Example 11 with BasicSecurityDBResourceException
use of org.apache.druid.security.basic.BasicSecurityDBResourceException in project druid by druid-io.
the class CoordinatorBasicAuthorizerResourceHandler method getGroupMappingFull.
private Response getGroupMappingFull(String authorizerName, String groupMappingName) {
Map<String, BasicAuthorizerGroupMapping> groupMappings = BasicAuthUtils.deserializeAuthorizerGroupMappingMap(objectMapper, storageUpdater.getCurrentGroupMappingMapBytes(authorizerName));
try {
BasicAuthorizerGroupMapping groupMapping = groupMappings.get(groupMappingName);
if (groupMapping == null) {
throw new BasicSecurityDBResourceException("Group mapping [%s] does not exist.", groupMappingName);
}
Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, storageUpdater.getCurrentRoleMapBytes(authorizerName));
Set<BasicAuthorizerRole> roles = new HashSet<>();
for (String roleName : groupMapping.getRoles()) {
BasicAuthorizerRole role = roleMap.get(roleName);
if (role == null) {
log.error("Group mapping [%s] had role [%s], but role was not found.", groupMappingName, roleName);
} else {
roles.add(role);
}
}
BasicAuthorizerGroupMappingFull fullGroup = new BasicAuthorizerGroupMappingFull(groupMapping.getName(), groupMapping.getGroupPattern(), roles);
return Response.ok(fullGroup).build();
} catch (BasicSecurityDBResourceException e) {
return makeResponseForBasicSecurityDBResourceException(e);
}
}
Also used :
BasicAuthorizerGroupMapping(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMapping)
BasicAuthorizerGroupMappingFull(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMappingFull)
BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException)
BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)
HashSet(java.util.HashSet)
Example 12 with BasicSecurityDBResourceException
use of org.apache.druid.security.basic.BasicSecurityDBResourceException in project druid by druid-io.
the class CoordinatorBasicAuthorizerResourceHandler method getUserFull.
private Response getUserFull(String authorizerName, String userName, boolean simplifyPermissions) {
Map<String, BasicAuthorizerUser> userMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, storageUpdater.getCurrentUserMapBytes(authorizerName));
try {
BasicAuthorizerUser user = userMap.get(userName);
if (user == null) {
throw new BasicSecurityDBResourceException("User [%s] does not exist.", userName);
}
Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, storageUpdater.getCurrentRoleMapBytes(authorizerName));
if (simplifyPermissions) {
Set<BasicAuthorizerRoleSimplifiedPermissions> roles = getRolesForUserWithSimplifiedPermissions(user, roleMap);
BasicAuthorizerUserFullSimplifiedPermissions fullUser = new BasicAuthorizerUserFullSimplifiedPermissions(userName, roles);
return Response.ok(fullUser).build();
} else {
Set<BasicAuthorizerRole> roles = getRolesForUser(user, roleMap);
BasicAuthorizerUserFull fullUser = new BasicAuthorizerUserFull(userName, roles);
return Response.ok(fullUser).build();
}
} catch (BasicSecurityDBResourceException e) {
return makeResponseForBasicSecurityDBResourceException(e);
}
}
Also used :
BasicAuthorizerUserFullSimplifiedPermissions(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserFullSimplifiedPermissions)
BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException)
BasicAuthorizerRoleSimplifiedPermissions(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleSimplifiedPermissions)
BasicAuthorizerUser(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser)
BasicAuthorizerUserFull(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserFull)
BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)
Example 13 with BasicSecurityDBResourceException
use of org.apache.druid.security.basic.BasicSecurityDBResourceException in project druid by druid-io.
the class CoordinatorBasicAuthorizerMetadataStorageUpdater method deleteRoleOnce.
private boolean deleteRoleOnce(String prefix, String roleName) {
byte[] oldRoleMapValue = getCurrentRoleMapBytes(prefix);
Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, oldRoleMapValue);
if (roleMap.get(roleName) == null) {
throw new BasicSecurityDBResourceException("Role [%s] does not exist.", roleName);
} else {
roleMap.remove(roleName);
}
byte[] oldUserMapValue = getCurrentUserMapBytes(prefix);
Map<String, BasicAuthorizerUser> userMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, oldUserMapValue);
for (BasicAuthorizerUser user : userMap.values()) {
user.getRoles().remove(roleName);
}
byte[] newUserMapValue = BasicAuthUtils.serializeAuthorizerUserMap(objectMapper, userMap);
byte[] oldGroupMapValue = getCurrentGroupMappingMapBytes(prefix);
Map<String, BasicAuthorizerGroupMapping> groupMap = BasicAuthUtils.deserializeAuthorizerGroupMappingMap(objectMapper, oldGroupMapValue);
for (BasicAuthorizerGroupMapping group : groupMap.values()) {
group.getRoles().remove(roleName);
}
byte[] newGroupMapValue = BasicAuthUtils.serializeAuthorizerGroupMappingMap(objectMapper, groupMap);
byte[] newRoleMapValue = BasicAuthUtils.serializeAuthorizerRoleMap(objectMapper, roleMap);
return tryUpdateUserAndRoleMap(prefix, userMap, oldUserMapValue, newUserMapValue, roleMap, oldRoleMapValue, newRoleMapValue) && tryUpdateGroupMappingAndRoleMap(prefix, groupMap, oldGroupMapValue, newGroupMapValue, roleMap, newRoleMapValue, newRoleMapValue);
}
Also used :
BasicAuthorizerGroupMapping(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMapping)
BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException)
BasicAuthorizerUser(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser)
BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)
Example 14 with BasicSecurityDBResourceException
use of org.apache.druid.security.basic.BasicSecurityDBResourceException in project druid by druid-io.
the class CoordinatorBasicAuthorizerResourceHandler method getRoleFull.
private Response getRoleFull(String authorizerName, String roleName, boolean simplifyPermissions) {
Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, storageUpdater.getCurrentRoleMapBytes(authorizerName));
try {
BasicAuthorizerRole role = roleMap.get(roleName);
if (role == null) {
throw new BasicSecurityDBResourceException("Role [%s] does not exist.", roleName);
}
Map<String, BasicAuthorizerUser> userMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, storageUpdater.getCurrentUserMapBytes(authorizerName));
Map<String, BasicAuthorizerGroupMapping> groupMappingMap = BasicAuthUtils.deserializeAuthorizerGroupMappingMap(objectMapper, storageUpdater.getCurrentGroupMappingMapBytes(authorizerName));
Set<String> users = new HashSet<>();
for (BasicAuthorizerUser user : userMap.values()) {
if (user.getRoles().contains(roleName)) {
users.add(user.getName());
}
}
Set<String> groupMappings = new HashSet<>();
for (BasicAuthorizerGroupMapping group : groupMappingMap.values()) {
if (group.getRoles().contains(roleName)) {
groupMappings.add(group.getName());
}
}
if (simplifyPermissions) {
return Response.ok(new BasicAuthorizerRoleSimplifiedPermissions(role, users)).build();
} else {
BasicAuthorizerRoleFull roleFull = new BasicAuthorizerRoleFull(roleName, users, groupMappings, role.getPermissions());
return Response.ok(roleFull).build();
}
} catch (BasicSecurityDBResourceException e) {
return makeResponseForBasicSecurityDBResourceException(e);
}
}
Also used :
BasicAuthorizerGroupMapping(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMapping)
BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException)
BasicAuthorizerRoleSimplifiedPermissions(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleSimplifiedPermissions)
BasicAuthorizerUser(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser)
BasicAuthorizerRoleFull(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleFull)
BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)
HashSet(java.util.HashSet)
Aggregations
BasicSecurityDBResourceException (org.apache.druid.security.basic.BasicSecurityDBResourceException)14
BasicAuthorizerRole (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)10
BasicAuthorizerUser (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser)6
BasicAuthorizerGroupMapping (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMapping)5
BasicAuthenticatorUser (org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorUser)3
HashSet (java.util.HashSet)2
BasicAuthorizerRoleSimplifiedPermissions (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleSimplifiedPermissions)2
BasicHTTPAuthenticator (org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator)1
BasicAuthorizerGroupMappingFull (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMappingFull)1
BasicAuthorizerRoleFull (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleFull)1
BasicAuthorizerUserFull (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserFull)1
BasicAuthorizerUserFullSimplifiedPermissions (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserFullSimplifiedPermissions)1
