Examples with UserAndRoleMap org.apache.druid.security.basic.authorization.entity.UserAndRoleMap used on opensource projects

Example 1 with UserAndRoleMap

use of org.apache.druid.security.basic.authorization.entity.UserAndRoleMap in project druid by druid-io.

the class CoordinatorPollingBasicAuthorizerCacheManager method initUserMaps.

private void initUserMaps() {
    AuthorizerMapper authorizerMapper = injector.getInstance(AuthorizerMapper.class);
    if (authorizerMapper == null || authorizerMapper.getAuthorizerMap() == null) {
        return;
    }
    for (Map.Entry<String, Authorizer> entry : authorizerMapper.getAuthorizerMap().entrySet()) {
        Authorizer authorizer = entry.getValue();
        if (authorizer instanceof BasicRoleBasedAuthorizer) {
            String authorizerName = entry.getKey();
            authorizerPrefixes.add(authorizerName);
            UserAndRoleMap userAndRoleMap = fetchUserAndRoleMapFromCoordinator(authorizerName, true);
            if (userAndRoleMap != null) {
                cachedUserMaps.put(authorizerName, userAndRoleMap.getUserMap());
                cachedRoleMaps.put(authorizerName, userAndRoleMap.getRoleMap());
            }
            GroupMappingAndRoleMap groupMappingAndRoleMap = fetchGroupAndRoleMapFromCoordinator(authorizerName, true);
            if (groupMappingAndRoleMap != null) {
                cachedGroupMappingMaps.put(authorizerName, groupMappingAndRoleMap.getGroupMappingMap());
                cachedGroupMappingRoleMaps.put(authorizerName, groupMappingAndRoleMap.getRoleMap());
            }
        }
    }
}

Example 2 with UserAndRoleMap

use of org.apache.druid.security.basic.authorization.entity.UserAndRoleMap in project druid by druid-io.

the class CoordinatorBasicAuthorizerMetadataStorageUpdater method getCurrentUserAndRoleMapSerialized.

private byte[] getCurrentUserAndRoleMapSerialized(String prefix) throws IOException {
    BasicAuthorizerUserMapBundle userMapBundle = cachedUserMaps.get(prefix);
    BasicAuthorizerRoleMapBundle roleMapBundle = cachedRoleMaps.get(prefix);
    UserAndRoleMap userAndRoleMap = new UserAndRoleMap(userMapBundle == null ? null : userMapBundle.getUserMap(), roleMapBundle == null ? null : roleMapBundle.getRoleMap());
    return objectMapper.writeValueAsBytes(userAndRoleMap);
}

Example 3 with UserAndRoleMap

use of org.apache.druid.security.basic.authorization.entity.UserAndRoleMap in project druid by druid-io.

the class CoordinatorPollingBasicAuthorizerCacheManager method tryFetchUserMapsFromCoordinator.

private UserAndRoleMap tryFetchUserMapsFromCoordinator(String prefix) throws Exception {
    Request req = druidLeaderClient.makeRequest(HttpMethod.GET, StringUtils.format("/druid-ext/basic-security/authorization/db/%s/cachedSerializedUserMap", prefix));
    BytesFullResponseHolder responseHolder = druidLeaderClient.go(req, new BytesFullResponseHandler());
    byte[] userRoleMapBytes = responseHolder.getContent();
    UserAndRoleMap userAndRoleMap = objectMapper.readValue(userRoleMapBytes, BasicAuthUtils.AUTHORIZER_USER_AND_ROLE_MAP_TYPE_REFERENCE);
    if (userAndRoleMap != null && commonCacheConfig.getCacheDirectory() != null) {
        writeUserMapToDisk(prefix, userRoleMapBytes);
    }
    return userAndRoleMap;
}

Example 4 with UserAndRoleMap

use of org.apache.druid.security.basic.authorization.entity.UserAndRoleMap in project druid by druid-io.

the class CoordinatorPollingBasicAuthorizerCacheManager method start.

@LifecycleStart
public void start() {
    if (!lifecycleLock.canStart()) {
        throw new ISE("can't start.");
    }
    LOG.info("Starting CoordinatorPollingBasicAuthorizerCacheManager.");
    try {
        initUserMaps();
        ScheduledExecutors.scheduleWithFixedDelay(exec, new Duration(commonCacheConfig.getPollingPeriod()), new Duration(commonCacheConfig.getPollingPeriod()), () -> {
            try {
                long randomDelay = ThreadLocalRandom.current().nextLong(0, commonCacheConfig.getMaxRandomDelay());
                LOG.debug("Inserting random polling delay of [%s] ms", randomDelay);
                Thread.sleep(randomDelay);
                LOG.debug("Scheduled userMap cache poll is running");
                for (String authorizerPrefix : authorizerPrefixes) {
                    UserAndRoleMap userAndRoleMap = fetchUserAndRoleMapFromCoordinator(authorizerPrefix, false);
                    if (userAndRoleMap != null) {
                        cachedUserMaps.put(authorizerPrefix, userAndRoleMap.getUserMap());
                        cachedRoleMaps.put(authorizerPrefix, userAndRoleMap.getRoleMap());
                    }
                }
                LOG.debug("Scheduled userMap cache poll is done");
            } catch (Throwable t) {
                LOG.makeAlert(t, "Error occured while polling for cachedUserMaps.").emit();
            }
        });
        ScheduledExecutors.scheduleWithFixedDelay(exec, new Duration(commonCacheConfig.getPollingPeriod()), new Duration(commonCacheConfig.getPollingPeriod()), () -> {
            try {
                long randomDelay = ThreadLocalRandom.current().nextLong(0, commonCacheConfig.getMaxRandomDelay());
                LOG.debug("Inserting random polling delay of [%s] ms", randomDelay);
                Thread.sleep(randomDelay);
                LOG.debug("Scheduled groupMappingMap cache poll is running");
                for (String authorizerPrefix : authorizerPrefixes) {
                    GroupMappingAndRoleMap groupMappingAndRoleMap = fetchGroupAndRoleMapFromCoordinator(authorizerPrefix, false);
                    if (groupMappingAndRoleMap != null) {
                        cachedGroupMappingMaps.put(authorizerPrefix, groupMappingAndRoleMap.getGroupMappingMap());
                        cachedGroupMappingRoleMaps.put(authorizerPrefix, groupMappingAndRoleMap.getRoleMap());
                    }
                }
                LOG.debug("Scheduled groupMappingMap cache poll is done");
            } catch (Throwable t) {
                LOG.makeAlert(t, "Error occured while polling for cachedGroupMappingMaps.").emit();
            }
        });
        lifecycleLock.started();
        LOG.info("Started CoordinatorPollingBasicAuthorizerCacheManager.");
    } finally {
        lifecycleLock.exitStart();
    }
}

Example 5 with UserAndRoleMap

use of org.apache.druid.security.basic.authorization.entity.UserAndRoleMap in project druid by druid-io.

the class CoordinatorPollingBasicAuthorizerCacheManager method handleAuthorizerUserUpdate.

@Override
public void handleAuthorizerUserUpdate(String authorizerPrefix, byte[] serializedUserAndRoleMap) {
    LOG.debug("Received userMap cache update for authorizer [%s].", authorizerPrefix);
    Preconditions.checkState(lifecycleLock.awaitStarted(1, TimeUnit.MILLISECONDS));
    try {
        UserAndRoleMap userAndRoleMap = objectMapper.readValue(serializedUserAndRoleMap, BasicAuthUtils.AUTHORIZER_USER_AND_ROLE_MAP_TYPE_REFERENCE);
        cachedUserMaps.put(authorizerPrefix, userAndRoleMap.getUserMap());
        cachedRoleMaps.put(authorizerPrefix, userAndRoleMap.getRoleMap());
        if (commonCacheConfig.getCacheDirectory() != null) {
            writeUserMapToDisk(authorizerPrefix, serializedUserAndRoleMap);
        }
    } catch (Exception e) {
        LOG.makeAlert(e, "Could not deserialize user/role map received from coordinator").emit();
    }
}