Examples with Access io.druid.server.security.Access used on opensource projects

Search in sources :

Example 1 with Access

use of io.druid.server.security.Access in project druid by druid-io.

the class OverlordResource method securedTaskRunnerWorkItem.

private Collection<? extends TaskRunnerWorkItem> securedTaskRunnerWorkItem(Collection<? extends TaskRunnerWorkItem> collectionToFilter, HttpServletRequest req) {
    final Map<Pair<Resource, Action>, Access> resourceAccessMap = new HashMap<>();
    final AuthorizationInfo authorizationInfo = (AuthorizationInfo) req.getAttribute(AuthConfig.DRUID_AUTH_TOKEN);
    return Collections2.filter(collectionToFilter, new Predicate<TaskRunnerWorkItem>() {

        @Override
        public boolean apply(TaskRunnerWorkItem input) {
            final String taskId = input.getTaskId();
            final Optional<Task> optionalTask = taskStorageQueryAdapter.getTask(taskId);
            if (!optionalTask.isPresent()) {
                throw new WebApplicationException(Response.serverError().entity(String.format("No task information found for task with id: [%s]", taskId)).build());
            }
            Resource resource = new Resource(optionalTask.get().getDataSource(), ResourceType.DATASOURCE);
            Action action = Action.READ;
            Pair<Resource, Action> key = new Pair<>(resource, action);
            if (resourceAccessMap.containsKey(key)) {
                return resourceAccessMap.get(key).isAllowed();
            } else {
                Access access = authorizationInfo.isAuthorized(key.lhs, key.rhs);
                resourceAccessMap.put(key, access);
                return access.isAllowed();
            }
        }
    });
}
Also used : Action(io.druid.server.security.Action) TaskRunnerWorkItem(io.druid.indexing.overlord.TaskRunnerWorkItem) Optional(com.google.common.base.Optional) WebApplicationException(javax.ws.rs.WebApplicationException) HashMap(java.util.HashMap) Access(io.druid.server.security.Access) Resource(io.druid.server.security.Resource) AuthorizationInfo(io.druid.server.security.AuthorizationInfo) Pair(io.druid.java.util.common.Pair)

Example 2 with Access

use of io.druid.server.security.Access in project druid by druid-io.

the class OverlordResource method taskPost.

@POST
@Path("/task")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public Response taskPost(final Task task, @Context final HttpServletRequest req) {
    if (authConfig.isEnabled()) {
        // This is an experimental feature, see - https://github.com/druid-io/druid/pull/2424
        final String dataSource = task.getDataSource();
        final AuthorizationInfo authorizationInfo = (AuthorizationInfo) req.getAttribute(AuthConfig.DRUID_AUTH_TOKEN);
        Preconditions.checkNotNull(authorizationInfo, "Security is enabled but no authorization info found in the request");
        Access authResult = authorizationInfo.isAuthorized(new Resource(dataSource, ResourceType.DATASOURCE), Action.WRITE);
        if (!authResult.isAllowed()) {
            return Response.status(Response.Status.FORBIDDEN).header("Access-Check-Result", authResult).build();
        }
    }
    return asLeaderWith(taskMaster.getTaskQueue(), new Function<TaskQueue, Response>() {

        @Override
        public Response apply(TaskQueue taskQueue) {
            try {
                taskQueue.add(task);
                return Response.ok(ImmutableMap.of("task", task.getId())).build();
            } catch (EntryExistsException e) {
                return Response.status(Response.Status.BAD_REQUEST).entity(ImmutableMap.of("error", String.format("Task[%s] already exists!", task.getId()))).build();
            }
        }
    });
}
Also used : Response(javax.ws.rs.core.Response) Access(io.druid.server.security.Access) Resource(io.druid.server.security.Resource) TaskQueue(io.druid.indexing.overlord.TaskQueue) EntryExistsException(io.druid.metadata.EntryExistsException) AuthorizationInfo(io.druid.server.security.AuthorizationInfo) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces)

Example 3 with Access

use of io.druid.server.security.Access in project druid by druid-io.

the class QueryResourceTest method testSecuredQuery.

@Test
public void testSecuredQuery() throws Exception {
    EasyMock.expect(testServletRequest.getAttribute(EasyMock.anyString())).andReturn(new AuthorizationInfo() {

        @Override
        public Access isAuthorized(Resource resource, Action action) {
            if (resource.getName().equals("allow")) {
                return new Access(true);
            } else {
                return new Access(false);
            }
        }
    }).times(2);
    EasyMock.replay(testServletRequest);
    queryResource = new QueryResource(warehouse, serverConfig, jsonMapper, jsonMapper, testSegmentWalker, new NoopServiceEmitter(), new NoopRequestLogger(), queryManager, new AuthConfig(true));
    Response response = queryResource.doPost(new ByteArrayInputStream(simpleTimeSeriesQuery.getBytes("UTF-8")), null, /*pretty*/
    testServletRequest);
    Assert.assertEquals(Response.Status.FORBIDDEN.getStatusCode(), response.getStatus());
    response = queryResource.doPost(new ByteArrayInputStream("{\"queryType\":\"timeBoundary\", \"dataSource\":\"allow\"}".getBytes("UTF-8")), null, /*pretty*/
    testServletRequest);
    Assert.assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
}
Also used : Response(javax.ws.rs.core.Response) Action(io.druid.server.security.Action) ByteArrayInputStream(java.io.ByteArrayInputStream) Resource(io.druid.server.security.Resource) Access(io.druid.server.security.Access) NoopRequestLogger(io.druid.server.log.NoopRequestLogger) NoopServiceEmitter(io.druid.server.metrics.NoopServiceEmitter) AuthConfig(io.druid.server.security.AuthConfig) AuthorizationInfo(io.druid.server.security.AuthorizationInfo) Test(org.junit.Test)

Example 4 with Access

use of io.druid.server.security.Access in project druid by druid-io.

the class ClientInfoResource method getDataSources.

@GET
@Produces(MediaType.APPLICATION_JSON)
public Iterable<String> getDataSources(@Context final HttpServletRequest request) {
    if (authConfig.isEnabled()) {
        // This is an experimental feature, see - https://github.com/druid-io/druid/pull/2424
        final Map<Pair<Resource, Action>, Access> resourceAccessMap = new HashMap<>();
        final AuthorizationInfo authorizationInfo = (AuthorizationInfo) request.getAttribute(AuthConfig.DRUID_AUTH_TOKEN);
        return Collections2.filter(getSegmentsForDatasources().keySet(), new Predicate<String>() {

            @Override
            public boolean apply(String input) {
                Resource resource = new Resource(input, ResourceType.DATASOURCE);
                Action action = Action.READ;
                Pair<Resource, Action> key = new Pair<>(resource, action);
                if (resourceAccessMap.containsKey(key)) {
                    return resourceAccessMap.get(key).isAllowed();
                } else {
                    Access access = authorizationInfo.isAuthorized(key.lhs, key.rhs);
                    resourceAccessMap.put(key, access);
                    return access.isAllowed();
                }
            }
        });
    } else {
        return getSegmentsForDatasources().keySet();
    }
}
Also used : Action(io.druid.server.security.Action) HashMap(java.util.HashMap) Access(io.druid.server.security.Access) Resource(io.druid.server.security.Resource) AuthorizationInfo(io.druid.server.security.AuthorizationInfo) Pair(io.druid.java.util.common.Pair) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET)

Example 5 with Access

use of io.druid.server.security.Access in project druid by druid-io.

the class InventoryViewUtils method getSecuredDataSources.

public static Set<DruidDataSource> getSecuredDataSources(InventoryView inventoryView, final AuthorizationInfo authorizationInfo) {
    if (authorizationInfo == null) {
        throw new ISE("Invalid to call a secured method with null AuthorizationInfo!!");
    } else {
        final Map<Pair<Resource, Action>, Access> resourceAccessMap = new HashMap<>();
        return ImmutableSet.copyOf(Iterables.filter(getDataSources(inventoryView), new Predicate<DruidDataSource>() {

            @Override
            public boolean apply(DruidDataSource input) {
                Resource resource = new Resource(input.getName(), ResourceType.DATASOURCE);
                Action action = Action.READ;
                Pair<Resource, Action> key = new Pair<>(resource, action);
                if (resourceAccessMap.containsKey(key)) {
                    return resourceAccessMap.get(key).isAllowed();
                } else {
                    Access access = authorizationInfo.isAuthorized(key.lhs, key.rhs);
                    resourceAccessMap.put(key, access);
                    return access.isAllowed();
                }
            }
        }));
    }
}
Also used : Action(io.druid.server.security.Action) HashMap(java.util.HashMap) Access(io.druid.server.security.Access) Resource(io.druid.server.security.Resource) ISE(io.druid.java.util.common.ISE) DruidDataSource(io.druid.client.DruidDataSource) Pair(io.druid.java.util.common.Pair) Predicate(com.google.common.base.Predicate)

Aggregations

Access (io.druid.server.security.Access)19 Resource (io.druid.server.security.Resource)19 AuthorizationInfo (io.druid.server.security.AuthorizationInfo)18 Action (io.druid.server.security.Action)11 WebApplicationException (javax.ws.rs.WebApplicationException)8 Produces (javax.ws.rs.Produces)7 Pair (io.druid.java.util.common.Pair)6 HashMap (java.util.HashMap)6 Response (javax.ws.rs.core.Response)6 AuthConfig (io.druid.server.security.AuthConfig)5 Path (javax.ws.rs.Path)5 Predicate (com.google.common.base.Predicate)4 GET (javax.ws.rs.GET)4 Test (org.junit.Test)4 DruidDataSource (io.druid.client.DruidDataSource)3 Query (io.druid.query.Query)3 NoopRequestLogger (io.druid.server.log.NoopRequestLogger)3 NoopServiceEmitter (io.druid.server.metrics.NoopServiceEmitter)3 ByteArrayInputStream (java.io.ByteArrayInputStream)3 IOException (java.io.IOException)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial