Example 1 with ProtocolDetectionException
use of io.trino.client.ProtocolDetectionException in project trino by trinodb.
the class InsecureAuthenticator method authenticate.
@Override
public Identity authenticate(ContainerRequestContext request) throws AuthenticationException {
Optional<BasicAuthCredentials> basicAuthCredentials = extractBasicAuthCredentials(request);
String user;
if (basicAuthCredentials.isPresent()) {
if (basicAuthCredentials.get().getPassword().isPresent()) {
throw new AuthenticationException("Password not allowed for insecure authentication", BasicAuthCredentials.AUTHENTICATE_HEADER);
}
user = basicAuthCredentials.get().getUser();
} else {
try {
ProtocolHeaders protocolHeaders = detectProtocol(alternateHeaderName, request.getHeaders().keySet());
user = emptyToNull(request.getHeaders().getFirst(protocolHeaders.requestUser()));
} catch (ProtocolDetectionException e) {
// ignored
user = null;
}
}
if (user == null) {
throw new AuthenticationException("Basic authentication or " + TRINO_HEADERS.requestUser() + " must be sent", BasicAuthCredentials.AUTHENTICATE_HEADER);
}
try {
String authenticatedUser = userMapping.mapUser(user);
return Identity.forUser(authenticatedUser).withPrincipal(new BasicPrincipal(user)).build();
} catch (UserMappingException e) {
throw new AuthenticationException(e.getMessage());
}
}
Also used :
ProtocolHeaders(io.trino.client.ProtocolHeaders)
BasicAuthCredentials.extractBasicAuthCredentials(io.trino.server.security.BasicAuthCredentials.extractBasicAuthCredentials)
BasicPrincipal(io.trino.spi.security.BasicPrincipal)
ProtocolDetectionException(io.trino.client.ProtocolDetectionException)
Example 2 with ProtocolDetectionException
use of io.trino.client.ProtocolDetectionException in project trino by trinodb.
the class HttpRequestSessionContextFactory method extractAuthorizedIdentity.
public Identity extractAuthorizedIdentity(Optional<Identity> optionalAuthenticatedIdentity, MultivaluedMap<String, String> headers, Optional<String> alternateHeaderName) throws AccessDeniedException {
ProtocolHeaders protocolHeaders;
try {
protocolHeaders = detectProtocol(alternateHeaderName, headers.keySet());
} catch (ProtocolDetectionException e) {
throw badRequest(e.getMessage());
}
Identity identity = buildSessionIdentity(optionalAuthenticatedIdentity, protocolHeaders, headers);
accessControl.checkCanSetUser(identity.getPrincipal(), identity.getUser());
// authenticated may not present for HTTP or if authentication is not setup
optionalAuthenticatedIdentity.ifPresent(authenticatedIdentity -> {
// only check impersonation if authenticated user is not the same as the explicitly set user
if (!authenticatedIdentity.getUser().equals(identity.getUser())) {
// load enabled roles for authenticated identity, so impersonation permissions can be assigned to roles
authenticatedIdentity = Identity.from(authenticatedIdentity).withEnabledRoles(metadata.listEnabledRoles(authenticatedIdentity)).build();
accessControl.checkCanImpersonateUser(authenticatedIdentity, identity.getUser());
}
});
return addEnabledRoles(identity, parseSystemRoleHeaders(protocolHeaders, headers), metadata);
}
Also used :
ProtocolHeaders(io.trino.client.ProtocolHeaders)
ProtocolDetectionException(io.trino.client.ProtocolDetectionException)
Identity(io.trino.spi.security.Identity)
Example 3 with ProtocolDetectionException
use of io.trino.client.ProtocolDetectionException in project trino by trinodb.
the class HttpRequestSessionContextFactory method createSessionContext.
public SessionContext createSessionContext(MultivaluedMap<String, String> headers, Optional<String> alternateHeaderName, Optional<String> remoteAddress, Optional<Identity> authenticatedIdentity) throws WebApplicationException {
ProtocolHeaders protocolHeaders;
try {
protocolHeaders = detectProtocol(alternateHeaderName, headers.keySet());
} catch (ProtocolDetectionException e) {
throw badRequest(e.getMessage());
}
Optional<String> catalog = Optional.ofNullable(trimEmptyToNull(headers.getFirst(protocolHeaders.requestCatalog())));
Optional<String> schema = Optional.ofNullable(trimEmptyToNull(headers.getFirst(protocolHeaders.requestSchema())));
Optional<String> path = Optional.ofNullable(trimEmptyToNull(headers.getFirst(protocolHeaders.requestPath())));
assertRequest((catalog.isPresent()) || (schema.isEmpty()), "Schema is set but catalog is not");
requireNonNull(authenticatedIdentity, "authenticatedIdentity is null");
Identity identity = buildSessionIdentity(authenticatedIdentity, protocolHeaders, headers);
SelectedRole selectedRole = parseSystemRoleHeaders(protocolHeaders, headers);
Optional<String> source = Optional.ofNullable(headers.getFirst(protocolHeaders.requestSource()));
Optional<String> traceToken = Optional.ofNullable(trimEmptyToNull(headers.getFirst(protocolHeaders.requestTraceToken())));
Optional<String> userAgent = Optional.ofNullable(headers.getFirst(USER_AGENT));
Optional<String> remoteUserAddress = requireNonNull(remoteAddress, "remoteAddress is null");
Optional<String> timeZoneId = Optional.ofNullable(headers.getFirst(protocolHeaders.requestTimeZone()));
Optional<String> language = Optional.ofNullable(headers.getFirst(protocolHeaders.requestLanguage()));
Optional<String> clientInfo = Optional.ofNullable(headers.getFirst(protocolHeaders.requestClientInfo()));
Set<String> clientTags = parseClientTags(protocolHeaders, headers);
Set<String> clientCapabilities = parseClientCapabilities(protocolHeaders, headers);
ResourceEstimates resourceEstimates = parseResourceEstimate(protocolHeaders, headers);
// parse session properties
ImmutableMap.Builder<String, String> systemProperties = ImmutableMap.builder();
Map<String, Map<String, String>> catalogSessionProperties = new HashMap<>();
for (Entry<String, String> entry : parseSessionHeaders(protocolHeaders, headers).entrySet()) {
String fullPropertyName = entry.getKey();
String propertyValue = entry.getValue();
List<String> nameParts = DOT_SPLITTER.splitToList(fullPropertyName);
if (nameParts.size() == 1) {
String propertyName = nameParts.get(0);
assertRequest(!propertyName.isEmpty(), "Invalid %s header", protocolHeaders.requestSession());
// catalog session properties cannot be validated until the transaction has stated, so we delay system property validation also
systemProperties.put(propertyName, propertyValue);
} else if (nameParts.size() == 2) {
String catalogName = nameParts.get(0);
String propertyName = nameParts.get(1);
assertRequest(!catalogName.isEmpty(), "Invalid %s header", protocolHeaders.requestSession());
assertRequest(!propertyName.isEmpty(), "Invalid %s header", protocolHeaders.requestSession());
// catalog session properties cannot be validated until the transaction has stated
catalogSessionProperties.computeIfAbsent(catalogName, id -> new HashMap<>()).put(propertyName, propertyValue);
} else {
throw badRequest(format("Invalid %s header", protocolHeaders.requestSession()));
}
}
requireNonNull(catalogSessionProperties, "catalogSessionProperties is null");
catalogSessionProperties = catalogSessionProperties.entrySet().stream().collect(toImmutableMap(Entry::getKey, entry -> ImmutableMap.copyOf(entry.getValue())));
Map<String, String> preparedStatements = parsePreparedStatementsHeaders(protocolHeaders, headers);
String transactionIdHeader = headers.getFirst(protocolHeaders.requestTransactionId());
boolean clientTransactionSupport = transactionIdHeader != null;
Optional<TransactionId> transactionId = parseTransactionId(transactionIdHeader);
return new SessionContext(protocolHeaders, catalog, schema, path, authenticatedIdentity, identity, selectedRole, source, traceToken, userAgent, remoteUserAddress, timeZoneId, language, clientTags, clientCapabilities, resourceEstimates, systemProperties.buildOrThrow(), catalogSessionProperties, preparedStatements, transactionId, clientTransactionSupport, clientInfo);
}
Also used :
ResourceEstimates(io.trino.spi.session.ResourceEstimates)
HashMap(java.util.HashMap)
SelectedRole(io.trino.spi.security.SelectedRole)
ProtocolDetectionException(io.trino.client.ProtocolDetectionException)
ImmutableMap(com.google.common.collect.ImmutableMap)
ImmutableMap.toImmutableMap(com.google.common.collect.ImmutableMap.toImmutableMap)
TransactionId(io.trino.transaction.TransactionId)
ProtocolHeaders(io.trino.client.ProtocolHeaders)
Entry(java.util.Map.Entry)
Identity(io.trino.spi.security.Identity)
Map(java.util.Map)
ImmutableMap(com.google.common.collect.ImmutableMap)
ImmutableMap.toImmutableMap(com.google.common.collect.ImmutableMap.toImmutableMap)
HashMap(java.util.HashMap)
MultivaluedMap(javax.ws.rs.core.MultivaluedMap)
Aggregations
ProtocolDetectionException (io.trino.client.ProtocolDetectionException)3
ProtocolHeaders (io.trino.client.ProtocolHeaders)3
Identity (io.trino.spi.security.Identity)2
ImmutableMap (com.google.common.collect.ImmutableMap)1
ImmutableMap.toImmutableMap (com.google.common.collect.ImmutableMap.toImmutableMap)1
BasicAuthCredentials.extractBasicAuthCredentials (io.trino.server.security.BasicAuthCredentials.extractBasicAuthCredentials)1
BasicPrincipal (io.trino.spi.security.BasicPrincipal)1
SelectedRole (io.trino.spi.security.SelectedRole)1
ResourceEstimates (io.trino.spi.session.ResourceEstimates)1
TransactionId (io.trino.transaction.TransactionId)1
HashMap (java.util.HashMap)1
Map (java.util.Map)1
Entry (java.util.Map.Entry)1
MultivaluedMap (javax.ws.rs.core.MultivaluedMap)1
