use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.
the class QueryExecutorBean method updateQuery.
private void updateQuery(GenericResponse<String> response, RunningQuery runningQuery, String queryLogicName, String query, Date beginDate, Date endDate, String queryAuthorizations, Date expirationDate, Integer pagesize, Integer pageTimeout, Long maxResultsOverride, QueryPersistence persistenceMode, String parameters) throws Exception {
// Find out who/what called this method
Principal p = ctx.getCallerPrincipal();
String userid = p.getName();
Collection<Collection<String>> cbAuths = new HashSet<>();
if (p instanceof DatawavePrincipal) {
DatawavePrincipal dp = (DatawavePrincipal) p;
userid = dp.getShortName();
cbAuths.addAll(dp.getAuthorizations());
}
log.trace(userid + " has authorizations " + cbAuths);
Query q = runningQuery.getSettings();
// validate persistence mode first
if (persistenceMode != null) {
switch(persistenceMode) {
case PERSISTENT:
if (q.getQueryName() == null)
throw new BadRequestQueryException(DatawaveErrorCode.QUERY_NAME_REQUIRED);
break;
case TRANSIENT:
break;
default:
throw new BadRequestQueryException(DatawaveErrorCode.UNKNOWN_PERSISTENCE_MODE, MessageFormat.format("Mode = {0}", persistenceMode));
}
}
// test for any auditable updates
if (query != null || beginDate != null || endDate != null || queryAuthorizations != null) {
// must clone/audit attempt first
Query duplicate = q.duplicate(q.getQueryName());
duplicate.setId(q.getId());
updateQueryParams(duplicate, queryLogicName, query, beginDate, endDate, queryAuthorizations, expirationDate, pagesize, pageTimeout, maxResultsOverride, parameters);
// Fire off an audit prior to updating
AuditType auditType = runningQuery.getLogic().getAuditType(runningQuery.getSettings());
if (!auditType.equals(AuditType.NONE)) {
try {
MultivaluedMap<String, String> queryParameters = new MultivaluedMapImpl<>();
queryParameters.putAll(duplicate.toMap());
// if the user didn't set an audit id, use the query id
if (!queryParameters.containsKey(AuditParameters.AUDIT_ID)) {
queryParameters.putSingle(AuditParameters.AUDIT_ID, q.getId().toString());
}
auditor.audit(queryParameters);
} catch (IllegalArgumentException e) {
log.error("Error validating audit parameters", e);
BadRequestQueryException qe = new BadRequestQueryException(DatawaveErrorCode.MISSING_REQUIRED_PARAMETER, e);
response.addException(qe);
throw new BadRequestException(qe, response);
} catch (Exception e) {
QueryException qe = new QueryException(DatawaveErrorCode.QUERY_AUDITING_ERROR, e);
log.error(qe, e);
response.addException(qe.getBottomQueryException());
throw e;
}
}
}
// update the actual running query
updateQueryParams(q, queryLogicName, query, beginDate, endDate, queryAuthorizations, expirationDate, pagesize, pageTimeout, maxResultsOverride, parameters);
// update the persistenceMode post audit
if (persistenceMode != null) {
switch(persistenceMode) {
case PERSISTENT:
persister.update(q);
break;
case TRANSIENT:
persister.remove(q);
break;
}
}
// Put in the cache by id
queryCache.put(q.getId().toString(), runningQuery);
}
use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.
the class QueryExecutorBean method execute.
/**
* @param logicName
* @param queryParameters
*
* @return {@code datawave.webservice.result.GenericResponse<String>}
* @RequestHeader X-ProxiedEntitiesChain use when proxying request for user, by specifying a chain of DNs of the identities to proxy
* @RequestHeader X-ProxiedIssuersChain required when using X-ProxiedEntitiesChain, specify one issuer DN per subject DN listed in X-ProxiedEntitiesChain
* @ResponseHeader query-session-id this header and value will be in the Set-Cookie header, subsequent calls for this session will need to supply the
* query-session-id header in the request in a Cookie header or as a query parameter
* @ResponseHeader X-OperationTimeInMS time spent on the server performing the operation, does not account for network or result serialization
* @ResponseHeader X-Partial-Results true if the page contains less than the requested number of results
*
* @HTTP 200 success
* @HTTP 204 success and no results
* @HTTP 400 invalid or missing parameter
* @HTTP 500 internal server error
*/
@POST
@Produces("*/*")
@Path("/{logicName}/execute")
@GZIP
@Interceptors({ ResponseInterceptor.class, RequiredInterceptor.class })
@TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)
@Override
@Timed(name = "dw.query.executeQuery", absolute = true)
public StreamingOutput execute(@PathParam("logicName") String logicName, MultivaluedMap<String, String> queryParameters, @Context HttpHeaders httpHeaders) {
/**
* This method captures the metrics on the query instead of doing it in the QueryMetricsEnrichmentInterceptor. The ExecuteStreamingOutputResponse class
* is returned from this method and executed in the JAX-RS layer. It updates the metrics which are then updated on each call to the _next method.
*/
Collection<String> proxyServers = null;
Principal p = ctx.getCallerPrincipal();
DatawavePrincipal dp;
if (p instanceof DatawavePrincipal) {
dp = (DatawavePrincipal) p;
proxyServers = dp.getProxyServers();
}
final MediaType PB_MEDIA_TYPE = new MediaType("application", "x-protobuf");
final MediaType YAML_MEDIA_TYPE = new MediaType("application", "x-yaml");
final VoidResponse response = new VoidResponse();
// HttpHeaders.getAcceptableMediaTypes returns a priority sorted list of acceptable response types.
// Find the first one in the list that we support.
MediaType responseType = null;
for (MediaType type : httpHeaders.getAcceptableMediaTypes()) {
if (type.equals(MediaType.APPLICATION_XML_TYPE) || type.equals(MediaType.APPLICATION_JSON_TYPE) || type.equals(PB_MEDIA_TYPE) || type.equals(YAML_MEDIA_TYPE)) {
responseType = type;
break;
}
}
if (null == responseType) {
QueryException qe = new QueryException(DatawaveErrorCode.UNSUPPORTED_MEDIA_TYPE);
response.setHasResults(false);
response.addException(qe);
throw new DatawaveWebApplicationException(qe, response, MediaType.APPLICATION_XML_TYPE);
}
// reference query necessary to avoid NPEs in getting the Transformer and BaseResponse
Query q = new QueryImpl();
Date now = new Date();
q.setBeginDate(now);
q.setEndDate(now);
q.setExpirationDate(now);
q.setQuery("test");
q.setQueryAuthorizations("ALL");
ResultsPage emptyList = new ResultsPage();
// Find the response class
Class<?> responseClass;
try {
QueryLogic<?> l = queryLogicFactory.getQueryLogic(logicName, p);
QueryLogicTransformer t = l.getTransformer(q);
BaseResponse refResponse = t.createResponse(emptyList);
responseClass = refResponse.getClass();
} catch (Exception e) {
QueryException qe = new QueryException(DatawaveErrorCode.QUERY_TRANSFORM_ERROR, e);
log.error(qe, e);
response.setHasResults(false);
response.addException(qe.getBottomQueryException());
int statusCode = qe.getBottomQueryException().getStatusCode();
throw new DatawaveWebApplicationException(qe, response, statusCode, MediaType.APPLICATION_XML_TYPE);
}
SerializationType s;
if (responseType.equals(MediaType.APPLICATION_XML_TYPE)) {
s = SerializationType.XML;
} else if (responseType.equals(MediaType.APPLICATION_JSON_TYPE)) {
s = SerializationType.JSON;
} else if (responseType.equals(PB_MEDIA_TYPE)) {
if (!(Message.class.isAssignableFrom(responseClass))) {
QueryException qe = new QueryException(DatawaveErrorCode.BAD_RESPONSE_CLASS, MessageFormat.format("Response class: {0}", responseClass));
response.setHasResults(false);
response.addException(qe);
throw new DatawaveWebApplicationException(qe, response, MediaType.APPLICATION_XML_TYPE);
}
s = SerializationType.PB;
} else if (responseType.equals(YAML_MEDIA_TYPE)) {
if (!(Message.class.isAssignableFrom(responseClass))) {
QueryException qe = new QueryException(DatawaveErrorCode.BAD_RESPONSE_CLASS, MessageFormat.format("Response class: {0}", responseClass));
response.setHasResults(false);
response.addException(qe);
throw new DatawaveWebApplicationException(qe, response, MediaType.APPLICATION_XML_TYPE);
}
s = SerializationType.YAML;
} else {
QueryException qe = new QueryException(DatawaveErrorCode.INVALID_FORMAT, MessageFormat.format("format: {0}", responseType.toString()));
response.setHasResults(false);
response.addException(qe);
throw new DatawaveWebApplicationException(qe, response, MediaType.APPLICATION_XML_TYPE);
}
long start = System.nanoTime();
GenericResponse<String> createResponse = null;
try {
createResponse = this.createQuery(logicName, queryParameters, httpHeaders);
} catch (Throwable t) {
if (t instanceof DatawaveWebApplicationException) {
QueryException qe = (QueryException) ((DatawaveWebApplicationException) t).getCause();
response.setHasResults(false);
response.addException(qe.getBottomQueryException());
int statusCode = qe.getBottomQueryException().getStatusCode();
throw new DatawaveWebApplicationException(qe, response, statusCode, MediaType.APPLICATION_XML_TYPE);
} else {
throw t;
}
}
long createCallTime = TimeUnit.NANOSECONDS.toMillis(System.nanoTime() - start);
final String queryId = createResponse.getResult();
// We created the query and put into cache, get the RunningQuery object
final RunningQuery rq = queryCache.get(queryId);
rq.getMetric().setCreateCallTime(createCallTime);
final Collection<String> proxies = proxyServers;
final SerializationType serializationType = s;
final Class<?> queryResponseClass = responseClass;
return new ExecuteStreamingOutputResponse(queryId, queryResponseClass, response, rq, serializationType, proxies);
}
use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.
the class CompositeQueryLogicTest method testCanRunQueryLogic2.
@Test
public void testCanRunQueryLogic2() throws Exception {
List<BaseQueryLogic<?>> logics = new ArrayList<>();
TestQueryLogic logic1 = new TestQueryLogic();
HashSet<String> roles = new HashSet<>();
roles.add("TESTROLE");
logic1.setRoleManager(new DatawaveRoleManager(roles));
TestQueryLogic2 logic2 = new TestQueryLogic2();
HashSet<String> roles2 = new HashSet<>();
roles2.add("NONTESTROLE");
logic2.setRoleManager(new DatawaveRoleManager(roles2));
logics.add(logic1);
logics.add(logic2);
CompositeQueryLogic c = new CompositeQueryLogic();
c.setQueryLogics(logics);
DatawaveUser u = new DatawaveUser(SubjectIssuerDNPair.of("CN=Other User Name ouser, OU=acme", "CN=ca, OU=acme"), UserType.USER, null, Collections.singleton("TESTROLE"), null, 0L);
DatawavePrincipal p = new DatawavePrincipal(Collections.singletonList(u));
Assert.assertTrue(c.canRunQuery(p));
Assert.assertEquals(1, c.getQueryLogics().size());
}
use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.
the class CompositeQueryLogicTest method testCannotRunQueryLogic2.
@Test
public void testCannotRunQueryLogic2() throws Exception {
List<BaseQueryLogic<?>> logics = new ArrayList<>();
TestQueryLogic logic1 = new TestQueryLogic();
HashSet<String> roles = new HashSet<>();
roles.add("NONTESTROLE");
logic1.setRoleManager(new DatawaveRoleManager(roles));
TestQueryLogic2 logic2 = new TestQueryLogic2();
HashSet<String> roles2 = new HashSet<>();
roles2.add("NONTESTROLE");
logic2.setRoleManager(new DatawaveRoleManager(roles2));
logics.add(logic1);
logics.add(logic2);
CompositeQueryLogic c = new CompositeQueryLogic();
c.setQueryLogics(logics);
DatawaveUser u = new DatawaveUser(SubjectIssuerDNPair.of("CN=Other User Name ouser, OU=acme", "CN=ca, OU=acme"), UserType.USER, null, Collections.singleton("TESTROLE"), null, 0L);
DatawavePrincipal p = new DatawavePrincipal(Collections.singletonList(u));
Assert.assertFalse(c.canRunQuery(p));
Assert.assertEquals(0, c.getQueryLogics().size());
}
use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.
the class QueryExecutorBean method getQueryByName.
private List<RunningQuery> getQueryByName(String name) throws Exception {
// Find out who/what called this method
Principal p = ctx.getCallerPrincipal();
String userid = p.getName();
if (p instanceof DatawavePrincipal) {
DatawavePrincipal dp = (DatawavePrincipal) p;
userid = dp.getShortName();
}
log.trace(userid + " has authorizations " + ((p instanceof DatawavePrincipal) ? ((DatawavePrincipal) p).getAuthorizations() : ""));
List<RunningQuery> results = new ArrayList<>();
List<Query> queries = persister.findByName(name);
if (null == queries)
throw new NotFoundQueryException(DatawaveErrorCode.NO_QUERY_OBJECT_MATCH);
for (Query q : queries) {
// never get back other people queries. Leaving for now just in case the persister changes.
if (!q.getOwner().equals(userid)) {
throw new UnauthorizedQueryException(DatawaveErrorCode.QUERY_OWNER_MISMATCH, MessageFormat.format("{0} != {1}", userid, q.getOwner()));
}
// will throw IllegalArgumentException if not defined
QueryLogic<?> logic = queryLogicFactory.getQueryLogic(q.getQueryLogicName(), p);
AccumuloConnectionFactory.Priority priority = logic.getConnectionPriority();
RunningQuery query = new RunningQuery(metrics, null, priority, logic, q, q.getQueryAuthorizations(), p, new RunningQueryTimingImpl(queryExpirationConf, qp.getPageTimeout()), this.executor, this.predictor, this.metricFactory);
results.add(query);
// Put in the cache by id if its not already in the cache.
if (!queryCache.containsKey(q.getId().toString()))
queryCache.put(q.getId().toString(), query);
}
return results;
}
Aggregations