Example 1 with BasicSecurityDBResourceException
use of org.apache.druid.security.basic.BasicSecurityDBResourceException in project druid by druid-io.
the class CoordinatorBasicAuthorizerMetadataStorageUpdater method assignGroupMappingRoleOnce.
private boolean assignGroupMappingRoleOnce(String prefix, String groupMappingName, String roleName) {
byte[] oldRoleMapValue = getCurrentRoleMapBytes(prefix);
Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, oldRoleMapValue);
if (roleMap.get(roleName) == null) {
throw new BasicSecurityDBResourceException("Role [%s] does not exist.", roleName);
}
byte[] oldGroupMappingMapValue = getCurrentGroupMappingMapBytes(prefix);
Map<String, BasicAuthorizerGroupMapping> groupMappingMap = BasicAuthUtils.deserializeAuthorizerGroupMappingMap(objectMapper, oldGroupMappingMapValue);
BasicAuthorizerGroupMapping groupMapping = groupMappingMap.get(groupMappingName);
if (groupMappingMap.get(groupMappingName) == null) {
throw new BasicSecurityDBResourceException("Group mapping [%s] does not exist.", groupMappingName);
}
if (groupMapping.getRoles().contains(roleName)) {
throw new BasicSecurityDBResourceException("Group mapping [%s] already has role [%s].", groupMappingName, roleName);
}
groupMapping.getRoles().add(roleName);
byte[] newGroupMapValue = BasicAuthUtils.serializeAuthorizerGroupMappingMap(objectMapper, groupMappingMap);
// Role map is unchanged, but submit as an update to ensure that the table didn't change (e.g., role deleted)
return tryUpdateGroupMappingAndRoleMap(prefix, groupMappingMap, oldGroupMappingMapValue, newGroupMapValue, roleMap, oldRoleMapValue, oldRoleMapValue);
}
Also used :
BasicAuthorizerGroupMapping(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMapping)
BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException)
BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)
Example 2 with BasicSecurityDBResourceException
use of org.apache.druid.security.basic.BasicSecurityDBResourceException in project druid by druid-io.
the class CoordinatorBasicAuthorizerMetadataStorageUpdater method setPermissionsOnce.
private boolean setPermissionsOnce(String prefix, String roleName, List<ResourceAction> permissions) {
byte[] oldRoleMapValue = getCurrentRoleMapBytes(prefix);
Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, oldRoleMapValue);
if (roleMap.get(roleName) == null) {
throw new BasicSecurityDBResourceException("Role [%s] does not exist.", roleName);
}
roleMap.put(roleName, new BasicAuthorizerRole(roleName, BasicAuthorizerPermission.makePermissionList(permissions)));
byte[] newRoleMapValue = BasicAuthUtils.serializeAuthorizerRoleMap(objectMapper, roleMap);
return tryUpdateRoleMap(prefix, roleMap, oldRoleMapValue, newRoleMapValue);
}
Also used :
BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException)
BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)
Example 3 with BasicSecurityDBResourceException
use of org.apache.druid.security.basic.BasicSecurityDBResourceException in project druid by druid-io.
the class CoordinatorBasicAuthenticatorMetadataStorageUpdater method setUserCredentialOnce.
private boolean setUserCredentialOnce(String prefix, String userName, BasicAuthenticatorCredentials credentials) {
byte[] oldValue = getCurrentUserMapBytes(prefix);
Map<String, BasicAuthenticatorUser> userMap = BasicAuthUtils.deserializeAuthenticatorUserMap(objectMapper, oldValue);
if (userMap.get(userName) == null) {
throw new BasicSecurityDBResourceException("User [%s] does not exist.", userName);
} else {
userMap.put(userName, new BasicAuthenticatorUser(userName, credentials));
}
byte[] newValue = BasicAuthUtils.serializeAuthenticatorUserMap(objectMapper, userMap);
return tryUpdateUserMap(prefix, userMap, oldValue, newValue);
}
Also used :
BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException)
BasicAuthenticatorUser(org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorUser)
Example 4 with BasicSecurityDBResourceException
use of org.apache.druid.security.basic.BasicSecurityDBResourceException in project druid by druid-io.
the class CoordinatorBasicAuthenticatorMetadataStorageUpdater method createUserOnce.
private boolean createUserOnce(String prefix, String userName) {
byte[] oldValue = getCurrentUserMapBytes(prefix);
Map<String, BasicAuthenticatorUser> userMap = BasicAuthUtils.deserializeAuthenticatorUserMap(objectMapper, oldValue);
if (userMap.get(userName) != null) {
throw new BasicSecurityDBResourceException("User [%s] already exists.", userName);
} else {
userMap.put(userName, new BasicAuthenticatorUser(userName, null));
}
byte[] newValue = BasicAuthUtils.serializeAuthenticatorUserMap(objectMapper, userMap);
return tryUpdateUserMap(prefix, userMap, oldValue, newValue);
}
Also used :
BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException)
BasicAuthenticatorUser(org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorUser)
Example 5 with BasicSecurityDBResourceException
use of org.apache.druid.security.basic.BasicSecurityDBResourceException in project druid by druid-io.
the class CoordinatorBasicAuthenticatorResourceHandler method getUser.
@Override
public Response getUser(String authenticatorName, String userName) {
final BasicHTTPAuthenticator authenticator = authenticatorMap.get(authenticatorName);
if (authenticator == null) {
return makeResponseForAuthenticatorNotFound(authenticatorName);
}
Map<String, BasicAuthenticatorUser> userMap = BasicAuthUtils.deserializeAuthenticatorUserMap(objectMapper, storageUpdater.getCurrentUserMapBytes(authenticatorName));
try {
BasicAuthenticatorUser user = userMap.get(userName);
if (user == null) {
throw new BasicSecurityDBResourceException("User [%s] does not exist.", userName);
}
return Response.ok(user).build();
} catch (BasicSecurityDBResourceException cfe) {
return makeResponseForBasicSecurityDBResourceException(cfe);
}
}
Also used :
BasicHTTPAuthenticator(org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator)
BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException)
BasicAuthenticatorUser(org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorUser)
Aggregations
BasicSecurityDBResourceException (org.apache.druid.security.basic.BasicSecurityDBResourceException)14
BasicAuthorizerRole (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)10
BasicAuthorizerUser (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser)6
BasicAuthorizerGroupMapping (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMapping)5
BasicAuthenticatorUser (org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorUser)3
HashSet (java.util.HashSet)2
BasicAuthorizerRoleSimplifiedPermissions (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleSimplifiedPermissions)2
BasicHTTPAuthenticator (org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator)1
BasicAuthorizerGroupMappingFull (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMappingFull)1
BasicAuthorizerRoleFull (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleFull)1
BasicAuthorizerUserFull (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserFull)1
BasicAuthorizerUserFullSimplifiedPermissions (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserFullSimplifiedPermissions)1
