Examples with DatawavePrincipal datawave.security.authorization.DatawavePrincipal used on opensource projects

Example 21 with DatawavePrincipal

use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.

the class QueryExecutorBean method updateQuery.

private void updateQuery(GenericResponse<String> response, RunningQuery runningQuery, String queryLogicName, String query, Date beginDate, Date endDate, String queryAuthorizations, Date expirationDate, Integer pagesize, Integer pageTimeout, Long maxResultsOverride, QueryPersistence persistenceMode, String parameters) throws Exception {
    // Find out who/what called this method
    Principal p = ctx.getCallerPrincipal();
    String userid = p.getName();
    Collection<Collection<String>> cbAuths = new HashSet<>();
    if (p instanceof DatawavePrincipal) {
        DatawavePrincipal dp = (DatawavePrincipal) p;
        userid = dp.getShortName();
        cbAuths.addAll(dp.getAuthorizations());
    }
    log.trace(userid + " has authorizations " + cbAuths);
    Query q = runningQuery.getSettings();
    // validate persistence mode first
    if (persistenceMode != null) {
        switch(persistenceMode) {
            case PERSISTENT:
                if (q.getQueryName() == null)
                    throw new BadRequestQueryException(DatawaveErrorCode.QUERY_NAME_REQUIRED);
                break;
            case TRANSIENT:
                break;
            default:
                throw new BadRequestQueryException(DatawaveErrorCode.UNKNOWN_PERSISTENCE_MODE, MessageFormat.format("Mode = {0}", persistenceMode));
        }
    }
    // test for any auditable updates
    if (query != null || beginDate != null || endDate != null || queryAuthorizations != null) {
        // must clone/audit attempt first
        Query duplicate = q.duplicate(q.getQueryName());
        duplicate.setId(q.getId());
        updateQueryParams(duplicate, queryLogicName, query, beginDate, endDate, queryAuthorizations, expirationDate, pagesize, pageTimeout, maxResultsOverride, parameters);
        // Fire off an audit prior to updating
        AuditType auditType = runningQuery.getLogic().getAuditType(runningQuery.getSettings());
        if (!auditType.equals(AuditType.NONE)) {
            try {
                MultivaluedMap<String, String> queryParameters = new MultivaluedMapImpl<>();
                queryParameters.putAll(duplicate.toMap());
                // if the user didn't set an audit id, use the query id
                if (!queryParameters.containsKey(AuditParameters.AUDIT_ID)) {
                    queryParameters.putSingle(AuditParameters.AUDIT_ID, q.getId().toString());
                }
                auditor.audit(queryParameters);
            } catch (IllegalArgumentException e) {
                log.error("Error validating audit parameters", e);
                BadRequestQueryException qe = new BadRequestQueryException(DatawaveErrorCode.MISSING_REQUIRED_PARAMETER, e);
                response.addException(qe);
                throw new BadRequestException(qe, response);
            } catch (Exception e) {
                QueryException qe = new QueryException(DatawaveErrorCode.QUERY_AUDITING_ERROR, e);
                log.error(qe, e);
                response.addException(qe.getBottomQueryException());
                throw e;
            }
        }
    }
    // update the actual running query
    updateQueryParams(q, queryLogicName, query, beginDate, endDate, queryAuthorizations, expirationDate, pagesize, pageTimeout, maxResultsOverride, parameters);
    // update the persistenceMode post audit
    if (persistenceMode != null) {
        switch(persistenceMode) {
            case PERSISTENT:
                persister.update(q);
                break;
            case TRANSIENT:
                persister.remove(q);
                break;
        }
    }
    // Put in the cache by id
    queryCache.put(q.getId().toString(), runningQuery);
}

Example 22 with DatawavePrincipal

use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.

the class QueryExecutorBean method execute.

/**
 * @param logicName
 * @param queryParameters
 *
 * @return {@code datawave.webservice.result.GenericResponse<String>}
 * @RequestHeader X-ProxiedEntitiesChain use when proxying request for user, by specifying a chain of DNs of the identities to proxy
 * @RequestHeader X-ProxiedIssuersChain required when using X-ProxiedEntitiesChain, specify one issuer DN per subject DN listed in X-ProxiedEntitiesChain
 * @ResponseHeader query-session-id this header and value will be in the Set-Cookie header, subsequent calls for this session will need to supply the
 *                 query-session-id header in the request in a Cookie header or as a query parameter
 * @ResponseHeader X-OperationTimeInMS time spent on the server performing the operation, does not account for network or result serialization
 * @ResponseHeader X-Partial-Results true if the page contains less than the requested number of results
 *
 * @HTTP 200 success
 * @HTTP 204 success and no results
 * @HTTP 400 invalid or missing parameter
 * @HTTP 500 internal server error
 */
@POST
@Produces("*/*")
@Path("/{logicName}/execute")
@GZIP
@Interceptors({ ResponseInterceptor.class, RequiredInterceptor.class })
@TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)
@Override
@Timed(name = "dw.query.executeQuery", absolute = true)
public StreamingOutput execute(@PathParam("logicName") String logicName, MultivaluedMap<String, String> queryParameters, @Context HttpHeaders httpHeaders) {
    /**
     * This method captures the metrics on the query instead of doing it in the QueryMetricsEnrichmentInterceptor. The ExecuteStreamingOutputResponse class
     * is returned from this method and executed in the JAX-RS layer. It updates the metrics which are then updated on each call to the _next method.
     */
    Collection<String> proxyServers = null;
    Principal p = ctx.getCallerPrincipal();
    DatawavePrincipal dp;
    if (p instanceof DatawavePrincipal) {
        dp = (DatawavePrincipal) p;
        proxyServers = dp.getProxyServers();
    }
    final MediaType PB_MEDIA_TYPE = new MediaType("application", "x-protobuf");
    final MediaType YAML_MEDIA_TYPE = new MediaType("application", "x-yaml");
    final VoidResponse response = new VoidResponse();
    // HttpHeaders.getAcceptableMediaTypes returns a priority sorted list of acceptable response types.
    // Find the first one in the list that we support.
    MediaType responseType = null;
    for (MediaType type : httpHeaders.getAcceptableMediaTypes()) {
        if (type.equals(MediaType.APPLICATION_XML_TYPE) || type.equals(MediaType.APPLICATION_JSON_TYPE) || type.equals(PB_MEDIA_TYPE) || type.equals(YAML_MEDIA_TYPE)) {
            responseType = type;
            break;
        }
    }
    if (null == responseType) {
        QueryException qe = new QueryException(DatawaveErrorCode.UNSUPPORTED_MEDIA_TYPE);
        response.setHasResults(false);
        response.addException(qe);
        throw new DatawaveWebApplicationException(qe, response, MediaType.APPLICATION_XML_TYPE);
    }
    // reference query necessary to avoid NPEs in getting the Transformer and BaseResponse
    Query q = new QueryImpl();
    Date now = new Date();
    q.setBeginDate(now);
    q.setEndDate(now);
    q.setExpirationDate(now);
    q.setQuery("test");
    q.setQueryAuthorizations("ALL");
    ResultsPage emptyList = new ResultsPage();
    // Find the response class
    Class<?> responseClass;
    try {
        QueryLogic<?> l = queryLogicFactory.getQueryLogic(logicName, p);
        QueryLogicTransformer t = l.getTransformer(q);
        BaseResponse refResponse = t.createResponse(emptyList);
        responseClass = refResponse.getClass();
    } catch (Exception e) {
        QueryException qe = new QueryException(DatawaveErrorCode.QUERY_TRANSFORM_ERROR, e);
        log.error(qe, e);
        response.setHasResults(false);
        response.addException(qe.getBottomQueryException());
        int statusCode = qe.getBottomQueryException().getStatusCode();
        throw new DatawaveWebApplicationException(qe, response, statusCode, MediaType.APPLICATION_XML_TYPE);
    }
    SerializationType s;
    if (responseType.equals(MediaType.APPLICATION_XML_TYPE)) {
        s = SerializationType.XML;
    } else if (responseType.equals(MediaType.APPLICATION_JSON_TYPE)) {
        s = SerializationType.JSON;
    } else if (responseType.equals(PB_MEDIA_TYPE)) {
        if (!(Message.class.isAssignableFrom(responseClass))) {
            QueryException qe = new QueryException(DatawaveErrorCode.BAD_RESPONSE_CLASS, MessageFormat.format("Response  class: {0}", responseClass));
            response.setHasResults(false);
            response.addException(qe);
            throw new DatawaveWebApplicationException(qe, response, MediaType.APPLICATION_XML_TYPE);
        }
        s = SerializationType.PB;
    } else if (responseType.equals(YAML_MEDIA_TYPE)) {
        if (!(Message.class.isAssignableFrom(responseClass))) {
            QueryException qe = new QueryException(DatawaveErrorCode.BAD_RESPONSE_CLASS, MessageFormat.format("Response  class: {0}", responseClass));
            response.setHasResults(false);
            response.addException(qe);
            throw new DatawaveWebApplicationException(qe, response, MediaType.APPLICATION_XML_TYPE);
        }
        s = SerializationType.YAML;
    } else {
        QueryException qe = new QueryException(DatawaveErrorCode.INVALID_FORMAT, MessageFormat.format("format: {0}", responseType.toString()));
        response.setHasResults(false);
        response.addException(qe);
        throw new DatawaveWebApplicationException(qe, response, MediaType.APPLICATION_XML_TYPE);
    }
    long start = System.nanoTime();
    GenericResponse<String> createResponse = null;
    try {
        createResponse = this.createQuery(logicName, queryParameters, httpHeaders);
    } catch (Throwable t) {
        if (t instanceof DatawaveWebApplicationException) {
            QueryException qe = (QueryException) ((DatawaveWebApplicationException) t).getCause();
            response.setHasResults(false);
            response.addException(qe.getBottomQueryException());
            int statusCode = qe.getBottomQueryException().getStatusCode();
            throw new DatawaveWebApplicationException(qe, response, statusCode, MediaType.APPLICATION_XML_TYPE);
        } else {
            throw t;
        }
    }
    long createCallTime = TimeUnit.NANOSECONDS.toMillis(System.nanoTime() - start);
    final String queryId = createResponse.getResult();
    // We created the query and put into cache, get the RunningQuery object
    final RunningQuery rq = queryCache.get(queryId);
    rq.getMetric().setCreateCallTime(createCallTime);
    final Collection<String> proxies = proxyServers;
    final SerializationType serializationType = s;
    final Class<?> queryResponseClass = responseClass;
    return new ExecuteStreamingOutputResponse(queryId, queryResponseClass, response, rq, serializationType, proxies);
}

Example 23 with DatawavePrincipal

use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.

the class CompositeQueryLogicTest method testCanRunQueryLogic2.

@Test
public void testCanRunQueryLogic2() throws Exception {
    List<BaseQueryLogic<?>> logics = new ArrayList<>();
    TestQueryLogic logic1 = new TestQueryLogic();
    HashSet<String> roles = new HashSet<>();
    roles.add("TESTROLE");
    logic1.setRoleManager(new DatawaveRoleManager(roles));
    TestQueryLogic2 logic2 = new TestQueryLogic2();
    HashSet<String> roles2 = new HashSet<>();
    roles2.add("NONTESTROLE");
    logic2.setRoleManager(new DatawaveRoleManager(roles2));
    logics.add(logic1);
    logics.add(logic2);
    CompositeQueryLogic c = new CompositeQueryLogic();
    c.setQueryLogics(logics);
    DatawaveUser u = new DatawaveUser(SubjectIssuerDNPair.of("CN=Other User Name ouser, OU=acme", "CN=ca, OU=acme"), UserType.USER, null, Collections.singleton("TESTROLE"), null, 0L);
    DatawavePrincipal p = new DatawavePrincipal(Collections.singletonList(u));
    Assert.assertTrue(c.canRunQuery(p));
    Assert.assertEquals(1, c.getQueryLogics().size());
}

Example 24 with DatawavePrincipal

use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.

the class CompositeQueryLogicTest method testCannotRunQueryLogic2.

@Test
public void testCannotRunQueryLogic2() throws Exception {
    List<BaseQueryLogic<?>> logics = new ArrayList<>();
    TestQueryLogic logic1 = new TestQueryLogic();
    HashSet<String> roles = new HashSet<>();
    roles.add("NONTESTROLE");
    logic1.setRoleManager(new DatawaveRoleManager(roles));
    TestQueryLogic2 logic2 = new TestQueryLogic2();
    HashSet<String> roles2 = new HashSet<>();
    roles2.add("NONTESTROLE");
    logic2.setRoleManager(new DatawaveRoleManager(roles2));
    logics.add(logic1);
    logics.add(logic2);
    CompositeQueryLogic c = new CompositeQueryLogic();
    c.setQueryLogics(logics);
    DatawaveUser u = new DatawaveUser(SubjectIssuerDNPair.of("CN=Other User Name ouser, OU=acme", "CN=ca, OU=acme"), UserType.USER, null, Collections.singleton("TESTROLE"), null, 0L);
    DatawavePrincipal p = new DatawavePrincipal(Collections.singletonList(u));
    Assert.assertFalse(c.canRunQuery(p));
    Assert.assertEquals(0, c.getQueryLogics().size());
}

Example 25 with DatawavePrincipal

use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.

the class QueryExecutorBean method getQueryByName.

private List<RunningQuery> getQueryByName(String name) throws Exception {
    // Find out who/what called this method
    Principal p = ctx.getCallerPrincipal();
    String userid = p.getName();
    if (p instanceof DatawavePrincipal) {
        DatawavePrincipal dp = (DatawavePrincipal) p;
        userid = dp.getShortName();
    }
    log.trace(userid + " has authorizations " + ((p instanceof DatawavePrincipal) ? ((DatawavePrincipal) p).getAuthorizations() : ""));
    List<RunningQuery> results = new ArrayList<>();
    List<Query> queries = persister.findByName(name);
    if (null == queries)
        throw new NotFoundQueryException(DatawaveErrorCode.NO_QUERY_OBJECT_MATCH);
    for (Query q : queries) {
        // never get back other people queries. Leaving for now just in case the persister changes.
        if (!q.getOwner().equals(userid)) {
            throw new UnauthorizedQueryException(DatawaveErrorCode.QUERY_OWNER_MISMATCH, MessageFormat.format("{0} != {1}", userid, q.getOwner()));
        }
        // will throw IllegalArgumentException if not defined
        QueryLogic<?> logic = queryLogicFactory.getQueryLogic(q.getQueryLogicName(), p);
        AccumuloConnectionFactory.Priority priority = logic.getConnectionPriority();
        RunningQuery query = new RunningQuery(metrics, null, priority, logic, q, q.getQueryAuthorizations(), p, new RunningQueryTimingImpl(queryExpirationConf, qp.getPageTimeout()), this.executor, this.predictor, this.metricFactory);
        results.add(query);
        // Put in the cache by id if its not already in the cache.
        if (!queryCache.containsKey(q.getId().toString()))
            queryCache.put(q.getId().toString(), query);
    }
    return results;
}