Search in sources :

Example 21 with DatawavePrincipal

use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.

the class QueryExecutorBean method updateQuery.

private void updateQuery(GenericResponse<String> response, RunningQuery runningQuery, String queryLogicName, String query, Date beginDate, Date endDate, String queryAuthorizations, Date expirationDate, Integer pagesize, Integer pageTimeout, Long maxResultsOverride, QueryPersistence persistenceMode, String parameters) throws Exception {
    // Find out who/what called this method
    Principal p = ctx.getCallerPrincipal();
    String userid = p.getName();
    Collection<Collection<String>> cbAuths = new HashSet<>();
    if (p instanceof DatawavePrincipal) {
        DatawavePrincipal dp = (DatawavePrincipal) p;
        userid = dp.getShortName();
        cbAuths.addAll(dp.getAuthorizations());
    }
    log.trace(userid + " has authorizations " + cbAuths);
    Query q = runningQuery.getSettings();
    // validate persistence mode first
    if (persistenceMode != null) {
        switch(persistenceMode) {
            case PERSISTENT:
                if (q.getQueryName() == null)
                    throw new BadRequestQueryException(DatawaveErrorCode.QUERY_NAME_REQUIRED);
                break;
            case TRANSIENT:
                break;
            default:
                throw new BadRequestQueryException(DatawaveErrorCode.UNKNOWN_PERSISTENCE_MODE, MessageFormat.format("Mode = {0}", persistenceMode));
        }
    }
    // test for any auditable updates
    if (query != null || beginDate != null || endDate != null || queryAuthorizations != null) {
        // must clone/audit attempt first
        Query duplicate = q.duplicate(q.getQueryName());
        duplicate.setId(q.getId());
        updateQueryParams(duplicate, queryLogicName, query, beginDate, endDate, queryAuthorizations, expirationDate, pagesize, pageTimeout, maxResultsOverride, parameters);
        // Fire off an audit prior to updating
        AuditType auditType = runningQuery.getLogic().getAuditType(runningQuery.getSettings());
        if (!auditType.equals(AuditType.NONE)) {
            try {
                MultivaluedMap<String, String> queryParameters = new MultivaluedMapImpl<>();
                queryParameters.putAll(duplicate.toMap());
                // if the user didn't set an audit id, use the query id
                if (!queryParameters.containsKey(AuditParameters.AUDIT_ID)) {
                    queryParameters.putSingle(AuditParameters.AUDIT_ID, q.getId().toString());
                }
                auditor.audit(queryParameters);
            } catch (IllegalArgumentException e) {
                log.error("Error validating audit parameters", e);
                BadRequestQueryException qe = new BadRequestQueryException(DatawaveErrorCode.MISSING_REQUIRED_PARAMETER, e);
                response.addException(qe);
                throw new BadRequestException(qe, response);
            } catch (Exception e) {
                QueryException qe = new QueryException(DatawaveErrorCode.QUERY_AUDITING_ERROR, e);
                log.error(qe, e);
                response.addException(qe.getBottomQueryException());
                throw e;
            }
        }
    }
    // update the actual running query
    updateQueryParams(q, queryLogicName, query, beginDate, endDate, queryAuthorizations, expirationDate, pagesize, pageTimeout, maxResultsOverride, parameters);
    // update the persistenceMode post audit
    if (persistenceMode != null) {
        switch(persistenceMode) {
            case PERSISTENT:
                persister.update(q);
                break;
            case TRANSIENT:
                persister.remove(q);
                break;
        }
    }
    // Put in the cache by id
    queryCache.put(q.getId().toString(), runningQuery);
}
Also used : Query(datawave.webservice.query.Query) BadRequestQueryException(datawave.webservice.query.exception.BadRequestQueryException) AuditType(datawave.webservice.common.audit.Auditor.AuditType) MultivaluedMapImpl(org.jboss.resteasy.specimpl.MultivaluedMapImpl) DatawavePrincipal(datawave.security.authorization.DatawavePrincipal) DatawaveWebApplicationException(datawave.webservice.common.exception.DatawaveWebApplicationException) CancellationException(java.util.concurrent.CancellationException) PreConditionFailedQueryException(datawave.webservice.query.exception.PreConditionFailedQueryException) WebApplicationException(javax.ws.rs.WebApplicationException) HeuristicMixedException(javax.transaction.HeuristicMixedException) NotFoundQueryException(datawave.webservice.query.exception.NotFoundQueryException) NoResultsQueryException(datawave.webservice.query.exception.NoResultsQueryException) IOException(java.io.IOException) QueryException(datawave.webservice.query.exception.QueryException) BadRequestException(datawave.webservice.common.exception.BadRequestException) HeuristicRollbackException(javax.transaction.HeuristicRollbackException) UnauthorizedQueryException(datawave.webservice.query.exception.UnauthorizedQueryException) JAXBException(javax.xml.bind.JAXBException) UnauthorizedException(datawave.webservice.common.exception.UnauthorizedException) NoResultsException(datawave.webservice.common.exception.NoResultsException) RejectedExecutionException(java.util.concurrent.RejectedExecutionException) RollbackException(javax.transaction.RollbackException) BadRequestQueryException(datawave.webservice.query.exception.BadRequestQueryException) PreConditionFailedQueryException(datawave.webservice.query.exception.PreConditionFailedQueryException) NotFoundQueryException(datawave.webservice.query.exception.NotFoundQueryException) NoResultsQueryException(datawave.webservice.query.exception.NoResultsQueryException) QueryException(datawave.webservice.query.exception.QueryException) UnauthorizedQueryException(datawave.webservice.query.exception.UnauthorizedQueryException) BadRequestQueryException(datawave.webservice.query.exception.BadRequestQueryException) Collection(java.util.Collection) BadRequestException(datawave.webservice.common.exception.BadRequestException) Principal(java.security.Principal) DatawavePrincipal(datawave.security.authorization.DatawavePrincipal) HashSet(java.util.HashSet)

Example 22 with DatawavePrincipal

use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.

the class QueryExecutorBean method execute.

/**
 * @param logicName
 * @param queryParameters
 *
 * @return {@code datawave.webservice.result.GenericResponse<String>}
 * @RequestHeader X-ProxiedEntitiesChain use when proxying request for user, by specifying a chain of DNs of the identities to proxy
 * @RequestHeader X-ProxiedIssuersChain required when using X-ProxiedEntitiesChain, specify one issuer DN per subject DN listed in X-ProxiedEntitiesChain
 * @ResponseHeader query-session-id this header and value will be in the Set-Cookie header, subsequent calls for this session will need to supply the
 *                 query-session-id header in the request in a Cookie header or as a query parameter
 * @ResponseHeader X-OperationTimeInMS time spent on the server performing the operation, does not account for network or result serialization
 * @ResponseHeader X-Partial-Results true if the page contains less than the requested number of results
 *
 * @HTTP 200 success
 * @HTTP 204 success and no results
 * @HTTP 400 invalid or missing parameter
 * @HTTP 500 internal server error
 */
@POST
@Produces("*/*")
@Path("/{logicName}/execute")
@GZIP
@Interceptors({ ResponseInterceptor.class, RequiredInterceptor.class })
@TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)
@Override
@Timed(name = "dw.query.executeQuery", absolute = true)
public StreamingOutput execute(@PathParam("logicName") String logicName, MultivaluedMap<String, String> queryParameters, @Context HttpHeaders httpHeaders) {
    /**
     * This method captures the metrics on the query instead of doing it in the QueryMetricsEnrichmentInterceptor. The ExecuteStreamingOutputResponse class
     * is returned from this method and executed in the JAX-RS layer. It updates the metrics which are then updated on each call to the _next method.
     */
    Collection<String> proxyServers = null;
    Principal p = ctx.getCallerPrincipal();
    DatawavePrincipal dp;
    if (p instanceof DatawavePrincipal) {
        dp = (DatawavePrincipal) p;
        proxyServers = dp.getProxyServers();
    }
    final MediaType PB_MEDIA_TYPE = new MediaType("application", "x-protobuf");
    final MediaType YAML_MEDIA_TYPE = new MediaType("application", "x-yaml");
    final VoidResponse response = new VoidResponse();
    // HttpHeaders.getAcceptableMediaTypes returns a priority sorted list of acceptable response types.
    // Find the first one in the list that we support.
    MediaType responseType = null;
    for (MediaType type : httpHeaders.getAcceptableMediaTypes()) {
        if (type.equals(MediaType.APPLICATION_XML_TYPE) || type.equals(MediaType.APPLICATION_JSON_TYPE) || type.equals(PB_MEDIA_TYPE) || type.equals(YAML_MEDIA_TYPE)) {
            responseType = type;
            break;
        }
    }
    if (null == responseType) {
        QueryException qe = new QueryException(DatawaveErrorCode.UNSUPPORTED_MEDIA_TYPE);
        response.setHasResults(false);
        response.addException(qe);
        throw new DatawaveWebApplicationException(qe, response, MediaType.APPLICATION_XML_TYPE);
    }
    // reference query necessary to avoid NPEs in getting the Transformer and BaseResponse
    Query q = new QueryImpl();
    Date now = new Date();
    q.setBeginDate(now);
    q.setEndDate(now);
    q.setExpirationDate(now);
    q.setQuery("test");
    q.setQueryAuthorizations("ALL");
    ResultsPage emptyList = new ResultsPage();
    // Find the response class
    Class<?> responseClass;
    try {
        QueryLogic<?> l = queryLogicFactory.getQueryLogic(logicName, p);
        QueryLogicTransformer t = l.getTransformer(q);
        BaseResponse refResponse = t.createResponse(emptyList);
        responseClass = refResponse.getClass();
    } catch (Exception e) {
        QueryException qe = new QueryException(DatawaveErrorCode.QUERY_TRANSFORM_ERROR, e);
        log.error(qe, e);
        response.setHasResults(false);
        response.addException(qe.getBottomQueryException());
        int statusCode = qe.getBottomQueryException().getStatusCode();
        throw new DatawaveWebApplicationException(qe, response, statusCode, MediaType.APPLICATION_XML_TYPE);
    }
    SerializationType s;
    if (responseType.equals(MediaType.APPLICATION_XML_TYPE)) {
        s = SerializationType.XML;
    } else if (responseType.equals(MediaType.APPLICATION_JSON_TYPE)) {
        s = SerializationType.JSON;
    } else if (responseType.equals(PB_MEDIA_TYPE)) {
        if (!(Message.class.isAssignableFrom(responseClass))) {
            QueryException qe = new QueryException(DatawaveErrorCode.BAD_RESPONSE_CLASS, MessageFormat.format("Response  class: {0}", responseClass));
            response.setHasResults(false);
            response.addException(qe);
            throw new DatawaveWebApplicationException(qe, response, MediaType.APPLICATION_XML_TYPE);
        }
        s = SerializationType.PB;
    } else if (responseType.equals(YAML_MEDIA_TYPE)) {
        if (!(Message.class.isAssignableFrom(responseClass))) {
            QueryException qe = new QueryException(DatawaveErrorCode.BAD_RESPONSE_CLASS, MessageFormat.format("Response  class: {0}", responseClass));
            response.setHasResults(false);
            response.addException(qe);
            throw new DatawaveWebApplicationException(qe, response, MediaType.APPLICATION_XML_TYPE);
        }
        s = SerializationType.YAML;
    } else {
        QueryException qe = new QueryException(DatawaveErrorCode.INVALID_FORMAT, MessageFormat.format("format: {0}", responseType.toString()));
        response.setHasResults(false);
        response.addException(qe);
        throw new DatawaveWebApplicationException(qe, response, MediaType.APPLICATION_XML_TYPE);
    }
    long start = System.nanoTime();
    GenericResponse<String> createResponse = null;
    try {
        createResponse = this.createQuery(logicName, queryParameters, httpHeaders);
    } catch (Throwable t) {
        if (t instanceof DatawaveWebApplicationException) {
            QueryException qe = (QueryException) ((DatawaveWebApplicationException) t).getCause();
            response.setHasResults(false);
            response.addException(qe.getBottomQueryException());
            int statusCode = qe.getBottomQueryException().getStatusCode();
            throw new DatawaveWebApplicationException(qe, response, statusCode, MediaType.APPLICATION_XML_TYPE);
        } else {
            throw t;
        }
    }
    long createCallTime = TimeUnit.NANOSECONDS.toMillis(System.nanoTime() - start);
    final String queryId = createResponse.getResult();
    // We created the query and put into cache, get the RunningQuery object
    final RunningQuery rq = queryCache.get(queryId);
    rq.getMetric().setCreateCallTime(createCallTime);
    final Collection<String> proxies = proxyServers;
    final SerializationType serializationType = s;
    final Class<?> queryResponseClass = responseClass;
    return new ExecuteStreamingOutputResponse(queryId, queryResponseClass, response, rq, serializationType, proxies);
}
Also used : Query(datawave.webservice.query.Query) Message(io.protostuff.Message) ResultsPage(datawave.webservice.query.cache.ResultsPage) QueryLogicTransformer(datawave.webservice.query.logic.QueryLogicTransformer) DatawavePrincipal(datawave.security.authorization.DatawavePrincipal) Date(java.util.Date) DatawaveWebApplicationException(datawave.webservice.common.exception.DatawaveWebApplicationException) CancellationException(java.util.concurrent.CancellationException) PreConditionFailedQueryException(datawave.webservice.query.exception.PreConditionFailedQueryException) WebApplicationException(javax.ws.rs.WebApplicationException) HeuristicMixedException(javax.transaction.HeuristicMixedException) NotFoundQueryException(datawave.webservice.query.exception.NotFoundQueryException) NoResultsQueryException(datawave.webservice.query.exception.NoResultsQueryException) IOException(java.io.IOException) QueryException(datawave.webservice.query.exception.QueryException) BadRequestException(datawave.webservice.common.exception.BadRequestException) HeuristicRollbackException(javax.transaction.HeuristicRollbackException) UnauthorizedQueryException(datawave.webservice.query.exception.UnauthorizedQueryException) JAXBException(javax.xml.bind.JAXBException) UnauthorizedException(datawave.webservice.common.exception.UnauthorizedException) NoResultsException(datawave.webservice.common.exception.NoResultsException) RejectedExecutionException(java.util.concurrent.RejectedExecutionException) RollbackException(javax.transaction.RollbackException) BadRequestQueryException(datawave.webservice.query.exception.BadRequestQueryException) BaseResponse(datawave.webservice.result.BaseResponse) PreConditionFailedQueryException(datawave.webservice.query.exception.PreConditionFailedQueryException) NotFoundQueryException(datawave.webservice.query.exception.NotFoundQueryException) NoResultsQueryException(datawave.webservice.query.exception.NoResultsQueryException) QueryException(datawave.webservice.query.exception.QueryException) UnauthorizedQueryException(datawave.webservice.query.exception.UnauthorizedQueryException) BadRequestQueryException(datawave.webservice.query.exception.BadRequestQueryException) QueryImpl(datawave.webservice.query.QueryImpl) VoidResponse(datawave.webservice.result.VoidResponse) MediaType(javax.ws.rs.core.MediaType) DatawaveWebApplicationException(datawave.webservice.common.exception.DatawaveWebApplicationException) Principal(java.security.Principal) DatawavePrincipal(datawave.security.authorization.DatawavePrincipal) Path(javax.ws.rs.Path) Interceptors(javax.interceptor.Interceptors) TransactionAttribute(javax.ejb.TransactionAttribute) POST(javax.ws.rs.POST) Produces(javax.ws.rs.Produces) Timed(com.codahale.metrics.annotation.Timed) GZIP(org.jboss.resteasy.annotations.GZIP)

Example 23 with DatawavePrincipal

use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.

the class CompositeQueryLogicTest method testCanRunQueryLogic2.

@Test
public void testCanRunQueryLogic2() throws Exception {
    List<BaseQueryLogic<?>> logics = new ArrayList<>();
    TestQueryLogic logic1 = new TestQueryLogic();
    HashSet<String> roles = new HashSet<>();
    roles.add("TESTROLE");
    logic1.setRoleManager(new DatawaveRoleManager(roles));
    TestQueryLogic2 logic2 = new TestQueryLogic2();
    HashSet<String> roles2 = new HashSet<>();
    roles2.add("NONTESTROLE");
    logic2.setRoleManager(new DatawaveRoleManager(roles2));
    logics.add(logic1);
    logics.add(logic2);
    CompositeQueryLogic c = new CompositeQueryLogic();
    c.setQueryLogics(logics);
    DatawaveUser u = new DatawaveUser(SubjectIssuerDNPair.of("CN=Other User Name ouser, OU=acme", "CN=ca, OU=acme"), UserType.USER, null, Collections.singleton("TESTROLE"), null, 0L);
    DatawavePrincipal p = new DatawavePrincipal(Collections.singletonList(u));
    Assert.assertTrue(c.canRunQuery(p));
    Assert.assertEquals(1, c.getQueryLogics().size());
}
Also used : DatawaveUser(datawave.security.authorization.DatawaveUser) ArrayList(java.util.ArrayList) DatawaveRoleManager(datawave.webservice.query.logic.DatawaveRoleManager) BaseQueryLogic(datawave.webservice.query.logic.BaseQueryLogic) DatawavePrincipal(datawave.security.authorization.DatawavePrincipal) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 24 with DatawavePrincipal

use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.

the class CompositeQueryLogicTest method testCannotRunQueryLogic2.

@Test
public void testCannotRunQueryLogic2() throws Exception {
    List<BaseQueryLogic<?>> logics = new ArrayList<>();
    TestQueryLogic logic1 = new TestQueryLogic();
    HashSet<String> roles = new HashSet<>();
    roles.add("NONTESTROLE");
    logic1.setRoleManager(new DatawaveRoleManager(roles));
    TestQueryLogic2 logic2 = new TestQueryLogic2();
    HashSet<String> roles2 = new HashSet<>();
    roles2.add("NONTESTROLE");
    logic2.setRoleManager(new DatawaveRoleManager(roles2));
    logics.add(logic1);
    logics.add(logic2);
    CompositeQueryLogic c = new CompositeQueryLogic();
    c.setQueryLogics(logics);
    DatawaveUser u = new DatawaveUser(SubjectIssuerDNPair.of("CN=Other User Name ouser, OU=acme", "CN=ca, OU=acme"), UserType.USER, null, Collections.singleton("TESTROLE"), null, 0L);
    DatawavePrincipal p = new DatawavePrincipal(Collections.singletonList(u));
    Assert.assertFalse(c.canRunQuery(p));
    Assert.assertEquals(0, c.getQueryLogics().size());
}
Also used : DatawaveUser(datawave.security.authorization.DatawaveUser) ArrayList(java.util.ArrayList) DatawaveRoleManager(datawave.webservice.query.logic.DatawaveRoleManager) BaseQueryLogic(datawave.webservice.query.logic.BaseQueryLogic) DatawavePrincipal(datawave.security.authorization.DatawavePrincipal) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 25 with DatawavePrincipal

use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.

the class QueryExecutorBean method getQueryByName.

private List<RunningQuery> getQueryByName(String name) throws Exception {
    // Find out who/what called this method
    Principal p = ctx.getCallerPrincipal();
    String userid = p.getName();
    if (p instanceof DatawavePrincipal) {
        DatawavePrincipal dp = (DatawavePrincipal) p;
        userid = dp.getShortName();
    }
    log.trace(userid + " has authorizations " + ((p instanceof DatawavePrincipal) ? ((DatawavePrincipal) p).getAuthorizations() : ""));
    List<RunningQuery> results = new ArrayList<>();
    List<Query> queries = persister.findByName(name);
    if (null == queries)
        throw new NotFoundQueryException(DatawaveErrorCode.NO_QUERY_OBJECT_MATCH);
    for (Query q : queries) {
        // never get back other people queries. Leaving for now just in case the persister changes.
        if (!q.getOwner().equals(userid)) {
            throw new UnauthorizedQueryException(DatawaveErrorCode.QUERY_OWNER_MISMATCH, MessageFormat.format("{0} != {1}", userid, q.getOwner()));
        }
        // will throw IllegalArgumentException if not defined
        QueryLogic<?> logic = queryLogicFactory.getQueryLogic(q.getQueryLogicName(), p);
        AccumuloConnectionFactory.Priority priority = logic.getConnectionPriority();
        RunningQuery query = new RunningQuery(metrics, null, priority, logic, q, q.getQueryAuthorizations(), p, new RunningQueryTimingImpl(queryExpirationConf, qp.getPageTimeout()), this.executor, this.predictor, this.metricFactory);
        results.add(query);
        // Put in the cache by id if its not already in the cache.
        if (!queryCache.containsKey(q.getId().toString()))
            queryCache.put(q.getId().toString(), query);
    }
    return results;
}
Also used : Query(datawave.webservice.query.Query) ArrayList(java.util.ArrayList) DatawavePrincipal(datawave.security.authorization.DatawavePrincipal) NotFoundQueryException(datawave.webservice.query.exception.NotFoundQueryException) UnauthorizedQueryException(datawave.webservice.query.exception.UnauthorizedQueryException) AccumuloConnectionFactory(datawave.webservice.common.connection.AccumuloConnectionFactory) Principal(java.security.Principal) DatawavePrincipal(datawave.security.authorization.DatawavePrincipal) RunningQueryTimingImpl(datawave.webservice.query.cache.RunningQueryTimingImpl)

Aggregations

DatawavePrincipal (datawave.security.authorization.DatawavePrincipal)93 DatawaveUser (datawave.security.authorization.DatawaveUser)41 Principal (java.security.Principal)37 HashSet (java.util.HashSet)33 Test (org.junit.Test)29 QueryException (datawave.webservice.query.exception.QueryException)24 Connector (org.apache.accumulo.core.client.Connector)23 IOException (java.io.IOException)19 DatawaveWebApplicationException (datawave.webservice.common.exception.DatawaveWebApplicationException)18 NotFoundQueryException (datawave.webservice.query.exception.NotFoundQueryException)18 Authorizations (org.apache.accumulo.core.security.Authorizations)17 Query (datawave.webservice.query.Query)16 UnauthorizedQueryException (datawave.webservice.query.exception.UnauthorizedQueryException)15 NoResultsException (datawave.webservice.common.exception.NoResultsException)13 ArrayList (java.util.ArrayList)13 Path (javax.ws.rs.Path)13 Produces (javax.ws.rs.Produces)13 SubjectIssuerDNPair (datawave.security.authorization.SubjectIssuerDNPair)12 WebApplicationException (javax.ws.rs.WebApplicationException)12 BadRequestException (datawave.webservice.common.exception.BadRequestException)11