Search in sources :

Example 1 with BasicHTTPAuthenticator

use of org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator in project druid by druid-io.

the class CoordinatorBasicAuthenticatorResourceHandler method getUser.

@Override
public Response getUser(String authenticatorName, String userName) {
    final BasicHTTPAuthenticator authenticator = authenticatorMap.get(authenticatorName);
    if (authenticator == null) {
        return makeResponseForAuthenticatorNotFound(authenticatorName);
    }
    Map<String, BasicAuthenticatorUser> userMap = BasicAuthUtils.deserializeAuthenticatorUserMap(objectMapper, storageUpdater.getCurrentUserMapBytes(authenticatorName));
    try {
        BasicAuthenticatorUser user = userMap.get(userName);
        if (user == null) {
            throw new BasicSecurityDBResourceException("User [%s] does not exist.", userName);
        }
        return Response.ok(user).build();
    } catch (BasicSecurityDBResourceException cfe) {
        return makeResponseForBasicSecurityDBResourceException(cfe);
    }
}
Also used : BasicHTTPAuthenticator(org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator) BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException) BasicAuthenticatorUser(org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorUser)

Example 2 with BasicHTTPAuthenticator

use of org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator in project druid by druid-io.

the class CoordinatorBasicAuthenticatorResourceHandler method getAllUsers.

@Override
public Response getAllUsers(final String authenticatorName) {
    final BasicHTTPAuthenticator authenticator = authenticatorMap.get(authenticatorName);
    if (authenticator == null) {
        return makeResponseForAuthenticatorNotFound(authenticatorName);
    }
    Map<String, BasicAuthenticatorUser> userMap = BasicAuthUtils.deserializeAuthenticatorUserMap(objectMapper, storageUpdater.getCurrentUserMapBytes(authenticatorName));
    return Response.ok(userMap.keySet()).build();
}
Also used : BasicHTTPAuthenticator(org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator) BasicAuthenticatorUser(org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorUser)

Example 3 with BasicHTTPAuthenticator

use of org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator in project druid by druid-io.

the class BasicHTTPAuthenticatorTest method testGoodPasswordWithValidator.

@Test
public void testGoodPasswordWithValidator() throws IOException, ServletException {
    CredentialsValidator validator = EasyMock.createMock(CredentialsValidator.class);
    BasicHTTPAuthenticator authenticatorWithValidator = new BasicHTTPAuthenticator(CACHE_MANAGER_PROVIDER, "basic", "basic", null, null, false, null, null, false, validator);
    String header = StringUtils.utf8Base64("userA:helloworld");
    header = StringUtils.format("Basic %s", header);
    EasyMock.expect(validator.validateCredentials(EasyMock.eq("basic"), EasyMock.eq("basic"), EasyMock.eq("userA"), EasyMock.aryEq("helloworld".toCharArray()))).andReturn(new AuthenticationResult("userA", "basic", "basic", null)).times(1);
    EasyMock.replay(validator);
    HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
    EasyMock.expect(req.getHeader("Authorization")).andReturn(header);
    req.setAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT, new AuthenticationResult("userA", "basic", "basic", null));
    EasyMock.expectLastCall().times(1);
    EasyMock.replay(req);
    HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
    EasyMock.replay(resp);
    FilterChain filterChain = EasyMock.createMock(FilterChain.class);
    filterChain.doFilter(req, resp);
    EasyMock.expectLastCall().times(1);
    EasyMock.replay(filterChain);
    Filter authenticatorFilter = authenticatorWithValidator.getFilter();
    authenticatorFilter.doFilter(req, resp, filterChain);
    EasyMock.verify(req, resp, validator, filterChain);
}
Also used : BasicHTTPAuthenticator(org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator) HttpServletRequest(javax.servlet.http.HttpServletRequest) Filter(javax.servlet.Filter) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) CredentialsValidator(org.apache.druid.security.basic.authentication.validator.CredentialsValidator) AuthenticationResult(org.apache.druid.server.security.AuthenticationResult) Test(org.junit.Test)

Example 4 with BasicHTTPAuthenticator

use of org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator in project druid by druid-io.

the class BasicHTTPAuthenticatorTest method testBadPasswordWithSkipOnFailureValidator.

@Test
public void testBadPasswordWithSkipOnFailureValidator() throws IOException, ServletException {
    CredentialsValidator validator = EasyMock.createMock(CredentialsValidator.class);
    BasicHTTPAuthenticator authenticatorWithValidator = new BasicHTTPAuthenticator(CACHE_MANAGER_PROVIDER, "basic", "basic", null, null, false, null, null, true, validator);
    String header = StringUtils.utf8Base64("userA:badpassword");
    header = StringUtils.format("Basic %s", header);
    EasyMock.expect(validator.validateCredentials(EasyMock.eq("basic"), EasyMock.eq("basic"), EasyMock.eq("userA"), EasyMock.aryEq("badpassword".toCharArray()))).andThrow(new BasicSecurityAuthenticationException("User authentication failed.")).times(1);
    EasyMock.replay(validator);
    HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
    EasyMock.expect(req.getHeader("Authorization")).andReturn(header);
    EasyMock.replay(req);
    HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
    resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, "User authentication failed.");
    EasyMock.expectLastCall().times(1);
    EasyMock.replay(resp);
    // Authentication filter should not move on to the next filter in the chain
    FilterChain filterChain = EasyMock.createMock(FilterChain.class);
    EasyMock.replay(filterChain);
    Filter authenticatorFilter = authenticatorWithValidator.getFilter();
    authenticatorFilter.doFilter(req, resp, filterChain);
    EasyMock.verify(req, resp, validator, filterChain);
}
Also used : BasicHTTPAuthenticator(org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator) HttpServletRequest(javax.servlet.http.HttpServletRequest) BasicSecurityAuthenticationException(org.apache.druid.security.basic.BasicSecurityAuthenticationException) Filter(javax.servlet.Filter) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) CredentialsValidator(org.apache.druid.security.basic.authentication.validator.CredentialsValidator) Test(org.junit.Test)

Example 5 with BasicHTTPAuthenticator

use of org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator in project druid by druid-io.

the class BasicHTTPAuthenticatorTest method testUnknownUserWithSkipOnFailure.

@Test
public void testUnknownUserWithSkipOnFailure() throws IOException, ServletException {
    CredentialsValidator validator = EasyMock.createMock(CredentialsValidator.class);
    BasicHTTPAuthenticator authenticatorWithSkipOnFailure = new BasicHTTPAuthenticator(CACHE_MANAGER_PROVIDER, "basic", "basic", null, null, false, null, null, true, validator);
    String header = StringUtils.utf8Base64("userB:helloworld");
    header = StringUtils.format("Basic %s", header);
    HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
    EasyMock.expect(req.getHeader("Authorization")).andReturn(header);
    EasyMock.replay(req);
    EasyMock.expect(validator.validateCredentials(EasyMock.eq("basic"), EasyMock.eq("basic"), EasyMock.eq("userB"), EasyMock.aryEq("helloworld".toCharArray()))).andReturn(null).times(1);
    EasyMock.replay(validator);
    HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
    EasyMock.replay(resp);
    // Authentication filter should move on to the next filter in the chain without sending a response
    FilterChain filterChain = EasyMock.createMock(FilterChain.class);
    filterChain.doFilter(req, resp);
    EasyMock.expectLastCall().times(1);
    EasyMock.replay(filterChain);
    Filter authenticatorFilter = authenticatorWithSkipOnFailure.getFilter();
    authenticatorFilter.doFilter(req, resp, filterChain);
    EasyMock.verify(req, resp, validator, filterChain);
}
Also used : BasicHTTPAuthenticator(org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator) HttpServletRequest(javax.servlet.http.HttpServletRequest) Filter(javax.servlet.Filter) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) CredentialsValidator(org.apache.druid.security.basic.authentication.validator.CredentialsValidator) Test(org.junit.Test)

Aggregations

BasicHTTPAuthenticator (org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator)12 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 BasicAuthenticatorUser (org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorUser)4 Map (java.util.Map)3 Filter (javax.servlet.Filter)3 FilterChain (javax.servlet.FilterChain)3 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 CredentialsValidator (org.apache.druid.security.basic.authentication.validator.CredentialsValidator)3 Authenticator (org.apache.druid.server.security.Authenticator)3 AuthenticatorMapper (org.apache.druid.server.security.AuthenticatorMapper)3 Test (org.junit.Test)3 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)2 SmileFactory (com.fasterxml.jackson.dataformat.smile.SmileFactory)2 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)2 ISE (org.apache.druid.java.util.common.ISE)2 MetadataStorageTablesConfig (org.apache.druid.metadata.MetadataStorageTablesConfig)2 TestDerbyConnector (org.apache.druid.metadata.TestDerbyConnector)2 BasicAuthCommonCacheConfig (org.apache.druid.security.basic.BasicAuthCommonCacheConfig)2 BasicAuthDBConfig (org.apache.druid.security.basic.BasicAuthDBConfig)2 CoordinatorBasicAuthenticatorMetadataStorageUpdater (org.apache.druid.security.basic.authentication.db.updater.CoordinatorBasicAuthenticatorMetadataStorageUpdater)2