Examples with AuthenticationResult org.apache.druid.server.security.AuthenticationResult used on opensource projects

Search in sources :

Example 46 with AuthenticationResult

use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.

the class SupervisorResourceTest method testSpecGetHistoryWithAuthFailure.

@Test
public void testSpecGetHistoryWithAuthFailure() {
    List<VersionedSupervisorSpec> versions1 = ImmutableList.of(new VersionedSupervisorSpec(new TestSupervisorSpec("id1", null, Collections.singletonList("datasource1")), "v1"), new VersionedSupervisorSpec(new NoopSupervisorSpec(null, Collections.singletonList("datasource3")), "tombstone"), new VersionedSupervisorSpec(new TestSupervisorSpec("id1", null, Collections.singletonList("datasource1")), "v2"));
    List<VersionedSupervisorSpec> versions2 = ImmutableList.of(new VersionedSupervisorSpec(new TestSupervisorSpec("id2", null, Collections.singletonList("datasource2")), "v1"), new VersionedSupervisorSpec(new NoopSupervisorSpec(null, Collections.singletonList("datasource2")), "tombstone"), new VersionedSupervisorSpec(new TestSupervisorSpec("id2", null, Collections.singletonList("datasource2")), "v2"));
    List<VersionedSupervisorSpec> versions3 = ImmutableList.of(new VersionedSupervisorSpec(new TestSupervisorSpec("id3", null, Collections.singletonList("datasource3")), "v1"), new VersionedSupervisorSpec(new NoopSupervisorSpec(null, null), "tombstone"), new VersionedSupervisorSpec(new TestSupervisorSpec("id3", null, Collections.singletonList("datasource2")), "v2"), new VersionedSupervisorSpec(new NoopSupervisorSpec(null, null), "tombstone"), new VersionedSupervisorSpec(new TestSupervisorSpec("id3", null, Collections.singletonList("datasource3")), "v2"), new VersionedSupervisorSpec(new NoopSupervisorSpec(null, Collections.singletonList("datasource3")), "tombstone"));
    EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.of(supervisorManager)).times(4);
    EasyMock.expect(supervisorManager.getSupervisorHistoryForId("id1")).andReturn(versions1).times(1);
    EasyMock.expect(supervisorManager.getSupervisorHistoryForId("id2")).andReturn(versions2).times(1);
    EasyMock.expect(supervisorManager.getSupervisorHistoryForId("id3")).andReturn(versions3).times(1);
    EasyMock.expect(supervisorManager.getSupervisorHistoryForId("id4")).andReturn(Collections.emptyList()).times(1);
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).atLeastOnce();
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).atLeastOnce();
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(new AuthenticationResult("notdruid", "druid", null, null)).atLeastOnce();
    request.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
    EasyMock.expectLastCall().anyTimes();
    replayAll();
    Response response = supervisorResource.specGetHistory(request, "id1");
    Assert.assertEquals(200, response.getStatus());
    Assert.assertEquals(versions1, response.getEntity());
    response = supervisorResource.specGetHistory(request, "id2");
    // user is not authorized to access datasource2
    Assert.assertEquals(404, response.getStatus());
    response = supervisorResource.specGetHistory(request, "id3");
    Assert.assertEquals(200, response.getStatus());
    Assert.assertEquals(ImmutableList.of(new VersionedSupervisorSpec(new TestSupervisorSpec("id3", null, Collections.singletonList("datasource3")), "v1"), new VersionedSupervisorSpec(new NoopSupervisorSpec(null, null), "tombstone"), new VersionedSupervisorSpec(new NoopSupervisorSpec(null, null), "tombstone"), new VersionedSupervisorSpec(new TestSupervisorSpec("id3", null, Collections.singletonList("datasource3")), "v2"), new VersionedSupervisorSpec(new NoopSupervisorSpec(null, Collections.singletonList("datasource3")), "tombstone")), response.getEntity());
    response = supervisorResource.specGetHistory(request, "id4");
    Assert.assertEquals(404, response.getStatus());
    resetAll();
    EasyMock.expect(taskMaster.getSupervisorManager()).andReturn(Optional.absent());
    replayAll();
    response = supervisorResource.specGetHistory(request, "id1");
    verifyAll();
    Assert.assertEquals(503, response.getStatus());
}
Also used : Response(javax.ws.rs.core.Response) AuthenticationResult(org.apache.druid.server.security.AuthenticationResult) Test(org.junit.Test)

Example 47 with AuthenticationResult

use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.

the class QueryResourceTest method testSecuredQuery.

@Test
public void testSecuredQuery() throws Exception {
    EasyMock.expect(testServletRequest.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).anyTimes();
    EasyMock.expect(testServletRequest.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).anyTimes();
    EasyMock.expect(testServletRequest.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(AUTHENTICATION_RESULT).anyTimes();
    testServletRequest.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, false);
    EasyMock.expectLastCall().times(1);
    testServletRequest.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
    EasyMock.expectLastCall().times(1);
    EasyMock.replay(testServletRequest);
    AuthorizerMapper authMapper = new AuthorizerMapper(null) {

        @Override
        public Authorizer getAuthorizer(String name) {
            return new Authorizer() {

                @Override
                public Access authorize(AuthenticationResult authenticationResult, Resource resource, Action action) {
                    if (resource.getName().equals("allow")) {
                        return new Access(true);
                    } else {
                        return new Access(false);
                    }
                }
            };
        }
    };
    queryResource = new QueryResource(new QueryLifecycleFactory(WAREHOUSE, TEST_SEGMENT_WALKER, new DefaultGenericQueryMetricsFactory(), new NoopServiceEmitter(), testRequestLogger, new AuthConfig(), authMapper, Suppliers.ofInstance(new DefaultQueryConfig(ImmutableMap.of()))), jsonMapper, smileMapper, queryScheduler, new AuthConfig(), authMapper, ResponseContextConfig.newConfig(true), DRUID_NODE);
    try {
        queryResource.doPost(new ByteArrayInputStream(SIMPLE_TIMESERIES_QUERY.getBytes(StandardCharsets.UTF_8)), null, /*pretty*/
        testServletRequest);
        Assert.fail("doPost did not throw ForbiddenException for an unauthorized query");
    } catch (ForbiddenException e) {
    }
    Response response = queryResource.doPost(new ByteArrayInputStream("{\"queryType\":\"timeBoundary\", \"dataSource\":\"allow\"}".getBytes(StandardCharsets.UTF_8)), null, /*pretty*/
    testServletRequest);
    final ByteArrayOutputStream baos = new ByteArrayOutputStream();
    ((StreamingOutput) response.getEntity()).write(baos);
    final List<Result<TimeBoundaryResultValue>> responses = jsonMapper.readValue(baos.toByteArray(), new TypeReference<List<Result<TimeBoundaryResultValue>>>() {
    });
    Assert.assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
    Assert.assertEquals(0, responses.size());
    Assert.assertEquals(1, testRequestLogger.getNativeQuerylogs().size());
    Assert.assertEquals(true, testRequestLogger.getNativeQuerylogs().get(0).getQueryStats().getStats().get("success"));
    Assert.assertEquals("druid", testRequestLogger.getNativeQuerylogs().get(0).getQueryStats().getStats().get("identity"));
}
Also used : Action(org.apache.druid.server.security.Action) ForbiddenException(org.apache.druid.server.security.ForbiddenException) Resource(org.apache.druid.server.security.Resource) Access(org.apache.druid.server.security.Access) NoopServiceEmitter(org.apache.druid.server.metrics.NoopServiceEmitter) StreamingOutput(javax.ws.rs.core.StreamingOutput) AuthConfig(org.apache.druid.server.security.AuthConfig) ByteArrayOutputStream(java.io.ByteArrayOutputStream) AuthenticationResult(org.apache.druid.server.security.AuthenticationResult) AuthenticationResult(org.apache.druid.server.security.AuthenticationResult) Result(org.apache.druid.query.Result) Response(javax.ws.rs.core.Response) ByteArrayInputStream(java.io.ByteArrayInputStream) Authorizer(org.apache.druid.server.security.Authorizer) TimeBoundaryResultValue(org.apache.druid.query.timeboundary.TimeBoundaryResultValue) AuthorizerMapper(org.apache.druid.server.security.AuthorizerMapper) List(java.util.List) ImmutableList(com.google.common.collect.ImmutableList) DefaultQueryConfig(org.apache.druid.query.DefaultQueryConfig) DefaultGenericQueryMetricsFactory(org.apache.druid.query.DefaultGenericQueryMetricsFactory) Test(org.junit.Test)

Example 48 with AuthenticationResult

use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.

the class ResourceFilterTestHelper method setUpMockExpectations.

public void setUpMockExpectations(String requestPath, boolean authCheckResult, String requestMethod) {
    EasyMock.expect(request.getPath()).andReturn(requestPath).anyTimes();
    EasyMock.expect(request.getPathSegments()).andReturn(ImmutableList.copyOf(Iterables.transform(Arrays.asList(requestPath.split("/")), new Function<String, PathSegment>() {

        @Override
        public PathSegment apply(final String input) {
            return new PathSegment() {

                @Override
                public String getPath() {
                    return input;
                }

                @Override
                public MultivaluedMap<String, String> getMatrixParameters() {
                    return null;
                }
            };
        }
    }))).anyTimes();
    EasyMock.expect(request.getMethod()).andReturn(requestMethod).anyTimes();
    EasyMock.expect(req.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).anyTimes();
    EasyMock.expect(req.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).anyTimes();
    AuthenticationResult authenticationResult = new AuthenticationResult("druid", "druid", null, null);
    EasyMock.expect(req.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(authenticationResult).atLeastOnce();
    req.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, authCheckResult);
    EasyMock.expectLastCall().anyTimes();
    EasyMock.expect(authorizerMapper.getAuthorizer(EasyMock.anyString())).andReturn(new Authorizer() {

        @Override
        public Access authorize(AuthenticationResult authenticationResult1, Resource resource, Action action) {
            return new Access(authCheckResult);
        }
    }).atLeastOnce();
}
Also used : Function(com.google.common.base.Function) Action(org.apache.druid.server.security.Action) Authorizer(org.apache.druid.server.security.Authorizer) Resource(org.apache.druid.server.security.Resource) Access(org.apache.druid.server.security.Access) PathSegment(javax.ws.rs.core.PathSegment) AuthenticationResult(org.apache.druid.server.security.AuthenticationResult)

Example 49 with AuthenticationResult

use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.

the class PreResponseAuthorizationCheckFilterTest method testMissingAuthorizationCheckWithError.

@Test
public void testMissingAuthorizationCheckWithError() throws Exception {
    EmittingLogger.registerEmitter(EasyMock.createNiceMock(ServiceEmitter.class));
    AuthenticationResult authenticationResult = new AuthenticationResult("so-very-valid", "so-very-valid", null, null);
    HttpServletRequest req = EasyMock.createStrictMock(HttpServletRequest.class);
    HttpServletResponse resp = EasyMock.createStrictMock(HttpServletResponse.class);
    FilterChain filterChain = EasyMock.createNiceMock(FilterChain.class);
    ServletOutputStream outputStream = EasyMock.createNiceMock(ServletOutputStream.class);
    EasyMock.expect(req.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(authenticationResult).once();
    EasyMock.expect(req.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).once();
    EasyMock.expect(resp.getStatus()).andReturn(404).once();
    EasyMock.replay(req, resp, filterChain, outputStream);
    PreResponseAuthorizationCheckFilter filter = new PreResponseAuthorizationCheckFilter(authenticators, new DefaultObjectMapper());
    filter.doFilter(req, resp, filterChain);
    EasyMock.verify(req, resp, filterChain, outputStream);
}
Also used : ServiceEmitter(org.apache.druid.java.util.emitter.service.ServiceEmitter) HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletOutputStream(javax.servlet.ServletOutputStream) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) PreResponseAuthorizationCheckFilter(org.apache.druid.server.security.PreResponseAuthorizationCheckFilter) DefaultObjectMapper(org.apache.druid.jackson.DefaultObjectMapper) AuthenticationResult(org.apache.druid.server.security.AuthenticationResult) Test(org.junit.Test)

Example 50 with AuthenticationResult

use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.

the class SecuritySanityCheckFilterTest method testInvalidRequest.

@Test
public void testInvalidRequest() throws Exception {
    HttpServletRequest req = EasyMock.createStrictMock(HttpServletRequest.class);
    HttpServletResponse resp = EasyMock.createStrictMock(HttpServletResponse.class);
    FilterChain filterChain = EasyMock.createStrictMock(FilterChain.class);
    ServletOutputStream outputStream = EasyMock.createNiceMock(ServletOutputStream.class);
    AuthenticationResult authenticationResult = new AuthenticationResult("does-not-belong", "does-not-belong", null, null);
    EasyMock.expect(req.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(true).once();
    EasyMock.expect(req.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).anyTimes();
    EasyMock.expect(req.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(authenticationResult).once();
    EasyMock.expect(resp.getOutputStream()).andReturn(outputStream).once();
    resp.setStatus(403);
    EasyMock.expectLastCall().once();
    resp.setContentType("application/json");
    EasyMock.expectLastCall().once();
    resp.setCharacterEncoding("UTF-8");
    EasyMock.expectLastCall().once();
    EasyMock.replay(req, resp, filterChain, outputStream);
    SecuritySanityCheckFilter filter = new SecuritySanityCheckFilter(new DefaultObjectMapper());
    filter.doFilter(req, resp, filterChain);
    EasyMock.verify(req, resp, filterChain, outputStream);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletOutputStream(javax.servlet.ServletOutputStream) SecuritySanityCheckFilter(org.apache.druid.server.security.SecuritySanityCheckFilter) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) DefaultObjectMapper(org.apache.druid.jackson.DefaultObjectMapper) AuthenticationResult(org.apache.druid.server.security.AuthenticationResult) Test(org.junit.Test)

Aggregations

AuthenticationResult (org.apache.druid.server.security.AuthenticationResult)58 Test (org.junit.Test)40 Response (javax.ws.rs.core.Response)25 Access (org.apache.druid.server.security.Access)17 HttpServletRequest (javax.servlet.http.HttpServletRequest)16 Resource (org.apache.druid.server.security.Resource)12 HashMap (java.util.HashMap)10 List (java.util.List)10 AuthConfig (org.apache.druid.server.security.AuthConfig)10 Authorizer (org.apache.druid.server.security.Authorizer)10 ImmutableList (com.google.common.collect.ImmutableList)9 Map (java.util.Map)9 HttpServletResponse (javax.servlet.http.HttpServletResponse)8 AuthorizerMapper (org.apache.druid.server.security.AuthorizerMapper)8 FilterChain (javax.servlet.FilterChain)7 Action (org.apache.druid.server.security.Action)7 ArrayList (java.util.ArrayList)6 Set (java.util.Set)6 TreeMap (java.util.TreeMap)6 DefaultObjectMapper (org.apache.druid.jackson.DefaultObjectMapper)6
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial