Search in sources :

Example 1 with AuthorizationErrorException

use of io.cryostat.net.AuthorizationErrorException in project cryostat by cryostatio.

the class OpenShiftAuthManager method getUserInfo.

@Override
public Future<UserInfo> getUserInfo(Supplier<String> httpHeaderProvider) {
    String token = getTokenFromHttpHeader(httpHeaderProvider.get());
    Future<TokenReviewStatus> fStatus = performTokenReview(token);
    try {
        TokenReviewStatus status = fStatus.get();
        if (!Boolean.TRUE.equals(status.getAuthenticated())) {
            return CompletableFuture.failedFuture(new AuthorizationErrorException("Authentication Failed"));
        }
        return CompletableFuture.completedFuture(new UserInfo(status.getUser().getUsername()));
    } catch (ExecutionException ee) {
        return CompletableFuture.failedFuture(ee.getCause());
    } catch (Exception e) {
        return CompletableFuture.failedFuture(e);
    }
}
Also used : AuthorizationErrorException(io.cryostat.net.AuthorizationErrorException) TokenReviewStatus(io.fabric8.kubernetes.api.model.authentication.TokenReviewStatus) UserInfo(io.cryostat.net.UserInfo) ExecutionException(java.util.concurrent.ExecutionException) URISyntaxException(java.net.URISyntaxException) MissingEnvironmentVariableException(io.cryostat.net.MissingEnvironmentVariableException) KubernetesClientException(io.fabric8.kubernetes.client.KubernetesClientException) TokenNotFoundException(io.cryostat.net.TokenNotFoundException) AuthorizationErrorException(io.cryostat.net.AuthorizationErrorException) IOException(java.io.IOException) PermissionDeniedException(io.cryostat.net.PermissionDeniedException) ExecutionException(java.util.concurrent.ExecutionException)

Example 2 with AuthorizationErrorException

use of io.cryostat.net.AuthorizationErrorException in project cryostat by cryostatio.

the class OpenShiftAuthManager method performTokenReview.

private Future<TokenReviewStatus> performTokenReview(String token) {
    try {
        TokenReview review = new TokenReviewBuilder().withNewSpec().withToken(token).endSpec().build();
        review = serviceAccountClient.get().tokenReviews().create(review);
        TokenReviewStatus status = review.getStatus();
        if (StringUtils.isNotBlank(status.getError())) {
            return CompletableFuture.failedFuture(new AuthorizationErrorException(status.getError()));
        }
        return CompletableFuture.completedFuture(status);
    } catch (KubernetesClientException e) {
        logger.info(e);
        return CompletableFuture.failedFuture(e);
    } catch (Exception e) {
        logger.error(e);
        return CompletableFuture.failedFuture(e);
    }
}
Also used : AuthorizationErrorException(io.cryostat.net.AuthorizationErrorException) TokenReviewBuilder(io.fabric8.kubernetes.api.model.authentication.TokenReviewBuilder) TokenReview(io.fabric8.kubernetes.api.model.authentication.TokenReview) TokenReviewStatus(io.fabric8.kubernetes.api.model.authentication.TokenReviewStatus) URISyntaxException(java.net.URISyntaxException) MissingEnvironmentVariableException(io.cryostat.net.MissingEnvironmentVariableException) KubernetesClientException(io.fabric8.kubernetes.client.KubernetesClientException) TokenNotFoundException(io.cryostat.net.TokenNotFoundException) AuthorizationErrorException(io.cryostat.net.AuthorizationErrorException) IOException(java.io.IOException) PermissionDeniedException(io.cryostat.net.PermissionDeniedException) ExecutionException(java.util.concurrent.ExecutionException) KubernetesClientException(io.fabric8.kubernetes.client.KubernetesClientException)

Example 3 with AuthorizationErrorException

use of io.cryostat.net.AuthorizationErrorException in project cryostat by cryostatio.

the class MessagingServer method start.

@Override
public void start() throws SocketException, UnknownHostException {
    logger.info("Max concurrent WebSocket connections: {}", maxConnections);
    prunerTaskId = this.vertx.setPeriodic(TimeUnit.SECONDS.toMillis(1), id -> this.pruneConnections());
    server.websocketHandler((sws) -> {
        if ("/api/v1/command".equals(sws.path())) {
            sws.reject(410);
            return;
        } else if (!"/api/v1/notifications".equals(sws.path())) {
            sws.reject(404);
            return;
        }
        String remoteAddress = sws.remoteAddress().toString();
        synchronized (connections) {
            if (connections.size() >= maxConnections) {
                logger.info("Dropping remote client {} due to too many concurrent connections", remoteAddress);
                sws.reject();
                sendClientActivityNotification(remoteAddress, "dropped");
                return;
            }
        }
        logger.info("Connected remote client {}", remoteAddress);
        WsClient wsc = new WsClient(this.logger, sws, clock);
        sws.closeHandler((unused) -> removeConnection(wsc));
        sws.textMessageHandler(msg -> {
            vertx.executeBlocking(promise -> {
                try {
                    authManager.doAuthenticated(sws::subProtocol, p -> authManager.validateWebSocketSubProtocol(p, ResourceAction.READ_ALL)).onSuccess(() -> promise.complete(true)).onFailure(() -> promise.fail(new AuthorizationErrorException(""))).execute();
                } catch (InterruptedException | ExecutionException | TimeoutException e) {
                    promise.fail(e);
                }
            }, true, result -> {
                if (result.failed()) {
                    if (ExceptionUtils.hasCause(result.cause(), AuthorizationErrorException.class)) {
                        logger.info((AuthorizationErrorException) result.cause());
                        logger.info("Disconnected remote client {} due to authentication failure", remoteAddress);
                        sendClientActivityNotification(remoteAddress, "auth failure");
                        sws.close(// close reason
                        (short) 1002, "Invalid auth subprotocol");
                    } else {
                        logger.info(new IOException(result.cause()));
                        sws.close((short) 1011, String.format("Internal error: \"%s\"", result.cause().getMessage()));
                    }
                    return;
                }
                logger.info("Authenticated remote client {}", remoteAddress);
                sws.textMessageHandler(null);
                wsc.setAccepted();
                sendClientActivityNotification(remoteAddress, "accepted");
                Long ping = pingTasks.put(wsc, vertx.setPeriodic(TimeUnit.SECONDS.toMillis(5), id -> wsc.ping()));
                if (ping != null) {
                    vertx.cancelTimer(ping);
                }
            });
        });
        addConnection(wsc);
        sws.accept();
        sendClientActivityNotification(remoteAddress, "connected");
    });
}
Also used : Clock(io.cryostat.core.sys.Clock) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) Vertx(io.vertx.core.Vertx) Set(java.util.Set) TimeoutException(java.util.concurrent.TimeoutException) IOException(java.io.IOException) UnknownHostException(java.net.UnknownHostException) HashSet(java.util.HashSet) ExecutionException(java.util.concurrent.ExecutionException) TimeUnit(java.util.concurrent.TimeUnit) SocketException(java.net.SocketException) HttpMimeType(io.cryostat.net.web.http.HttpMimeType) NotificationFactory(io.cryostat.messaging.notifications.NotificationFactory) HttpServer(io.cryostat.net.HttpServer) Gson(com.google.gson.Gson) Map(java.util.Map) AuthManager(io.cryostat.net.AuthManager) AbstractVerticle(io.vertx.core.AbstractVerticle) Logger(io.cryostat.core.log.Logger) Named(javax.inject.Named) Environment(io.cryostat.core.sys.Environment) AuthorizationErrorException(io.cryostat.net.AuthorizationErrorException) ResourceAction(io.cryostat.net.security.ResourceAction) ExceptionUtils(org.apache.commons.lang3.exception.ExceptionUtils) AuthorizationErrorException(io.cryostat.net.AuthorizationErrorException) IOException(java.io.IOException) ExecutionException(java.util.concurrent.ExecutionException) TimeoutException(java.util.concurrent.TimeoutException)

Aggregations

AuthorizationErrorException (io.cryostat.net.AuthorizationErrorException)3 IOException (java.io.IOException)3 ExecutionException (java.util.concurrent.ExecutionException)3 MissingEnvironmentVariableException (io.cryostat.net.MissingEnvironmentVariableException)2 PermissionDeniedException (io.cryostat.net.PermissionDeniedException)2 TokenNotFoundException (io.cryostat.net.TokenNotFoundException)2 TokenReviewStatus (io.fabric8.kubernetes.api.model.authentication.TokenReviewStatus)2 KubernetesClientException (io.fabric8.kubernetes.client.KubernetesClientException)2 URISyntaxException (java.net.URISyntaxException)2 Gson (com.google.gson.Gson)1 Logger (io.cryostat.core.log.Logger)1 Clock (io.cryostat.core.sys.Clock)1 Environment (io.cryostat.core.sys.Environment)1 NotificationFactory (io.cryostat.messaging.notifications.NotificationFactory)1 AuthManager (io.cryostat.net.AuthManager)1 HttpServer (io.cryostat.net.HttpServer)1 UserInfo (io.cryostat.net.UserInfo)1 ResourceAction (io.cryostat.net.security.ResourceAction)1 HttpMimeType (io.cryostat.net.web.http.HttpMimeType)1 TokenReview (io.fabric8.kubernetes.api.model.authentication.TokenReview)1