Example 16 with BasicAuthorizerUser
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser in project druid by druid-io.
the class CoordinatorBasicAuthorizerMetadataStorageUpdater method start.
@LifecycleStart
public void start() {
if (!lifecycleLock.canStart()) {
throw new ISE("can't start.");
}
if (authorizerMapper == null || authorizerMapper.getAuthorizerMap() == null) {
return;
}
try {
LOG.info("Starting CoordinatorBasicAuthorizerMetadataStorageUpdater");
BasicAuthUtils.maybeInitialize(() -> {
for (Map.Entry<String, Authorizer> entry : authorizerMapper.getAuthorizerMap().entrySet()) {
Authorizer authorizer = entry.getValue();
if (authorizer instanceof BasicRoleBasedAuthorizer) {
BasicRoleBasedAuthorizer basicRoleBasedAuthorizer = (BasicRoleBasedAuthorizer) authorizer;
BasicAuthDBConfig dbConfig = basicRoleBasedAuthorizer.getDbConfig();
String authorizerName = entry.getKey();
authorizerNames.add(authorizerName);
byte[] userMapBytes = getCurrentUserMapBytes(authorizerName);
Map<String, BasicAuthorizerUser> userMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, userMapBytes);
cachedUserMaps.put(authorizerName, new BasicAuthorizerUserMapBundle(userMap, userMapBytes));
byte[] groupMappingMapBytes = getCurrentGroupMappingMapBytes(authorizerName);
Map<String, BasicAuthorizerGroupMapping> groupMappingMap = BasicAuthUtils.deserializeAuthorizerGroupMappingMap(objectMapper, groupMappingMapBytes);
cachedGroupMappingMaps.put(authorizerName, new BasicAuthorizerGroupMappingMapBundle(groupMappingMap, groupMappingMapBytes));
byte[] roleMapBytes = getCurrentRoleMapBytes(authorizerName);
Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, roleMapBytes);
cachedRoleMaps.put(authorizerName, new BasicAuthorizerRoleMapBundle(roleMap, roleMapBytes));
initSuperUsersAndGroupMapping(authorizerName, userMap, roleMap, groupMappingMap, dbConfig.getInitialAdminUser(), dbConfig.getInitialAdminRole(), dbConfig.getInitialAdminGroupMapping());
}
}
return true;
});
ScheduledExecutors.scheduleWithFixedDelay(exec, new Duration(commonCacheConfig.getPollingPeriod()), new Duration(commonCacheConfig.getPollingPeriod()), () -> {
if (stopped) {
return ScheduledExecutors.Signal.STOP;
}
try {
LOG.debug("Scheduled db poll is running");
for (String authorizerName : authorizerNames) {
byte[] userMapBytes = getCurrentUserMapBytes(authorizerName);
Map<String, BasicAuthorizerUser> userMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, userMapBytes);
if (userMapBytes != null) {
synchronized (cachedUserMaps) {
cachedUserMaps.put(authorizerName, new BasicAuthorizerUserMapBundle(userMap, userMapBytes));
}
}
byte[] groupMappingMapBytes = getCurrentGroupMappingMapBytes(authorizerName);
Map<String, BasicAuthorizerGroupMapping> groupMappingMap = BasicAuthUtils.deserializeAuthorizerGroupMappingMap(objectMapper, groupMappingMapBytes);
if (groupMappingMapBytes != null) {
synchronized (cachedGroupMappingMaps) {
cachedGroupMappingMaps.put(authorizerName, new BasicAuthorizerGroupMappingMapBundle(groupMappingMap, groupMappingMapBytes));
}
}
byte[] roleMapBytes = getCurrentRoleMapBytes(authorizerName);
Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, roleMapBytes);
if (roleMapBytes != null) {
synchronized (cachedRoleMaps) {
cachedRoleMaps.put(authorizerName, new BasicAuthorizerRoleMapBundle(roleMap, roleMapBytes));
}
}
}
LOG.debug("Scheduled db poll is done");
} catch (Throwable t) {
LOG.makeAlert(t, "Error occured while polling for cachedUserMaps, cachedGroupMappingMaps, cachedRoleMaps.").emit();
}
return ScheduledExecutors.Signal.REPEAT;
});
lifecycleLock.started();
} finally {
lifecycleLock.exitStart();
}
}
Also used :
Duration(org.joda.time.Duration)
BasicAuthorizerRoleMapBundle(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleMapBundle)
BasicAuthorizerGroupMapping(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMapping)
BasicAuthorizerUserMapBundle(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUserMapBundle)
BasicAuthorizerUser(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser)
Authorizer(org.apache.druid.server.security.Authorizer)
BasicRoleBasedAuthorizer(org.apache.druid.security.basic.authorization.BasicRoleBasedAuthorizer)
BasicAuthorizerGroupMappingMapBundle(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMappingMapBundle)
ISE(org.apache.druid.java.util.common.ISE)
BasicRoleBasedAuthorizer(org.apache.druid.security.basic.authorization.BasicRoleBasedAuthorizer)
BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)
UserAndRoleMap(org.apache.druid.security.basic.authorization.entity.UserAndRoleMap)
Map(java.util.Map)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
GroupMappingAndRoleMap(org.apache.druid.security.basic.authorization.entity.GroupMappingAndRoleMap)
BasicAuthDBConfig(org.apache.druid.security.basic.BasicAuthDBConfig)
LifecycleStart(org.apache.druid.java.util.common.lifecycle.LifecycleStart)
Example 17 with BasicAuthorizerUser
use of org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser in project druid by druid-io.
the class CoordinatorBasicAuthorizerResourceHandler method getRoleFull.
private Response getRoleFull(String authorizerName, String roleName, boolean simplifyPermissions) {
Map<String, BasicAuthorizerRole> roleMap = BasicAuthUtils.deserializeAuthorizerRoleMap(objectMapper, storageUpdater.getCurrentRoleMapBytes(authorizerName));
try {
BasicAuthorizerRole role = roleMap.get(roleName);
if (role == null) {
throw new BasicSecurityDBResourceException("Role [%s] does not exist.", roleName);
}
Map<String, BasicAuthorizerUser> userMap = BasicAuthUtils.deserializeAuthorizerUserMap(objectMapper, storageUpdater.getCurrentUserMapBytes(authorizerName));
Map<String, BasicAuthorizerGroupMapping> groupMappingMap = BasicAuthUtils.deserializeAuthorizerGroupMappingMap(objectMapper, storageUpdater.getCurrentGroupMappingMapBytes(authorizerName));
Set<String> users = new HashSet<>();
for (BasicAuthorizerUser user : userMap.values()) {
if (user.getRoles().contains(roleName)) {
users.add(user.getName());
}
}
Set<String> groupMappings = new HashSet<>();
for (BasicAuthorizerGroupMapping group : groupMappingMap.values()) {
if (group.getRoles().contains(roleName)) {
groupMappings.add(group.getName());
}
}
if (simplifyPermissions) {
return Response.ok(new BasicAuthorizerRoleSimplifiedPermissions(role, users)).build();
} else {
BasicAuthorizerRoleFull roleFull = new BasicAuthorizerRoleFull(roleName, users, groupMappings, role.getPermissions());
return Response.ok(roleFull).build();
}
} catch (BasicSecurityDBResourceException e) {
return makeResponseForBasicSecurityDBResourceException(e);
}
}
Also used :
BasicAuthorizerGroupMapping(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMapping)
BasicSecurityDBResourceException(org.apache.druid.security.basic.BasicSecurityDBResourceException)
BasicAuthorizerRoleSimplifiedPermissions(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleSimplifiedPermissions)
BasicAuthorizerUser(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser)
BasicAuthorizerRoleFull(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleFull)
BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)
HashSet(java.util.HashSet)
Aggregations
BasicAuthorizerUser (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerUser)17
BasicAuthorizerRole (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole)12
Test (org.junit.Test)7
BasicSecurityDBResourceException (org.apache.druid.security.basic.BasicSecurityDBResourceException)6
BasicAuthorizerGroupMapping (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMapping)5
HashMap (java.util.HashMap)4
HashSet (java.util.HashSet)3
Response (javax.ws.rs.core.Response)3
Map (java.util.Map)2
IAE (org.apache.druid.java.util.common.IAE)2
BasicRoleBasedAuthorizer (org.apache.druid.security.basic.authorization.BasicRoleBasedAuthorizer)2
BasicAuthorizerRoleSimplifiedPermissions (org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRoleSimplifiedPermissions)2
JacksonInject (com.fasterxml.jackson.annotation.JacksonInject)1
JsonCreator (com.fasterxml.jackson.annotation.JsonCreator)1
JsonProperty (com.fasterxml.jackson.annotation.JsonProperty)1
JsonTypeName (com.fasterxml.jackson.annotation.JsonTypeName)1
VisibleForTesting (com.google.common.annotations.VisibleForTesting)1
Arrays (java.util.Arrays)1
Locale (java.util.Locale)1
Optional (java.util.Optional)1
