use of io.cryostat.net.AuthorizationErrorException in project cryostat by cryostatio.
the class OpenShiftAuthManager method getUserInfo.
@Override
public Future<UserInfo> getUserInfo(Supplier<String> httpHeaderProvider) {
String token = getTokenFromHttpHeader(httpHeaderProvider.get());
Future<TokenReviewStatus> fStatus = performTokenReview(token);
try {
TokenReviewStatus status = fStatus.get();
if (!Boolean.TRUE.equals(status.getAuthenticated())) {
return CompletableFuture.failedFuture(new AuthorizationErrorException("Authentication Failed"));
}
return CompletableFuture.completedFuture(new UserInfo(status.getUser().getUsername()));
} catch (ExecutionException ee) {
return CompletableFuture.failedFuture(ee.getCause());
} catch (Exception e) {
return CompletableFuture.failedFuture(e);
}
}
use of io.cryostat.net.AuthorizationErrorException in project cryostat by cryostatio.
the class OpenShiftAuthManager method performTokenReview.
private Future<TokenReviewStatus> performTokenReview(String token) {
try {
TokenReview review = new TokenReviewBuilder().withNewSpec().withToken(token).endSpec().build();
review = serviceAccountClient.get().tokenReviews().create(review);
TokenReviewStatus status = review.getStatus();
if (StringUtils.isNotBlank(status.getError())) {
return CompletableFuture.failedFuture(new AuthorizationErrorException(status.getError()));
}
return CompletableFuture.completedFuture(status);
} catch (KubernetesClientException e) {
logger.info(e);
return CompletableFuture.failedFuture(e);
} catch (Exception e) {
logger.error(e);
return CompletableFuture.failedFuture(e);
}
}
use of io.cryostat.net.AuthorizationErrorException in project cryostat by cryostatio.
the class MessagingServer method start.
@Override
public void start() throws SocketException, UnknownHostException {
logger.info("Max concurrent WebSocket connections: {}", maxConnections);
prunerTaskId = this.vertx.setPeriodic(TimeUnit.SECONDS.toMillis(1), id -> this.pruneConnections());
server.websocketHandler((sws) -> {
if ("/api/v1/command".equals(sws.path())) {
sws.reject(410);
return;
} else if (!"/api/v1/notifications".equals(sws.path())) {
sws.reject(404);
return;
}
String remoteAddress = sws.remoteAddress().toString();
synchronized (connections) {
if (connections.size() >= maxConnections) {
logger.info("Dropping remote client {} due to too many concurrent connections", remoteAddress);
sws.reject();
sendClientActivityNotification(remoteAddress, "dropped");
return;
}
}
logger.info("Connected remote client {}", remoteAddress);
WsClient wsc = new WsClient(this.logger, sws, clock);
sws.closeHandler((unused) -> removeConnection(wsc));
sws.textMessageHandler(msg -> {
vertx.executeBlocking(promise -> {
try {
authManager.doAuthenticated(sws::subProtocol, p -> authManager.validateWebSocketSubProtocol(p, ResourceAction.READ_ALL)).onSuccess(() -> promise.complete(true)).onFailure(() -> promise.fail(new AuthorizationErrorException(""))).execute();
} catch (InterruptedException | ExecutionException | TimeoutException e) {
promise.fail(e);
}
}, true, result -> {
if (result.failed()) {
if (ExceptionUtils.hasCause(result.cause(), AuthorizationErrorException.class)) {
logger.info((AuthorizationErrorException) result.cause());
logger.info("Disconnected remote client {} due to authentication failure", remoteAddress);
sendClientActivityNotification(remoteAddress, "auth failure");
sws.close(// close reason
(short) 1002, "Invalid auth subprotocol");
} else {
logger.info(new IOException(result.cause()));
sws.close((short) 1011, String.format("Internal error: \"%s\"", result.cause().getMessage()));
}
return;
}
logger.info("Authenticated remote client {}", remoteAddress);
sws.textMessageHandler(null);
wsc.setAccepted();
sendClientActivityNotification(remoteAddress, "accepted");
Long ping = pingTasks.put(wsc, vertx.setPeriodic(TimeUnit.SECONDS.toMillis(5), id -> wsc.ping()));
if (ping != null) {
vertx.cancelTimer(ping);
}
});
});
addConnection(wsc);
sws.accept();
sendClientActivityNotification(remoteAddress, "connected");
});
}
Aggregations