Examples with HeaderAuthenticator io.trino.spi.security.HeaderAuthenticator used on opensource projects

Example 1 with HeaderAuthenticator

use of io.trino.spi.security.HeaderAuthenticator in project trino by trinodb.

the class HeaderAuthenticatorManager method loadHeaderAuthenticator.

public void loadHeaderAuthenticator() {
    if (!required.get()) {
        return;
    }
    ImmutableList.Builder<HeaderAuthenticator> authenticators = ImmutableList.builder();
    for (File configFile : configFiles) {
        authenticators.add(loadAuthenticator(configFile.getAbsoluteFile()));
    }
    this.authenticators.set(authenticators.build());
}

Example 2 with HeaderAuthenticator

use of io.trino.spi.security.HeaderAuthenticator in project trino by trinodb.

the class TestHeaderAuthenticatorManager method testMultipleConfigFiles.

@Test
public void testMultipleConfigFiles() throws Exception {
    Path config1 = createTempFile("headerConfig", "1");
    Path config2 = createTempFile("headerConfig", "2");
    Files.write(config1, ImmutableList.of("header-authenticator.name=type1"));
    Files.write(config2, ImmutableList.of("header-authenticator.name=type2"));
    String trustedHeaderOne = "x-forwarded-client-cert";
    String trustedHeaderTwo = "forwarded-client-cert";
    ImmutableMap<String, List<String>> validRequestOne = ImmutableMap.of(trustedHeaderOne, ImmutableList.of("foo", "bar"));
    ImmutableMap<String, List<String>> validRequestTwo = ImmutableMap.of(trustedHeaderTwo, ImmutableList.of("cat", "dog"));
    ImmutableMap<String, List<String>> invalidRequestOne = ImmutableMap.of("try-hard-authn", ImmutableList.of("foo", "bar"));
    HeaderAuthenticatorManager manager = new HeaderAuthenticatorManager(new HeaderAuthenticatorConfig().setHeaderAuthenticatorFiles(ImmutableList.of(config1.toAbsolutePath().toString(), config2.toAbsolutePath().toString())));
    manager.setRequired();
    manager.addHeaderAuthenticatorFactory(new TestingHeaderAuthenticatorFactory("type1", trustedHeaderOne));
    manager.addHeaderAuthenticatorFactory(new TestingHeaderAuthenticatorFactory("type2", trustedHeaderTwo));
    manager.loadHeaderAuthenticator();
    List<HeaderAuthenticator> authenticators = manager.getAuthenticators();
    assertThat(login(authenticators, validRequestOne::get)).isTrue();
    assertThat(login(authenticators, validRequestTwo::get)).isTrue();
    assertThat(login(authenticators, invalidRequestOne::get)).isFalse();
}

Example 3 with HeaderAuthenticator

use of io.trino.spi.security.HeaderAuthenticator in project trino by trinodb.

the class HeaderAuthenticatorManager method loadAuthenticator.

private HeaderAuthenticator loadAuthenticator(File configFile) {
    Map<String, String> properties;
    try {
        properties = new HashMap<>(loadPropertiesFrom(configFile.getPath()));
    } catch (IOException e) {
        throw new UncheckedIOException(e);
    }
    String name = properties.remove(NAME_PROPERTY);
    checkState(!isNullOrEmpty(name), "Header authenticator configuration %s does not contain '%s'", configFile, NAME_PROPERTY);
    log.info("-- Loading header authenticator --");
    HeaderAuthenticatorFactory factory = factories.get(name);
    checkState(factory != null, "Header authenticator '%s' is not registered", name);
    HeaderAuthenticator authenticator;
    try (ThreadContextClassLoader ignored = new ThreadContextClassLoader(factory.getClass().getClassLoader())) {
        authenticator = factory.create(ImmutableMap.copyOf(properties));
    }
    log.info("-- Loaded header authenticator %s --", name);
    return authenticator;
}