Example 31 with DatawavePrincipal
use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.
the class QueryLogicFactoryBeanTest method setup.
@Before
public void setup() throws IllegalArgumentException, IllegalAccessException {
System.setProperty(NpeUtils.NPE_OU_PROPERTY, "iamnotaperson");
System.setProperty("dw.metadatahelper.all.auths", "A,B,C,D");
Logger.getLogger(ClassPathXmlApplicationContext.class).setLevel(Level.OFF);
Logger.getLogger(XmlBeanDefinitionReader.class).setLevel(Level.OFF);
Logger.getLogger(DefaultListableBeanFactory.class).setLevel(Level.OFF);
ClassPathXmlApplicationContext queryFactory = new ClassPathXmlApplicationContext();
queryFactory.setConfigLocation("TestQueryLogicFactory.xml");
queryFactory.refresh();
factoryConfig = queryFactory.getBean(QueryLogicFactoryConfiguration.class.getSimpleName(), QueryLogicFactoryConfiguration.class);
Whitebox.setInternalState(bean, QueryLogicFactoryConfiguration.class, factoryConfig);
Whitebox.setInternalState(bean, ClassPathXmlApplicationContext.class, queryFactory);
ctx = createMock(EJBContext.class);
logic = createMockBuilder(BaseQueryLogic.class).addMockedMethods("setLogicName", "getMaxPageSize", "getPageByteTrigger").createMock();
DatawaveUser user = new DatawaveUser(SubjectIssuerDNPair.of("CN=Poe Edgar Allan eapoe, OU=acme", "<CN=ca, OU=acme>"), UserType.USER, null, null, null, 0L);
principal = new DatawavePrincipal(Collections.singletonList(user));
}
Also used :
EJBContext(javax.ejb.EJBContext)
ClassPathXmlApplicationContext(org.springframework.context.support.ClassPathXmlApplicationContext)
XmlBeanDefinitionReader(org.springframework.beans.factory.xml.XmlBeanDefinitionReader)
DatawaveUser(datawave.security.authorization.DatawaveUser)
DefaultListableBeanFactory(org.springframework.beans.factory.support.DefaultListableBeanFactory)
DatawavePrincipal(datawave.security.authorization.DatawavePrincipal)
Before(org.junit.Before)
Example 32 with DatawavePrincipal
use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.
the class MapReduceBean method ooziesubmit.
/**
* Execute a Oozie workflow with the given workFlow name and runtime parameters
*
* @param queryParameters
* @return
*/
@POST
@Produces({ "application/xml", "text/xml", "application/json", "text/yaml", "text/x-yaml", "application/x-yaml", "application/x-protobuf", "application/x-protostuff" })
@javax.ws.rs.Path("/ooziesubmit")
@GZIP
public GenericResponse<String> ooziesubmit(MultivaluedMap<String, String> queryParameters) {
GenericResponse<String> response = new GenericResponse<>();
String workFlow = queryParameters.getFirst(OozieJobConstants.WORKFLOW_PARAM);
if (StringUtils.isBlank(workFlow)) {
throw new BadRequestException(new IllegalArgumentException(OozieJobConstants.WORKFLOW_PARAM + " parameter missing"), response);
}
String parameters = queryParameters.getFirst(OozieJobConstants.PARAMETERS);
// Find out who/what called this method
Principal p = ctx.getCallerPrincipal();
String sid = null;
String userDn = p.getName();
DatawavePrincipal datawavePrincipal = null;
if (p instanceof DatawavePrincipal) {
datawavePrincipal = (DatawavePrincipal) p;
sid = datawavePrincipal.getShortName();
} else {
QueryException qe = new QueryException(DatawaveErrorCode.UNEXPECTED_PRINCIPAL_ERROR, MessageFormat.format("Class: {0}", p.getClass().getName()));
response.addException(qe);
throw new DatawaveWebApplicationException(qe, response);
}
OozieJobConfiguration job;
try {
MapReduceJobConfiguration mrConfig = this.mapReduceConfiguration.getConfiguration(workFlow);
if (mrConfig instanceof OozieJobConfiguration) {
job = (OozieJobConfiguration) mrConfig;
} else {
throw new IllegalArgumentException(workFlow + " not an Oozie job configuration");
}
} catch (IllegalArgumentException e) {
BadRequestQueryException qe = new BadRequestQueryException(DatawaveErrorCode.JOB_CONFIGURATION_ERROR, e);
response.addException(qe);
throw new BadRequestException(qe, response);
}
if (job instanceof NeedCallerDetails) {
((NeedCallerDetails) job).setUserSid(sid);
((NeedCallerDetails) job).setPrincipal(p);
}
// Ensure that the user has the required roles and has passed the required auths
if (null != job.getRequiredRoles() || null != job.getRequiredAuths()) {
try {
canRunJob(datawavePrincipal, queryParameters, job.getRequiredRoles(), job.getRequiredAuths());
} catch (UnauthorizedQueryException qe) {
// user does not have all of the required roles or did not pass the required auths
response.addException(qe);
throw new UnauthorizedException(qe, response);
}
}
String id = sid + "_" + UUID.randomUUID();
OozieClient oozieClient = null;
Properties oozieConf = null;
try {
oozieClient = new OozieClient((String) job.getJobConfigurationProperties().get(OozieJobConstants.OOZIE_CLIENT_PROP));
oozieConf = oozieClient.createConfiguration();
job.initializeOozieConfiguration(id, oozieConf, queryParameters);
job.validateWorkflowParameter(oozieConf, mapReduceConfiguration);
} catch (QueryException qe) {
log.error(qe.getMessage(), qe);
response.addException(qe);
throw new DatawaveWebApplicationException(qe, response);
} catch (Exception e) {
log.error(e.getMessage(), e);
response.addException(new QueryException(e.getMessage(), e));
throw new DatawaveWebApplicationException(e, response);
} finally {
// audit query here
Auditor.AuditType auditType = job.getAuditType();
log.trace("Audit type is: " + auditType.name());
if (!auditType.equals(Auditor.AuditType.NONE)) {
try {
marking.validate(queryParameters);
PrivateAuditConstants.stripPrivateParameters(queryParameters);
queryParameters.putSingle(PrivateAuditConstants.USER_DN, userDn);
queryParameters.putSingle(PrivateAuditConstants.COLUMN_VISIBILITY, marking.toColumnVisibilityString());
queryParameters.putSingle(PrivateAuditConstants.AUDIT_TYPE, auditType.name());
List<String> selectors = job.getSelectors(queryParameters, oozieConf);
if (selectors != null && !selectors.isEmpty()) {
queryParameters.put(PrivateAuditConstants.SELECTORS, selectors);
}
// if the user didn't set an audit id, use the query id
if (!queryParameters.containsKey(AuditParameters.AUDIT_ID)) {
queryParameters.putSingle(AuditParameters.AUDIT_ID, id);
}
auditor.audit(queryParameters);
} catch (IllegalArgumentException e) {
log.error("Error validating audit parameters", e);
BadRequestQueryException qe = new BadRequestQueryException(DatawaveErrorCode.MISSING_REQUIRED_PARAMETER, e);
response.addException(qe);
throw new BadRequestException(qe, response);
} catch (Exception e) {
log.error("Error auditing query", e);
response.addMessage("Error auditing query - " + e.getMessage());
throw new BadRequestException(e, response);
}
}
}
// Submit the Oozie workflow.
try {
String jobID = null;
try {
jobID = oozieClient.run(oozieConf);
} catch (Exception e) {
throw new QueryException(DatawaveErrorCode.OOZIE_JOB_START_ERROR, e);
}
try {
String jobResultstDir = oozieConf.getProperty(OozieJobConstants.OUT_DIR_PROP) + "/" + id;
response.setResult(id);
Path baseDir = new Path(this.mapReduceConfiguration.getMapReduceBaseDirectory());
// Create a directory path for this job
Path jobDir = new Path(baseDir, id);
mapReduceState.create(id, job.getHdfsUri(), job.getJobTracker(), jobDir.toString(), jobID, jobResultstDir, parameters, workFlow);
} catch (Exception e) {
QueryException qe = new QueryException(DatawaveErrorCode.MAPREDUCE_STATE_PERSISTENCE_ERROR, e);
response.addException(qe.getBottomQueryException());
try {
oozieClient.kill(jobID);
// if we successfully kill the job, throw the original exception
throw qe;
} catch (Exception e2) {
// throw the exception from killing the job
throw new QueryException(DatawaveErrorCode.MAPREDUCE_JOB_KILL_ERROR, e2);
}
}
} catch (QueryException qe) {
log.error(qe.getMessage(), qe);
response.addException(qe);
throw new DatawaveWebApplicationException(qe, response);
} catch (Exception e) {
log.error(e.getMessage(), e);
QueryException qe = new QueryException(DatawaveErrorCode.UNKNOWN_SERVER_ERROR, e.getMessage());
response.addException(qe);
throw new DatawaveWebApplicationException(qe, response);
}
return response;
}
Also used :
Path(org.apache.hadoop.fs.Path)
GenericResponse(datawave.webservice.result.GenericResponse)
BadRequestQueryException(datawave.webservice.query.exception.BadRequestQueryException)
NeedCallerDetails(datawave.webservice.mr.configuration.NeedCallerDetails)
Properties(java.util.Properties)
DatawavePrincipal(datawave.security.authorization.DatawavePrincipal)
DatawaveWebApplicationException(datawave.webservice.common.exception.DatawaveWebApplicationException)
WebApplicationException(javax.ws.rs.WebApplicationException)
NotFoundQueryException(datawave.webservice.query.exception.NotFoundQueryException)
IOException(java.io.IOException)
QueryException(datawave.webservice.query.exception.QueryException)
BadRequestException(datawave.webservice.common.exception.BadRequestException)
NotFoundException(datawave.webservice.common.exception.NotFoundException)
UnauthorizedQueryException(datawave.webservice.query.exception.UnauthorizedQueryException)
UnauthorizedException(datawave.webservice.common.exception.UnauthorizedException)
BadRequestQueryException(datawave.webservice.query.exception.BadRequestQueryException)
UnauthorizedQueryException(datawave.webservice.query.exception.UnauthorizedQueryException)
Auditor(datawave.webservice.common.audit.Auditor)
OozieClient(org.apache.oozie.client.OozieClient)
NotFoundQueryException(datawave.webservice.query.exception.NotFoundQueryException)
QueryException(datawave.webservice.query.exception.QueryException)
UnauthorizedQueryException(datawave.webservice.query.exception.UnauthorizedQueryException)
BadRequestQueryException(datawave.webservice.query.exception.BadRequestQueryException)
MapReduceJobConfiguration(datawave.webservice.mr.configuration.MapReduceJobConfiguration)
UnauthorizedException(datawave.webservice.common.exception.UnauthorizedException)
BadRequestException(datawave.webservice.common.exception.BadRequestException)
DatawaveWebApplicationException(datawave.webservice.common.exception.DatawaveWebApplicationException)
OozieJobConfiguration(datawave.webservice.mr.configuration.OozieJobConfiguration)
Principal(java.security.Principal)
ServerPrincipal(datawave.security.system.ServerPrincipal)
DatawavePrincipal(datawave.security.authorization.DatawavePrincipal)
POST(javax.ws.rs.POST)
Produces(javax.ws.rs.Produces)
GZIP(org.jboss.resteasy.annotations.GZIP)
Example 33 with DatawavePrincipal
use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.
the class RemoteAuditor method audit.
@Override
@Timed(name = "dw.remoteAuditService.audit", absolute = true)
public String audit(Map<String, String> params) {
Principal p = ctx.getCallerPrincipal();
DatawavePrincipal dp = null;
if (p instanceof DatawavePrincipal)
dp = (DatawavePrincipal) p;
final String bearerHeader = "Bearer " + jwtTokenHandler.createTokenFromUsers(dp.getName(), dp.getProxiedUsers());
UrlEncodedFormEntity postBody = new UrlEncodedFormEntity(params.entrySet().stream().map(e -> (NameValuePair) new BasicNameValuePair(e.getKey(), e.getValue()))::iterator, Consts.UTF_8);
// @formatter:off
return executePostMethodWithRuntimeException("audit", uriBuilder -> {
}, httpPost -> {
httpPost.setEntity(postBody);
httpPost.setHeader("Authorization", bearerHeader);
}, EntityUtils::toString, () -> "audit [" + params + "]");
// @formatter:on
}
Also used :
BasicNameValuePair(org.apache.http.message.BasicNameValuePair)
UrlEncodedFormEntity(org.apache.http.client.entity.UrlEncodedFormEntity)
DatawavePrincipal(datawave.security.authorization.DatawavePrincipal)
Principal(java.security.Principal)
DatawavePrincipal(datawave.security.authorization.DatawavePrincipal)
EntityUtils(org.apache.http.util.EntityUtils)
Timed(com.codahale.metrics.annotation.Timed)
Example 34 with DatawavePrincipal
use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.
the class QueryExecutorBeanTest method testPredict.
@SuppressWarnings("unchecked")
@Test
public void testPredict() throws Exception {
QueryImpl q = createNewQuery();
MultivaluedMap p = createNewQueryParameterMap();
p.putSingle(QueryParameters.QUERY_LOGIC_NAME, queryLogicName);
MultivaluedMap<String, String> optionalParameters = createNewQueryParameters(q, p);
@SuppressWarnings("rawtypes") QueryLogic logic = createMock(BaseQueryLogic.class);
DatawaveUser user = new DatawaveUser(SubjectIssuerDNPair.of(userDN, "<CN=MY_CA, OU=MY_SUBDIVISION, OU=MY_DIVISION, O=ORG, C=US>"), UserType.USER, Arrays.asList(auths), null, null, 0L);
DatawavePrincipal principal = new DatawavePrincipal(Collections.singletonList(user));
String[] dns = principal.getDNs();
Arrays.sort(dns);
List<String> dnList = Arrays.asList(dns);
PowerMock.resetAll();
EasyMock.expect(ctx.getCallerPrincipal()).andReturn(principal).anyTimes();
suppress(constructor(QueryParametersImpl.class));
EasyMock.expect(persister.create(principal.getUserDN().subjectDN(), dnList, (SecurityMarking) Whitebox.getField(bean.getClass(), "marking").get(bean), queryLogicName, (QueryParameters) Whitebox.getField(bean.getClass(), "qp").get(bean), optionalParameters)).andReturn(q);
EasyMock.expect(queryLogicFactory.getQueryLogic(queryLogicName, principal)).andReturn(logic);
EasyMock.expect(logic.getRequiredQueryParameters()).andReturn(Collections.EMPTY_SET);
EasyMock.expect(logic.containsDNWithAccess(dnList)).andReturn(true);
EasyMock.expect(logic.getMaxPageSize()).andReturn(0);
BaseQueryMetric metric = new QueryMetricFactoryImpl().createMetric();
metric.populate(q);
metric.setQueryType(RunningQuery.class.getSimpleName());
QueryMetric testMetric = new QueryMetric((QueryMetric) metric) {
@Override
public boolean equals(Object o) {
// test for equality except for the create date
if (null == o) {
return false;
}
if (this == o) {
return true;
}
if (o instanceof QueryMetric) {
QueryMetric other = (QueryMetric) o;
return new EqualsBuilder().append(this.getQueryId(), other.getQueryId()).append(this.getQueryType(), other.getQueryType()).append(this.getQueryAuthorizations(), other.getQueryAuthorizations()).append(this.getColumnVisibility(), other.getColumnVisibility()).append(this.getBeginDate(), other.getBeginDate()).append(this.getEndDate(), other.getEndDate()).append(this.getCreateDate(), other.getCreateDate()).append(this.getSetupTime(), other.getSetupTime()).append(this.getUser(), other.getUser()).append(this.getUserDN(), other.getUserDN()).append(this.getQuery(), other.getQuery()).append(this.getQueryLogic(), other.getQueryLogic()).append(this.getQueryName(), other.getQueryName()).append(this.getParameters(), other.getParameters()).append(this.getHost(), other.getHost()).append(this.getPageTimes(), other.getPageTimes()).append(this.getProxyServers(), other.getProxyServers()).append(this.getLifecycle(), other.getLifecycle()).append(this.getErrorMessage(), other.getErrorMessage()).append(this.getErrorCode(), other.getErrorCode()).append(this.getSourceCount(), other.getSourceCount()).append(this.getNextCount(), other.getNextCount()).append(this.getSeekCount(), other.getSeekCount()).append(this.getYieldCount(), other.getYieldCount()).append(this.getDocRanges(), other.getDocRanges()).append(this.getFiRanges(), other.getFiRanges()).append(this.getPlan(), other.getPlan()).append(this.getVersion(), other.getVersion()).append(this.getLoginTime(), other.getLoginTime()).append(this.getPredictions(), other.getPredictions()).isEquals();
} else {
return false;
}
}
};
Set<Prediction> predictions = new HashSet<>();
predictions.add(new Prediction("source", 1));
EasyMock.expect(predictor.predict(EasyMock.eq(testMetric))).andReturn(predictions);
PowerMock.replayAll();
GenericResponse<String> response = bean.predictQuery(queryLogicName, p);
PowerMock.verifyAll();
Object cachedRunningQuery = cache.get(q.getId().toString());
Assert.assertNull(cachedRunningQuery);
Assert.assertEquals(predictions.toString(), response.getResult());
}
Also used :
DatawaveUser(datawave.security.authorization.DatawaveUser)
Prediction(datawave.microservice.querymetric.BaseQueryMetric.Prediction)
EqualsBuilder(org.apache.commons.lang.builder.EqualsBuilder)
BaseQueryLogic(datawave.webservice.query.logic.BaseQueryLogic)
QueryLogic(datawave.webservice.query.logic.QueryLogic)
QueryParametersImpl(datawave.webservice.query.QueryParametersImpl)
DatawavePrincipal(datawave.security.authorization.DatawavePrincipal)
QueryImpl(datawave.webservice.query.QueryImpl)
BaseQueryMetric(datawave.microservice.querymetric.BaseQueryMetric)
QueryMetric(datawave.microservice.querymetric.QueryMetric)
EasyMock.anyObject(org.easymock.EasyMock.anyObject)
BaseQueryMetric(datawave.microservice.querymetric.BaseQueryMetric)
MultivaluedMap(javax.ws.rs.core.MultivaluedMap)
QueryMetricFactoryImpl(datawave.microservice.querymetric.QueryMetricFactoryImpl)
HashSet(java.util.HashSet)
Test(org.junit.Test)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Example 35 with DatawavePrincipal
use of datawave.security.authorization.DatawavePrincipal in project datawave by NationalSecurityAgency.
the class QueryExecutorBeanTest method testGoodListWithGet.
// @Test
@SuppressWarnings("unchecked")
public void testGoodListWithGet() throws URISyntaxException, CloneNotSupportedException, ParserConfigurationException, IOException, SAXException {
String queryName = "Something";
// need to call the getQueryByName() method. Maybe a partial mock of QueryExecutorBean would be better
// setup principal mock
String dn = "CN=Guy Some Other soguy, OU=MY_SUBDIVISION, OU=MY_DIVISION, O=ORG, C=US";
String[] auths = new String[2];
auths[0] = "PUBLIC";
auths[1] = "PRIVATE";
DatawaveUser user = new DatawaveUser(SubjectIssuerDNPair.of(dn), UserType.USER, Arrays.asList(auths), null, null, 0L);
DatawavePrincipal principal = new DatawavePrincipal(Collections.singletonList(user));
EasyMock.expect(ctx.getCallerPrincipal()).andReturn(principal);
EasyMock.replay(ctx);
// setup persister with queries
String logicName = "EventQuery";
QueryImpl q1 = new QueryImpl();
q1.setUserDN(principal.getShortName());
q1.setQueryLogicName(logicName);
q1.setQueryAuthorizations(auths.toString());
q1.setId(new UUID(1, 1));
QueryImpl q2 = new QueryImpl();
q2.setUserDN(principal.getShortName());
q2.setQueryLogicName(logicName);
q2.setQueryAuthorizations(auths.toString());
q2.setId(new UUID(1, 2));
List<Query> queries = new ArrayList<>();
queries.add(q1);
queries.add(q2);
EasyMock.expect(persister.findByName(queryName)).andReturn(queries);
EasyMock.replay(persister);
@SuppressWarnings("rawtypes") QueryLogic logic = createMock(BaseQueryLogic.class);
EasyMock.expect(logic.getConnectionPriority()).andReturn(AccumuloConnectionFactory.Priority.NORMAL).times(2);
EasyMock.expect(logic.getMaxPageSize()).andReturn(0);
EasyMock.replay(logic);
EasyMock.expect(queryLogicFactory.getQueryLogic(logicName, null)).andReturn(logic).times(2);
EasyMock.replay(queryLogicFactory);
// setup test
request = MockHttpRequest.get("/DataWave/Query/list?name=" + queryName);
// execute
dispatcher.invoke(request, response);
// assert
assertEquals(HttpServletResponse.SC_OK, response.getStatus());
DocumentBuilder db = (DocumentBuilderFactory.newInstance()).newDocumentBuilder();
Document doc = db.parse(new InputSource(new StringReader(response.getContentAsString())));
NodeList returnedQueries = doc.getElementsByTagName("query");
assertEquals(queries.size(), returnedQueries.getLength());
}
Also used :
InputSource(org.xml.sax.InputSource)
Query(datawave.webservice.query.Query)
DatawaveUser(datawave.security.authorization.DatawaveUser)
NodeList(org.w3c.dom.NodeList)
ArrayList(java.util.ArrayList)
BaseQueryLogic(datawave.webservice.query.logic.BaseQueryLogic)
QueryLogic(datawave.webservice.query.logic.QueryLogic)
Document(org.w3c.dom.Document)
DatawavePrincipal(datawave.security.authorization.DatawavePrincipal)
QueryImpl(datawave.webservice.query.QueryImpl)
DocumentBuilder(javax.xml.parsers.DocumentBuilder)
StringReader(java.io.StringReader)
UUID(java.util.UUID)
Aggregations
DatawavePrincipal (datawave.security.authorization.DatawavePrincipal)93
DatawaveUser (datawave.security.authorization.DatawaveUser)41
Principal (java.security.Principal)37
HashSet (java.util.HashSet)33
Test (org.junit.Test)29
QueryException (datawave.webservice.query.exception.QueryException)24
Connector (org.apache.accumulo.core.client.Connector)23
IOException (java.io.IOException)19
DatawaveWebApplicationException (datawave.webservice.common.exception.DatawaveWebApplicationException)18
NotFoundQueryException (datawave.webservice.query.exception.NotFoundQueryException)18
Authorizations (org.apache.accumulo.core.security.Authorizations)17
Query (datawave.webservice.query.Query)16
UnauthorizedQueryException (datawave.webservice.query.exception.UnauthorizedQueryException)15
NoResultsException (datawave.webservice.common.exception.NoResultsException)13
ArrayList (java.util.ArrayList)13
Path (javax.ws.rs.Path)13
Produces (javax.ws.rs.Produces)13
SubjectIssuerDNPair (datawave.security.authorization.SubjectIssuerDNPair)12
WebApplicationException (javax.ws.rs.WebApplicationException)12
BadRequestException (datawave.webservice.common.exception.BadRequestException)11
