Examples with UserMappingException io.trino.server.security.UserMappingException used on opensource projects

Search in sources :

Example 1 with UserMappingException

use of io.trino.server.security.UserMappingException in project trino by trinodb.

the class OAuth2Authenticator method createIdentity.

@Override
protected Optional<Identity> createIdentity(String token) throws UserMappingException {
    try {
        Optional<Map<String, Object>> claims = service.convertTokenToClaims(token);
        if (claims.isEmpty()) {
            return Optional.empty();
        }
        String principal = (String) claims.get().get(principalField);
        Identity.Builder builder = Identity.forUser(userMapping.mapUser(principal));
        builder.withPrincipal(new BasicPrincipal(principal));
        groupsField.flatMap(field -> Optional.ofNullable((List<String>) claims.get().get(field))).ifPresent(groups -> builder.withGroups(ImmutableSet.copyOf(groups)));
        return Optional.of(builder.build());
    } catch (ChallengeFailedException e) {
        return Optional.empty();
    }
}
Also used : ImmutableSet(com.google.common.collect.ImmutableSet) UserMapping(io.trino.server.security.UserMapping) UUID(java.util.UUID) UserMapping.createUserMapping(io.trino.server.security.UserMapping.createUserMapping) BasicPrincipal(io.trino.spi.security.BasicPrincipal) String.format(java.lang.String.format) ContainerRequestContext(javax.ws.rs.container.ContainerRequestContext) Inject(javax.inject.Inject) OAuth2TokenExchangeResource.getInitiateUri(io.trino.server.security.oauth2.OAuth2TokenExchangeResource.getInitiateUri) List(java.util.List) AbstractBearerAuthenticator(io.trino.server.security.AbstractBearerAuthenticator) Identity(io.trino.spi.security.Identity) Map(java.util.Map) Objects.requireNonNull(java.util.Objects.requireNonNull) AuthenticationException(io.trino.server.security.AuthenticationException) Optional(java.util.Optional) OAuth2TokenExchangeResource.getTokenUri(io.trino.server.security.oauth2.OAuth2TokenExchangeResource.getTokenUri) URI(java.net.URI) UserMappingException(io.trino.server.security.UserMappingException) BasicPrincipal(io.trino.spi.security.BasicPrincipal) Identity(io.trino.spi.security.Identity) Map(java.util.Map)

Example 2 with UserMappingException

use of io.trino.server.security.UserMappingException in project trino by trinodb.

the class OAuth2WebUiAuthenticationFilter method filter.

@Override
public void filter(ContainerRequestContext request) {
    String path = request.getUriInfo().getRequestUri().getPath();
    if (path.equals(DISABLED_LOCATION)) {
        return;
    }
    // doesn't seem very useful if you have OAuth, and would be very complex.
    if (!request.getSecurityContext().isSecure()) {
        // send 401 to REST api calls and redirect to others
        if (path.startsWith("/ui/api/")) {
            sendWwwAuthenticate(request, "Unauthorized", ImmutableSet.of(TRINO_FORM_LOGIN));
            return;
        }
        request.abortWith(Response.seeOther(DISABLED_LOCATION_URI).build());
        return;
    }
    Optional<Map<String, Object>> claims;
    try {
        claims = getAccessToken(request);
        if (claims.isEmpty()) {
            needAuthentication(request);
            return;
        }
    } catch (ChallengeFailedException e) {
        LOG.debug(e, "Invalid token: %s", e.getMessage());
        sendErrorMessage(request, UNAUTHORIZED, "Unauthorized");
        return;
    }
    try {
        Object principal = claims.get().get(principalField);
        if (!isValidPrincipal(principal)) {
            LOG.debug("Invalid principal field: %s. Expected principal to be non-empty", principalField);
            sendErrorMessage(request, UNAUTHORIZED, "Unauthorized");
            return;
        }
        String principalName = (String) principal;
        Identity.Builder builder = Identity.forUser(userMapping.mapUser(principalName));
        builder.withPrincipal(new BasicPrincipal(principalName));
        groupsField.flatMap(field -> Optional.ofNullable((List<String>) claims.get().get(field))).ifPresent(groups -> builder.withGroups(ImmutableSet.copyOf(groups)));
        setAuthenticatedIdentity(request, builder.build());
    } catch (UserMappingException e) {
        sendErrorMessage(request, UNAUTHORIZED, firstNonNull(e.getMessage(), "Unauthorized"));
    }
}
Also used : Logger(io.airlift.log.Logger) OAuth2Service(io.trino.server.security.oauth2.OAuth2Service) TRINO_FORM_LOGIN(io.trino.server.ui.FormWebUiAuthenticationFilter.TRINO_FORM_LOGIN) CALLBACK_ENDPOINT(io.trino.server.security.oauth2.OAuth2CallbackResource.CALLBACK_ENDPOINT) ServletSecurityUtils.sendWwwAuthenticate(io.trino.server.ServletSecurityUtils.sendWwwAuthenticate) ContainerRequestContext(javax.ws.rs.container.ContainerRequestContext) Inject(javax.inject.Inject) ServletSecurityUtils.sendErrorMessage(io.trino.server.ServletSecurityUtils.sendErrorMessage) ServletSecurityUtils.setAuthenticatedIdentity(io.trino.server.ServletSecurityUtils.setAuthenticatedIdentity) Identity(io.trino.spi.security.Identity) Map(java.util.Map) Objects.requireNonNull(java.util.Objects.requireNonNull) DISABLED_LOCATION(io.trino.server.ui.FormWebUiAuthenticationFilter.DISABLED_LOCATION) UserMappingException(io.trino.server.security.UserMappingException) UNAUTHORIZED(javax.ws.rs.core.Response.Status.UNAUTHORIZED) ImmutableSet(com.google.common.collect.ImmutableSet) UserMapping(io.trino.server.security.UserMapping) DISABLED_LOCATION_URI(io.trino.server.ui.FormWebUiAuthenticationFilter.DISABLED_LOCATION_URI) ChallengeFailedException(io.trino.server.security.oauth2.ChallengeFailedException) BasicPrincipal(io.trino.spi.security.BasicPrincipal) OAuth2Config(io.trino.server.security.oauth2.OAuth2Config) List(java.util.List) Response(javax.ws.rs.core.Response) OAUTH2_COOKIE(io.trino.server.ui.OAuthWebUiCookie.OAUTH2_COOKIE) Optional(java.util.Optional) JwtException(io.jsonwebtoken.JwtException) MoreObjects.firstNonNull(com.google.common.base.MoreObjects.firstNonNull) BasicPrincipal(io.trino.spi.security.BasicPrincipal) ChallengeFailedException(io.trino.server.security.oauth2.ChallengeFailedException) UserMappingException(io.trino.server.security.UserMappingException) ServletSecurityUtils.setAuthenticatedIdentity(io.trino.server.ServletSecurityUtils.setAuthenticatedIdentity) Identity(io.trino.spi.security.Identity) Map(java.util.Map)

Example 3 with UserMappingException

use of io.trino.server.security.UserMappingException in project trino by trinodb.

the class PasswordManagerFormAuthenticator method isValidCredential.

@Override
public Optional<String> isValidCredential(String username, String password, boolean secure) {
    if (username == null) {
        return Optional.empty();
    }
    if (!secure) {
        return Optional.of(username).filter(user -> insecureAuthenticationOverHttpAllowed && password == null);
    }
    List<PasswordAuthenticator> authenticators = passwordAuthenticatorManager.getAuthenticators();
    for (PasswordAuthenticator authenticator : authenticators) {
        try {
            Principal principal = authenticator.createAuthenticatedPrincipal(username, password);
            String authenticatedUser = userMapping.mapUser(principal.toString());
            return Optional.of(authenticatedUser);
        } catch (AccessDeniedException | UserMappingException e) {
        // Try another one
        } catch (RuntimeException e) {
            log.debug(e, "Error authenticating user for Web UI");
        }
    }
    return Optional.empty();
}
Also used : AccessDeniedException(io.trino.spi.security.AccessDeniedException) PasswordAuthenticator(io.trino.spi.security.PasswordAuthenticator) UserMappingException(io.trino.server.security.UserMappingException) Principal(java.security.Principal)

Aggregations

UserMappingException (io.trino.server.security.UserMappingException)3 ImmutableSet (com.google.common.collect.ImmutableSet)2 UserMapping (io.trino.server.security.UserMapping)2 BasicPrincipal (io.trino.spi.security.BasicPrincipal)2 Identity (io.trino.spi.security.Identity)2 List (java.util.List)2 Map (java.util.Map)2 Objects.requireNonNull (java.util.Objects.requireNonNull)2 Optional (java.util.Optional)2 Inject (javax.inject.Inject)2 ContainerRequestContext (javax.ws.rs.container.ContainerRequestContext)2 MoreObjects.firstNonNull (com.google.common.base.MoreObjects.firstNonNull)1 Logger (io.airlift.log.Logger)1 JwtException (io.jsonwebtoken.JwtException)1 ServletSecurityUtils.sendErrorMessage (io.trino.server.ServletSecurityUtils.sendErrorMessage)1 ServletSecurityUtils.sendWwwAuthenticate (io.trino.server.ServletSecurityUtils.sendWwwAuthenticate)1 ServletSecurityUtils.setAuthenticatedIdentity (io.trino.server.ServletSecurityUtils.setAuthenticatedIdentity)1 AbstractBearerAuthenticator (io.trino.server.security.AbstractBearerAuthenticator)1 AuthenticationException (io.trino.server.security.AuthenticationException)1 UserMapping.createUserMapping (io.trino.server.security.UserMapping.createUserMapping)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial