Example 1 with BasicAuthorizerPermission
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerPermission in project druid by druid-io.
the class BasicRoleBasedAuthorizer method authorize.
@Override
@SuppressWarnings("unchecked")
public Access authorize(AuthenticationResult authenticationResult, Resource resource, Action action) {
if (authenticationResult == null) {
throw new IAE("authenticationResult is null where it should never be.");
}
Set<String> roleNames = new HashSet<>(roleProvider.getRoles(name, authenticationResult));
Map<String, BasicAuthorizerRole> roleMap = roleProvider.getRoleMap(name);
if (roleNames.isEmpty()) {
return new Access(false);
}
if (roleMap == null) {
throw new IAE("Could not load roleMap for authorizer [%s]", name);
}
for (String roleName : roleNames) {
BasicAuthorizerRole role = roleMap.get(roleName);
if (role != null) {
for (BasicAuthorizerPermission permission : role.getPermissions()) {
if (permissionCheck(resource, action, permission)) {
return new Access(true);
}
}
}
}
return new Access(false);
}
Also used :
Access(org.apache.druid.server.security.Access)
BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)
IAE(org.apache.druid.java.util.common.IAE)
BasicAuthorizerPermission(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerPermission)
HashSet(java.util.HashSet)
Aggregations
HashSet (java.util.HashSet)1
IAE (org.apache.druid.java.util.common.IAE)1
BasicAuthorizerPermission (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerPermission)1
BasicAuthorizerRole (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)1
Access (org.apache.druid.server.security.Access)1
