Example 1 with AuthorizationErrorException
use of io.cryostat.net.AuthorizationErrorException in project cryostat by cryostatio.
the class OpenShiftAuthManager method getUserInfo.
@Override
public Future<UserInfo> getUserInfo(Supplier<String> httpHeaderProvider) {
String token = getTokenFromHttpHeader(httpHeaderProvider.get());
Future<TokenReviewStatus> fStatus = performTokenReview(token);
try {
TokenReviewStatus status = fStatus.get();
if (!Boolean.TRUE.equals(status.getAuthenticated())) {
return CompletableFuture.failedFuture(new AuthorizationErrorException("Authentication Failed"));
}
return CompletableFuture.completedFuture(new UserInfo(status.getUser().getUsername()));
} catch (ExecutionException ee) {
return CompletableFuture.failedFuture(ee.getCause());
} catch (Exception e) {
return CompletableFuture.failedFuture(e);
}
}
Also used :
AuthorizationErrorException(io.cryostat.net.AuthorizationErrorException)
TokenReviewStatus(io.fabric8.kubernetes.api.model.authentication.TokenReviewStatus)
UserInfo(io.cryostat.net.UserInfo)
ExecutionException(java.util.concurrent.ExecutionException)
URISyntaxException(java.net.URISyntaxException)
MissingEnvironmentVariableException(io.cryostat.net.MissingEnvironmentVariableException)
KubernetesClientException(io.fabric8.kubernetes.client.KubernetesClientException)
TokenNotFoundException(io.cryostat.net.TokenNotFoundException)
AuthorizationErrorException(io.cryostat.net.AuthorizationErrorException)
IOException(java.io.IOException)
PermissionDeniedException(io.cryostat.net.PermissionDeniedException)
ExecutionException(java.util.concurrent.ExecutionException)
Example 2 with AuthorizationErrorException
use of io.cryostat.net.AuthorizationErrorException in project cryostat by cryostatio.
the class OpenShiftAuthManager method performTokenReview.
private Future<TokenReviewStatus> performTokenReview(String token) {
try {
TokenReview review = new TokenReviewBuilder().withNewSpec().withToken(token).endSpec().build();
review = serviceAccountClient.get().tokenReviews().create(review);
TokenReviewStatus status = review.getStatus();
if (StringUtils.isNotBlank(status.getError())) {
return CompletableFuture.failedFuture(new AuthorizationErrorException(status.getError()));
}
return CompletableFuture.completedFuture(status);
} catch (KubernetesClientException e) {
logger.info(e);
return CompletableFuture.failedFuture(e);
} catch (Exception e) {
logger.error(e);
return CompletableFuture.failedFuture(e);
}
}
Also used :
AuthorizationErrorException(io.cryostat.net.AuthorizationErrorException)
TokenReviewBuilder(io.fabric8.kubernetes.api.model.authentication.TokenReviewBuilder)
TokenReview(io.fabric8.kubernetes.api.model.authentication.TokenReview)
TokenReviewStatus(io.fabric8.kubernetes.api.model.authentication.TokenReviewStatus)
URISyntaxException(java.net.URISyntaxException)
MissingEnvironmentVariableException(io.cryostat.net.MissingEnvironmentVariableException)
KubernetesClientException(io.fabric8.kubernetes.client.KubernetesClientException)
TokenNotFoundException(io.cryostat.net.TokenNotFoundException)
AuthorizationErrorException(io.cryostat.net.AuthorizationErrorException)
IOException(java.io.IOException)
PermissionDeniedException(io.cryostat.net.PermissionDeniedException)
ExecutionException(java.util.concurrent.ExecutionException)
KubernetesClientException(io.fabric8.kubernetes.client.KubernetesClientException)
Example 3 with AuthorizationErrorException
use of io.cryostat.net.AuthorizationErrorException in project cryostat by cryostatio.
the class MessagingServer method start.
@Override
public void start() throws SocketException, UnknownHostException {
logger.info("Max concurrent WebSocket connections: {}", maxConnections);
prunerTaskId = this.vertx.setPeriodic(TimeUnit.SECONDS.toMillis(1), id -> this.pruneConnections());
server.websocketHandler((sws) -> {
if ("/api/v1/command".equals(sws.path())) {
sws.reject(410);
return;
} else if (!"/api/v1/notifications".equals(sws.path())) {
sws.reject(404);
return;
}
String remoteAddress = sws.remoteAddress().toString();
synchronized (connections) {
if (connections.size() >= maxConnections) {
logger.info("Dropping remote client {} due to too many concurrent connections", remoteAddress);
sws.reject();
sendClientActivityNotification(remoteAddress, "dropped");
return;
}
}
logger.info("Connected remote client {}", remoteAddress);
WsClient wsc = new WsClient(this.logger, sws, clock);
sws.closeHandler((unused) -> removeConnection(wsc));
sws.textMessageHandler(msg -> {
vertx.executeBlocking(promise -> {
try {
authManager.doAuthenticated(sws::subProtocol, p -> authManager.validateWebSocketSubProtocol(p, ResourceAction.READ_ALL)).onSuccess(() -> promise.complete(true)).onFailure(() -> promise.fail(new AuthorizationErrorException(""))).execute();
} catch (InterruptedException | ExecutionException | TimeoutException e) {
promise.fail(e);
}
}, true, result -> {
if (result.failed()) {
if (ExceptionUtils.hasCause(result.cause(), AuthorizationErrorException.class)) {
logger.info((AuthorizationErrorException) result.cause());
logger.info("Disconnected remote client {} due to authentication failure", remoteAddress);
sendClientActivityNotification(remoteAddress, "auth failure");
sws.close(// close reason
(short) 1002, "Invalid auth subprotocol");
} else {
logger.info(new IOException(result.cause()));
sws.close((short) 1011, String.format("Internal error: \"%s\"", result.cause().getMessage()));
}
return;
}
logger.info("Authenticated remote client {}", remoteAddress);
sws.textMessageHandler(null);
wsc.setAccepted();
sendClientActivityNotification(remoteAddress, "accepted");
Long ping = pingTasks.put(wsc, vertx.setPeriodic(TimeUnit.SECONDS.toMillis(5), id -> wsc.ping()));
if (ping != null) {
vertx.cancelTimer(ping);
}
});
});
addConnection(wsc);
sws.accept();
sendClientActivityNotification(remoteAddress, "connected");
});
}
Also used :
Clock(io.cryostat.core.sys.Clock)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
Vertx(io.vertx.core.Vertx)
Set(java.util.Set)
TimeoutException(java.util.concurrent.TimeoutException)
IOException(java.io.IOException)
UnknownHostException(java.net.UnknownHostException)
HashSet(java.util.HashSet)
ExecutionException(java.util.concurrent.ExecutionException)
TimeUnit(java.util.concurrent.TimeUnit)
SocketException(java.net.SocketException)
HttpMimeType(io.cryostat.net.web.http.HttpMimeType)
NotificationFactory(io.cryostat.messaging.notifications.NotificationFactory)
HttpServer(io.cryostat.net.HttpServer)
Gson(com.google.gson.Gson)
Map(java.util.Map)
AuthManager(io.cryostat.net.AuthManager)
AbstractVerticle(io.vertx.core.AbstractVerticle)
Logger(io.cryostat.core.log.Logger)
Named(javax.inject.Named)
Environment(io.cryostat.core.sys.Environment)
AuthorizationErrorException(io.cryostat.net.AuthorizationErrorException)
ResourceAction(io.cryostat.net.security.ResourceAction)
ExceptionUtils(org.apache.commons.lang3.exception.ExceptionUtils)
AuthorizationErrorException(io.cryostat.net.AuthorizationErrorException)
IOException(java.io.IOException)
ExecutionException(java.util.concurrent.ExecutionException)
TimeoutException(java.util.concurrent.TimeoutException)
Aggregations
AuthorizationErrorException (io.cryostat.net.AuthorizationErrorException)3
IOException (java.io.IOException)3
ExecutionException (java.util.concurrent.ExecutionException)3
MissingEnvironmentVariableException (io.cryostat.net.MissingEnvironmentVariableException)2
PermissionDeniedException (io.cryostat.net.PermissionDeniedException)2
TokenNotFoundException (io.cryostat.net.TokenNotFoundException)2
TokenReviewStatus (io.fabric8.kubernetes.api.model.authentication.TokenReviewStatus)2
KubernetesClientException (io.fabric8.kubernetes.client.KubernetesClientException)2
URISyntaxException (java.net.URISyntaxException)2
Gson (com.google.gson.Gson)1
Logger (io.cryostat.core.log.Logger)1
Clock (io.cryostat.core.sys.Clock)1
Environment (io.cryostat.core.sys.Environment)1
NotificationFactory (io.cryostat.messaging.notifications.NotificationFactory)1
AuthManager (io.cryostat.net.AuthManager)1
HttpServer (io.cryostat.net.HttpServer)1
UserInfo (io.cryostat.net.UserInfo)1
ResourceAction (io.cryostat.net.security.ResourceAction)1
HttpMimeType (io.cryostat.net.web.http.HttpMimeType)1
TokenReview (io.fabric8.kubernetes.api.model.authentication.TokenReview)1
