Example 51 with AuthenticationResult
use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.
the class DataSourcesResourceTest method testGetSimpleQueryableDataSources.
@Test
public void testGetSimpleQueryableDataSources() {
EasyMock.expect(server.getDataSources()).andReturn(listDataSources).atLeastOnce();
EasyMock.expect(server.getDataSource("datasource1")).andReturn(listDataSources.get(0)).atLeastOnce();
EasyMock.expect(server.getTier()).andReturn(null).atLeastOnce();
EasyMock.expect(server.getDataSource("datasource2")).andReturn(listDataSources.get(1)).atLeastOnce();
EasyMock.expect(inventoryView.getInventory()).andReturn(ImmutableList.of(server)).atLeastOnce();
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).once();
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).once();
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(new AuthenticationResult("druid", "druid", null, null)).atLeastOnce();
request.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
EasyMock.expectLastCall().times(1);
EasyMock.replay(inventoryView, server, request);
DataSourcesResource dataSourcesResource = new DataSourcesResource(inventoryView, null, null, null, AuthTestUtils.TEST_AUTHORIZER_MAPPER, null);
Response response = dataSourcesResource.getQueryableDataSources(null, "simple", request);
Assert.assertEquals(200, response.getStatus());
List<Map<String, Object>> results = (List<Map<String, Object>>) response.getEntity();
int index = 0;
for (Map<String, Object> entry : results) {
Assert.assertEquals(listDataSources.get(index).getName(), entry.get("name").toString());
Assert.assertTrue(((Map) ((Map) entry.get("properties")).get("tiers")).containsKey(null));
Assert.assertNotNull((((Map) entry.get("properties")).get("segments")));
Assert.assertEquals(1, ((Map) ((Map) entry.get("properties")).get("segments")).get("count"));
index++;
}
EasyMock.verify(inventoryView, server);
}
Also used :
Response(javax.ws.rs.core.Response)
List(java.util.List)
ArrayList(java.util.ArrayList)
ImmutableList(com.google.common.collect.ImmutableList)
Map(java.util.Map)
ImmutableMap(com.google.common.collect.ImmutableMap)
HashMap(java.util.HashMap)
Object2LongMap(it.unimi.dsi.fastutil.objects.Object2LongMap)
TreeMap(java.util.TreeMap)
Object2LongOpenHashMap(it.unimi.dsi.fastutil.objects.Object2LongOpenHashMap)
AuthenticationResult(org.apache.druid.server.security.AuthenticationResult)
Test(org.junit.Test)
Example 52 with AuthenticationResult
use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.
the class IntervalsResourceTest method testGetSpecificIntervals.
@Test
public void testGetSpecificIntervals() {
EasyMock.expect(inventoryView.getInventory()).andReturn(ImmutableList.of(server)).atLeastOnce();
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).once();
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).once();
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(new AuthenticationResult("druid", "druid", null, null)).once();
request.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
EasyMock.expectLastCall().times(1);
EasyMock.replay(inventoryView, request);
IntervalsResource intervalsResource = new IntervalsResource(inventoryView, new AuthConfig(), AuthTestUtils.TEST_AUTHORIZER_MAPPER);
Response response = intervalsResource.getSpecificIntervals("2010-01-01T00:00:00.000Z/P1D", null, null, request);
Map<String, Object> actualIntervals = (Map) response.getEntity();
Assert.assertEquals(2, actualIntervals.size());
Assert.assertEquals(25L, actualIntervals.get("size"));
Assert.assertEquals(2, actualIntervals.get("count"));
}
Also used :
Response(javax.ws.rs.core.Response)
AuthConfig(org.apache.druid.server.security.AuthConfig)
TreeMap(java.util.TreeMap)
Map(java.util.Map)
AuthenticationResult(org.apache.druid.server.security.AuthenticationResult)
Test(org.junit.Test)
Example 53 with AuthenticationResult
use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.
the class IntervalsResourceTest method testSimpleGetSpecificIntervals.
@Test
public void testSimpleGetSpecificIntervals() {
EasyMock.expect(inventoryView.getInventory()).andReturn(ImmutableList.of(server)).atLeastOnce();
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).once();
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).once();
EasyMock.expect(request.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(new AuthenticationResult("druid", "druid", null, null)).once();
request.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
EasyMock.expectLastCall().times(1);
EasyMock.replay(inventoryView, request);
List<Interval> expectedIntervals = new ArrayList<>();
expectedIntervals.add(Intervals.of("2010-01-01T00:00:00.000Z/2010-01-02T00:00:00.000Z"));
IntervalsResource intervalsResource = new IntervalsResource(inventoryView, new AuthConfig(), AuthTestUtils.TEST_AUTHORIZER_MAPPER);
Response response = intervalsResource.getSpecificIntervals("2010-01-01T00:00:00.000Z/P1D", "simple", null, request);
Map<Interval, Map<String, Object>> actualIntervals = (Map) response.getEntity();
Assert.assertEquals(1, actualIntervals.size());
Assert.assertTrue(actualIntervals.containsKey(expectedIntervals.get(0)));
Assert.assertEquals(25L, actualIntervals.get(expectedIntervals.get(0)).get("size"));
Assert.assertEquals(2, actualIntervals.get(expectedIntervals.get(0)).get("count"));
}
Also used :
Response(javax.ws.rs.core.Response)
ArrayList(java.util.ArrayList)
AuthConfig(org.apache.druid.server.security.AuthConfig)
TreeMap(java.util.TreeMap)
Map(java.util.Map)
AuthenticationResult(org.apache.druid.server.security.AuthenticationResult)
Interval(org.joda.time.Interval)
Test(org.junit.Test)
Example 54 with AuthenticationResult
use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.
the class PreResponseAuthorizationCheckFilterTest method testMissingAuthorizationCheck.
@Test
public void testMissingAuthorizationCheck() throws Exception {
EmittingLogger.registerEmitter(EasyMock.createNiceMock(ServiceEmitter.class));
expectedException.expect(ISE.class);
expectedException.expectMessage("Request did not have an authorization check performed.");
AuthenticationResult authenticationResult = new AuthenticationResult("so-very-valid", "so-very-valid", null, null);
HttpServletRequest req = EasyMock.createStrictMock(HttpServletRequest.class);
HttpServletResponse resp = EasyMock.createStrictMock(HttpServletResponse.class);
FilterChain filterChain = EasyMock.createNiceMock(FilterChain.class);
ServletOutputStream outputStream = EasyMock.createNiceMock(ServletOutputStream.class);
EasyMock.expect(req.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(authenticationResult).once();
EasyMock.expect(req.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).once();
EasyMock.expect(resp.getStatus()).andReturn(200).once();
EasyMock.expect(req.getRequestURI()).andReturn("uri").once();
EasyMock.expect(req.getMethod()).andReturn("GET").once();
EasyMock.expect(req.getRemoteAddr()).andReturn("1.2.3.4").once();
EasyMock.expect(req.getRemoteHost()).andReturn("ahostname").once();
EasyMock.expect(resp.isCommitted()).andReturn(true).once();
resp.setStatus(403);
EasyMock.expectLastCall().once();
resp.setContentType("application/json");
EasyMock.expectLastCall().once();
resp.setCharacterEncoding("UTF-8");
EasyMock.expectLastCall().once();
EasyMock.replay(req, resp, filterChain, outputStream);
PreResponseAuthorizationCheckFilter filter = new PreResponseAuthorizationCheckFilter(authenticators, new DefaultObjectMapper());
filter.doFilter(req, resp, filterChain);
EasyMock.verify(req, resp, filterChain, outputStream);
}
Also used :
ServiceEmitter(org.apache.druid.java.util.emitter.service.ServiceEmitter)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletOutputStream(javax.servlet.ServletOutputStream)
FilterChain(javax.servlet.FilterChain)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
PreResponseAuthorizationCheckFilter(org.apache.druid.server.security.PreResponseAuthorizationCheckFilter)
DefaultObjectMapper(org.apache.druid.jackson.DefaultObjectMapper)
AuthenticationResult(org.apache.druid.server.security.AuthenticationResult)
Test(org.junit.Test)
Example 55 with AuthenticationResult
use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.
the class AsyncQueryForwardingServlet method sendProxyRequest.
@Override
protected void sendProxyRequest(HttpServletRequest clientRequest, HttpServletResponse proxyResponse, Request proxyRequest) {
proxyRequest.timeout(httpClientConfig.getReadTimeout().getMillis(), TimeUnit.MILLISECONDS);
proxyRequest.idleTimeout(httpClientConfig.getReadTimeout().getMillis(), TimeUnit.MILLISECONDS);
byte[] avaticaQuery = (byte[]) clientRequest.getAttribute(AVATICA_QUERY_ATTRIBUTE);
if (avaticaQuery != null) {
proxyRequest.content(new BytesContentProvider(avaticaQuery));
}
final Query query = (Query) clientRequest.getAttribute(QUERY_ATTRIBUTE);
final SqlQuery sqlQuery = (SqlQuery) clientRequest.getAttribute(SQL_QUERY_ATTRIBUTE);
if (query != null) {
setProxyRequestContent(proxyRequest, clientRequest, query);
} else if (sqlQuery != null) {
setProxyRequestContent(proxyRequest, clientRequest, sqlQuery);
}
// Since we can't see the request object on the remote side, we can't check whether the remote side actually
// performed an authorization check here, so always set this to true for the proxy servlet.
// If the remote node failed to perform an authorization check, PreResponseAuthorizationCheckFilter
// will log that on the remote node.
clientRequest.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
// Check if there is an authentication result and use it to decorate the proxy request if needed.
AuthenticationResult authenticationResult = (AuthenticationResult) clientRequest.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT);
if (authenticationResult != null && authenticationResult.getAuthenticatedBy() != null) {
Authenticator authenticator = authenticatorMapper.getAuthenticatorMap().get(authenticationResult.getAuthenticatedBy());
if (authenticator != null) {
authenticator.decorateProxyRequest(clientRequest, proxyResponse, proxyRequest);
} else {
LOG.error("Can not find Authenticator with Name [%s]", authenticationResult.getAuthenticatedBy());
}
}
super.sendProxyRequest(clientRequest, proxyResponse, proxyRequest);
}
Also used :
SqlQuery(org.apache.druid.sql.http.SqlQuery)
Query(org.apache.druid.query.Query)
SqlQuery(org.apache.druid.sql.http.SqlQuery)
BytesContentProvider(org.eclipse.jetty.client.util.BytesContentProvider)
Authenticator(org.apache.druid.server.security.Authenticator)
AuthenticationResult(org.apache.druid.server.security.AuthenticationResult)
Aggregations
AuthenticationResult (org.apache.druid.server.security.AuthenticationResult)58
Test (org.junit.Test)40
Response (javax.ws.rs.core.Response)25
Access (org.apache.druid.server.security.Access)17
HttpServletRequest (javax.servlet.http.HttpServletRequest)16
Resource (org.apache.druid.server.security.Resource)12
HashMap (java.util.HashMap)10
List (java.util.List)10
AuthConfig (org.apache.druid.server.security.AuthConfig)10
Authorizer (org.apache.druid.server.security.Authorizer)10
ImmutableList (com.google.common.collect.ImmutableList)9
Map (java.util.Map)9
HttpServletResponse (javax.servlet.http.HttpServletResponse)8
AuthorizerMapper (org.apache.druid.server.security.AuthorizerMapper)8
FilterChain (javax.servlet.FilterChain)7
Action (org.apache.druid.server.security.Action)7
ArrayList (java.util.ArrayList)6
Set (java.util.Set)6
TreeMap (java.util.TreeMap)6
DefaultObjectMapper (org.apache.druid.jackson.DefaultObjectMapper)6
