Example 1 with UnauthorizedException
use of io.cdap.cdap.security.spi.authorization.UnauthorizedException in project cdap by caskdata.
the class RESTClient method execute.
public HttpResponse execute(HttpRequest request, int... allowedErrorCodes) throws IOException, UnauthenticatedException, UnauthorizedException {
int currentTry = 0;
HttpResponse response;
int responseCode;
boolean allowUnavailable = ArrayUtils.contains(allowedErrorCodes, HttpURLConnection.HTTP_UNAVAILABLE);
do {
onRequest(request, currentTry);
response = HttpRequests.execute(request, clientConfig.getDefaultRequestConfig());
responseCode = response.getResponseCode();
if (responseCode != HttpURLConnection.HTTP_UNAVAILABLE || allowUnavailable) {
// only retry if unavailable
break;
}
currentTry++;
try {
TimeUnit.MILLISECONDS.sleep(1000);
} catch (InterruptedException e) {
break;
}
} while (currentTry <= clientConfig.getUnavailableRetryLimit());
onResponse(request, response, currentTry);
if (responseCode == HttpURLConnection.HTTP_UNAUTHORIZED) {
throw new UnauthenticatedException("Unauthorized status code received from the server.");
}
if (responseCode == HttpURLConnection.HTTP_FORBIDDEN) {
throw new UnauthorizedException(response.getResponseBodyAsString());
}
if (!isSuccessful(responseCode) && !ArrayUtils.contains(allowedErrorCodes, responseCode)) {
throw new IOException(responseCode + ": " + response.getResponseBodyAsString());
}
return response;
}
Also used :
UnauthenticatedException(io.cdap.cdap.security.spi.authentication.UnauthenticatedException)
UnauthorizedException(io.cdap.cdap.security.spi.authorization.UnauthorizedException)
HttpResponse(io.cdap.common.http.HttpResponse)
IOException(java.io.IOException)
Example 2 with UnauthorizedException
use of io.cdap.cdap.security.spi.authorization.UnauthorizedException in project cdap by caskdata.
the class ArtifactHttpHandler method addArtifact.
@POST
@Path("/namespaces/{namespace-id}/artifacts/{artifact-name}")
@AuditPolicy(AuditDetail.HEADERS)
public BodyConsumer addArtifact(HttpRequest request, HttpResponder responder, @PathParam("namespace-id") final String namespaceId, @PathParam("artifact-name") final String artifactName, @HeaderParam(VERSION_HEADER) final String artifactVersion, @HeaderParam(EXTENDS_HEADER) final String parentArtifactsStr, @HeaderParam(PLUGINS_HEADER) String pluginClasses) throws NamespaceNotFoundException, BadRequestException {
final NamespaceId namespace = validateAndGetNamespace(namespaceId);
// that processes the last http chunk.
if (artifactVersion != null && !artifactVersion.isEmpty()) {
ArtifactId artifactId = validateAndGetArtifactId(namespace, artifactName, artifactVersion);
// If the artifact ID is available, use it to perform an authorization check.
contextAccessEnforcer.enforce(artifactId, StandardPermission.CREATE);
} else {
// If there is no version, we perform an enforceOnParent check in which the entityID is not needed.
contextAccessEnforcer.enforceOnParent(EntityType.ARTIFACT, namespace, StandardPermission.CREATE);
}
final Set<ArtifactRange> parentArtifacts = parseExtendsHeader(namespace, parentArtifactsStr);
final Set<PluginClass> additionalPluginClasses;
if (pluginClasses == null || pluginClasses.isEmpty()) {
additionalPluginClasses = ImmutableSet.of();
} else {
try {
additionalPluginClasses = GSON.fromJson(pluginClasses, PLUGINS_TYPE);
additionalPluginClasses.forEach(PluginClass::validate);
} catch (JsonParseException e) {
throw new BadRequestException(String.format("%s header '%s' is invalid.", PLUGINS_HEADER, pluginClasses), e);
} catch (IllegalArgumentException e) {
throw new BadRequestException(String.format("Invalid PluginClasses '%s'.", pluginClasses), e);
}
}
try {
// copy the artifact contents to local tmp directory
Files.createDirectories(tmpDir.toPath());
File destination = File.createTempFile("artifact-", ".jar", tmpDir);
return new AbstractBodyConsumer(destination) {
@Override
protected void onFinish(HttpResponder responder, File uploadedFile) {
try {
String version = (artifactVersion == null || artifactVersion.isEmpty()) ? getBundleVersion(uploadedFile) : artifactVersion;
ArtifactId artifactId = validateAndGetArtifactId(namespace, artifactName, version);
// add the artifact to the repo
artifactRepository.addArtifact(Id.Artifact.fromEntityId(artifactId), uploadedFile, parentArtifacts, additionalPluginClasses);
responder.sendString(HttpResponseStatus.OK, "Artifact added successfully");
} catch (ArtifactRangeNotFoundException e) {
responder.sendString(HttpResponseStatus.NOT_FOUND, e.getMessage());
} catch (ArtifactAlreadyExistsException e) {
responder.sendString(HttpResponseStatus.CONFLICT, e.getMessage());
} catch (WriteConflictException e) {
responder.sendString(HttpResponseStatus.INTERNAL_SERVER_ERROR, "Conflict while writing artifact, please try again.");
} catch (IOException e) {
LOG.error("Exception while trying to write artifact {}-{}-{}.", namespaceId, artifactName, artifactVersion, e);
responder.sendString(HttpResponseStatus.INTERNAL_SERVER_ERROR, "Error performing IO while writing artifact.");
} catch (BadRequestException e) {
responder.sendString(HttpResponseStatus.BAD_REQUEST, e.getMessage());
} catch (UnauthorizedException e) {
responder.sendString(HttpResponseStatus.FORBIDDEN, e.getMessage());
} catch (Exception e) {
LOG.error("Error while writing artifact {}-{}-{}", namespaceId, artifactName, artifactVersion, e);
responder.sendString(HttpResponseStatus.INTERNAL_SERVER_ERROR, "Error while adding artifact.");
}
}
private String getBundleVersion(File file) throws BadRequestException, IOException {
try (JarFile jarFile = new JarFile(file)) {
Manifest manifest = jarFile.getManifest();
if (manifest == null) {
throw new BadRequestException("Unable to derive version from artifact because it does not contain a manifest. " + "Please package the jar with a manifest, or explicitly specify the artifact version.");
}
Attributes attributes = manifest.getMainAttributes();
String version = attributes == null ? null : attributes.getValue(ManifestFields.BUNDLE_VERSION);
if (version == null) {
throw new BadRequestException("Unable to derive version from artifact because manifest does not contain Bundle-Version attribute. " + "Please include Bundle-Version in the manifest, or explicitly specify the artifact version.");
}
return version;
} catch (ZipException e) {
throw new BadRequestException("Artifact is not in zip format. Please make sure it is a jar file.");
}
}
};
} catch (IOException e) {
LOG.error("Exception creating temp file to place artifact {} contents", artifactName, e);
responder.sendString(HttpResponseStatus.INTERNAL_SERVER_ERROR, "Server error creating temp file for artifact.");
return null;
}
}
Also used :
ArtifactRangeNotFoundException(io.cdap.cdap.common.ArtifactRangeNotFoundException)
HttpResponder(io.cdap.http.HttpResponder)
ArtifactId(io.cdap.cdap.proto.id.ArtifactId)
ArtifactRange(io.cdap.cdap.api.artifact.ArtifactRange)
Attributes(java.util.jar.Attributes)
ZipException(java.util.zip.ZipException)
IOException(java.io.IOException)
JsonParseException(com.google.gson.JsonParseException)
JarFile(java.util.jar.JarFile)
Manifest(java.util.jar.Manifest)
ArtifactRangeNotFoundException(io.cdap.cdap.common.ArtifactRangeNotFoundException)
ZipException(java.util.zip.ZipException)
ArtifactAlreadyExistsException(io.cdap.cdap.common.ArtifactAlreadyExistsException)
JsonParseException(com.google.gson.JsonParseException)
InvalidArtifactRangeException(io.cdap.cdap.api.artifact.InvalidArtifactRangeException)
UnauthorizedException(io.cdap.cdap.security.spi.authorization.UnauthorizedException)
NamespaceNotFoundException(io.cdap.cdap.common.NamespaceNotFoundException)
PluginNotExistsException(io.cdap.cdap.internal.app.runtime.plugin.PluginNotExistsException)
WriteConflictException(io.cdap.cdap.internal.app.runtime.artifact.WriteConflictException)
CapabilityNotAvailableException(io.cdap.cdap.internal.capability.CapabilityNotAvailableException)
JsonSyntaxException(com.google.gson.JsonSyntaxException)
IOException(java.io.IOException)
BadRequestException(io.cdap.cdap.common.BadRequestException)
ArtifactNotFoundException(io.cdap.cdap.common.ArtifactNotFoundException)
ArtifactAlreadyExistsException(io.cdap.cdap.common.ArtifactAlreadyExistsException)
AbstractBodyConsumer(io.cdap.cdap.common.http.AbstractBodyConsumer)
WriteConflictException(io.cdap.cdap.internal.app.runtime.artifact.WriteConflictException)
UnauthorizedException(io.cdap.cdap.security.spi.authorization.UnauthorizedException)
BadRequestException(io.cdap.cdap.common.BadRequestException)
NamespaceId(io.cdap.cdap.proto.id.NamespaceId)
PluginClass(io.cdap.cdap.api.plugin.PluginClass)
JarFile(java.util.jar.JarFile)
File(java.io.File)
Path(javax.ws.rs.Path)
AuditPolicy(io.cdap.cdap.common.security.AuditPolicy)
POST(javax.ws.rs.POST)
Example 3 with UnauthorizedException
use of io.cdap.cdap.security.spi.authorization.UnauthorizedException in project cdap by caskdata.
the class AppLifecycleHttpHandler method deployAppFromArtifact.
// normally we wouldn't want to use a body consumer but would just want to read the request body directly
// since it wont be big. But the deploy app API has one path with different behavior based on content type
// the other behavior requires a BodyConsumer and only have one method per path is allowed,
// so we have to use a BodyConsumer
private BodyConsumer deployAppFromArtifact(final ApplicationId appId) throws IOException {
// Perform auth checks outside BodyConsumer as only the first http request containing auth header
// to populate SecurityRequestContext while http chunk doesn't. BodyConsumer runs in the thread
// that processes the last http chunk.
accessEnforcer.enforce(appId, authenticationContext.getPrincipal(), StandardPermission.CREATE);
// createTempFile() needs a prefix of at least 3 characters
return new AbstractBodyConsumer(File.createTempFile("apprequest-" + appId, ".json", tmpDir)) {
@Override
protected void onFinish(HttpResponder responder, File uploadedFile) {
try (FileReader fileReader = new FileReader(uploadedFile)) {
AppRequest<?> appRequest = DECODE_GSON.fromJson(fileReader, AppRequest.class);
ArtifactSummary artifactSummary = appRequest.getArtifact();
KerberosPrincipalId ownerPrincipalId = appRequest.getOwnerPrincipal() == null ? null : new KerberosPrincipalId(appRequest.getOwnerPrincipal());
// if we don't null check, it gets serialized to "null"
Object config = appRequest.getConfig();
String configString = config == null ? null : config instanceof String ? (String) config : GSON.toJson(config);
try {
applicationLifecycleService.deployApp(appId.getParent(), appId.getApplication(), appId.getVersion(), artifactSummary, configString, createProgramTerminator(), ownerPrincipalId, appRequest.canUpdateSchedules(), false, Collections.emptyMap());
} catch (DatasetManagementException e) {
if (e.getCause() instanceof UnauthorizedException) {
throw (UnauthorizedException) e.getCause();
} else {
throw e;
}
}
responder.sendString(HttpResponseStatus.OK, "Deploy Complete");
} catch (ArtifactNotFoundException e) {
responder.sendString(HttpResponseStatus.NOT_FOUND, e.getMessage());
} catch (ConflictException e) {
responder.sendString(HttpResponseStatus.CONFLICT, e.getMessage());
} catch (UnauthorizedException e) {
responder.sendString(HttpResponseStatus.FORBIDDEN, e.getMessage());
} catch (InvalidArtifactException e) {
responder.sendString(HttpResponseStatus.BAD_REQUEST, e.getMessage());
} catch (IOException e) {
LOG.error("Error reading request body for creating app {}.", appId);
responder.sendString(HttpResponseStatus.INTERNAL_SERVER_ERROR, String.format("Error while reading json request body for app %s.", appId));
} catch (Exception e) {
LOG.error("Deploy failure", e);
responder.sendString(HttpResponseStatus.BAD_REQUEST, e.getMessage());
}
}
};
}
Also used :
HttpResponder(io.cdap.http.HttpResponder)
WriteConflictException(io.cdap.cdap.internal.app.runtime.artifact.WriteConflictException)
ConflictException(io.cdap.cdap.common.ConflictException)
IOException(java.io.IOException)
ApplicationNotFoundException(io.cdap.cdap.common.ApplicationNotFoundException)
UnauthorizedException(io.cdap.cdap.security.spi.authorization.UnauthorizedException)
NamespaceNotFoundException(io.cdap.cdap.common.NamespaceNotFoundException)
WriteConflictException(io.cdap.cdap.internal.app.runtime.artifact.WriteConflictException)
DatasetManagementException(io.cdap.cdap.api.dataset.DatasetManagementException)
IOException(java.io.IOException)
ConflictException(io.cdap.cdap.common.ConflictException)
NotImplementedException(io.cdap.cdap.common.NotImplementedException)
ExecutionException(java.util.concurrent.ExecutionException)
AccessException(io.cdap.cdap.api.security.AccessException)
InvalidArtifactException(io.cdap.cdap.common.InvalidArtifactException)
ArtifactAlreadyExistsException(io.cdap.cdap.common.ArtifactAlreadyExistsException)
NotFoundException(io.cdap.cdap.common.NotFoundException)
ServiceException(io.cdap.cdap.common.ServiceException)
JsonSyntaxException(com.google.gson.JsonSyntaxException)
BadRequestException(io.cdap.cdap.common.BadRequestException)
ArtifactNotFoundException(io.cdap.cdap.common.ArtifactNotFoundException)
DatasetManagementException(io.cdap.cdap.api.dataset.DatasetManagementException)
ArtifactSummary(io.cdap.cdap.api.artifact.ArtifactSummary)
AbstractBodyConsumer(io.cdap.cdap.common.http.AbstractBodyConsumer)
UnauthorizedException(io.cdap.cdap.security.spi.authorization.UnauthorizedException)
FileReader(java.io.FileReader)
JsonObject(com.google.gson.JsonObject)
File(java.io.File)
KerberosPrincipalId(io.cdap.cdap.proto.id.KerberosPrincipalId)
ArtifactNotFoundException(io.cdap.cdap.common.ArtifactNotFoundException)
InvalidArtifactException(io.cdap.cdap.common.InvalidArtifactException)
Example 4 with UnauthorizedException
use of io.cdap.cdap.security.spi.authorization.UnauthorizedException in project cdap by caskdata.
the class AppCreator method execute.
@Override
public void execute(Arguments arguments) throws Exception {
ApplicationId appId = arguments.getId();
ArtifactSummary artifactSummary = arguments.getArtifact();
if (appExists(appId) && !arguments.overwrite) {
return;
}
KerberosPrincipalId ownerPrincipalId = arguments.getOwnerPrincipal() == null ? null : new KerberosPrincipalId(arguments.getOwnerPrincipal());
// if we don't null check, it gets serialized to "null"
String configString = arguments.getConfig() == null ? null : GSON.toJson(arguments.getConfig());
try {
appLifecycleService.deployApp(appId.getParent(), appId.getApplication(), appId.getVersion(), artifactSummary, configString, x -> {
}, ownerPrincipalId, arguments.canUpdateSchedules(), false, Collections.emptyMap());
} catch (NotFoundException | UnauthorizedException | InvalidArtifactException e) {
// up to the default time limit
throw e;
} catch (DatasetManagementException e) {
if (e.getCause() instanceof UnauthorizedException) {
throw (UnauthorizedException) e.getCause();
} else {
throw new RetryableException(e);
}
} catch (Exception e) {
throw new RetryableException(e);
}
}
Also used :
DatasetManagementException(io.cdap.cdap.api.dataset.DatasetManagementException)
ArtifactSummary(io.cdap.cdap.api.artifact.ArtifactSummary)
RetryableException(io.cdap.cdap.api.retry.RetryableException)
UnauthorizedException(io.cdap.cdap.security.spi.authorization.UnauthorizedException)
ApplicationNotFoundException(io.cdap.cdap.common.ApplicationNotFoundException)
NotFoundException(io.cdap.cdap.common.NotFoundException)
ApplicationId(io.cdap.cdap.proto.id.ApplicationId)
KerberosPrincipalId(io.cdap.cdap.proto.id.KerberosPrincipalId)
InvalidArtifactException(io.cdap.cdap.common.InvalidArtifactException)
RetryableException(io.cdap.cdap.api.retry.RetryableException)
DatasetManagementException(io.cdap.cdap.api.dataset.DatasetManagementException)
UnauthorizedException(io.cdap.cdap.security.spi.authorization.UnauthorizedException)
ApplicationNotFoundException(io.cdap.cdap.common.ApplicationNotFoundException)
InvalidArtifactException(io.cdap.cdap.common.InvalidArtifactException)
NotFoundException(io.cdap.cdap.common.NotFoundException)
Example 5 with UnauthorizedException
use of io.cdap.cdap.security.spi.authorization.UnauthorizedException in project cdap by caskdata.
the class CLIConfig method getSavedAccessToken.
@Nullable
private UserAccessToken getSavedAccessToken(ConnectionConfig connectionInfo) {
File file = getAccessTokenFile(connectionInfo.getHostname());
try (BufferedReader reader = Files.newReader(file, Charsets.UTF_8)) {
UserAccessToken userAccessToken = GSON.fromJson(reader, UserAccessToken.class);
if (userAccessToken == null) {
return null;
}
checkConnection(clientConfig, connectionInfo, userAccessToken.getAccessToken());
return userAccessToken;
} catch (IOException | JsonSyntaxException | UnauthenticatedException | UnauthorizedException ignored) {
// Fall through
}
return null;
}
Also used :
JsonSyntaxException(com.google.gson.JsonSyntaxException)
UnauthenticatedException(io.cdap.cdap.security.spi.authentication.UnauthenticatedException)
BufferedReader(java.io.BufferedReader)
UnauthorizedException(io.cdap.cdap.security.spi.authorization.UnauthorizedException)
IOException(java.io.IOException)
File(java.io.File)
Nullable(javax.annotation.Nullable)
Aggregations
UnauthorizedException (io.cdap.cdap.security.spi.authorization.UnauthorizedException)49
Test (org.junit.Test)22
IOException (java.io.IOException)19
HttpResponder (io.cdap.http.HttpResponder)14
ApplicationId (io.cdap.cdap.proto.id.ApplicationId)13
BadRequestException (io.cdap.cdap.common.BadRequestException)11
NotFoundException (io.cdap.cdap.common.NotFoundException)11
DefaultFullHttpRequest (io.netty.handler.codec.http.DefaultFullHttpRequest)10
JsonSyntaxException (com.google.gson.JsonSyntaxException)9
DatasetManagementException (io.cdap.cdap.api.dataset.DatasetManagementException)9
NamespaceNotFoundException (io.cdap.cdap.common.NamespaceNotFoundException)9
MonitorHandler (io.cdap.cdap.gateway.handlers.MonitorHandler)9
NamespaceId (io.cdap.cdap.proto.id.NamespaceId)9
FullHttpRequest (io.netty.handler.codec.http.FullHttpRequest)9
ExecutionException (java.util.concurrent.ExecutionException)9
ConflictException (io.cdap.cdap.common.ConflictException)8
SystemServiceId (io.cdap.cdap.proto.id.SystemServiceId)7
GrantedPermission (io.cdap.cdap.proto.security.GrantedPermission)7
HashSet (java.util.HashSet)7
ProgramId (io.cdap.cdap.proto.id.ProgramId)6
