Examples with AccessDeniedException io.trino.spi.security.AccessDeniedException used on opensource projects

Search in sources :

Example 11 with AccessDeniedException

use of io.trino.spi.security.AccessDeniedException in project trino by trinodb.

the class QueryResource method cancelQuery.

@ResourceSecurity(AUTHENTICATED_USER)
@DELETE
@Path("{queryId}")
public void cancelQuery(@PathParam("queryId") QueryId queryId, @Context HttpServletRequest servletRequest, @Context HttpHeaders httpHeaders) {
    requireNonNull(queryId, "queryId is null");
    try {
        BasicQueryInfo queryInfo = dispatchManager.getQueryInfo(queryId);
        checkCanKillQueryOwnedBy(sessionContextFactory.extractAuthorizedIdentity(servletRequest, httpHeaders, alternateHeaderName), queryInfo.getSession().toIdentity(), accessControl);
        dispatchManager.cancelQuery(queryId);
    } catch (AccessDeniedException e) {
        throw new ForbiddenException();
    } catch (NoSuchElementException ignored) {
    }
}
Also used : AccessDeniedException(io.trino.spi.security.AccessDeniedException) ForbiddenException(javax.ws.rs.ForbiddenException) NoSuchElementException(java.util.NoSuchElementException) Path(javax.ws.rs.Path) DELETE(javax.ws.rs.DELETE) ResourceSecurity(io.trino.server.security.ResourceSecurity)

Example 12 with AccessDeniedException

use of io.trino.spi.security.AccessDeniedException in project trino by trinodb.

the class TestFileBasedSystemAccessControl method testCanSetUserOperations.

@Test
public void testCanSetUserOperations() {
    SystemAccessControl accessControl = newFileBasedSystemAccessControl("file-based-system-catalog_principal.json");
    try {
        accessControl.checkCanSetUser(Optional.empty(), alice.getUser());
        throw new AssertionError("expected AccessDeniedException");
    } catch (AccessDeniedException expected) {
    }
    accessControl.checkCanSetUser(kerberosValidAlice.getPrincipal(), kerberosValidAlice.getUser());
    accessControl.checkCanSetUser(kerberosValidNonAsciiUser.getPrincipal(), kerberosValidNonAsciiUser.getUser());
    try {
        accessControl.checkCanSetUser(kerberosInvalidAlice.getPrincipal(), kerberosInvalidAlice.getUser());
        throw new AssertionError("expected AccessDeniedException");
    } catch (AccessDeniedException expected) {
    }
    accessControl.checkCanSetUser(kerberosValidShare.getPrincipal(), kerberosValidShare.getUser());
    try {
        accessControl.checkCanSetUser(kerberosInValidShare.getPrincipal(), kerberosInValidShare.getUser());
        throw new AssertionError("expected AccessDeniedException");
    } catch (AccessDeniedException expected) {
    }
    accessControl.checkCanSetUser(validSpecialRegexWildDot.getPrincipal(), validSpecialRegexWildDot.getUser());
    accessControl.checkCanSetUser(validSpecialRegexEndQuote.getPrincipal(), validSpecialRegexEndQuote.getUser());
    try {
        accessControl.checkCanSetUser(invalidSpecialRegex.getPrincipal(), invalidSpecialRegex.getUser());
        throw new AssertionError("expected AccessDeniedException");
    } catch (AccessDeniedException expected) {
    }
    SystemAccessControl accessControlNoPatterns = newFileBasedSystemAccessControl("file-based-system-catalog.json");
    accessControlNoPatterns.checkCanSetUser(kerberosValidAlice.getPrincipal(), kerberosValidAlice.getUser());
}
Also used : AccessDeniedException(io.trino.spi.security.AccessDeniedException) SystemAccessControl(io.trino.spi.security.SystemAccessControl) Test(org.testng.annotations.Test)

Example 13 with AccessDeniedException

use of io.trino.spi.security.AccessDeniedException in project trino by trinodb.

the class S3SecurityMappingConfigurationProvider method updateConfiguration.

@Override
public void updateConfiguration(Configuration configuration, HdfsContext context, URI uri) {
    if (!SCHEMES.contains(uri.getScheme())) {
        return;
    }
    S3SecurityMapping mapping = mappings.get().getMapping(context.getIdentity(), uri).orElseThrow(() -> new AccessDeniedException("No matching S3 security mapping"));
    if (mapping.isUseClusterDefault()) {
        return;
    }
    Hasher hasher = Hashing.sha256().newHasher();
    mapping.getCredentials().ifPresent(credentials -> {
        configuration.set(S3_ACCESS_KEY, credentials.getAWSAccessKeyId());
        configuration.set(S3_SECRET_KEY, credentials.getAWSSecretKey());
        hasher.putString(credentials.getAWSAccessKeyId(), UTF_8);
        hasher.putString(credentials.getAWSSecretKey(), UTF_8);
    });
    selectRole(mapping, context).ifPresent(role -> {
        configuration.set(S3_IAM_ROLE, role);
        hasher.putString(role, UTF_8);
    });
    selectKmsKeyId(mapping, context).ifPresent(key -> {
        configuration.set(S3_KMS_KEY_ID, key);
        hasher.putString(S3_KMS_KEY_ID + ":" + key, UTF_8);
    });
    mapping.getEndpoint().ifPresent(endpoint -> {
        configuration.set(S3_ENDPOINT, endpoint);
        hasher.putString(endpoint, UTF_8);
    });
    mapping.getRoleSessionName().ifPresent(roleSessionName -> {
        configuration.set(S3_ROLE_SESSION_NAME, roleSessionName.replace("${USER}", context.getIdentity().getUser()));
        hasher.putString(roleSessionName, UTF_8);
    });
    setCacheKey(configuration, hasher.hash().toString());
}
Also used : AccessDeniedException(io.trino.spi.security.AccessDeniedException) Hasher(com.google.common.hash.Hasher)

Example 14 with AccessDeniedException

use of io.trino.spi.security.AccessDeniedException in project trino by trinodb.

the class PasswordManagerFormAuthenticator method isValidCredential.

@Override
public Optional<String> isValidCredential(String username, String password, boolean secure) {
    if (username == null) {
        return Optional.empty();
    }
    if (!secure) {
        return Optional.of(username).filter(user -> insecureAuthenticationOverHttpAllowed && password == null);
    }
    List<PasswordAuthenticator> authenticators = passwordAuthenticatorManager.getAuthenticators();
    for (PasswordAuthenticator authenticator : authenticators) {
        try {
            Principal principal = authenticator.createAuthenticatedPrincipal(username, password);
            String authenticatedUser = userMapping.mapUser(principal.toString());
            return Optional.of(authenticatedUser);
        } catch (AccessDeniedException | UserMappingException e) {
        // Try another one
        } catch (RuntimeException e) {
            log.debug(e, "Error authenticating user for Web UI");
        }
    }
    return Optional.empty();
}
Also used : AccessDeniedException(io.trino.spi.security.AccessDeniedException) PasswordAuthenticator(io.trino.spi.security.PasswordAuthenticator) UserMappingException(io.trino.server.security.UserMappingException) Principal(java.security.Principal)

Example 15 with AccessDeniedException

use of io.trino.spi.security.AccessDeniedException in project trino by trinodb.

the class UiQueryResource method getQueryInfo.

@ResourceSecurity(WEB_UI)
@GET
@Path("{queryId}")
public Response getQueryInfo(@PathParam("queryId") QueryId queryId, @Context HttpServletRequest servletRequest, @Context HttpHeaders httpHeaders) {
    requireNonNull(queryId, "queryId is null");
    Optional<QueryInfo> queryInfo = dispatchManager.getFullQueryInfo(queryId);
    if (queryInfo.isPresent()) {
        try {
            checkCanViewQueryOwnedBy(sessionContextFactory.extractAuthorizedIdentity(servletRequest, httpHeaders, alternateHeaderName), queryInfo.get().getSession().toIdentity(), accessControl);
            return Response.ok(queryInfo.get()).build();
        } catch (AccessDeniedException e) {
            throw new ForbiddenException();
        }
    }
    return Response.status(Status.GONE).build();
}
Also used : AccessDeniedException(io.trino.spi.security.AccessDeniedException) ForbiddenException(javax.ws.rs.ForbiddenException) BasicQueryInfo(io.trino.server.BasicQueryInfo) QueryInfo(io.trino.execution.QueryInfo) Path(javax.ws.rs.Path) GET(javax.ws.rs.GET) ResourceSecurity(io.trino.server.security.ResourceSecurity)

Aggregations

AccessDeniedException (io.trino.spi.security.AccessDeniedException)19 ForbiddenException (javax.ws.rs.ForbiddenException)7 ResourceSecurity (io.trino.server.security.ResourceSecurity)5 Path (javax.ws.rs.Path)5 QueryInfo (io.trino.execution.QueryInfo)3 NoSuchElementException (java.util.NoSuchElementException)3 GET (javax.ws.rs.GET)3 Test (org.testng.annotations.Test)3 ImmutableList (com.google.common.collect.ImmutableList)2 ImmutableList.toImmutableList (com.google.common.collect.ImmutableList.toImmutableList)2 ImmutableMap (com.google.common.collect.ImmutableMap)2 BasicQueryInfo (io.trino.server.BasicQueryInfo)2 QueryId (io.trino.spi.QueryId)2 InMemoryTransactionManager.createTestTransactionManager (io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager)2 TransactionManager (io.trino.transaction.TransactionManager)2 Principal (java.security.Principal)2 List (java.util.List)2 VisibleForTesting (com.google.common.annotations.VisibleForTesting)1 Preconditions.checkArgument (com.google.common.base.Preconditions.checkArgument)1 Verify.verify (com.google.common.base.Verify.verify)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial