Example 16 with DatawavePrincipal
use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.
the class Persister method remove.
/**
* Removes the query object
*
* @param query
*/
public void remove(Query query) throws Exception {
// Find out who/what called this method
Principal p = ctx.getCallerPrincipal();
String sid = p.getName();
Set<Authorizations> auths = new HashSet<>();
if (p instanceof DatawavePrincipal) {
DatawavePrincipal dp = (DatawavePrincipal) p;
sid = dp.getShortName();
for (Collection<String> cbAuths : dp.getAuthorizations()) auths.add(new Authorizations(cbAuths.toArray(new String[cbAuths.size()])));
}
log.trace(sid + " has authorizations " + auths);
Connector c = null;
BatchDeleter deleter = null;
try {
Map<String, String> trackingMap = connectionFactory.getTrackingMap(Thread.currentThread().getStackTrace());
c = connectionFactory.getConnection(Priority.ADMIN, trackingMap);
if (!c.tableOperations().exists(TABLE_NAME)) {
return;
}
deleter = ScannerHelper.createBatchDeleter(c, TABLE_NAME, auths, 1, 10240L, 10000L, 1);
Key skey = new Key(query.getOwner(), query.getQueryName(), query.getId().toString());
Key ekey = new Key(query.getOwner(), query.getQueryName(), query.getId() + "\u0001");
Range range = new Range(skey, ekey);
log.info("Deleting query range: " + range);
Collection<Range> ranges = Collections.singletonList(range);
deleter.setRanges(ranges);
deleter.delete();
} catch (RuntimeException re) {
throw re;
} catch (Exception e) {
log.error("Error deleting query", e);
throw new EJBException("Error deleting query", e);
} finally {
if (null != deleter) {
deleter.close();
}
try {
connectionFactory.returnConnection(c);
} catch (Exception e) {
log.error("Error deleting query", e);
c = null;
}
}
}
Also used :
Connector(org.apache.accumulo.core.client.Connector)
Authorizations(org.apache.accumulo.core.security.Authorizations)
BatchDeleter(org.apache.accumulo.core.client.BatchDeleter)
Range(org.apache.accumulo.core.data.Range)
DatawavePrincipal(datawave.security.authorization.DatawavePrincipal)
TableNotFoundException(org.apache.accumulo.core.client.TableNotFoundException)
InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException)
EJBException(javax.ejb.EJBException)
TableExistsException(org.apache.accumulo.core.client.TableExistsException)
AccumuloSecurityException(org.apache.accumulo.core.client.AccumuloSecurityException)
AccumuloException(org.apache.accumulo.core.client.AccumuloException)
EJBException(javax.ejb.EJBException)
Principal(java.security.Principal)
DatawavePrincipal(datawave.security.authorization.DatawavePrincipal)
Key(org.apache.accumulo.core.data.Key)
HashSet(java.util.HashSet)
Example 17 with DatawavePrincipal
use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.
the class Persister method findByUser.
/**
* Returns queries for the specified user with the credentials of the caller.
*
* @param user
* @return list of specified users queries.
*/
@RolesAllowed("Administrator")
public List<Query> findByUser(String user) {
// Find out who/what called this method
Principal p = ctx.getCallerPrincipal();
String sid = p.getName();
Set<Authorizations> auths = new HashSet<>();
if (p instanceof DatawavePrincipal) {
DatawavePrincipal dp = (DatawavePrincipal) p;
sid = dp.getShortName();
for (Collection<String> cbAuths : dp.getAuthorizations()) auths.add(new Authorizations(cbAuths.toArray(new String[cbAuths.size()])));
}
log.trace(sid + " has authorizations " + auths);
Connector c = null;
try {
Map<String, String> trackingMap = connectionFactory.getTrackingMap(Thread.currentThread().getStackTrace());
c = connectionFactory.getConnection(Priority.ADMIN, trackingMap);
tableCheck(c);
try (Scanner scanner = ScannerHelper.createScanner(c, TABLE_NAME, auths)) {
Range range = new Range(user, user);
scanner.setRange(range);
List<Query> results = null;
for (Entry<Key, Value> entry : scanner) {
if (null == results)
results = new ArrayList<>();
results.add(QueryUtil.deserialize(QueryUtil.getQueryImplClassName(entry.getKey()), entry.getKey().getColumnVisibility(), entry.getValue()));
}
return results;
}
} catch (RuntimeException re) {
throw re;
} catch (Exception e) {
log.error("Error creating query", e);
throw new EJBException("Error creating query", e);
} finally {
try {
connectionFactory.returnConnection(c);
} catch (Exception e) {
log.error("Error creating query", e);
c = null;
}
}
}
Also used :
Connector(org.apache.accumulo.core.client.Connector)
Scanner(org.apache.accumulo.core.client.Scanner)
Authorizations(org.apache.accumulo.core.security.Authorizations)
Query(datawave.webservice.query.Query)
ArrayList(java.util.ArrayList)
Range(org.apache.accumulo.core.data.Range)
DatawavePrincipal(datawave.security.authorization.DatawavePrincipal)
TableNotFoundException(org.apache.accumulo.core.client.TableNotFoundException)
InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException)
EJBException(javax.ejb.EJBException)
TableExistsException(org.apache.accumulo.core.client.TableExistsException)
AccumuloSecurityException(org.apache.accumulo.core.client.AccumuloSecurityException)
AccumuloException(org.apache.accumulo.core.client.AccumuloException)
Value(org.apache.accumulo.core.data.Value)
EJBException(javax.ejb.EJBException)
Principal(java.security.Principal)
DatawavePrincipal(datawave.security.authorization.DatawavePrincipal)
Key(org.apache.accumulo.core.data.Key)
HashSet(java.util.HashSet)
RolesAllowed(javax.annotation.security.RolesAllowed)
Example 18 with DatawavePrincipal
use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.
the class HudBean method getRunningQueries.
/**
* Return true if there is at least one log in the last 60 minutes.
*
* @return
* @throws org.apache.accumulo.core.client.TableNotFoundException
*/
@Path("/runningqueries/{userid}")
@GET
public String getRunningQueries(@PathParam("userid") String userId) throws Exception {
DatawavePrincipal principal = getPrincipal();
boolean isAnAdmin = isAnAdmin(principal);
QueryImplListResponse runningQueries = null;
if (isAnAdmin) {
runningQueries = queryExecutor.listQueriesForUser(userId);
} else {
runningQueries = queryExecutor.listUserQueries();
}
List<Query> queryList = runningQueries.getQuery();
List<HudQuerySummary> querySummaryList = new ArrayList<>();
for (Query query : queryList) {
HudQuerySummary summary = summaryBuilder.build(query);
String queryId = query.getId().toString();
List<? extends BaseQueryMetric> queryMetricsList;
queryMetricsList = queryMetrics.query(queryId).getResult();
if (queryMetricsList != null && !queryMetricsList.isEmpty()) {
BaseQueryMetric qm = queryMetricsList.get(0);
List<PageMetric> pageMetrics = qm.getPageTimes();
summary.setPageMetrics(pageMetrics);
summary.setCreateDate(qm.getCreateDate().getTime());
summary.setNumPages(qm.getNumPages());
summary.setNumResults(qm.getNumResults());
summary.setLastUpdated(qm.getLastUpdated().getTime());
summary.setLifeCycle(qm.getLifecycle().toString());
}
querySummaryList.add(summary);
}
return gson.toJson(querySummaryList);
}
Also used :
QueryImplListResponse(datawave.webservice.result.QueryImplListResponse)
Query(datawave.webservice.query.Query)
PageMetric(datawave.microservice.querymetric.BaseQueryMetric.PageMetric)
ArrayList(java.util.ArrayList)
DatawavePrincipal(datawave.security.authorization.DatawavePrincipal)
BaseQueryMetric(datawave.microservice.querymetric.BaseQueryMetric)
Path(javax.ws.rs.Path)
GET(javax.ws.rs.GET)
Example 19 with DatawavePrincipal
use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.
the class QueryExecutorBean method getQueryById.
private RunningQuery getQueryById(String id, Principal principal) throws Exception {
// Find out who/what called this method
String userid = principal.getName();
if (principal instanceof DatawavePrincipal) {
DatawavePrincipal dp = (DatawavePrincipal) principal;
userid = dp.getShortName();
}
log.trace(userid + " has authorizations " + ((principal instanceof DatawavePrincipal) ? ((DatawavePrincipal) principal).getAuthorizations() : ""));
RunningQuery query = queryCache.get(id);
if (null == query) {
log.info("Query not found in cache, retrieving from accumulo");
List<Query> queries = persister.findById(id);
if (null == queries || queries.isEmpty())
throw new NotFoundQueryException(DatawaveErrorCode.NO_QUERY_OBJECT_MATCH);
if (queries.size() > 1)
throw new NotFoundQueryException(DatawaveErrorCode.TOO_MANY_QUERY_OBJECT_MATCHES);
else {
Query q = queries.get(0);
// will throw IllegalArgumentException if not defined
QueryLogic<?> logic = queryLogicFactory.getQueryLogic(q.getQueryLogicName(), principal);
AccumuloConnectionFactory.Priority priority = logic.getConnectionPriority();
query = new RunningQuery(metrics, null, priority, logic, q, q.getQueryAuthorizations(), principal, new RunningQueryTimingImpl(queryExpirationConf, qp.getPageTimeout()), this.executor, this.predictor, this.metricFactory);
// Put in the cache by id and name, we will have two copies that reference the same object
queryCache.put(q.getId().toString(), query);
}
} else {
// Check to make sure that this query belongs to current user.
if (!query.getSettings().getOwner().equals(userid)) {
throw new UnauthorizedQueryException(DatawaveErrorCode.QUERY_OWNER_MISMATCH, MessageFormat.format("{0} != {1}", userid, query.getSettings().getOwner()));
}
}
return query;
}
Also used :
Query(datawave.webservice.query.Query)
DatawavePrincipal(datawave.security.authorization.DatawavePrincipal)
NotFoundQueryException(datawave.webservice.query.exception.NotFoundQueryException)
RunningQueryTimingImpl(datawave.webservice.query.cache.RunningQueryTimingImpl)
AccumuloConnectionFactory(datawave.webservice.common.connection.AccumuloConnectionFactory)
UnauthorizedQueryException(datawave.webservice.query.exception.UnauthorizedQueryException)
Example 20 with DatawavePrincipal
use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.
the class QueryExecutorBean method next.
private BaseQueryResponse next(final String id, boolean checkForContentLookup) {
// in case we don't make it to creating the response from the QueryLogic
BaseQueryResponse response = responseObjectFactory.getEventQueryResponse();
Collection<String> proxyServers = null;
Principal p = ctx.getCallerPrincipal();
String userid = p.getName();
if (p instanceof DatawavePrincipal) {
DatawavePrincipal dp = (DatawavePrincipal) p;
userid = dp.getShortName();
proxyServers = dp.getProxyServers();
}
Span span = null;
RunningQuery query = null;
Query contentLookupSettings = null;
try {
ctx.getUserTransaction().begin();
// Not calling getQueryById() here. We don't want to pull the persisted definition.
query = queryCache.get(id);
// The lock should be released at the end of the method call.
if (!queryCache.lock(id)) {
throw new QueryException(DatawaveErrorCode.QUERY_LOCKED_ERROR);
}
// an error.
if (null == query || null == query.getConnection()) {
// status code.
if (null == query) {
List<Query> queries = persister.findById(id);
if (queries == null || queries.size() != 1) {
throw new NotFoundQueryException(DatawaveErrorCode.NO_QUERY_OBJECT_MATCH, MessageFormat.format("{0}", id));
}
}
throw new PreConditionFailedQueryException(DatawaveErrorCode.QUERY_TIMEOUT_OR_SERVER_ERROR, MessageFormat.format("id = {0}", id));
} else {
// Validate the query belongs to the caller
if (!query.getSettings().getOwner().equals(userid)) {
throw new UnauthorizedQueryException(DatawaveErrorCode.QUERY_OWNER_MISMATCH, MessageFormat.format("{0} != {1}", userid, query.getSettings().getOwner()));
}
// Set the active call and get next
query.setActiveCall(true);
response = _next(query, id, proxyServers, span);
// Conditionally swap the standard response with content
if (checkForContentLookup) {
final Query settings = query.getSettings();
final Parameter contentLookupParam = settings.findParameter(LookupUUIDUtil.PARAM_CONTENT_LOOKUP);
if ((null != contentLookupParam) && Boolean.parseBoolean(contentLookupParam.getParameterValue())) {
contentLookupSettings = settings;
}
}
// Unset the active call and return
query.setActiveCall(false);
}
} catch (NoResultsException e) {
if (query != null) {
query.setActiveCall(false);
if (query.getLogic().getCollectQueryMetrics()) {
try {
// do not set the error message here - zero results is not an error that should be added to metrics
metrics.updateMetric(query.getMetric());
} catch (Exception e1) {
log.error(e1.getMessage());
}
}
}
try {
ctx.getUserTransaction().setRollbackOnly();
} catch (Exception ex) {
log.error("Error marking transaction for roll back", ex);
}
// close the query, as there were no results and we are done here
close(id);
// remember that we auto-closed this query
closedQueryCache.add(id);
throw e;
} catch (DatawaveWebApplicationException e) {
if (query != null) {
query.setActiveCall(false);
if (query.getLogic().getCollectQueryMetrics()) {
query.getMetric().setError(e);
try {
metrics.updateMetric(query.getMetric());
} catch (Exception e1) {
log.error("Error updating query metrics", e1);
}
}
}
try {
ctx.getUserTransaction().setRollbackOnly();
} catch (Exception ex) {
log.error("Error marking transaction for roll back", ex);
}
if (e.getCause() instanceof NoResultsException) {
close(id);
// remember that we auto-closed this query
closedQueryCache.add(id);
}
throw e;
} catch (Exception e) {
log.error("Query Failed", e);
if (query != null) {
query.setActiveCall(false);
if (query.getLogic().getCollectQueryMetrics() == true) {
query.getMetric().setError(e);
try {
metrics.updateMetric(query.getMetric());
} catch (Exception e1) {
log.error("Error updating query metrics", e1);
}
}
}
try {
ctx.getUserTransaction().setRollbackOnly();
} catch (Exception ex) {
log.error("Error marking transaction for roll back", ex);
}
QueryException qe = new QueryException(DatawaveErrorCode.QUERY_NEXT_ERROR, e, MessageFormat.format("query id: {0}", id));
if (e.getCause() instanceof NoResultsException) {
log.debug("Got a nested NoResultsException", e);
close(id);
// remember that we auto-closed this query
closedQueryCache.add(id);
} else {
try {
close(id);
} catch (Exception ce) {
log.error(qe, ce);
}
log.error(qe, e);
response.addException(qe.getBottomQueryException());
}
int statusCode = qe.getBottomQueryException().getStatusCode();
throw new DatawaveWebApplicationException(qe, response, statusCode);
} finally {
queryCache.unlock(id);
try {
if (ctx.getUserTransaction().getStatus() == Status.STATUS_MARKED_ROLLBACK) {
ctx.getUserTransaction().rollback();
} else if (ctx.getUserTransaction().getStatus() != Status.STATUS_NO_TRANSACTION) {
// no reason to commit if transaction not started, ie Query not found exception
ctx.getUserTransaction().commit();
}
} catch (IllegalStateException e) {
log.error("Error committing transaction: thread not associated with transaction", e);
} catch (RollbackException e) {
log.error("Error committing transaction: marked for rollback due to error", e);
} catch (HeuristicMixedException e) {
log.error("Error committing transaction: partial commit of resources", e);
} catch (HeuristicRollbackException e) {
log.error("Error committing transaction: resources rolled back transaction", e);
} catch (Exception e) {
log.error("Error committing transaction: Unknown error", e);
} finally {
// Stop timing on this trace, if any
if (span != null) {
span.stop();
}
}
}
// If applicable, perform a paged content lookup (i.e., not streamed), replacing its results in the returned response
if (null != contentLookupSettings) {
final NextContentCriteria criteria = new NextContentCriteria(id, contentLookupSettings);
response = this.lookupUUIDUtil.lookupContentByNextResponse(criteria, response);
}
return response;
}
Also used :
NoResultsException(datawave.webservice.common.exception.NoResultsException)
Query(datawave.webservice.query.Query)
PreConditionFailedQueryException(datawave.webservice.query.exception.PreConditionFailedQueryException)
HeuristicRollbackException(javax.transaction.HeuristicRollbackException)
RollbackException(javax.transaction.RollbackException)
Span(org.apache.accumulo.core.trace.Span)
DatawavePrincipal(datawave.security.authorization.DatawavePrincipal)
NotFoundQueryException(datawave.webservice.query.exception.NotFoundQueryException)
DatawaveWebApplicationException(datawave.webservice.common.exception.DatawaveWebApplicationException)
CancellationException(java.util.concurrent.CancellationException)
PreConditionFailedQueryException(datawave.webservice.query.exception.PreConditionFailedQueryException)
WebApplicationException(javax.ws.rs.WebApplicationException)
HeuristicMixedException(javax.transaction.HeuristicMixedException)
NotFoundQueryException(datawave.webservice.query.exception.NotFoundQueryException)
NoResultsQueryException(datawave.webservice.query.exception.NoResultsQueryException)
IOException(java.io.IOException)
QueryException(datawave.webservice.query.exception.QueryException)
BadRequestException(datawave.webservice.common.exception.BadRequestException)
HeuristicRollbackException(javax.transaction.HeuristicRollbackException)
UnauthorizedQueryException(datawave.webservice.query.exception.UnauthorizedQueryException)
JAXBException(javax.xml.bind.JAXBException)
UnauthorizedException(datawave.webservice.common.exception.UnauthorizedException)
NoResultsException(datawave.webservice.common.exception.NoResultsException)
RejectedExecutionException(java.util.concurrent.RejectedExecutionException)
RollbackException(javax.transaction.RollbackException)
BadRequestQueryException(datawave.webservice.query.exception.BadRequestQueryException)
UnauthorizedQueryException(datawave.webservice.query.exception.UnauthorizedQueryException)
PreConditionFailedQueryException(datawave.webservice.query.exception.PreConditionFailedQueryException)
NotFoundQueryException(datawave.webservice.query.exception.NotFoundQueryException)
NoResultsQueryException(datawave.webservice.query.exception.NoResultsQueryException)
QueryException(datawave.webservice.query.exception.QueryException)
UnauthorizedQueryException(datawave.webservice.query.exception.UnauthorizedQueryException)
BadRequestQueryException(datawave.webservice.query.exception.BadRequestQueryException)
HeuristicRollbackException(javax.transaction.HeuristicRollbackException)
NextContentCriteria(datawave.webservice.query.util.NextContentCriteria)
BaseQueryResponse(datawave.webservice.result.BaseQueryResponse)
HeuristicMixedException(javax.transaction.HeuristicMixedException)
Parameter(datawave.webservice.query.QueryImpl.Parameter)
DatawaveWebApplicationException(datawave.webservice.common.exception.DatawaveWebApplicationException)
Principal(java.security.Principal)
DatawavePrincipal(datawave.security.authorization.DatawavePrincipal)
Aggregations
DatawavePrincipal (datawave.security.authorization.DatawavePrincipal)93
DatawaveUser (datawave.security.authorization.DatawaveUser)41
Principal (java.security.Principal)37
HashSet (java.util.HashSet)33
Test (org.junit.Test)29
QueryException (datawave.webservice.query.exception.QueryException)24
Connector (org.apache.accumulo.core.client.Connector)23
IOException (java.io.IOException)19
DatawaveWebApplicationException (datawave.webservice.common.exception.DatawaveWebApplicationException)18
NotFoundQueryException (datawave.webservice.query.exception.NotFoundQueryException)18
Authorizations (org.apache.accumulo.core.security.Authorizations)17
Query (datawave.webservice.query.Query)16
UnauthorizedQueryException (datawave.webservice.query.exception.UnauthorizedQueryException)15
NoResultsException (datawave.webservice.common.exception.NoResultsException)13
ArrayList (java.util.ArrayList)13
Path (javax.ws.rs.Path)13
Produces (javax.ws.rs.Produces)13
SubjectIssuerDNPair (datawave.security.authorization.SubjectIssuerDNPair)12
WebApplicationException (javax.ws.rs.WebApplicationException)12
BadRequestException (datawave.webservice.common.exception.BadRequestException)11
