Example 11 with BasicAuthenticatorUser
use of org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorUser in project druid by druid-io.
the class MetadataStoreCredentialsValidator method validateCredentials.
@Override
@Nullable
public AuthenticationResult validateCredentials(String authenticatorName, String authorizerName, String username, char[] password) {
Map<String, BasicAuthenticatorUser> userMap = cacheManager.get().getUserMap(authenticatorName);
if (userMap == null) {
throw new IAE("No userMap is available for authenticator with prefix: [%s]", authenticatorName);
}
BasicAuthenticatorUser user = userMap.get(username);
if (user == null) {
return null;
}
BasicAuthenticatorCredentials credentials = user.getCredentials();
if (credentials == null) {
return null;
}
byte[] recalculatedHash = BasicAuthUtils.hashPassword(password, credentials.getSalt(), credentials.getIterations());
if (Arrays.equals(recalculatedHash, credentials.getHash())) {
return new AuthenticationResult(username, authorizerName, authenticatorName, null);
} else {
LOG.debug("Password incorrect for metadata store user %s", username);
throw new BasicSecurityAuthenticationException("User metadata store authentication failed.");
}
}
Also used :
BasicSecurityAuthenticationException(org.apache.druid.security.basic.BasicSecurityAuthenticationException)
BasicAuthenticatorCredentials(org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorCredentials)
BasicAuthenticatorUser(org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorUser)
IAE(org.apache.druid.java.util.common.IAE)
AuthenticationResult(org.apache.druid.server.security.AuthenticationResult)
Nullable(javax.annotation.Nullable)
Example 12 with BasicAuthenticatorUser
use of org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorUser in project druid by druid-io.
the class CoordinatorPollingBasicAuthenticatorCacheManager method tryFetchUserMapFromCoordinator.
private Map<String, BasicAuthenticatorUser> tryFetchUserMapFromCoordinator(String prefix) throws Exception {
Map<String, BasicAuthenticatorUser> userMap = null;
Request req = druidLeaderClient.makeRequest(HttpMethod.GET, StringUtils.format("/druid-ext/basic-security/authentication/db/%s/cachedSerializedUserMap", prefix));
BytesFullResponseHolder responseHolder = druidLeaderClient.go(req, new BytesFullResponseHandler());
byte[] userMapBytes = responseHolder.getContent();
if (ArrayUtils.isNotEmpty(userMapBytes)) {
userMap = objectMapper.readValue(userMapBytes, BasicAuthUtils.AUTHENTICATOR_USER_MAP_TYPE_REFERENCE);
if (userMap != null && commonCacheConfig.getCacheDirectory() != null) {
writeUserMapToDisk(prefix, userMapBytes);
}
} else {
LOG.info("Empty cached serialized user map retrieved, authenticator - %s", prefix);
}
return userMap;
}
Also used :
BytesFullResponseHolder(org.apache.druid.java.util.http.client.response.BytesFullResponseHolder)
Request(org.apache.druid.java.util.http.client.Request)
BasicAuthenticatorUser(org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorUser)
BytesFullResponseHandler(org.apache.druid.java.util.http.client.response.BytesFullResponseHandler)
Example 13 with BasicAuthenticatorUser
use of org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorUser in project druid by druid-io.
the class CoordinatorPollingBasicAuthenticatorCacheManager method start.
@LifecycleStart
public void start() {
if (!lifecycleLock.canStart()) {
throw new ISE("can't start.");
}
LOG.info("Starting CoordinatorPollingBasicAuthenticatorCacheManager.");
try {
initUserMaps();
ScheduledExecutors.scheduleWithFixedDelay(exec, new Duration(commonCacheConfig.getPollingPeriod()), new Duration(commonCacheConfig.getPollingPeriod()), () -> {
try {
long randomDelay = ThreadLocalRandom.current().nextLong(0, commonCacheConfig.getMaxRandomDelay());
LOG.debug("Inserting cachedUserMaps random polling delay of [%s] ms", randomDelay);
Thread.sleep(randomDelay);
LOG.debug("Scheduled user cache poll is running");
for (String authenticatorPrefix : authenticatorPrefixes) {
Map<String, BasicAuthenticatorUser> userMap = fetchUserMapFromCoordinator(authenticatorPrefix, false);
if (userMap != null) {
cachedUserMaps.put(authenticatorPrefix, userMap);
}
}
LOG.debug("Scheduled user cache poll is done");
} catch (Throwable t) {
LOG.makeAlert(t, "Error occured while polling for cachedUserMaps.").emit();
}
});
lifecycleLock.started();
LOG.info("Started CoordinatorPollingBasicAuthenticatorCacheManager.");
} finally {
lifecycleLock.exitStart();
}
}
Also used :
ISE(org.apache.druid.java.util.common.ISE)
Duration(org.joda.time.Duration)
BasicAuthenticatorUser(org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorUser)
LifecycleStart(org.apache.druid.java.util.common.lifecycle.LifecycleStart)
Example 14 with BasicAuthenticatorUser
use of org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorUser in project druid by druid-io.
the class CoordinatorPollingBasicAuthenticatorCacheManager method initUserMaps.
private void initUserMaps() {
AuthenticatorMapper authenticatorMapper = injector.getInstance(AuthenticatorMapper.class);
if (authenticatorMapper == null || authenticatorMapper.getAuthenticatorMap() == null) {
return;
}
for (Map.Entry<String, Authenticator> entry : authenticatorMapper.getAuthenticatorMap().entrySet()) {
Authenticator authenticator = entry.getValue();
if (authenticator instanceof BasicHTTPAuthenticator) {
String authenticatorName = entry.getKey();
authenticatorPrefixes.add(authenticatorName);
Map<String, BasicAuthenticatorUser> userMap = fetchUserMapFromCoordinator(authenticatorName, true);
if (userMap != null) {
cachedUserMaps.put(authenticatorName, userMap);
}
}
}
}
Also used :
AuthenticatorMapper(org.apache.druid.server.security.AuthenticatorMapper)
BasicHTTPAuthenticator(org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator)
BasicAuthenticatorUser(org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorUser)
Map(java.util.Map)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
Authenticator(org.apache.druid.server.security.Authenticator)
BasicHTTPAuthenticator(org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator)
Example 15 with BasicAuthenticatorUser
use of org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorUser in project druid by druid-io.
the class CoordinatorBasicAuthenticatorMetadataStorageUpdater method start.
@LifecycleStart
public void start() {
if (!lifecycleLock.canStart()) {
throw new ISE("can't start.");
}
if (authenticatorMapper == null || authenticatorMapper.getAuthenticatorMap() == null) {
return;
}
try {
LOG.info("Starting CoordinatorBasicAuthenticatorMetadataStorageUpdater.");
BasicAuthUtils.maybeInitialize(() -> {
for (Map.Entry<String, Authenticator> entry : authenticatorMapper.getAuthenticatorMap().entrySet()) {
Authenticator authenticator = entry.getValue();
if (authenticator instanceof BasicHTTPAuthenticator) {
String authenticatorName = entry.getKey();
authenticatorPrefixes.add(authenticatorName);
BasicHTTPAuthenticator basicHTTPAuthenticator = (BasicHTTPAuthenticator) authenticator;
BasicAuthDBConfig dbConfig = basicHTTPAuthenticator.getDbConfig();
byte[] userMapBytes = getCurrentUserMapBytes(authenticatorName);
Map<String, BasicAuthenticatorUser> userMap = BasicAuthUtils.deserializeAuthenticatorUserMap(objectMapper, userMapBytes);
cachedUserMaps.put(authenticatorName, new BasicAuthenticatorUserMapBundle(userMap, userMapBytes));
if (dbConfig.getInitialAdminPassword() != null && !userMap.containsKey(BasicAuthUtils.ADMIN_NAME)) {
createUserInternal(authenticatorName, BasicAuthUtils.ADMIN_NAME);
setUserCredentialsInternal(authenticatorName, BasicAuthUtils.ADMIN_NAME, new BasicAuthenticatorCredentialUpdate(dbConfig.getInitialAdminPassword().getPassword(), BasicAuthUtils.DEFAULT_KEY_ITERATIONS));
}
if (dbConfig.getInitialInternalClientPassword() != null && !userMap.containsKey(BasicAuthUtils.INTERNAL_USER_NAME)) {
createUserInternal(authenticatorName, BasicAuthUtils.INTERNAL_USER_NAME);
setUserCredentialsInternal(authenticatorName, BasicAuthUtils.INTERNAL_USER_NAME, new BasicAuthenticatorCredentialUpdate(dbConfig.getInitialInternalClientPassword().getPassword(), BasicAuthUtils.DEFAULT_KEY_ITERATIONS));
}
}
}
return true;
});
ScheduledExecutors.scheduleWithFixedDelay(exec, new Duration(commonCacheConfig.getPollingPeriod()), new Duration(commonCacheConfig.getPollingPeriod()), new Callable<ScheduledExecutors.Signal>() {
@Override
public ScheduledExecutors.Signal call() {
if (stopped) {
return ScheduledExecutors.Signal.STOP;
}
try {
LOG.debug("Scheduled db userMap poll is running");
for (String authenticatorPrefix : authenticatorPrefixes) {
byte[] userMapBytes = getCurrentUserMapBytes(authenticatorPrefix);
Map<String, BasicAuthenticatorUser> userMap = BasicAuthUtils.deserializeAuthenticatorUserMap(objectMapper, userMapBytes);
if (userMapBytes != null) {
cachedUserMaps.put(authenticatorPrefix, new BasicAuthenticatorUserMapBundle(userMap, userMapBytes));
}
}
LOG.debug("Scheduled db userMap poll is done");
} catch (Throwable t) {
LOG.makeAlert(t, "Error occured while polling for cachedUserMaps.").emit();
}
return ScheduledExecutors.Signal.REPEAT;
}
});
lifecycleLock.started();
} finally {
lifecycleLock.exitStart();
}
}
Also used :
Duration(org.joda.time.Duration)
BasicAuthenticatorUser(org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorUser)
BasicAuthenticatorUserMapBundle(org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorUserMapBundle)
BasicHTTPAuthenticator(org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator)
BasicAuthenticatorCredentialUpdate(org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorCredentialUpdate)
ISE(org.apache.druid.java.util.common.ISE)
Map(java.util.Map)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
Authenticator(org.apache.druid.server.security.Authenticator)
BasicHTTPAuthenticator(org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator)
BasicAuthDBConfig(org.apache.druid.security.basic.BasicAuthDBConfig)
LifecycleStart(org.apache.druid.java.util.common.lifecycle.LifecycleStart)
Aggregations
BasicAuthenticatorUser (org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorUser)15
Test (org.junit.Test)6
Response (javax.ws.rs.core.Response)4
BasicHTTPAuthenticator (org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator)4
BasicSecurityDBResourceException (org.apache.druid.security.basic.BasicSecurityDBResourceException)3
BasicAuthenticatorCredentialUpdate (org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorCredentialUpdate)3
BasicAuthenticatorCredentials (org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorCredentials)3
Map (java.util.Map)2
ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)2
ISE (org.apache.druid.java.util.common.ISE)2
LifecycleStart (org.apache.druid.java.util.common.lifecycle.LifecycleStart)2
Authenticator (org.apache.druid.server.security.Authenticator)2
Duration (org.joda.time.Duration)2
Nullable (javax.annotation.Nullable)1
IAE (org.apache.druid.java.util.common.IAE)1
Request (org.apache.druid.java.util.http.client.Request)1
BytesFullResponseHandler (org.apache.druid.java.util.http.client.response.BytesFullResponseHandler)1
BytesFullResponseHolder (org.apache.druid.java.util.http.client.response.BytesFullResponseHolder)1
BasicAuthDBConfig (org.apache.druid.security.basic.BasicAuthDBConfig)1
BasicSecurityAuthenticationException (org.apache.druid.security.basic.BasicSecurityAuthenticationException)1
