Search in sources :

Example 21 with BadRequestQueryException

use of datawave.webservice.query.exception.BadRequestQueryException in project datawave by NationalSecurityAgency.

the class QueryExecutorBean method enableTracing.

/**
 * <strong>JBossAdministrator or Administrator credentials required.</strong> Enables tracing for all queries whose query string matches a regular
 * expression and/or are submitted by a named user. Note that at least one of {@code queryRegex} or {@code user} must be specified. If both are specified,
 * then queries submitted by {@code user} that match {@code queryRegex} are traced.
 * <p>
 * All traces are stored under the query UUID.
 *
 * @param queryRegex
 *            (optional) the query regular expression defining queries to trace
 * @param user
 *            (optional) the user name for which to trace queries
 * @return datawave.webservice.result.VoidResponse
 * @RequestHeader X-ProxiedEntitiesChain use when proxying request for user, by specifying a chain of DNs of the identities to proxy
 * @RequestHeader X-ProxiedIssuersChain required when using X-ProxiedEntitiesChain, specify one issuer DN per subject DN listed in X-ProxiedEntitiesChain
 * @ResponseHeader X-OperationTimeInMS time spent on the server performing the operation, does not account for network or result serialization
 *
 * @HTTP 200 success
 * @HTTP 400 if neither queryRegex nor user are specified
 * @HTTP 401 if the user does not have Administrative credentials
 */
@GET
@Path("/enableTracing")
@Produces({ "application/xml", "text/xml", "application/json", "text/yaml", "text/x-yaml", "application/x-yaml", "application/x-protobuf", "application/x-protostuff" })
@RolesAllowed({ "Administrator", "JBossAdministrator" })
@Override
public VoidResponse enableTracing(@QueryParam("queryRegex") String queryRegex, @QueryParam("user") String user) {
    VoidResponse response = new VoidResponse();
    if (queryRegex == null && user == null) {
        BadRequestQueryException qe = new BadRequestQueryException(DatawaveErrorCode.QUERY_REGEX_OR_USER_REQUIRED);
        response.addException(qe);
        throw new BadRequestException(qe, response);
    } else {
        PatternWrapper p = PatternWrapper.wrap(queryRegex);
        if (!traceInfos.containsEntry(user, p))
            traceInfos.put(user, p);
        // Put updated map back in the cache
        queryTraceCache.put("traceInfos", traceInfos);
        return response;
    }
}
Also used : BadRequestQueryException(datawave.webservice.query.exception.BadRequestQueryException) VoidResponse(datawave.webservice.result.VoidResponse) BadRequestException(datawave.webservice.common.exception.BadRequestException) PatternWrapper(datawave.webservice.query.cache.QueryTraceCache.PatternWrapper) Path(javax.ws.rs.Path) RolesAllowed(javax.annotation.security.RolesAllowed) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET)

Example 22 with BadRequestQueryException

use of datawave.webservice.query.exception.BadRequestQueryException in project datawave by NationalSecurityAgency.

the class QueryExecutorBean method validateQuery.

/**
 * This method will provide some initial query validation for the define and create query calls.
 */
private QueryData validateQuery(String queryLogicName, MultivaluedMap<String, String> queryParameters, HttpHeaders httpHeaders) {
    // Parameter 'logicName' is required and passed in prior to this call. Add to the queryParameters now.
    if (!queryParameters.containsKey(QueryParameters.QUERY_LOGIC_NAME)) {
        queryParameters.putSingle(QueryParameters.QUERY_LOGIC_NAME, queryLogicName);
    }
    QueryData qd = new QueryData();
    log.debug(queryParameters);
    qp.clear();
    qp.setRequestHeaders(httpHeaders != null ? httpHeaders.getRequestHeaders() : null);
    // Pull "params" values into individual query parameters for validation on the query logic.
    // This supports the deprecated "params" value (both on the old and new API). Once we remove the deprecated
    // parameter, this code block can go away.
    String params = queryParameters.getFirst(QueryParameters.QUERY_PARAMS);
    if (params != null) {
        for (Parameter pm : QueryUtil.parseParameters(params)) {
            if (!queryParameters.containsKey(pm.getParameterName())) {
                queryParameters.putSingle(pm.getParameterName(), pm.getParameterValue());
            }
        }
    }
    queryParameters.remove(AuditParameters.QUERY_SECURITY_MARKING_COLVIZ);
    queryParameters.remove(AuditParameters.USER_DN);
    queryParameters.remove(AuditParameters.QUERY_AUDIT_TYPE);
    // Ensure that all required parameters exist prior to validating the values.
    qp.validate(queryParameters);
    // Leaving for now until we can test to ensure that is always the case.
    if (qp.getPagesize() <= 0) {
        log.error("Invalid page size: " + qp.getPagesize());
        GenericResponse<String> response = new GenericResponse<>();
        throwBadRequest(DatawaveErrorCode.INVALID_PAGE_SIZE, response);
    }
    if (qp.getPageTimeout() != -1 && (qp.getPageTimeout() < PAGE_TIMEOUT_MIN || qp.getPageTimeout() > PAGE_TIMEOUT_MAX)) {
        log.error("Invalid page timeout: " + qp.getPageTimeout());
        GenericResponse<String> response = new GenericResponse<>();
        throwBadRequest(DatawaveErrorCode.INVALID_PAGE_TIMEOUT, response);
    }
    if (System.currentTimeMillis() >= qp.getExpirationDate().getTime()) {
        log.error("Invalid expiration date: " + qp.getExpirationDate());
        GenericResponse<String> response = new GenericResponse<>();
        throwBadRequest(DatawaveErrorCode.INVALID_EXPIRATION_DATE, response);
    }
    // Ensure begin date does not occur after the end date (if dates are not null)
    if ((qp.getBeginDate() != null && qp.getEndDate() != null) && qp.getBeginDate().after(qp.getEndDate())) {
        log.error("Invalid begin and/or end date: " + qp.getBeginDate() + " - " + qp.getEndDate());
        GenericResponse<String> response = new GenericResponse<>();
        throwBadRequest(DatawaveErrorCode.BEGIN_DATE_AFTER_END_DATE, response);
    }
    // will throw IllegalArgumentException if not defined
    try {
        qd.logic = queryLogicFactory.getQueryLogic(queryLogicName, ctx.getCallerPrincipal());
    } catch (Exception e) {
        log.error("Failed to get query logic for " + queryLogicName, e);
        BadRequestQueryException qe = new BadRequestQueryException(DatawaveErrorCode.QUERY_LOGIC_ERROR, e);
        GenericResponse<String> response = new GenericResponse<>();
        response.addException(qe.getBottomQueryException());
        throw new BadRequestException(qe, response);
    }
    qd.logic.validate(queryParameters);
    try {
        marking.clear();
        marking.validate(queryParameters);
    } catch (IllegalArgumentException e) {
        log.error("Failed security markings validation", e);
        BadRequestQueryException qe = new BadRequestQueryException(DatawaveErrorCode.SECURITY_MARKING_CHECK_ERROR, e);
        GenericResponse<String> response = new GenericResponse<>();
        response.addException(qe);
        throw new BadRequestException(qe, response);
    }
    // Find out who/what called this method
    qd.proxyServers = null;
    qd.p = ctx.getCallerPrincipal();
    qd.userDn = qd.p.getName();
    qd.userid = qd.userDn;
    qd.dnList = Collections.singletonList(qd.userid);
    if (qd.p instanceof DatawavePrincipal) {
        DatawavePrincipal dp = (DatawavePrincipal) qd.p;
        qd.userid = dp.getShortName();
        qd.userDn = dp.getUserDN().subjectDN();
        String[] dns = dp.getDNs();
        Arrays.sort(dns);
        qd.dnList = Arrays.asList(dns);
        qd.proxyServers = dp.getProxyServers();
        // Verify that the calling principal has access to the query logic.
        if (!qd.logic.containsDNWithAccess(qd.dnList)) {
            UnauthorizedQueryException qe = new UnauthorizedQueryException("None of the DNs used have access to this query logic: " + qd.dnList, 401);
            GenericResponse<String> response = new GenericResponse<>();
            response.addException(qe);
            throw new UnauthorizedException(qe, response);
        }
    }
    log.trace(qd.userid + " has authorizations " + ((qd.p instanceof DatawavePrincipal) ? ((DatawavePrincipal) qd.p).getAuthorizations() : ""));
    // always check against the max
    if (qd.logic.getMaxPageSize() > 0 && qp.getPagesize() > qd.logic.getMaxPageSize()) {
        log.error("Invalid page size: " + qp.getPagesize() + " vs " + qd.logic.getMaxPageSize());
        BadRequestQueryException qe = new BadRequestQueryException(DatawaveErrorCode.PAGE_SIZE_TOO_LARGE, MessageFormat.format("Max = {0}.", qd.logic.getMaxPageSize()));
        GenericResponse<String> response = new GenericResponse<>();
        response.addException(qe);
        throw new BadRequestException(qe, response);
    }
    // privileged users however can set whatever they want
    if (qp.isMaxResultsOverridden() && qd.logic.getMaxResults() >= 0) {
        if (!ctx.isCallerInRole(PRIVILEGED_USER)) {
            if (qp.getMaxResultsOverride() < 0 || (qd.logic.getMaxResults() < qp.getMaxResultsOverride())) {
                log.error("Invalid max results override: " + qp.getMaxResultsOverride() + " vs " + qd.logic.getMaxResults());
                GenericResponse<String> response = new GenericResponse<>();
                throwBadRequest(DatawaveErrorCode.INVALID_MAX_RESULTS_OVERRIDE, response);
            }
        }
    }
    // Set private audit-related parameters, stripping off any that the user might have passed in first.
    // These are parameters that aren't passed in by the user, but rather are computed from other sources.
    PrivateAuditConstants.stripPrivateParameters(queryParameters);
    queryParameters.add(PrivateAuditConstants.LOGIC_CLASS, queryLogicName);
    queryParameters.putSingle(PrivateAuditConstants.COLUMN_VISIBILITY, marking.toColumnVisibilityString());
    queryParameters.add(PrivateAuditConstants.USER_DN, qd.userDn);
    return qd;
}
Also used : GenericResponse(datawave.webservice.result.GenericResponse) BadRequestQueryException(datawave.webservice.query.exception.BadRequestQueryException) DatawaveWebApplicationException(datawave.webservice.common.exception.DatawaveWebApplicationException) CancellationException(java.util.concurrent.CancellationException) PreConditionFailedQueryException(datawave.webservice.query.exception.PreConditionFailedQueryException) WebApplicationException(javax.ws.rs.WebApplicationException) HeuristicMixedException(javax.transaction.HeuristicMixedException) NotFoundQueryException(datawave.webservice.query.exception.NotFoundQueryException) NoResultsQueryException(datawave.webservice.query.exception.NoResultsQueryException) IOException(java.io.IOException) QueryException(datawave.webservice.query.exception.QueryException) BadRequestException(datawave.webservice.common.exception.BadRequestException) HeuristicRollbackException(javax.transaction.HeuristicRollbackException) UnauthorizedQueryException(datawave.webservice.query.exception.UnauthorizedQueryException) JAXBException(javax.xml.bind.JAXBException) UnauthorizedException(datawave.webservice.common.exception.UnauthorizedException) NoResultsException(datawave.webservice.common.exception.NoResultsException) RejectedExecutionException(java.util.concurrent.RejectedExecutionException) RollbackException(javax.transaction.RollbackException) BadRequestQueryException(datawave.webservice.query.exception.BadRequestQueryException) DatawavePrincipal(datawave.security.authorization.DatawavePrincipal) UnauthorizedQueryException(datawave.webservice.query.exception.UnauthorizedQueryException) UnauthorizedException(datawave.webservice.common.exception.UnauthorizedException) Parameter(datawave.webservice.query.QueryImpl.Parameter) BadRequestException(datawave.webservice.common.exception.BadRequestException)

Example 23 with BadRequestQueryException

use of datawave.webservice.query.exception.BadRequestQueryException in project datawave by NationalSecurityAgency.

the class QueryExecutorBean method throwBadRequest.

/**
 * Helper to throw Response Error for create/define Query
 */
private void throwBadRequest(DatawaveErrorCode ec, GenericResponse<String> response) {
    BadRequestQueryException qe = new BadRequestQueryException(ec);
    response.addException(qe);
    throw new BadRequestException(qe, response);
}
Also used : BadRequestQueryException(datawave.webservice.query.exception.BadRequestQueryException) BadRequestException(datawave.webservice.common.exception.BadRequestException)

Example 24 with BadRequestQueryException

use of datawave.webservice.query.exception.BadRequestQueryException in project datawave by NationalSecurityAgency.

the class ModificationBean method submit.

/**
 * Execute a Modification service with the given name and runtime parameters
 *
 * @param modificationServiceName
 *            Name of the modification service configuration
 * @param request
 *            object type specified in listConfigurations response.
 * @return datawave.webservice.result.VoidResponse
 * @RequestHeader X-ProxiedEntitiesChain use when proxying request for user
 * @RequestHeader X-ProxiedIssuersChain required when using X-ProxiedEntitiesChain, specify one issuer DN per subject DN listed in X-ProxiedEntitiesChain
 * @ResponseHeader X-OperationTimeInMS time spent on the server performing the operation, does not account for network or result serialization
 * @HTTP 200 success
 * @HTTP 400 if jobName is invalid
 * @HTTP 401 if user does not have correct roles
 * @HTTP 500 error starting the job
 */
@PUT
@Consumes({ "application/xml", "text/xml", "application/json" })
@Produces({ "application/xml", "text/xml", "application/json", "text/yaml", "text/x-yaml", "application/x-yaml", "application/x-protobuf", "application/x-protostuff" })
@Path("/{serviceName}/submit")
@GZIP
@Interceptors({ RequiredInterceptor.class, ResponseInterceptor.class })
public VoidResponse submit(@Required("modificationServiceName") @PathParam("serviceName") String modificationServiceName, @Required("request") ModificationRequestBase request) {
    VoidResponse response = new VoidResponse();
    // Find out who/what called this method
    Principal p = ctx.getCallerPrincipal();
    String user;
    Set<Authorizations> cbAuths = new HashSet<>();
    Collection<String> userRoles = Collections.emptySet();
    if (p instanceof DatawavePrincipal) {
        DatawavePrincipal dp = (DatawavePrincipal) p;
        user = dp.getShortName();
        userRoles = dp.getPrimaryUser().getRoles();
        for (Collection<String> c : dp.getAuthorizations()) cbAuths.add(new Authorizations(c.toArray(new String[c.size()])));
    } else {
        QueryException qe = new QueryException(DatawaveErrorCode.UNEXPECTED_PRINCIPAL_ERROR, MessageFormat.format("Class: {0}", p.getClass().getName()));
        response.addException(qe);
        throw new DatawaveWebApplicationException(qe, response);
    }
    Connector con = null;
    AccumuloConnectionFactory.Priority priority;
    try {
        // Get the Modification Service from the configuration
        ModificationServiceConfiguration service = modificationConfiguration.getConfiguration(modificationServiceName);
        if (!request.getClass().equals(service.getRequestClass())) {
            BadRequestQueryException qe = new BadRequestQueryException(DatawaveErrorCode.INVALID_REQUEST_CLASS, MessageFormat.format("Requires: {0}", service.getRequestClass().getName()));
            response.addException(qe);
            throw new BadRequestException(qe, response);
        }
        priority = service.getPriority();
        // Ensure that the user is in the list of authorized roles
        if (null != service.getAuthorizedRoles()) {
            boolean authorized = !Collections.disjoint(userRoles, service.getAuthorizedRoles());
            if (!authorized) {
                // Then the user does not have any of the authorized roles
                UnauthorizedQueryException qe = new UnauthorizedQueryException(DatawaveErrorCode.JOB_EXECUTION_UNAUTHORIZED, MessageFormat.format("Requires one of: {0}", service.getAuthorizedRoles()));
                response.addException(qe);
                throw new UnauthorizedException(qe, response);
            }
        }
        if (service.getRequiresAudit()) {
            try {
                MultivaluedMap<String, String> requestMap = new MultivaluedMapImpl<>();
                requestMap.putAll(request.toMap());
                auditParameterBuilder.convertAndValidate(requestMap);
            } catch (Exception e) {
                QueryException qe = new QueryException(DatawaveErrorCode.QUERY_AUDITING_ERROR, e);
                log.error(qe);
                response.addException(qe.getBottomQueryException());
            }
        }
        // Process the modification
        Map<String, String> trackingMap = connectionFactory.getTrackingMap(Thread.currentThread().getStackTrace());
        con = connectionFactory.getConnection(modificationConfiguration.getPoolName(), priority, trackingMap);
        service.setQueryService(queryService);
        log.info("Processing modification request from user=" + user + ": \n" + request);
        service.process(con, request, cache.getCachedMutableFieldList(), cbAuths, user);
        return response;
    } catch (DatawaveWebApplicationException e) {
        throw e;
    } catch (Exception e) {
        QueryException qe = new QueryException(DatawaveErrorCode.MODIFICATION_ERROR, e);
        log.error(qe);
        response.addException(qe.getBottomQueryException());
        throw new DatawaveWebApplicationException(e, response);
    } finally {
        if (null != con)
            try {
                connectionFactory.returnConnection(con);
            } catch (Exception e) {
                log.error("Error returning connection", e);
            }
    }
}
Also used : Connector(org.apache.accumulo.core.client.Connector) Authorizations(org.apache.accumulo.core.security.Authorizations) BadRequestQueryException(datawave.webservice.query.exception.BadRequestQueryException) MultivaluedMapImpl(org.jboss.resteasy.specimpl.MultivaluedMapImpl) DatawavePrincipal(datawave.security.authorization.DatawavePrincipal) BadRequestException(datawave.webservice.common.exception.BadRequestException) DatawaveWebApplicationException(datawave.webservice.common.exception.DatawaveWebApplicationException) UnauthorizedQueryException(datawave.webservice.query.exception.UnauthorizedQueryException) UnauthorizedException(datawave.webservice.common.exception.UnauthorizedException) BadRequestQueryException(datawave.webservice.query.exception.BadRequestQueryException) QueryException(datawave.webservice.query.exception.QueryException) AccumuloConnectionFactory(datawave.webservice.common.connection.AccumuloConnectionFactory) UnauthorizedQueryException(datawave.webservice.query.exception.UnauthorizedQueryException) UnauthorizedQueryException(datawave.webservice.query.exception.UnauthorizedQueryException) BadRequestQueryException(datawave.webservice.query.exception.BadRequestQueryException) QueryException(datawave.webservice.query.exception.QueryException) VoidResponse(datawave.webservice.result.VoidResponse) UnauthorizedException(datawave.webservice.common.exception.UnauthorizedException) DatawaveWebApplicationException(datawave.webservice.common.exception.DatawaveWebApplicationException) BadRequestException(datawave.webservice.common.exception.BadRequestException) Principal(java.security.Principal) DatawavePrincipal(datawave.security.authorization.DatawavePrincipal) HashSet(java.util.HashSet) ModificationServiceConfiguration(datawave.webservice.modification.configuration.ModificationServiceConfiguration) Path(javax.ws.rs.Path) Interceptors(javax.interceptor.Interceptors) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) GZIP(org.jboss.resteasy.annotations.GZIP) PUT(javax.ws.rs.PUT)

Example 25 with BadRequestQueryException

use of datawave.webservice.query.exception.BadRequestQueryException in project datawave by NationalSecurityAgency.

the class AbstractEvaluationPhaseFunction method initialize.

@Override
public void initialize(List<String> parameterList, int depth, QueryNode parent) throws IllegalArgumentException {
    // super initialize will call validate
    super.initialize(parameterList, depth, parent);
    WildcardFieldedFilter.BooleanType type = WildcardFieldedFilter.BooleanType.AND;
    int x = 0;
    if (this.parameterList.size() != 1 && this.parameterList.size() % 2 == 1) {
        try {
            String firstArg = this.parameterList.get(0);
            type = WildcardFieldedFilter.BooleanType.valueOf(firstArg.toUpperCase());
        } catch (Exception e) {
            BadRequestQueryException qe = new BadRequestQueryException(DatawaveErrorCode.INVALID_FUNCTION_ARGUMENTS, MessageFormat.format("{0}", e, this.name));
            throw new IllegalArgumentException(qe);
        }
        x = 1;
    }
    this.fieldedFilter = new WildcardFieldedFilter(includeIfMatch, type);
    // special case where one argument will be matched against any field
    if (this.parameterList.size() == 1) {
        this.fieldedFilter.addCondition(Constants.ANY_FIELD, parameterList.get(0));
    } else {
        while (x < parameterList.size()) {
            String field = parameterList.get(x++);
            String regex = parameterList.get(x++);
            this.fieldedFilter.addCondition(field, regex);
        }
    }
}
Also used : BadRequestQueryException(datawave.webservice.query.exception.BadRequestQueryException) WildcardFieldedFilter(datawave.query.search.WildcardFieldedFilter) BadRequestQueryException(datawave.webservice.query.exception.BadRequestQueryException)

Aggregations

BadRequestQueryException (datawave.webservice.query.exception.BadRequestQueryException)30 BadRequestException (datawave.webservice.common.exception.BadRequestException)12 QueryException (datawave.webservice.query.exception.QueryException)12 NotFoundQueryException (datawave.webservice.query.exception.NotFoundQueryException)11 DatawaveWebApplicationException (datawave.webservice.common.exception.DatawaveWebApplicationException)10 UnauthorizedException (datawave.webservice.common.exception.UnauthorizedException)10 PreConditionFailedQueryException (datawave.webservice.query.exception.PreConditionFailedQueryException)10 UnauthorizedQueryException (datawave.webservice.query.exception.UnauthorizedQueryException)10 IOException (java.io.IOException)10 Produces (javax.ws.rs.Produces)10 WebApplicationException (javax.ws.rs.WebApplicationException)8 NoResultsException (datawave.webservice.common.exception.NoResultsException)7 NoResultsQueryException (datawave.webservice.query.exception.NoResultsQueryException)7 Path (javax.ws.rs.Path)7 GZIP (org.jboss.resteasy.annotations.GZIP)7 DatawavePrincipal (datawave.security.authorization.DatawavePrincipal)6 GenericResponse (datawave.webservice.result.GenericResponse)6 CancellationException (java.util.concurrent.CancellationException)6 RejectedExecutionException (java.util.concurrent.RejectedExecutionException)6 Interceptors (javax.interceptor.Interceptors)6