Search in sources :

Example 51 with AuthenticationResult

use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.

the class DataSourcesResourceTest method testGetSimpleQueryableDataSources.

@Test
public void testGetSimpleQueryableDataSources() {
    EasyMock.expect(server.getDataSources()).andReturn(listDataSources).atLeastOnce();
    EasyMock.expect(server.getDataSource("datasource1")).andReturn(listDataSources.get(0)).atLeastOnce();
    EasyMock.expect(server.getTier()).andReturn(null).atLeastOnce();
    EasyMock.expect(server.getDataSource("datasource2")).andReturn(listDataSources.get(1)).atLeastOnce();
    EasyMock.expect(inventoryView.getInventory()).andReturn(ImmutableList.of(server)).atLeastOnce();
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).once();
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).once();
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(new AuthenticationResult("druid", "druid", null, null)).atLeastOnce();
    request.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
    EasyMock.expectLastCall().times(1);
    EasyMock.replay(inventoryView, server, request);
    DataSourcesResource dataSourcesResource = new DataSourcesResource(inventoryView, null, null, null, AuthTestUtils.TEST_AUTHORIZER_MAPPER, null);
    Response response = dataSourcesResource.getQueryableDataSources(null, "simple", request);
    Assert.assertEquals(200, response.getStatus());
    List<Map<String, Object>> results = (List<Map<String, Object>>) response.getEntity();
    int index = 0;
    for (Map<String, Object> entry : results) {
        Assert.assertEquals(listDataSources.get(index).getName(), entry.get("name").toString());
        Assert.assertTrue(((Map) ((Map) entry.get("properties")).get("tiers")).containsKey(null));
        Assert.assertNotNull((((Map) entry.get("properties")).get("segments")));
        Assert.assertEquals(1, ((Map) ((Map) entry.get("properties")).get("segments")).get("count"));
        index++;
    }
    EasyMock.verify(inventoryView, server);
}
Also used : Response(javax.ws.rs.core.Response) List(java.util.List) ArrayList(java.util.ArrayList) ImmutableList(com.google.common.collect.ImmutableList) Map(java.util.Map) ImmutableMap(com.google.common.collect.ImmutableMap) HashMap(java.util.HashMap) Object2LongMap(it.unimi.dsi.fastutil.objects.Object2LongMap) TreeMap(java.util.TreeMap) Object2LongOpenHashMap(it.unimi.dsi.fastutil.objects.Object2LongOpenHashMap) AuthenticationResult(org.apache.druid.server.security.AuthenticationResult) Test(org.junit.Test)

Example 52 with AuthenticationResult

use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.

the class IntervalsResourceTest method testGetSpecificIntervals.

@Test
public void testGetSpecificIntervals() {
    EasyMock.expect(inventoryView.getInventory()).andReturn(ImmutableList.of(server)).atLeastOnce();
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).once();
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).once();
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(new AuthenticationResult("druid", "druid", null, null)).once();
    request.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
    EasyMock.expectLastCall().times(1);
    EasyMock.replay(inventoryView, request);
    IntervalsResource intervalsResource = new IntervalsResource(inventoryView, new AuthConfig(), AuthTestUtils.TEST_AUTHORIZER_MAPPER);
    Response response = intervalsResource.getSpecificIntervals("2010-01-01T00:00:00.000Z/P1D", null, null, request);
    Map<String, Object> actualIntervals = (Map) response.getEntity();
    Assert.assertEquals(2, actualIntervals.size());
    Assert.assertEquals(25L, actualIntervals.get("size"));
    Assert.assertEquals(2, actualIntervals.get("count"));
}
Also used : Response(javax.ws.rs.core.Response) AuthConfig(org.apache.druid.server.security.AuthConfig) TreeMap(java.util.TreeMap) Map(java.util.Map) AuthenticationResult(org.apache.druid.server.security.AuthenticationResult) Test(org.junit.Test)

Example 53 with AuthenticationResult

use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.

the class IntervalsResourceTest method testSimpleGetSpecificIntervals.

@Test
public void testSimpleGetSpecificIntervals() {
    EasyMock.expect(inventoryView.getInventory()).andReturn(ImmutableList.of(server)).atLeastOnce();
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).once();
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).once();
    EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(new AuthenticationResult("druid", "druid", null, null)).once();
    request.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
    EasyMock.expectLastCall().times(1);
    EasyMock.replay(inventoryView, request);
    List<Interval> expectedIntervals = new ArrayList<>();
    expectedIntervals.add(Intervals.of("2010-01-01T00:00:00.000Z/2010-01-02T00:00:00.000Z"));
    IntervalsResource intervalsResource = new IntervalsResource(inventoryView, new AuthConfig(), AuthTestUtils.TEST_AUTHORIZER_MAPPER);
    Response response = intervalsResource.getSpecificIntervals("2010-01-01T00:00:00.000Z/P1D", "simple", null, request);
    Map<Interval, Map<String, Object>> actualIntervals = (Map) response.getEntity();
    Assert.assertEquals(1, actualIntervals.size());
    Assert.assertTrue(actualIntervals.containsKey(expectedIntervals.get(0)));
    Assert.assertEquals(25L, actualIntervals.get(expectedIntervals.get(0)).get("size"));
    Assert.assertEquals(2, actualIntervals.get(expectedIntervals.get(0)).get("count"));
}
Also used : Response(javax.ws.rs.core.Response) ArrayList(java.util.ArrayList) AuthConfig(org.apache.druid.server.security.AuthConfig) TreeMap(java.util.TreeMap) Map(java.util.Map) AuthenticationResult(org.apache.druid.server.security.AuthenticationResult) Interval(org.joda.time.Interval) Test(org.junit.Test)

Example 54 with AuthenticationResult

use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.

the class PreResponseAuthorizationCheckFilterTest method testMissingAuthorizationCheck.

@Test
public void testMissingAuthorizationCheck() throws Exception {
    EmittingLogger.registerEmitter(EasyMock.createNiceMock(ServiceEmitter.class));
    expectedException.expect(ISE.class);
    expectedException.expectMessage("Request did not have an authorization check performed.");
    AuthenticationResult authenticationResult = new AuthenticationResult("so-very-valid", "so-very-valid", null, null);
    HttpServletRequest req = EasyMock.createStrictMock(HttpServletRequest.class);
    HttpServletResponse resp = EasyMock.createStrictMock(HttpServletResponse.class);
    FilterChain filterChain = EasyMock.createNiceMock(FilterChain.class);
    ServletOutputStream outputStream = EasyMock.createNiceMock(ServletOutputStream.class);
    EasyMock.expect(req.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(authenticationResult).once();
    EasyMock.expect(req.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).once();
    EasyMock.expect(resp.getStatus()).andReturn(200).once();
    EasyMock.expect(req.getRequestURI()).andReturn("uri").once();
    EasyMock.expect(req.getMethod()).andReturn("GET").once();
    EasyMock.expect(req.getRemoteAddr()).andReturn("1.2.3.4").once();
    EasyMock.expect(req.getRemoteHost()).andReturn("ahostname").once();
    EasyMock.expect(resp.isCommitted()).andReturn(true).once();
    resp.setStatus(403);
    EasyMock.expectLastCall().once();
    resp.setContentType("application/json");
    EasyMock.expectLastCall().once();
    resp.setCharacterEncoding("UTF-8");
    EasyMock.expectLastCall().once();
    EasyMock.replay(req, resp, filterChain, outputStream);
    PreResponseAuthorizationCheckFilter filter = new PreResponseAuthorizationCheckFilter(authenticators, new DefaultObjectMapper());
    filter.doFilter(req, resp, filterChain);
    EasyMock.verify(req, resp, filterChain, outputStream);
}
Also used : ServiceEmitter(org.apache.druid.java.util.emitter.service.ServiceEmitter) HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletOutputStream(javax.servlet.ServletOutputStream) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) PreResponseAuthorizationCheckFilter(org.apache.druid.server.security.PreResponseAuthorizationCheckFilter) DefaultObjectMapper(org.apache.druid.jackson.DefaultObjectMapper) AuthenticationResult(org.apache.druid.server.security.AuthenticationResult) Test(org.junit.Test)

Example 55 with AuthenticationResult

use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.

the class AsyncQueryForwardingServlet method sendProxyRequest.

@Override
protected void sendProxyRequest(HttpServletRequest clientRequest, HttpServletResponse proxyResponse, Request proxyRequest) {
    proxyRequest.timeout(httpClientConfig.getReadTimeout().getMillis(), TimeUnit.MILLISECONDS);
    proxyRequest.idleTimeout(httpClientConfig.getReadTimeout().getMillis(), TimeUnit.MILLISECONDS);
    byte[] avaticaQuery = (byte[]) clientRequest.getAttribute(AVATICA_QUERY_ATTRIBUTE);
    if (avaticaQuery != null) {
        proxyRequest.content(new BytesContentProvider(avaticaQuery));
    }
    final Query query = (Query) clientRequest.getAttribute(QUERY_ATTRIBUTE);
    final SqlQuery sqlQuery = (SqlQuery) clientRequest.getAttribute(SQL_QUERY_ATTRIBUTE);
    if (query != null) {
        setProxyRequestContent(proxyRequest, clientRequest, query);
    } else if (sqlQuery != null) {
        setProxyRequestContent(proxyRequest, clientRequest, sqlQuery);
    }
    // Since we can't see the request object on the remote side, we can't check whether the remote side actually
    // performed an authorization check here, so always set this to true for the proxy servlet.
    // If the remote node failed to perform an authorization check, PreResponseAuthorizationCheckFilter
    // will log that on the remote node.
    clientRequest.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
    // Check if there is an authentication result and use it to decorate the proxy request if needed.
    AuthenticationResult authenticationResult = (AuthenticationResult) clientRequest.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT);
    if (authenticationResult != null && authenticationResult.getAuthenticatedBy() != null) {
        Authenticator authenticator = authenticatorMapper.getAuthenticatorMap().get(authenticationResult.getAuthenticatedBy());
        if (authenticator != null) {
            authenticator.decorateProxyRequest(clientRequest, proxyResponse, proxyRequest);
        } else {
            LOG.error("Can not find Authenticator with Name [%s]", authenticationResult.getAuthenticatedBy());
        }
    }
    super.sendProxyRequest(clientRequest, proxyResponse, proxyRequest);
}
Also used : SqlQuery(org.apache.druid.sql.http.SqlQuery) Query(org.apache.druid.query.Query) SqlQuery(org.apache.druid.sql.http.SqlQuery) BytesContentProvider(org.eclipse.jetty.client.util.BytesContentProvider) Authenticator(org.apache.druid.server.security.Authenticator) AuthenticationResult(org.apache.druid.server.security.AuthenticationResult)

Aggregations

AuthenticationResult (org.apache.druid.server.security.AuthenticationResult)58 Test (org.junit.Test)40 Response (javax.ws.rs.core.Response)25 Access (org.apache.druid.server.security.Access)17 HttpServletRequest (javax.servlet.http.HttpServletRequest)16 Resource (org.apache.druid.server.security.Resource)12 HashMap (java.util.HashMap)10 List (java.util.List)10 AuthConfig (org.apache.druid.server.security.AuthConfig)10 Authorizer (org.apache.druid.server.security.Authorizer)10 ImmutableList (com.google.common.collect.ImmutableList)9 Map (java.util.Map)9 HttpServletResponse (javax.servlet.http.HttpServletResponse)8 AuthorizerMapper (org.apache.druid.server.security.AuthorizerMapper)8 FilterChain (javax.servlet.FilterChain)7 Action (org.apache.druid.server.security.Action)7 ArrayList (java.util.ArrayList)6 Set (java.util.Set)6 TreeMap (java.util.TreeMap)6 DefaultObjectMapper (org.apache.druid.jackson.DefaultObjectMapper)6