContextHandler.SESSIONS);
    root.addServlet(new ServletHolder(new DefaultServlet()), "/*");
    // Add LimitRequestsFilter as first in the chain if enabled.
    if (serverConfig.isEnableRequestLimit()) {
        // To reject xth request, limit should be set to x-1 because (x+1)st request wouldn't reach filter
        // but rather wait on jetty queue.
        Preconditions.checkArgument(serverConfig.getNumThreads() > 1, "numThreads must be > 1 to enable Request Limit Filter.");
        log.info("Enabling Request Limit Filter with limit [%d].", serverConfig.getNumThreads() - 1);
        root.addFilter(new FilterHolder(new LimitRequestsFilter(serverConfig.getNumThreads() - 1)), "/*", null);
    }
    final ObjectMapper jsonMapper = injector.getInstance(Key.get(ObjectMapper.class, Json.class));
    final AuthenticatorMapper authenticatorMapper = injector.getInstance(AuthenticatorMapper.class);
    AuthenticationUtils.addSecuritySanityCheckFilter(root, jsonMapper);
    // perform no-op authorization for these resources
    AuthenticationUtils.addNoopAuthenticationAndAuthorizationFilters(root, UNSECURED_PATHS);
    AuthenticationUtils.addNoopAuthenticationAndAuthorizationFilters(root, authConfig.getUnsecuredPaths());
    List<Authenticator> authenticators = authenticatorMapper.getAuthenticatorChain();
    AuthenticationUtils.addAuthenticationFilterChain(root, authenticators);
    AuthenticationUtils.addAllowOptionsFilter(root, authConfig.isAllowUnauthenticatedHttpOptions());
    JettyServerInitUtils.addAllowHttpMethodsFilter(root, serverConfig.getAllowedHttpMethods());
    JettyServerInitUtils.addExtensionFilters(root, injector);
    // Check that requests were authorized before sending responses
    AuthenticationUtils.addPreResponseAuthorizationCheckFilter(root, authenticators, jsonMapper);
    root.addFilter(GuiceFilter.class, "/*", null);
    final HandlerList handlerList = new HandlerList();
    // Do not change the order of the handlers that have already been added
    for (Handler handler : server.getHandlers()) {
        handlerList.addHandler(handler);
    }
    handlerList.addHandler(JettyServerInitUtils.getJettyRequestLogHandler());
    // Add all extension handlers
    for (Handler handler : extensionHandlers) {
        handlerList.addHandler(handler);
    }
    // Add Gzip handler at the very end
    handlerList.addHandler(JettyServerInitUtils.wrapWithDefaultGzipHandler(root, serverConfig.getInflateBufferSize(), serverConfig.getCompressionLevel()));
    final StatisticsHandler statisticsHandler = new StatisticsHandler();
    statisticsHandler.setHandler(handlerList);
    server.setHandler(statisticsHandler);
}

Example 3 with AuthenticatorMapper

use of org.apache.druid.server.security.AuthenticatorMapper in project druid by druid-io.

the class AsyncQueryForwardingServletTest method testHandleExceptionWithFilterDisabled.

@Test
public void testHandleExceptionWithFilterDisabled() throws Exception {
    String errorMessage = "test exception message";
    ObjectMapper mockMapper = Mockito.mock(ObjectMapper.class);
    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
    ServletOutputStream outputStream = Mockito.mock(ServletOutputStream.class);
    Mockito.when(response.getOutputStream()).thenReturn(outputStream);
    final AsyncQueryForwardingServlet servlet = new AsyncQueryForwardingServlet(new MapQueryToolChestWarehouse(ImmutableMap.of()), mockMapper, TestHelper.makeSmileMapper(), null, null, null, new NoopServiceEmitter(), new NoopRequestLogger(), new DefaultGenericQueryMetricsFactory(), new AuthenticatorMapper(ImmutableMap.of()), new Properties(), new ServerConfig());
    Exception testException = new IllegalStateException(errorMessage);
    servlet.handleException(response, mockMapper, testException);
    ArgumentCaptor<Exception> captor = ArgumentCaptor.forClass(Exception.class);
    Mockito.verify(mockMapper).writeValue(ArgumentMatchers.eq(outputStream), captor.capture());
    Assert.assertTrue(captor.getValue() instanceof QueryException);
    Assert.assertEquals(QueryInterruptedException.UNKNOWN_EXCEPTION, ((QueryException) captor.getValue()).getErrorCode());
    Assert.assertEquals(errorMessage, captor.getValue().getMessage());
    Assert.assertEquals(IllegalStateException.class.getName(), ((QueryException) captor.getValue()).getErrorClass());
}

Example 4 with AuthenticatorMapper

use of org.apache.druid.server.security.AuthenticatorMapper in project druid by druid-io.

the class AsyncQueryForwardingServletTest method testHandleExceptionWithFilterEnabledButMessageMatchAllowedRegex.

@Test
public void testHandleExceptionWithFilterEnabledButMessageMatchAllowedRegex() throws Exception {
    String errorMessage = "test exception message";
    ObjectMapper mockMapper = Mockito.mock(ObjectMapper.class);
    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
    ServletOutputStream outputStream = Mockito.mock(ServletOutputStream.class);
    Mockito.when(response.getOutputStream()).thenReturn(outputStream);
    final AsyncQueryForwardingServlet servlet = new AsyncQueryForwardingServlet(new MapQueryToolChestWarehouse(ImmutableMap.of()), mockMapper, TestHelper.makeSmileMapper(), null, null, null, new NoopServiceEmitter(), new NoopRequestLogger(), new DefaultGenericQueryMetricsFactory(), new AuthenticatorMapper(ImmutableMap.of()), new Properties(), new ServerConfig() {

        @Override
        public boolean isShowDetailedJettyErrors() {
            return true;
        }

        @Override
        public ErrorResponseTransformStrategy getErrorResponseTransformStrategy() {
            return new AllowedRegexErrorResponseTransformStrategy(ImmutableList.of("test .*"));
        }
    });
    Exception testException = new IllegalStateException(errorMessage);
    servlet.handleException(response, mockMapper, testException);
    ArgumentCaptor<Exception> captor = ArgumentCaptor.forClass(Exception.class);
    Mockito.verify(mockMapper).writeValue(ArgumentMatchers.eq(outputStream), captor.capture());
    Assert.assertTrue(captor.getValue() instanceof QueryException);
    Assert.assertEquals(QueryInterruptedException.UNKNOWN_EXCEPTION, ((QueryException) captor.getValue()).getErrorCode());
    Assert.assertEquals(errorMessage, captor.getValue().getMessage());
    Assert.assertNull(((QueryException) captor.getValue()).getErrorClass());
    Assert.assertNull(((QueryException) captor.getValue()).getHost());
}

Example 5 with AuthenticatorMapper

use of org.apache.druid.server.security.AuthenticatorMapper in project druid by druid-io.

the class AsyncQueryForwardingServletTest method verifyServletCallsForQuery.

/**
 * Verifies that the Servlet calls the right methods the right number of times.
 */
private void verifyServletCallsForQuery(Object query, boolean isSql, QueryHostFinder hostFinder, Properties properties) throws Exception {
    final ObjectMapper jsonMapper = TestHelper.makeJsonMapper();
    final HttpServletRequest requestMock = EasyMock.createMock(HttpServletRequest.class);
    final ByteArrayInputStream inputStream = new ByteArrayInputStream(jsonMapper.writeValueAsBytes(query));
    final ServletInputStream servletInputStream = new ServletInputStream() {

        private boolean finished;

        @Override
        public boolean isFinished() {
            return finished;
        }

        @Override
        public boolean isReady() {
            return true;
        }

        @Override
        public void setReadListener(final ReadListener readListener) {
        // do nothing
        }

        @Override
        public int read() {
            final int b = inputStream.read();
            if (b < 0) {
                finished = true;
            }
            return b;
        }
    };
    EasyMock.expect(requestMock.getContentType()).andReturn("application/json").times(2);
    requestMock.setAttribute("org.apache.druid.proxy.objectMapper", jsonMapper);
    EasyMock.expectLastCall();
    EasyMock.expect(requestMock.getRequestURI()).andReturn(isSql ? "/druid/v2/sql" : "/druid/v2/");
    EasyMock.expect(requestMock.getMethod()).andReturn("POST");
    EasyMock.expect(requestMock.getInputStream()).andReturn(servletInputStream);
    requestMock.setAttribute(isSql ? "org.apache.druid.proxy.sqlQuery" : "org.apache.druid.proxy.query", query);
    requestMock.setAttribute("org.apache.druid.proxy.to.host", "1.2.3.4:9999");
    requestMock.setAttribute("org.apache.druid.proxy.to.host.scheme", "http");
    EasyMock.expectLastCall();
    EasyMock.replay(requestMock);
    final AtomicLong didService = new AtomicLong();
    final AsyncQueryForwardingServlet servlet = new AsyncQueryForwardingServlet(new MapQueryToolChestWarehouse(ImmutableMap.of()), jsonMapper, TestHelper.makeSmileMapper(), hostFinder, null, null, new NoopServiceEmitter(), new NoopRequestLogger(), new DefaultGenericQueryMetricsFactory(), new AuthenticatorMapper(ImmutableMap.of()), properties, new ServerConfig()) {

        @Override
        protected void doService(final HttpServletRequest request, final HttpServletResponse response) {
            didService.incrementAndGet();
        }
    };
    servlet.service(requestMock, null);
    // This test is mostly about verifying that the servlet calls the right methods the right number of times.
    EasyMock.verify(hostFinder, requestMock);
    Assert.assertEquals(1, didService.get());
}