use of org.apache.druid.server.security.AuthenticatorMapper in project druid by druid-io.
the class MiddleManagerJettyServerInitializer method initialize.
@Override
public void initialize(Server server, Injector injector) {
final ServletContextHandler root = new ServletContextHandler(ServletContextHandler.SESSIONS);
root.addServlet(new ServletHolder(new DefaultServlet()), "/*");
final AuthConfig authConfig = injector.getInstance(AuthConfig.class);
final ObjectMapper jsonMapper = injector.getInstance(Key.get(ObjectMapper.class, Json.class));
final AuthenticatorMapper authenticatorMapper = injector.getInstance(AuthenticatorMapper.class);
AuthenticationUtils.addSecuritySanityCheckFilter(root, jsonMapper);
// perform no-op authorization/authentication for these resources
AuthenticationUtils.addNoopAuthenticationAndAuthorizationFilters(root, UNSECURED_PATHS);
AuthenticationUtils.addNoopAuthenticationAndAuthorizationFilters(root, authConfig.getUnsecuredPaths());
final List<Authenticator> authenticators = authenticatorMapper.getAuthenticatorChain();
AuthenticationUtils.addAuthenticationFilterChain(root, authenticators);
AuthenticationUtils.addAllowOptionsFilter(root, authConfig.isAllowUnauthenticatedHttpOptions());
JettyServerInitUtils.addAllowHttpMethodsFilter(root, serverConfig.getAllowedHttpMethods());
JettyServerInitUtils.addExtensionFilters(root, injector);
// Check that requests were authorized before sending responses
AuthenticationUtils.addPreResponseAuthorizationCheckFilter(root, authenticators, jsonMapper);
root.addFilter(GuiceFilter.class, "/*", null);
final HandlerList handlerList = new HandlerList();
handlerList.setHandlers(new Handler[] { JettyServerInitUtils.getJettyRequestLogHandler(), JettyServerInitUtils.wrapWithDefaultGzipHandler(root, serverConfig.getInflateBufferSize(), serverConfig.getCompressionLevel()), new DefaultHandler() });
server.setHandler(handlerList);
}
use of org.apache.druid.server.security.AuthenticatorMapper in project druid by druid-io.
the class QueryJettyServerInitializer method initialize.
@Override
public void initialize(Server server, Injector injector) {
final ServletContextHandler root = new ServletContextHandler(ServletContextHandler.SESSIONS);
root.addServlet(new ServletHolder(new DefaultServlet()), "/*");
// Add LimitRequestsFilter as first in the chain if enabled.
if (serverConfig.isEnableRequestLimit()) {
// To reject xth request, limit should be set to x-1 because (x+1)st request wouldn't reach filter
// but rather wait on jetty queue.
Preconditions.checkArgument(serverConfig.getNumThreads() > 1, "numThreads must be > 1 to enable Request Limit Filter.");
log.info("Enabling Request Limit Filter with limit [%d].", serverConfig.getNumThreads() - 1);
root.addFilter(new FilterHolder(new LimitRequestsFilter(serverConfig.getNumThreads() - 1)), "/*", null);
}
final ObjectMapper jsonMapper = injector.getInstance(Key.get(ObjectMapper.class, Json.class));
final AuthenticatorMapper authenticatorMapper = injector.getInstance(AuthenticatorMapper.class);
AuthenticationUtils.addSecuritySanityCheckFilter(root, jsonMapper);
// perform no-op authorization for these resources
AuthenticationUtils.addNoopAuthenticationAndAuthorizationFilters(root, UNSECURED_PATHS);
AuthenticationUtils.addNoopAuthenticationAndAuthorizationFilters(root, authConfig.getUnsecuredPaths());
List<Authenticator> authenticators = authenticatorMapper.getAuthenticatorChain();
AuthenticationUtils.addAuthenticationFilterChain(root, authenticators);
AuthenticationUtils.addAllowOptionsFilter(root, authConfig.isAllowUnauthenticatedHttpOptions());
JettyServerInitUtils.addAllowHttpMethodsFilter(root, serverConfig.getAllowedHttpMethods());
JettyServerInitUtils.addExtensionFilters(root, injector);
// Check that requests were authorized before sending responses
AuthenticationUtils.addPreResponseAuthorizationCheckFilter(root, authenticators, jsonMapper);
root.addFilter(GuiceFilter.class, "/*", null);
final HandlerList handlerList = new HandlerList();
// Do not change the order of the handlers that have already been added
for (Handler handler : server.getHandlers()) {
handlerList.addHandler(handler);
}
handlerList.addHandler(JettyServerInitUtils.getJettyRequestLogHandler());
// Add all extension handlers
for (Handler handler : extensionHandlers) {
handlerList.addHandler(handler);
}
// Add Gzip handler at the very end
handlerList.addHandler(JettyServerInitUtils.wrapWithDefaultGzipHandler(root, serverConfig.getInflateBufferSize(), serverConfig.getCompressionLevel()));
final StatisticsHandler statisticsHandler = new StatisticsHandler();
statisticsHandler.setHandler(handlerList);
server.setHandler(statisticsHandler);
}
use of org.apache.druid.server.security.AuthenticatorMapper in project druid by druid-io.
the class AsyncQueryForwardingServletTest method testHandleExceptionWithFilterDisabled.
@Test
public void testHandleExceptionWithFilterDisabled() throws Exception {
String errorMessage = "test exception message";
ObjectMapper mockMapper = Mockito.mock(ObjectMapper.class);
HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
ServletOutputStream outputStream = Mockito.mock(ServletOutputStream.class);
Mockito.when(response.getOutputStream()).thenReturn(outputStream);
final AsyncQueryForwardingServlet servlet = new AsyncQueryForwardingServlet(new MapQueryToolChestWarehouse(ImmutableMap.of()), mockMapper, TestHelper.makeSmileMapper(), null, null, null, new NoopServiceEmitter(), new NoopRequestLogger(), new DefaultGenericQueryMetricsFactory(), new AuthenticatorMapper(ImmutableMap.of()), new Properties(), new ServerConfig());
Exception testException = new IllegalStateException(errorMessage);
servlet.handleException(response, mockMapper, testException);
ArgumentCaptor<Exception> captor = ArgumentCaptor.forClass(Exception.class);
Mockito.verify(mockMapper).writeValue(ArgumentMatchers.eq(outputStream), captor.capture());
Assert.assertTrue(captor.getValue() instanceof QueryException);
Assert.assertEquals(QueryInterruptedException.UNKNOWN_EXCEPTION, ((QueryException) captor.getValue()).getErrorCode());
Assert.assertEquals(errorMessage, captor.getValue().getMessage());
Assert.assertEquals(IllegalStateException.class.getName(), ((QueryException) captor.getValue()).getErrorClass());
}
use of org.apache.druid.server.security.AuthenticatorMapper in project druid by druid-io.
the class AsyncQueryForwardingServletTest method testHandleExceptionWithFilterEnabledButMessageMatchAllowedRegex.
@Test
public void testHandleExceptionWithFilterEnabledButMessageMatchAllowedRegex() throws Exception {
String errorMessage = "test exception message";
ObjectMapper mockMapper = Mockito.mock(ObjectMapper.class);
HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
ServletOutputStream outputStream = Mockito.mock(ServletOutputStream.class);
Mockito.when(response.getOutputStream()).thenReturn(outputStream);
final AsyncQueryForwardingServlet servlet = new AsyncQueryForwardingServlet(new MapQueryToolChestWarehouse(ImmutableMap.of()), mockMapper, TestHelper.makeSmileMapper(), null, null, null, new NoopServiceEmitter(), new NoopRequestLogger(), new DefaultGenericQueryMetricsFactory(), new AuthenticatorMapper(ImmutableMap.of()), new Properties(), new ServerConfig() {
@Override
public boolean isShowDetailedJettyErrors() {
return true;
}
@Override
public ErrorResponseTransformStrategy getErrorResponseTransformStrategy() {
return new AllowedRegexErrorResponseTransformStrategy(ImmutableList.of("test .*"));
}
});
Exception testException = new IllegalStateException(errorMessage);
servlet.handleException(response, mockMapper, testException);
ArgumentCaptor<Exception> captor = ArgumentCaptor.forClass(Exception.class);
Mockito.verify(mockMapper).writeValue(ArgumentMatchers.eq(outputStream), captor.capture());
Assert.assertTrue(captor.getValue() instanceof QueryException);
Assert.assertEquals(QueryInterruptedException.UNKNOWN_EXCEPTION, ((QueryException) captor.getValue()).getErrorCode());
Assert.assertEquals(errorMessage, captor.getValue().getMessage());
Assert.assertNull(((QueryException) captor.getValue()).getErrorClass());
Assert.assertNull(((QueryException) captor.getValue()).getHost());
}
use of org.apache.druid.server.security.AuthenticatorMapper in project druid by druid-io.
the class AsyncQueryForwardingServletTest method verifyServletCallsForQuery.
/**
* Verifies that the Servlet calls the right methods the right number of times.
*/
private void verifyServletCallsForQuery(Object query, boolean isSql, QueryHostFinder hostFinder, Properties properties) throws Exception {
final ObjectMapper jsonMapper = TestHelper.makeJsonMapper();
final HttpServletRequest requestMock = EasyMock.createMock(HttpServletRequest.class);
final ByteArrayInputStream inputStream = new ByteArrayInputStream(jsonMapper.writeValueAsBytes(query));
final ServletInputStream servletInputStream = new ServletInputStream() {
private boolean finished;
@Override
public boolean isFinished() {
return finished;
}
@Override
public boolean isReady() {
return true;
}
@Override
public void setReadListener(final ReadListener readListener) {
// do nothing
}
@Override
public int read() {
final int b = inputStream.read();
if (b < 0) {
finished = true;
}
return b;
}
};
EasyMock.expect(requestMock.getContentType()).andReturn("application/json").times(2);
requestMock.setAttribute("org.apache.druid.proxy.objectMapper", jsonMapper);
EasyMock.expectLastCall();
EasyMock.expect(requestMock.getRequestURI()).andReturn(isSql ? "/druid/v2/sql" : "/druid/v2/");
EasyMock.expect(requestMock.getMethod()).andReturn("POST");
EasyMock.expect(requestMock.getInputStream()).andReturn(servletInputStream);
requestMock.setAttribute(isSql ? "org.apache.druid.proxy.sqlQuery" : "org.apache.druid.proxy.query", query);
requestMock.setAttribute("org.apache.druid.proxy.to.host", "1.2.3.4:9999");
requestMock.setAttribute("org.apache.druid.proxy.to.host.scheme", "http");
EasyMock.expectLastCall();
EasyMock.replay(requestMock);
final AtomicLong didService = new AtomicLong();
final AsyncQueryForwardingServlet servlet = new AsyncQueryForwardingServlet(new MapQueryToolChestWarehouse(ImmutableMap.of()), jsonMapper, TestHelper.makeSmileMapper(), hostFinder, null, null, new NoopServiceEmitter(), new NoopRequestLogger(), new DefaultGenericQueryMetricsFactory(), new AuthenticatorMapper(ImmutableMap.of()), properties, new ServerConfig()) {
@Override
protected void doService(final HttpServletRequest request, final HttpServletResponse response) {
didService.incrementAndGet();
}
};
servlet.service(requestMock, null);
// This test is mostly about verifying that the servlet calls the right methods the right number of times.
EasyMock.verify(hostFinder, requestMock);
Assert.assertEquals(1, didService.get());
}
Aggregations