Search in sources :

Example 6 with AuthenticatorMapper

use of org.apache.druid.server.security.AuthenticatorMapper in project druid by druid-io.

the class CoordinatorBasicAuthenticatorMetadataStorageUpdaterTest method setUp.

@Before
public void setUp() {
    objectMapper = new ObjectMapper(new SmileFactory());
    TestDerbyConnector connector = derbyConnectorRule.getConnector();
    MetadataStorageTablesConfig tablesConfig = derbyConnectorRule.metadataTablesConfigSupplier().get();
    connector.createConfigTable();
    updater = new CoordinatorBasicAuthenticatorMetadataStorageUpdater(new AuthenticatorMapper(ImmutableMap.of("test", new BasicHTTPAuthenticator(null, "test", "test", null, null, null, null, null, false, null))), connector, tablesConfig, new BasicAuthCommonCacheConfig(null, null, null, null), objectMapper, new NoopBasicAuthenticatorCacheNotifier(), null);
    updater.start();
}
Also used : AuthenticatorMapper(org.apache.druid.server.security.AuthenticatorMapper) BasicHTTPAuthenticator(org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator) MetadataStorageTablesConfig(org.apache.druid.metadata.MetadataStorageTablesConfig) SmileFactory(com.fasterxml.jackson.dataformat.smile.SmileFactory) CoordinatorBasicAuthenticatorMetadataStorageUpdater(org.apache.druid.security.basic.authentication.db.updater.CoordinatorBasicAuthenticatorMetadataStorageUpdater) BasicAuthCommonCacheConfig(org.apache.druid.security.basic.BasicAuthCommonCacheConfig) TestDerbyConnector(org.apache.druid.metadata.TestDerbyConnector) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Before(org.junit.Before)

Example 7 with AuthenticatorMapper

use of org.apache.druid.server.security.AuthenticatorMapper in project druid by druid-io.

the class CoordinatorBasicAuthenticatorResourceTest method setUp.

@Before
public void setUp() {
    req = EasyMock.createStrictMock(HttpServletRequest.class);
    objectMapper = new ObjectMapper(new SmileFactory());
    TestDerbyConnector connector = derbyConnectorRule.getConnector();
    MetadataStorageTablesConfig tablesConfig = derbyConnectorRule.metadataTablesConfigSupplier().get();
    connector.createConfigTable();
    ObjectMapper objectMapper = new ObjectMapper(new SmileFactory());
    AuthenticatorMapper authenticatorMapper = new AuthenticatorMapper(ImmutableMap.of(AUTHENTICATOR_NAME, new BasicHTTPAuthenticator(null, AUTHENTICATOR_NAME, null, new DefaultPasswordProvider("druid"), new DefaultPasswordProvider("druid"), null, null, null, false, null), AUTHENTICATOR_NAME2, new BasicHTTPAuthenticator(null, AUTHENTICATOR_NAME2, null, new DefaultPasswordProvider("druid"), new DefaultPasswordProvider("druid"), null, null, null, false, null), AUTHENTICATOR_NAME_LDAP, new BasicHTTPAuthenticator(null, AUTHENTICATOR_NAME2, null, new DefaultPasswordProvider("druid"), new DefaultPasswordProvider("druid"), null, null, null, false, null)));
    storageUpdater = new CoordinatorBasicAuthenticatorMetadataStorageUpdater(authenticatorMapper, connector, tablesConfig, new BasicAuthCommonCacheConfig(null, null, null, null), objectMapper, new NoopBasicAuthenticatorCacheNotifier(), null);
    resource = new BasicAuthenticatorResource(new CoordinatorBasicAuthenticatorResourceHandler(storageUpdater, authenticatorMapper, objectMapper), authValidator);
    storageUpdater.start();
}
Also used : CoordinatorBasicAuthenticatorResourceHandler(org.apache.druid.security.basic.authentication.endpoint.CoordinatorBasicAuthenticatorResourceHandler) CoordinatorBasicAuthenticatorMetadataStorageUpdater(org.apache.druid.security.basic.authentication.db.updater.CoordinatorBasicAuthenticatorMetadataStorageUpdater) BasicAuthCommonCacheConfig(org.apache.druid.security.basic.BasicAuthCommonCacheConfig) TestDerbyConnector(org.apache.druid.metadata.TestDerbyConnector) HttpServletRequest(javax.servlet.http.HttpServletRequest) AuthenticatorMapper(org.apache.druid.server.security.AuthenticatorMapper) BasicHTTPAuthenticator(org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator) MetadataStorageTablesConfig(org.apache.druid.metadata.MetadataStorageTablesConfig) SmileFactory(com.fasterxml.jackson.dataformat.smile.SmileFactory) BasicAuthenticatorResource(org.apache.druid.security.basic.authentication.endpoint.BasicAuthenticatorResource) DefaultPasswordProvider(org.apache.druid.metadata.DefaultPasswordProvider) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Before(org.junit.Before)

Example 8 with AuthenticatorMapper

use of org.apache.druid.server.security.AuthenticatorMapper in project druid by druid-io.

the class CoordinatorPollingBasicAuthenticatorCacheManager method initUserMaps.

private void initUserMaps() {
    AuthenticatorMapper authenticatorMapper = injector.getInstance(AuthenticatorMapper.class);
    if (authenticatorMapper == null || authenticatorMapper.getAuthenticatorMap() == null) {
        return;
    }
    for (Map.Entry<String, Authenticator> entry : authenticatorMapper.getAuthenticatorMap().entrySet()) {
        Authenticator authenticator = entry.getValue();
        if (authenticator instanceof BasicHTTPAuthenticator) {
            String authenticatorName = entry.getKey();
            authenticatorPrefixes.add(authenticatorName);
            Map<String, BasicAuthenticatorUser> userMap = fetchUserMapFromCoordinator(authenticatorName, true);
            if (userMap != null) {
                cachedUserMaps.put(authenticatorName, userMap);
            }
        }
    }
}
Also used : AuthenticatorMapper(org.apache.druid.server.security.AuthenticatorMapper) BasicHTTPAuthenticator(org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator) BasicAuthenticatorUser(org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorUser) Map(java.util.Map) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) Authenticator(org.apache.druid.server.security.Authenticator) BasicHTTPAuthenticator(org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator)

Example 9 with AuthenticatorMapper

use of org.apache.druid.server.security.AuthenticatorMapper in project druid by druid-io.

the class CoordinatorJettyServerInitializer method initialize.

@Override
public void initialize(Server server, Injector injector) {
    final ServletContextHandler root = new ServletContextHandler(ServletContextHandler.SESSIONS);
    root.setInitParameter("org.eclipse.jetty.servlet.Default.dirAllowed", "false");
    ServletHolder holderPwd = new ServletHolder("default", DefaultServlet.class);
    root.addServlet(holderPwd, "/");
    final AuthConfig authConfig = injector.getInstance(AuthConfig.class);
    final ObjectMapper jsonMapper = injector.getInstance(Key.get(ObjectMapper.class, Json.class));
    final AuthenticatorMapper authenticatorMapper = injector.getInstance(AuthenticatorMapper.class);
    AuthenticationUtils.addSecuritySanityCheckFilter(root, jsonMapper);
    // perform no-op authorization/authentication for these resources
    AuthenticationUtils.addNoopAuthenticationAndAuthorizationFilters(root, UNSECURED_PATHS);
    WebConsoleJettyServerInitializer.intializeServerForWebConsoleRoot(root);
    AuthenticationUtils.addNoopAuthenticationAndAuthorizationFilters(root, authConfig.getUnsecuredPaths());
    if (beOverlord) {
        AuthenticationUtils.addNoopAuthenticationAndAuthorizationFilters(root, CliOverlord.UNSECURED_PATHS);
    }
    List<Authenticator> authenticators = authenticatorMapper.getAuthenticatorChain();
    AuthenticationUtils.addAuthenticationFilterChain(root, authenticators);
    AuthenticationUtils.addAllowOptionsFilter(root, authConfig.isAllowUnauthenticatedHttpOptions());
    JettyServerInitUtils.addAllowHttpMethodsFilter(root, serverConfig.getAllowedHttpMethods());
    JettyServerInitUtils.addExtensionFilters(root, injector);
    // Check that requests were authorized before sending responses
    AuthenticationUtils.addPreResponseAuthorizationCheckFilter(root, authenticators, jsonMapper);
    // add some paths not to be redirected to leader.
    root.addFilter(GuiceFilter.class, "/status/*", null);
    root.addFilter(GuiceFilter.class, "/druid-internal/*", null);
    // redirect anything other than status to the current lead
    root.addFilter(new FilterHolder(injector.getInstance(RedirectFilter.class)), "/*", null);
    // The coordinator really needs a standarized api path
    // Can't use '/*' here because of Guice and Jetty static content conflicts
    root.addFilter(GuiceFilter.class, "/info/*", null);
    root.addFilter(GuiceFilter.class, "/druid/coordinator/*", null);
    if (beOverlord) {
        root.addFilter(GuiceFilter.class, "/druid/indexer/*", null);
    }
    root.addFilter(GuiceFilter.class, "/druid-ext/*", null);
    // this will be removed in the next major release
    root.addFilter(GuiceFilter.class, "/coordinator/*", null);
    if (!beOverlord) {
        root.addServlet(new ServletHolder(injector.getInstance(OverlordProxyServlet.class)), "/druid/indexer/*");
    }
    HandlerList handlerList = new HandlerList();
    handlerList.setHandlers(new Handler[] { WebConsoleJettyServerInitializer.createWebConsoleRewriteHandler(), JettyServerInitUtils.getJettyRequestLogHandler(), JettyServerInitUtils.wrapWithDefaultGzipHandler(root, serverConfig.getInflateBufferSize(), serverConfig.getCompressionLevel()) });
    server.setHandler(handlerList);
}
Also used : AuthenticatorMapper(org.apache.druid.server.security.AuthenticatorMapper) HandlerList(org.eclipse.jetty.server.handler.HandlerList) FilterHolder(org.eclipse.jetty.servlet.FilterHolder) ServletHolder(org.eclipse.jetty.servlet.ServletHolder) AuthConfig(org.apache.druid.server.security.AuthConfig) Json(org.apache.druid.guice.annotations.Json) ServletContextHandler(org.eclipse.jetty.servlet.ServletContextHandler) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Authenticator(org.apache.druid.server.security.Authenticator)

Example 10 with AuthenticatorMapper

use of org.apache.druid.server.security.AuthenticatorMapper in project druid by druid-io.

the class AsyncQueryForwardingServletTest method testHandleQueryParseExceptionWithFilterEnabled.

@Test
public void testHandleQueryParseExceptionWithFilterEnabled() throws Exception {
    String errorMessage = "test exception message";
    ObjectMapper mockMapper = Mockito.mock(ObjectMapper.class);
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
    ServletOutputStream outputStream = Mockito.mock(ServletOutputStream.class);
    Mockito.when(response.getOutputStream()).thenReturn(outputStream);
    final AsyncQueryForwardingServlet servlet = new AsyncQueryForwardingServlet(new MapQueryToolChestWarehouse(ImmutableMap.of()), mockMapper, TestHelper.makeSmileMapper(), null, null, null, new NoopServiceEmitter(), new NoopRequestLogger(), new DefaultGenericQueryMetricsFactory(), new AuthenticatorMapper(ImmutableMap.of()), new Properties(), new ServerConfig() {

        @Override
        public boolean isShowDetailedJettyErrors() {
            return true;
        }

        @Override
        public ErrorResponseTransformStrategy getErrorResponseTransformStrategy() {
            return new AllowedRegexErrorResponseTransformStrategy(ImmutableList.of());
        }
    });
    IOException testException = new IOException(errorMessage);
    servlet.handleQueryParseException(request, response, mockMapper, testException, false);
    ArgumentCaptor<Exception> captor = ArgumentCaptor.forClass(Exception.class);
    Mockito.verify(mockMapper).writeValue(ArgumentMatchers.eq(outputStream), captor.capture());
    Assert.assertTrue(captor.getValue() instanceof QueryException);
    Assert.assertEquals(QueryInterruptedException.UNKNOWN_EXCEPTION, ((QueryException) captor.getValue()).getErrorCode());
    Assert.assertNull(captor.getValue().getMessage());
    Assert.assertNull(((QueryException) captor.getValue()).getErrorClass());
    Assert.assertNull(((QueryException) captor.getValue()).getHost());
}
Also used : ServletOutputStream(javax.servlet.ServletOutputStream) HttpServletResponse(javax.servlet.http.HttpServletResponse) NoopRequestLogger(org.apache.druid.server.log.NoopRequestLogger) NoopServiceEmitter(org.apache.druid.server.metrics.NoopServiceEmitter) IOException(java.io.IOException) Properties(java.util.Properties) QueryException(org.apache.druid.query.QueryException) QueryInterruptedException(org.apache.druid.query.QueryInterruptedException) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) IOException(java.io.IOException) HttpServletRequest(javax.servlet.http.HttpServletRequest) AuthenticatorMapper(org.apache.druid.server.security.AuthenticatorMapper) ServerConfig(org.apache.druid.server.initialization.ServerConfig) QueryException(org.apache.druid.query.QueryException) ErrorResponseTransformStrategy(org.apache.druid.common.exception.ErrorResponseTransformStrategy) AllowedRegexErrorResponseTransformStrategy(org.apache.druid.common.exception.AllowedRegexErrorResponseTransformStrategy) MapQueryToolChestWarehouse(org.apache.druid.query.MapQueryToolChestWarehouse) AllowedRegexErrorResponseTransformStrategy(org.apache.druid.common.exception.AllowedRegexErrorResponseTransformStrategy) DefaultGenericQueryMetricsFactory(org.apache.druid.query.DefaultGenericQueryMetricsFactory) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) BaseJettyTest(org.apache.druid.server.initialization.BaseJettyTest) Test(org.junit.Test)

Aggregations

AuthenticatorMapper (org.apache.druid.server.security.AuthenticatorMapper)14 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)13 HttpServletResponse (javax.servlet.http.HttpServletResponse)7 DefaultGenericQueryMetricsFactory (org.apache.druid.query.DefaultGenericQueryMetricsFactory)7 MapQueryToolChestWarehouse (org.apache.druid.query.MapQueryToolChestWarehouse)7 ServerConfig (org.apache.druid.server.initialization.ServerConfig)7 NoopRequestLogger (org.apache.druid.server.log.NoopRequestLogger)7 NoopServiceEmitter (org.apache.druid.server.metrics.NoopServiceEmitter)7 JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)6 IOException (java.io.IOException)6 Properties (java.util.Properties)6 ServletOutputStream (javax.servlet.ServletOutputStream)6 QueryException (org.apache.druid.query.QueryException)6 QueryInterruptedException (org.apache.druid.query.QueryInterruptedException)6 BaseJettyTest (org.apache.druid.server.initialization.BaseJettyTest)6 Test (org.junit.Test)6 HttpServletRequest (javax.servlet.http.HttpServletRequest)5 Authenticator (org.apache.druid.server.security.Authenticator)5 AllowedRegexErrorResponseTransformStrategy (org.apache.druid.common.exception.AllowedRegexErrorResponseTransformStrategy)4 ErrorResponseTransformStrategy (org.apache.druid.common.exception.ErrorResponseTransformStrategy)4