Examples with AccessControlContext com.facebook.presto.spi.security.AccessControlContext used on opensource projects

Search in sources :

Example 1 with AccessControlContext

use of com.facebook.presto.spi.security.AccessControlContext in project presto by prestodb.

the class QuerySessionSupplier method createSession.

@Override
public Session createSession(QueryId queryId, SessionContext context) {
    Identity identity = context.getIdentity();
    accessControl.checkCanSetUser(identity, new AccessControlContext(queryId, Optional.ofNullable(context.getClientInfo()), Optional.ofNullable(context.getSource())), identity.getPrincipal(), identity.getUser());
    SessionBuilder sessionBuilder = Session.builder(sessionPropertyManager).setQueryId(queryId).setIdentity(identity).setSource(context.getSource()).setCatalog(context.getCatalog()).setSchema(context.getSchema()).setRemoteUserAddress(context.getRemoteUserAddress()).setUserAgent(context.getUserAgent()).setClientInfo(context.getClientInfo()).setClientTags(context.getClientTags()).setTraceToken(context.getTraceToken()).setResourceEstimates(context.getResourceEstimates()).setTracer(context.getTracer());
    if (forcedSessionTimeZone.isPresent()) {
        sessionBuilder.setTimeZoneKey(forcedSessionTimeZone.get());
    } else if (context.getTimeZoneId() != null) {
        sessionBuilder.setTimeZoneKey(getTimeZoneKey(context.getTimeZoneId()));
    }
    if (context.getLanguage() != null) {
        sessionBuilder.setLocale(Locale.forLanguageTag(context.getLanguage()));
    }
    for (Entry<String, String> entry : context.getSystemProperties().entrySet()) {
        sessionBuilder.setSystemProperty(entry.getKey(), entry.getValue());
    }
    for (Entry<String, Map<String, String>> catalogProperties : context.getCatalogSessionProperties().entrySet()) {
        String catalog = catalogProperties.getKey();
        for (Entry<String, String> entry : catalogProperties.getValue().entrySet()) {
            sessionBuilder.setCatalogSessionProperty(catalog, entry.getKey(), entry.getValue());
        }
    }
    for (Entry<String, String> preparedStatement : context.getPreparedStatements().entrySet()) {
        sessionBuilder.addPreparedStatement(preparedStatement.getKey(), preparedStatement.getValue());
    }
    if (context.supportClientTransaction()) {
        sessionBuilder.setClientTransactionSupport();
    }
    for (Entry<SqlFunctionId, SqlInvokedFunction> entry : context.getSessionFunctions().entrySet()) {
        sessionBuilder.addSessionFunction(entry.getKey(), entry.getValue());
    }
    Session session = sessionBuilder.build();
    if (context.getTransactionId().isPresent()) {
        session = session.beginTransactionId(context.getTransactionId().get(), transactionManager, accessControl);
    }
    return session;
}
Also used : AccessControlContext(com.facebook.presto.spi.security.AccessControlContext) SqlFunctionId(com.facebook.presto.spi.function.SqlFunctionId) SqlInvokedFunction(com.facebook.presto.spi.function.SqlInvokedFunction) SessionBuilder(com.facebook.presto.Session.SessionBuilder) Identity(com.facebook.presto.spi.security.Identity) Map(java.util.Map) Session(com.facebook.presto.Session)

Example 2 with AccessControlContext

use of com.facebook.presto.spi.security.AccessControlContext in project presto by prestodb.

the class TestAccessControlManager method testDenyCatalogAccessControl.

@Test(expectedExceptions = PrestoException.class, expectedExceptionsMessageRegExp = "Access Denied: Cannot select from columns \\[column\\] in table or view schema.table")
public void testDenyCatalogAccessControl() {
    CatalogManager catalogManager = new CatalogManager();
    TransactionManager transactionManager = createTestTransactionManager(catalogManager);
    AccessControlManager accessControlManager = new AccessControlManager(transactionManager);
    TestSystemAccessControlFactory accessControlFactory = new TestSystemAccessControlFactory("test");
    accessControlManager.addSystemAccessControlFactory(accessControlFactory);
    accessControlManager.setSystemAccessControl("test", ImmutableMap.of());
    ConnectorId connectorId = registerBogusConnector(catalogManager, transactionManager, accessControlManager, "catalog");
    accessControlManager.addCatalogAccessControl(connectorId, new DenyConnectorAccessControl());
    transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanSelectFromColumns(transactionId, new Identity(USER_NAME, Optional.of(PRINCIPAL)), new AccessControlContext(new QueryId(QUERY_ID), Optional.empty(), Optional.empty()), new QualifiedObjectName("catalog", "schema", "table"), ImmutableSet.of("column"));
    });
}
Also used : AccessControlContext(com.facebook.presto.spi.security.AccessControlContext) TransactionManager(com.facebook.presto.transaction.TransactionManager) InMemoryTransactionManager.createTestTransactionManager(com.facebook.presto.transaction.InMemoryTransactionManager.createTestTransactionManager) QueryId(com.facebook.presto.spi.QueryId) Identity(com.facebook.presto.spi.security.Identity) ConnectorIdentity(com.facebook.presto.spi.security.ConnectorIdentity) CatalogManager(com.facebook.presto.metadata.CatalogManager) QualifiedObjectName(com.facebook.presto.common.QualifiedObjectName) ConnectorId.createSystemTablesConnectorId(com.facebook.presto.spi.ConnectorId.createSystemTablesConnectorId) ConnectorId.createInformationSchemaConnectorId(com.facebook.presto.spi.ConnectorId.createInformationSchemaConnectorId) ConnectorId(com.facebook.presto.spi.ConnectorId) Test(org.testng.annotations.Test)

Example 3 with AccessControlContext

use of com.facebook.presto.spi.security.AccessControlContext in project presto by prestodb.

the class TestAccessControlManager method testCheckQueryIntegrity.

@Test
public void testCheckQueryIntegrity() {
    AccessControlManager accessControlManager = new AccessControlManager(createTestTransactionManager());
    AccessControlContext context = new AccessControlContext(new QueryId(QUERY_ID), Optional.empty(), Optional.empty());
    TestSystemAccessControlFactory accessControlFactory = new TestSystemAccessControlFactory("test");
    accessControlManager.addSystemAccessControlFactory(accessControlFactory);
    accessControlManager.setSystemAccessControl("test", ImmutableMap.of());
    String testQuery = "test_query";
    accessControlManager.checkQueryIntegrity(new Identity(USER_NAME, Optional.of(PRINCIPAL), ImmutableMap.of(), ImmutableMap.of(QUERY_TOKEN_FIELD, testQuery), ImmutableMap.of()), context, testQuery);
    assertEquals(accessControlFactory.getCheckedUserName(), USER_NAME);
    assertEquals(accessControlFactory.getCheckedPrincipal(), Optional.of(PRINCIPAL));
    assertEquals(accessControlFactory.getCheckedQuery(), testQuery);
    assertThrows(AccessDeniedException.class, () -> accessControlManager.checkQueryIntegrity(new Identity(USER_NAME, Optional.of(PRINCIPAL), ImmutableMap.of(), ImmutableMap.of(QUERY_TOKEN_FIELD, testQuery + " modified"), ImmutableMap.of()), context, testQuery));
}
Also used : AccessControlContext(com.facebook.presto.spi.security.AccessControlContext) QueryId(com.facebook.presto.spi.QueryId) Identity(com.facebook.presto.spi.security.Identity) ConnectorIdentity(com.facebook.presto.spi.security.ConnectorIdentity) Test(org.testng.annotations.Test)

Example 4 with AccessControlContext

use of com.facebook.presto.spi.security.AccessControlContext in project presto by prestodb.

the class TestAccessControlManager method testDenySystemAccessControl.

@Test(expectedExceptions = PrestoException.class, expectedExceptionsMessageRegExp = "Access Denied: Cannot select from table secured_catalog.schema.table")
public void testDenySystemAccessControl() {
    CatalogManager catalogManager = new CatalogManager();
    TransactionManager transactionManager = createTestTransactionManager(catalogManager);
    AccessControlManager accessControlManager = new AccessControlManager(transactionManager);
    TestSystemAccessControlFactory accessControlFactory = new TestSystemAccessControlFactory("test");
    accessControlManager.addSystemAccessControlFactory(accessControlFactory);
    accessControlManager.setSystemAccessControl("test", ImmutableMap.of());
    registerBogusConnector(catalogManager, transactionManager, accessControlManager, "connector");
    accessControlManager.addCatalogAccessControl(new ConnectorId("connector"), new DenyConnectorAccessControl());
    transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanSelectFromColumns(transactionId, new Identity(USER_NAME, Optional.of(PRINCIPAL)), new AccessControlContext(new QueryId(QUERY_ID), Optional.empty(), Optional.empty()), new QualifiedObjectName("secured_catalog", "schema", "table"), ImmutableSet.of("column"));
    });
}
Also used : AccessControlContext(com.facebook.presto.spi.security.AccessControlContext) TransactionManager(com.facebook.presto.transaction.TransactionManager) InMemoryTransactionManager.createTestTransactionManager(com.facebook.presto.transaction.InMemoryTransactionManager.createTestTransactionManager) QueryId(com.facebook.presto.spi.QueryId) Identity(com.facebook.presto.spi.security.Identity) ConnectorIdentity(com.facebook.presto.spi.security.ConnectorIdentity) CatalogManager(com.facebook.presto.metadata.CatalogManager) QualifiedObjectName(com.facebook.presto.common.QualifiedObjectName) ConnectorId.createSystemTablesConnectorId(com.facebook.presto.spi.ConnectorId.createSystemTablesConnectorId) ConnectorId.createInformationSchemaConnectorId(com.facebook.presto.spi.ConnectorId.createInformationSchemaConnectorId) ConnectorId(com.facebook.presto.spi.ConnectorId) Test(org.testng.annotations.Test)

Example 5 with AccessControlContext

use of com.facebook.presto.spi.security.AccessControlContext in project presto by prestodb.

the class TestAccessControlManager method testInitializing.

@Test(expectedExceptions = PrestoException.class, expectedExceptionsMessageRegExp = "Presto server is still initializing")
public void testInitializing() {
    AccessControlManager accessControlManager = new AccessControlManager(createTestTransactionManager());
    accessControlManager.checkCanSetUser(new Identity(USER_NAME, Optional.of(PRINCIPAL)), new AccessControlContext(new QueryId(QUERY_ID), Optional.empty(), Optional.empty()), Optional.empty(), "foo");
}
Also used : AccessControlContext(com.facebook.presto.spi.security.AccessControlContext) QueryId(com.facebook.presto.spi.QueryId) Identity(com.facebook.presto.spi.security.Identity) ConnectorIdentity(com.facebook.presto.spi.security.ConnectorIdentity) Test(org.testng.annotations.Test)

Aggregations

AccessControlContext (com.facebook.presto.spi.security.AccessControlContext)9 Identity (com.facebook.presto.spi.security.Identity)9 QueryId (com.facebook.presto.spi.QueryId)8 ConnectorIdentity (com.facebook.presto.spi.security.ConnectorIdentity)8 Test (org.testng.annotations.Test)8 QualifiedObjectName (com.facebook.presto.common.QualifiedObjectName)4 InMemoryTransactionManager.createTestTransactionManager (com.facebook.presto.transaction.InMemoryTransactionManager.createTestTransactionManager)4 TransactionManager (com.facebook.presto.transaction.TransactionManager)4 CatalogManager (com.facebook.presto.metadata.CatalogManager)2 ConnectorId (com.facebook.presto.spi.ConnectorId)2 ConnectorId.createInformationSchemaConnectorId (com.facebook.presto.spi.ConnectorId.createInformationSchemaConnectorId)2 ConnectorId.createSystemTablesConnectorId (com.facebook.presto.spi.ConnectorId.createSystemTablesConnectorId)2 Session (com.facebook.presto.Session)1 SessionBuilder (com.facebook.presto.Session.SessionBuilder)1 CatalogSchemaName (com.facebook.presto.common.CatalogSchemaName)1 CatalogSchemaTableName (com.facebook.presto.spi.CatalogSchemaTableName)1 SchemaTableName (com.facebook.presto.spi.SchemaTableName)1 SqlFunctionId (com.facebook.presto.spi.function.SqlFunctionId)1 SqlInvokedFunction (com.facebook.presto.spi.function.SqlInvokedFunction)1 AccessDeniedException (com.facebook.presto.spi.security.AccessDeniedException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial