Examples with KsqlAuthorizationProvider io.confluent.ksql.security.KsqlAuthorizationProvider used on opensource projects

Search in sources :

Example 1 with KsqlAuthorizationProvider

use of io.confluent.ksql.security.KsqlAuthorizationProvider in project ksql by confluentinc.

the class AuthTest method shouldAllowAccessWithPermissionCheck.

private void shouldAllowAccessWithPermissionCheck(final String expectedUser, final String expectedMethod, final String expectedPath, final ExceptionThrowingRunnable action) throws Exception {
    stopServer();
    stopClient();
    AtomicReference<Principal> principalAtomicReference = new AtomicReference<>();
    AtomicReference<String> methodAtomicReference = new AtomicReference<>();
    AtomicReference<String> pathAtomicReference = new AtomicReference<>();
    this.authorizationProvider = new KsqlAuthorizationProvider() {

        @Override
        public void checkEndpointAccess(final Principal user, final String method, final String path) {
            throwIfNullPrincipal(user);
            principalAtomicReference.set(user);
            methodAtomicReference.set(method);
            pathAtomicReference.set(path);
        }

        @Override
        public void checkPrivileges(final KsqlSecurityContext securityContext, final AuthObjectType objectType, final String objectName, final List<AclOperation> privileges) {
        // Not required for vert.x authX as it only authorizes endpoints
        }
    };
    createServer(createServerConfig());
    client = createClient();
    action.run();
    assertThat(principalAtomicReference.get().getName(), is(expectedUser));
    assertThat(methodAtomicReference.get(), is(expectedMethod));
    assertThat(pathAtomicReference.get(), is(expectedPath));
}
Also used : KsqlSecurityContext(io.confluent.ksql.security.KsqlSecurityContext) AuthObjectType(io.confluent.ksql.security.AuthObjectType) AclOperation(org.apache.kafka.common.acl.AclOperation) AtomicReference(java.util.concurrent.atomic.AtomicReference) KsqlAuthorizationProvider(io.confluent.ksql.security.KsqlAuthorizationProvider) Principal(java.security.Principal)

Example 2 with KsqlAuthorizationProvider

use of io.confluent.ksql.security.KsqlAuthorizationProvider in project ksql by confluentinc.

the class AuthTest method shouldAllowAccessWithoutAuthentication.

private void shouldAllowAccessWithoutAuthentication(final ExceptionThrowingRunnable action) throws Exception {
    stopServer();
    stopClient();
    AtomicReference<Boolean> authorizationCallReference = new AtomicReference<>(false);
    this.authorizationProvider = new KsqlAuthorizationProvider() {

        @Override
        public void checkEndpointAccess(final Principal user, final String method, final String path) {
            authorizationCallReference.set(true);
        }

        @Override
        public void checkPrivileges(final KsqlSecurityContext securityContext, final AuthObjectType objectType, final String objectName, final List<AclOperation> privileges) {
        // Not required for vert.x authX as it only authorizes endpoints
        }
    };
    createServer(createServerConfig());
    client = createClient();
    action.run();
    assertThat("Should not call authorization", authorizationCallReference.get(), is(false));
}
Also used : KsqlSecurityContext(io.confluent.ksql.security.KsqlSecurityContext) AuthObjectType(io.confluent.ksql.security.AuthObjectType) AclOperation(org.apache.kafka.common.acl.AclOperation) AtomicReference(java.util.concurrent.atomic.AtomicReference) AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean) KsqlAuthorizationProvider(io.confluent.ksql.security.KsqlAuthorizationProvider) Principal(java.security.Principal)

Example 3 with KsqlAuthorizationProvider

use of io.confluent.ksql.security.KsqlAuthorizationProvider in project ksql by confluentinc.

the class AuthTest method createServer.

@Override
protected void createServer(KsqlRestConfig serverConfig) {
    server = new Server(vertx, serverConfig, testEndpoints, new KsqlSecurityExtension() {

        @Override
        public void initialize(final KsqlConfig ksqlConfig) {
        }

        @Override
        public Optional<KsqlAuthorizationProvider> getAuthorizationProvider() {
            return Optional.ofNullable(authorizationProvider);
        }

        @Override
        public Optional<KsqlUserContextProvider> getUserContextProvider() {
            return Optional.ofNullable(userContextProvider);
        }

        @Override
        public void close() {
        }
    }, Optional.ofNullable(securityHandlerPlugin), serverState, Optional.empty());
    server.start();
}
Also used : Server(io.confluent.ksql.api.server.Server) KsqlUserContextProvider(io.confluent.ksql.security.KsqlUserContextProvider) KsqlConfig(io.confluent.ksql.util.KsqlConfig) KsqlSecurityExtension(io.confluent.ksql.security.KsqlSecurityExtension) KsqlAuthorizationProvider(io.confluent.ksql.security.KsqlAuthorizationProvider)

Example 4 with KsqlAuthorizationProvider

use of io.confluent.ksql.security.KsqlAuthorizationProvider in project ksql by confluentinc.

the class AuthTest method shouldNotAllowAccessIfPermissionCheckThrowsException.

private void shouldNotAllowAccessIfPermissionCheckThrowsException(ExceptionThrowingRunnable runnable) throws Exception {
    stopServer();
    stopClient();
    this.authorizationProvider = new KsqlAuthorizationProvider() {

        @Override
        public void checkEndpointAccess(final Principal user, final String method, final String path) {
            throw new KsqlException("Forbidden");
        }

        @Override
        public void checkPrivileges(final KsqlSecurityContext securityContext, final AuthObjectType objectType, final String objectName, final List<AclOperation> privileges) {
        // Not required for vert.x authX as it only authorizes endpoints
        }
    };
    createServer(createServerConfig());
    client = createClient();
    runnable.run();
}
Also used : KsqlSecurityContext(io.confluent.ksql.security.KsqlSecurityContext) AuthObjectType(io.confluent.ksql.security.AuthObjectType) AclOperation(org.apache.kafka.common.acl.AclOperation) KsqlAuthorizationProvider(io.confluent.ksql.security.KsqlAuthorizationProvider) KsqlException(io.confluent.ksql.util.KsqlException) Principal(java.security.Principal)

Aggregations

KsqlAuthorizationProvider (io.confluent.ksql.security.KsqlAuthorizationProvider)4 AuthObjectType (io.confluent.ksql.security.AuthObjectType)3 KsqlSecurityContext (io.confluent.ksql.security.KsqlSecurityContext)3 Principal (java.security.Principal)3 AclOperation (org.apache.kafka.common.acl.AclOperation)3 AtomicReference (java.util.concurrent.atomic.AtomicReference)2 Server (io.confluent.ksql.api.server.Server)1 KsqlSecurityExtension (io.confluent.ksql.security.KsqlSecurityExtension)1 KsqlUserContextProvider (io.confluent.ksql.security.KsqlUserContextProvider)1 KsqlConfig (io.confluent.ksql.util.KsqlConfig)1 KsqlException (io.confluent.ksql.util.KsqlException)1 AtomicBoolean (java.util.concurrent.atomic.AtomicBoolean)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial