Example 1 with DISABLED_LOCATION
use of io.trino.server.ui.FormWebUiAuthenticationFilter.DISABLED_LOCATION in project trino by trinodb.
the class OAuth2WebUiAuthenticationFilter method filter.
@Override
public void filter(ContainerRequestContext request) {
String path = request.getUriInfo().getRequestUri().getPath();
if (path.equals(DISABLED_LOCATION)) {
return;
}
// doesn't seem very useful if you have OAuth, and would be very complex.
if (!request.getSecurityContext().isSecure()) {
// send 401 to REST api calls and redirect to others
if (path.startsWith("/ui/api/")) {
sendWwwAuthenticate(request, "Unauthorized", ImmutableSet.of(TRINO_FORM_LOGIN));
return;
}
request.abortWith(Response.seeOther(DISABLED_LOCATION_URI).build());
return;
}
Optional<Map<String, Object>> claims;
try {
claims = getAccessToken(request);
if (claims.isEmpty()) {
needAuthentication(request);
return;
}
} catch (ChallengeFailedException e) {
LOG.debug(e, "Invalid token: %s", e.getMessage());
sendErrorMessage(request, UNAUTHORIZED, "Unauthorized");
return;
}
try {
Object principal = claims.get().get(principalField);
if (!isValidPrincipal(principal)) {
LOG.debug("Invalid principal field: %s. Expected principal to be non-empty", principalField);
sendErrorMessage(request, UNAUTHORIZED, "Unauthorized");
return;
}
String principalName = (String) principal;
Identity.Builder builder = Identity.forUser(userMapping.mapUser(principalName));
builder.withPrincipal(new BasicPrincipal(principalName));
groupsField.flatMap(field -> Optional.ofNullable((List<String>) claims.get().get(field))).ifPresent(groups -> builder.withGroups(ImmutableSet.copyOf(groups)));
setAuthenticatedIdentity(request, builder.build());
} catch (UserMappingException e) {
sendErrorMessage(request, UNAUTHORIZED, firstNonNull(e.getMessage(), "Unauthorized"));
}
}
Also used :
Logger(io.airlift.log.Logger)
OAuth2Service(io.trino.server.security.oauth2.OAuth2Service)
TRINO_FORM_LOGIN(io.trino.server.ui.FormWebUiAuthenticationFilter.TRINO_FORM_LOGIN)
CALLBACK_ENDPOINT(io.trino.server.security.oauth2.OAuth2CallbackResource.CALLBACK_ENDPOINT)
ServletSecurityUtils.sendWwwAuthenticate(io.trino.server.ServletSecurityUtils.sendWwwAuthenticate)
ContainerRequestContext(javax.ws.rs.container.ContainerRequestContext)
Inject(javax.inject.Inject)
ServletSecurityUtils.sendErrorMessage(io.trino.server.ServletSecurityUtils.sendErrorMessage)
ServletSecurityUtils.setAuthenticatedIdentity(io.trino.server.ServletSecurityUtils.setAuthenticatedIdentity)
Identity(io.trino.spi.security.Identity)
Map(java.util.Map)
Objects.requireNonNull(java.util.Objects.requireNonNull)
DISABLED_LOCATION(io.trino.server.ui.FormWebUiAuthenticationFilter.DISABLED_LOCATION)
UserMappingException(io.trino.server.security.UserMappingException)
UNAUTHORIZED(javax.ws.rs.core.Response.Status.UNAUTHORIZED)
ImmutableSet(com.google.common.collect.ImmutableSet)
UserMapping(io.trino.server.security.UserMapping)
DISABLED_LOCATION_URI(io.trino.server.ui.FormWebUiAuthenticationFilter.DISABLED_LOCATION_URI)
ChallengeFailedException(io.trino.server.security.oauth2.ChallengeFailedException)
BasicPrincipal(io.trino.spi.security.BasicPrincipal)
OAuth2Config(io.trino.server.security.oauth2.OAuth2Config)
List(java.util.List)
Response(javax.ws.rs.core.Response)
OAUTH2_COOKIE(io.trino.server.ui.OAuthWebUiCookie.OAUTH2_COOKIE)
Optional(java.util.Optional)
JwtException(io.jsonwebtoken.JwtException)
MoreObjects.firstNonNull(com.google.common.base.MoreObjects.firstNonNull)
BasicPrincipal(io.trino.spi.security.BasicPrincipal)
ChallengeFailedException(io.trino.server.security.oauth2.ChallengeFailedException)
UserMappingException(io.trino.server.security.UserMappingException)
ServletSecurityUtils.setAuthenticatedIdentity(io.trino.server.ServletSecurityUtils.setAuthenticatedIdentity)
Identity(io.trino.spi.security.Identity)
Map(java.util.Map)
Aggregations
MoreObjects.firstNonNull (com.google.common.base.MoreObjects.firstNonNull)1
ImmutableSet (com.google.common.collect.ImmutableSet)1
Logger (io.airlift.log.Logger)1
JwtException (io.jsonwebtoken.JwtException)1
ServletSecurityUtils.sendErrorMessage (io.trino.server.ServletSecurityUtils.sendErrorMessage)1
ServletSecurityUtils.sendWwwAuthenticate (io.trino.server.ServletSecurityUtils.sendWwwAuthenticate)1
ServletSecurityUtils.setAuthenticatedIdentity (io.trino.server.ServletSecurityUtils.setAuthenticatedIdentity)1
UserMapping (io.trino.server.security.UserMapping)1
UserMappingException (io.trino.server.security.UserMappingException)1
ChallengeFailedException (io.trino.server.security.oauth2.ChallengeFailedException)1
CALLBACK_ENDPOINT (io.trino.server.security.oauth2.OAuth2CallbackResource.CALLBACK_ENDPOINT)1
OAuth2Config (io.trino.server.security.oauth2.OAuth2Config)1
OAuth2Service (io.trino.server.security.oauth2.OAuth2Service)1
DISABLED_LOCATION (io.trino.server.ui.FormWebUiAuthenticationFilter.DISABLED_LOCATION)1
DISABLED_LOCATION_URI (io.trino.server.ui.FormWebUiAuthenticationFilter.DISABLED_LOCATION_URI)1
TRINO_FORM_LOGIN (io.trino.server.ui.FormWebUiAuthenticationFilter.TRINO_FORM_LOGIN)1
OAUTH2_COOKIE (io.trino.server.ui.OAuthWebUiCookie.OAUTH2_COOKIE)1
BasicPrincipal (io.trino.spi.security.BasicPrincipal)1
Identity (io.trino.spi.security.Identity)1
List (java.util.List)1
