Search in sources :

Example 16 with DatawavePrincipal

use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.

the class Persister method remove.

/**
 * Removes the query object
 *
 * @param query
 */
public void remove(Query query) throws Exception {
    // Find out who/what called this method
    Principal p = ctx.getCallerPrincipal();
    String sid = p.getName();
    Set<Authorizations> auths = new HashSet<>();
    if (p instanceof DatawavePrincipal) {
        DatawavePrincipal dp = (DatawavePrincipal) p;
        sid = dp.getShortName();
        for (Collection<String> cbAuths : dp.getAuthorizations()) auths.add(new Authorizations(cbAuths.toArray(new String[cbAuths.size()])));
    }
    log.trace(sid + " has authorizations " + auths);
    Connector c = null;
    BatchDeleter deleter = null;
    try {
        Map<String, String> trackingMap = connectionFactory.getTrackingMap(Thread.currentThread().getStackTrace());
        c = connectionFactory.getConnection(Priority.ADMIN, trackingMap);
        if (!c.tableOperations().exists(TABLE_NAME)) {
            return;
        }
        deleter = ScannerHelper.createBatchDeleter(c, TABLE_NAME, auths, 1, 10240L, 10000L, 1);
        Key skey = new Key(query.getOwner(), query.getQueryName(), query.getId().toString());
        Key ekey = new Key(query.getOwner(), query.getQueryName(), query.getId() + "\u0001");
        Range range = new Range(skey, ekey);
        log.info("Deleting query range: " + range);
        Collection<Range> ranges = Collections.singletonList(range);
        deleter.setRanges(ranges);
        deleter.delete();
    } catch (RuntimeException re) {
        throw re;
    } catch (Exception e) {
        log.error("Error deleting query", e);
        throw new EJBException("Error deleting query", e);
    } finally {
        if (null != deleter) {
            deleter.close();
        }
        try {
            connectionFactory.returnConnection(c);
        } catch (Exception e) {
            log.error("Error deleting query", e);
            c = null;
        }
    }
}
Also used : Connector(org.apache.accumulo.core.client.Connector) Authorizations(org.apache.accumulo.core.security.Authorizations) BatchDeleter(org.apache.accumulo.core.client.BatchDeleter) Range(org.apache.accumulo.core.data.Range) DatawavePrincipal(datawave.security.authorization.DatawavePrincipal) TableNotFoundException(org.apache.accumulo.core.client.TableNotFoundException) InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException) EJBException(javax.ejb.EJBException) TableExistsException(org.apache.accumulo.core.client.TableExistsException) AccumuloSecurityException(org.apache.accumulo.core.client.AccumuloSecurityException) AccumuloException(org.apache.accumulo.core.client.AccumuloException) EJBException(javax.ejb.EJBException) Principal(java.security.Principal) DatawavePrincipal(datawave.security.authorization.DatawavePrincipal) Key(org.apache.accumulo.core.data.Key) HashSet(java.util.HashSet)

Example 17 with DatawavePrincipal

use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.

the class Persister method findByUser.

/**
 * Returns queries for the specified user with the credentials of the caller.
 *
 * @param user
 * @return list of specified users queries.
 */
@RolesAllowed("Administrator")
public List<Query> findByUser(String user) {
    // Find out who/what called this method
    Principal p = ctx.getCallerPrincipal();
    String sid = p.getName();
    Set<Authorizations> auths = new HashSet<>();
    if (p instanceof DatawavePrincipal) {
        DatawavePrincipal dp = (DatawavePrincipal) p;
        sid = dp.getShortName();
        for (Collection<String> cbAuths : dp.getAuthorizations()) auths.add(new Authorizations(cbAuths.toArray(new String[cbAuths.size()])));
    }
    log.trace(sid + " has authorizations " + auths);
    Connector c = null;
    try {
        Map<String, String> trackingMap = connectionFactory.getTrackingMap(Thread.currentThread().getStackTrace());
        c = connectionFactory.getConnection(Priority.ADMIN, trackingMap);
        tableCheck(c);
        try (Scanner scanner = ScannerHelper.createScanner(c, TABLE_NAME, auths)) {
            Range range = new Range(user, user);
            scanner.setRange(range);
            List<Query> results = null;
            for (Entry<Key, Value> entry : scanner) {
                if (null == results)
                    results = new ArrayList<>();
                results.add(QueryUtil.deserialize(QueryUtil.getQueryImplClassName(entry.getKey()), entry.getKey().getColumnVisibility(), entry.getValue()));
            }
            return results;
        }
    } catch (RuntimeException re) {
        throw re;
    } catch (Exception e) {
        log.error("Error creating query", e);
        throw new EJBException("Error creating query", e);
    } finally {
        try {
            connectionFactory.returnConnection(c);
        } catch (Exception e) {
            log.error("Error creating query", e);
            c = null;
        }
    }
}
Also used : Connector(org.apache.accumulo.core.client.Connector) Scanner(org.apache.accumulo.core.client.Scanner) Authorizations(org.apache.accumulo.core.security.Authorizations) Query(datawave.webservice.query.Query) ArrayList(java.util.ArrayList) Range(org.apache.accumulo.core.data.Range) DatawavePrincipal(datawave.security.authorization.DatawavePrincipal) TableNotFoundException(org.apache.accumulo.core.client.TableNotFoundException) InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException) EJBException(javax.ejb.EJBException) TableExistsException(org.apache.accumulo.core.client.TableExistsException) AccumuloSecurityException(org.apache.accumulo.core.client.AccumuloSecurityException) AccumuloException(org.apache.accumulo.core.client.AccumuloException) Value(org.apache.accumulo.core.data.Value) EJBException(javax.ejb.EJBException) Principal(java.security.Principal) DatawavePrincipal(datawave.security.authorization.DatawavePrincipal) Key(org.apache.accumulo.core.data.Key) HashSet(java.util.HashSet) RolesAllowed(javax.annotation.security.RolesAllowed)

Example 18 with DatawavePrincipal

use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.

the class HudBean method getRunningQueries.

/**
 * Return true if there is at least one log in the last 60 minutes.
 *
 * @return
 * @throws org.apache.accumulo.core.client.TableNotFoundException
 */
@Path("/runningqueries/{userid}")
@GET
public String getRunningQueries(@PathParam("userid") String userId) throws Exception {
    DatawavePrincipal principal = getPrincipal();
    boolean isAnAdmin = isAnAdmin(principal);
    QueryImplListResponse runningQueries = null;
    if (isAnAdmin) {
        runningQueries = queryExecutor.listQueriesForUser(userId);
    } else {
        runningQueries = queryExecutor.listUserQueries();
    }
    List<Query> queryList = runningQueries.getQuery();
    List<HudQuerySummary> querySummaryList = new ArrayList<>();
    for (Query query : queryList) {
        HudQuerySummary summary = summaryBuilder.build(query);
        String queryId = query.getId().toString();
        List<? extends BaseQueryMetric> queryMetricsList;
        queryMetricsList = queryMetrics.query(queryId).getResult();
        if (queryMetricsList != null && !queryMetricsList.isEmpty()) {
            BaseQueryMetric qm = queryMetricsList.get(0);
            List<PageMetric> pageMetrics = qm.getPageTimes();
            summary.setPageMetrics(pageMetrics);
            summary.setCreateDate(qm.getCreateDate().getTime());
            summary.setNumPages(qm.getNumPages());
            summary.setNumResults(qm.getNumResults());
            summary.setLastUpdated(qm.getLastUpdated().getTime());
            summary.setLifeCycle(qm.getLifecycle().toString());
        }
        querySummaryList.add(summary);
    }
    return gson.toJson(querySummaryList);
}
Also used : QueryImplListResponse(datawave.webservice.result.QueryImplListResponse) Query(datawave.webservice.query.Query) PageMetric(datawave.microservice.querymetric.BaseQueryMetric.PageMetric) ArrayList(java.util.ArrayList) DatawavePrincipal(datawave.security.authorization.DatawavePrincipal) BaseQueryMetric(datawave.microservice.querymetric.BaseQueryMetric) Path(javax.ws.rs.Path) GET(javax.ws.rs.GET)

Example 19 with DatawavePrincipal

use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.

the class QueryExecutorBean method getQueryById.

private RunningQuery getQueryById(String id, Principal principal) throws Exception {
    // Find out who/what called this method
    String userid = principal.getName();
    if (principal instanceof DatawavePrincipal) {
        DatawavePrincipal dp = (DatawavePrincipal) principal;
        userid = dp.getShortName();
    }
    log.trace(userid + " has authorizations " + ((principal instanceof DatawavePrincipal) ? ((DatawavePrincipal) principal).getAuthorizations() : ""));
    RunningQuery query = queryCache.get(id);
    if (null == query) {
        log.info("Query not found in cache, retrieving from accumulo");
        List<Query> queries = persister.findById(id);
        if (null == queries || queries.isEmpty())
            throw new NotFoundQueryException(DatawaveErrorCode.NO_QUERY_OBJECT_MATCH);
        if (queries.size() > 1)
            throw new NotFoundQueryException(DatawaveErrorCode.TOO_MANY_QUERY_OBJECT_MATCHES);
        else {
            Query q = queries.get(0);
            // will throw IllegalArgumentException if not defined
            QueryLogic<?> logic = queryLogicFactory.getQueryLogic(q.getQueryLogicName(), principal);
            AccumuloConnectionFactory.Priority priority = logic.getConnectionPriority();
            query = new RunningQuery(metrics, null, priority, logic, q, q.getQueryAuthorizations(), principal, new RunningQueryTimingImpl(queryExpirationConf, qp.getPageTimeout()), this.executor, this.predictor, this.metricFactory);
            // Put in the cache by id and name, we will have two copies that reference the same object
            queryCache.put(q.getId().toString(), query);
        }
    } else {
        // Check to make sure that this query belongs to current user.
        if (!query.getSettings().getOwner().equals(userid)) {
            throw new UnauthorizedQueryException(DatawaveErrorCode.QUERY_OWNER_MISMATCH, MessageFormat.format("{0} != {1}", userid, query.getSettings().getOwner()));
        }
    }
    return query;
}
Also used : Query(datawave.webservice.query.Query) DatawavePrincipal(datawave.security.authorization.DatawavePrincipal) NotFoundQueryException(datawave.webservice.query.exception.NotFoundQueryException) RunningQueryTimingImpl(datawave.webservice.query.cache.RunningQueryTimingImpl) AccumuloConnectionFactory(datawave.webservice.common.connection.AccumuloConnectionFactory) UnauthorizedQueryException(datawave.webservice.query.exception.UnauthorizedQueryException)

Example 20 with DatawavePrincipal

use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.

the class QueryExecutorBean method next.

private BaseQueryResponse next(final String id, boolean checkForContentLookup) {
    // in case we don't make it to creating the response from the QueryLogic
    BaseQueryResponse response = responseObjectFactory.getEventQueryResponse();
    Collection<String> proxyServers = null;
    Principal p = ctx.getCallerPrincipal();
    String userid = p.getName();
    if (p instanceof DatawavePrincipal) {
        DatawavePrincipal dp = (DatawavePrincipal) p;
        userid = dp.getShortName();
        proxyServers = dp.getProxyServers();
    }
    Span span = null;
    RunningQuery query = null;
    Query contentLookupSettings = null;
    try {
        ctx.getUserTransaction().begin();
        // Not calling getQueryById() here. We don't want to pull the persisted definition.
        query = queryCache.get(id);
        // The lock should be released at the end of the method call.
        if (!queryCache.lock(id)) {
            throw new QueryException(DatawaveErrorCode.QUERY_LOCKED_ERROR);
        }
        // an error.
        if (null == query || null == query.getConnection()) {
            // status code.
            if (null == query) {
                List<Query> queries = persister.findById(id);
                if (queries == null || queries.size() != 1) {
                    throw new NotFoundQueryException(DatawaveErrorCode.NO_QUERY_OBJECT_MATCH, MessageFormat.format("{0}", id));
                }
            }
            throw new PreConditionFailedQueryException(DatawaveErrorCode.QUERY_TIMEOUT_OR_SERVER_ERROR, MessageFormat.format("id = {0}", id));
        } else {
            // Validate the query belongs to the caller
            if (!query.getSettings().getOwner().equals(userid)) {
                throw new UnauthorizedQueryException(DatawaveErrorCode.QUERY_OWNER_MISMATCH, MessageFormat.format("{0} != {1}", userid, query.getSettings().getOwner()));
            }
            // Set the active call and get next
            query.setActiveCall(true);
            response = _next(query, id, proxyServers, span);
            // Conditionally swap the standard response with content
            if (checkForContentLookup) {
                final Query settings = query.getSettings();
                final Parameter contentLookupParam = settings.findParameter(LookupUUIDUtil.PARAM_CONTENT_LOOKUP);
                if ((null != contentLookupParam) && Boolean.parseBoolean(contentLookupParam.getParameterValue())) {
                    contentLookupSettings = settings;
                }
            }
            // Unset the active call and return
            query.setActiveCall(false);
        }
    } catch (NoResultsException e) {
        if (query != null) {
            query.setActiveCall(false);
            if (query.getLogic().getCollectQueryMetrics()) {
                try {
                    // do not set the error message here - zero results is not an error that should be added to metrics
                    metrics.updateMetric(query.getMetric());
                } catch (Exception e1) {
                    log.error(e1.getMessage());
                }
            }
        }
        try {
            ctx.getUserTransaction().setRollbackOnly();
        } catch (Exception ex) {
            log.error("Error marking transaction for roll back", ex);
        }
        // close the query, as there were no results and we are done here
        close(id);
        // remember that we auto-closed this query
        closedQueryCache.add(id);
        throw e;
    } catch (DatawaveWebApplicationException e) {
        if (query != null) {
            query.setActiveCall(false);
            if (query.getLogic().getCollectQueryMetrics()) {
                query.getMetric().setError(e);
                try {
                    metrics.updateMetric(query.getMetric());
                } catch (Exception e1) {
                    log.error("Error updating query metrics", e1);
                }
            }
        }
        try {
            ctx.getUserTransaction().setRollbackOnly();
        } catch (Exception ex) {
            log.error("Error marking transaction for roll back", ex);
        }
        if (e.getCause() instanceof NoResultsException) {
            close(id);
            // remember that we auto-closed this query
            closedQueryCache.add(id);
        }
        throw e;
    } catch (Exception e) {
        log.error("Query Failed", e);
        if (query != null) {
            query.setActiveCall(false);
            if (query.getLogic().getCollectQueryMetrics() == true) {
                query.getMetric().setError(e);
                try {
                    metrics.updateMetric(query.getMetric());
                } catch (Exception e1) {
                    log.error("Error updating query metrics", e1);
                }
            }
        }
        try {
            ctx.getUserTransaction().setRollbackOnly();
        } catch (Exception ex) {
            log.error("Error marking transaction for roll back", ex);
        }
        QueryException qe = new QueryException(DatawaveErrorCode.QUERY_NEXT_ERROR, e, MessageFormat.format("query id: {0}", id));
        if (e.getCause() instanceof NoResultsException) {
            log.debug("Got a nested NoResultsException", e);
            close(id);
            // remember that we auto-closed this query
            closedQueryCache.add(id);
        } else {
            try {
                close(id);
            } catch (Exception ce) {
                log.error(qe, ce);
            }
            log.error(qe, e);
            response.addException(qe.getBottomQueryException());
        }
        int statusCode = qe.getBottomQueryException().getStatusCode();
        throw new DatawaveWebApplicationException(qe, response, statusCode);
    } finally {
        queryCache.unlock(id);
        try {
            if (ctx.getUserTransaction().getStatus() == Status.STATUS_MARKED_ROLLBACK) {
                ctx.getUserTransaction().rollback();
            } else if (ctx.getUserTransaction().getStatus() != Status.STATUS_NO_TRANSACTION) {
                // no reason to commit if transaction not started, ie Query not found exception
                ctx.getUserTransaction().commit();
            }
        } catch (IllegalStateException e) {
            log.error("Error committing transaction: thread not associated with transaction", e);
        } catch (RollbackException e) {
            log.error("Error committing transaction: marked for rollback due to error", e);
        } catch (HeuristicMixedException e) {
            log.error("Error committing transaction: partial commit of resources", e);
        } catch (HeuristicRollbackException e) {
            log.error("Error committing transaction: resources rolled back transaction", e);
        } catch (Exception e) {
            log.error("Error committing transaction: Unknown error", e);
        } finally {
            // Stop timing on this trace, if any
            if (span != null) {
                span.stop();
            }
        }
    }
    // If applicable, perform a paged content lookup (i.e., not streamed), replacing its results in the returned response
    if (null != contentLookupSettings) {
        final NextContentCriteria criteria = new NextContentCriteria(id, contentLookupSettings);
        response = this.lookupUUIDUtil.lookupContentByNextResponse(criteria, response);
    }
    return response;
}
Also used : NoResultsException(datawave.webservice.common.exception.NoResultsException) Query(datawave.webservice.query.Query) PreConditionFailedQueryException(datawave.webservice.query.exception.PreConditionFailedQueryException) HeuristicRollbackException(javax.transaction.HeuristicRollbackException) RollbackException(javax.transaction.RollbackException) Span(org.apache.accumulo.core.trace.Span) DatawavePrincipal(datawave.security.authorization.DatawavePrincipal) NotFoundQueryException(datawave.webservice.query.exception.NotFoundQueryException) DatawaveWebApplicationException(datawave.webservice.common.exception.DatawaveWebApplicationException) CancellationException(java.util.concurrent.CancellationException) PreConditionFailedQueryException(datawave.webservice.query.exception.PreConditionFailedQueryException) WebApplicationException(javax.ws.rs.WebApplicationException) HeuristicMixedException(javax.transaction.HeuristicMixedException) NotFoundQueryException(datawave.webservice.query.exception.NotFoundQueryException) NoResultsQueryException(datawave.webservice.query.exception.NoResultsQueryException) IOException(java.io.IOException) QueryException(datawave.webservice.query.exception.QueryException) BadRequestException(datawave.webservice.common.exception.BadRequestException) HeuristicRollbackException(javax.transaction.HeuristicRollbackException) UnauthorizedQueryException(datawave.webservice.query.exception.UnauthorizedQueryException) JAXBException(javax.xml.bind.JAXBException) UnauthorizedException(datawave.webservice.common.exception.UnauthorizedException) NoResultsException(datawave.webservice.common.exception.NoResultsException) RejectedExecutionException(java.util.concurrent.RejectedExecutionException) RollbackException(javax.transaction.RollbackException) BadRequestQueryException(datawave.webservice.query.exception.BadRequestQueryException) UnauthorizedQueryException(datawave.webservice.query.exception.UnauthorizedQueryException) PreConditionFailedQueryException(datawave.webservice.query.exception.PreConditionFailedQueryException) NotFoundQueryException(datawave.webservice.query.exception.NotFoundQueryException) NoResultsQueryException(datawave.webservice.query.exception.NoResultsQueryException) QueryException(datawave.webservice.query.exception.QueryException) UnauthorizedQueryException(datawave.webservice.query.exception.UnauthorizedQueryException) BadRequestQueryException(datawave.webservice.query.exception.BadRequestQueryException) HeuristicRollbackException(javax.transaction.HeuristicRollbackException) NextContentCriteria(datawave.webservice.query.util.NextContentCriteria) BaseQueryResponse(datawave.webservice.result.BaseQueryResponse) HeuristicMixedException(javax.transaction.HeuristicMixedException) Parameter(datawave.webservice.query.QueryImpl.Parameter) DatawaveWebApplicationException(datawave.webservice.common.exception.DatawaveWebApplicationException) Principal(java.security.Principal) DatawavePrincipal(datawave.security.authorization.DatawavePrincipal)

Aggregations

DatawavePrincipal (datawave.security.authorization.DatawavePrincipal)93 DatawaveUser (datawave.security.authorization.DatawaveUser)41 Principal (java.security.Principal)37 HashSet (java.util.HashSet)33 Test (org.junit.Test)29 QueryException (datawave.webservice.query.exception.QueryException)24 Connector (org.apache.accumulo.core.client.Connector)23 IOException (java.io.IOException)19 DatawaveWebApplicationException (datawave.webservice.common.exception.DatawaveWebApplicationException)18 NotFoundQueryException (datawave.webservice.query.exception.NotFoundQueryException)18 Authorizations (org.apache.accumulo.core.security.Authorizations)17 Query (datawave.webservice.query.Query)16 UnauthorizedQueryException (datawave.webservice.query.exception.UnauthorizedQueryException)15 NoResultsException (datawave.webservice.common.exception.NoResultsException)13 ArrayList (java.util.ArrayList)13 Path (javax.ws.rs.Path)13 Produces (javax.ws.rs.Produces)13 SubjectIssuerDNPair (datawave.security.authorization.SubjectIssuerDNPair)12 WebApplicationException (javax.ws.rs.WebApplicationException)12 BadRequestException (datawave.webservice.common.exception.BadRequestException)11