use of org.apache.druid.server.security.AuthenticatorMapper in project druid by druid-io.
the class CoordinatorBasicAuthenticatorMetadataStorageUpdaterTest method setUp.
@Before
public void setUp() {
objectMapper = new ObjectMapper(new SmileFactory());
TestDerbyConnector connector = derbyConnectorRule.getConnector();
MetadataStorageTablesConfig tablesConfig = derbyConnectorRule.metadataTablesConfigSupplier().get();
connector.createConfigTable();
updater = new CoordinatorBasicAuthenticatorMetadataStorageUpdater(new AuthenticatorMapper(ImmutableMap.of("test", new BasicHTTPAuthenticator(null, "test", "test", null, null, null, null, null, false, null))), connector, tablesConfig, new BasicAuthCommonCacheConfig(null, null, null, null), objectMapper, new NoopBasicAuthenticatorCacheNotifier(), null);
updater.start();
}
use of org.apache.druid.server.security.AuthenticatorMapper in project druid by druid-io.
the class CoordinatorBasicAuthenticatorResourceTest method setUp.
@Before
public void setUp() {
req = EasyMock.createStrictMock(HttpServletRequest.class);
objectMapper = new ObjectMapper(new SmileFactory());
TestDerbyConnector connector = derbyConnectorRule.getConnector();
MetadataStorageTablesConfig tablesConfig = derbyConnectorRule.metadataTablesConfigSupplier().get();
connector.createConfigTable();
ObjectMapper objectMapper = new ObjectMapper(new SmileFactory());
AuthenticatorMapper authenticatorMapper = new AuthenticatorMapper(ImmutableMap.of(AUTHENTICATOR_NAME, new BasicHTTPAuthenticator(null, AUTHENTICATOR_NAME, null, new DefaultPasswordProvider("druid"), new DefaultPasswordProvider("druid"), null, null, null, false, null), AUTHENTICATOR_NAME2, new BasicHTTPAuthenticator(null, AUTHENTICATOR_NAME2, null, new DefaultPasswordProvider("druid"), new DefaultPasswordProvider("druid"), null, null, null, false, null), AUTHENTICATOR_NAME_LDAP, new BasicHTTPAuthenticator(null, AUTHENTICATOR_NAME2, null, new DefaultPasswordProvider("druid"), new DefaultPasswordProvider("druid"), null, null, null, false, null)));
storageUpdater = new CoordinatorBasicAuthenticatorMetadataStorageUpdater(authenticatorMapper, connector, tablesConfig, new BasicAuthCommonCacheConfig(null, null, null, null), objectMapper, new NoopBasicAuthenticatorCacheNotifier(), null);
resource = new BasicAuthenticatorResource(new CoordinatorBasicAuthenticatorResourceHandler(storageUpdater, authenticatorMapper, objectMapper), authValidator);
storageUpdater.start();
}
use of org.apache.druid.server.security.AuthenticatorMapper in project druid by druid-io.
the class CoordinatorPollingBasicAuthenticatorCacheManager method initUserMaps.
private void initUserMaps() {
AuthenticatorMapper authenticatorMapper = injector.getInstance(AuthenticatorMapper.class);
if (authenticatorMapper == null || authenticatorMapper.getAuthenticatorMap() == null) {
return;
}
for (Map.Entry<String, Authenticator> entry : authenticatorMapper.getAuthenticatorMap().entrySet()) {
Authenticator authenticator = entry.getValue();
if (authenticator instanceof BasicHTTPAuthenticator) {
String authenticatorName = entry.getKey();
authenticatorPrefixes.add(authenticatorName);
Map<String, BasicAuthenticatorUser> userMap = fetchUserMapFromCoordinator(authenticatorName, true);
if (userMap != null) {
cachedUserMaps.put(authenticatorName, userMap);
}
}
}
}
use of org.apache.druid.server.security.AuthenticatorMapper in project druid by druid-io.
the class CoordinatorJettyServerInitializer method initialize.
@Override
public void initialize(Server server, Injector injector) {
final ServletContextHandler root = new ServletContextHandler(ServletContextHandler.SESSIONS);
root.setInitParameter("org.eclipse.jetty.servlet.Default.dirAllowed", "false");
ServletHolder holderPwd = new ServletHolder("default", DefaultServlet.class);
root.addServlet(holderPwd, "/");
final AuthConfig authConfig = injector.getInstance(AuthConfig.class);
final ObjectMapper jsonMapper = injector.getInstance(Key.get(ObjectMapper.class, Json.class));
final AuthenticatorMapper authenticatorMapper = injector.getInstance(AuthenticatorMapper.class);
AuthenticationUtils.addSecuritySanityCheckFilter(root, jsonMapper);
// perform no-op authorization/authentication for these resources
AuthenticationUtils.addNoopAuthenticationAndAuthorizationFilters(root, UNSECURED_PATHS);
WebConsoleJettyServerInitializer.intializeServerForWebConsoleRoot(root);
AuthenticationUtils.addNoopAuthenticationAndAuthorizationFilters(root, authConfig.getUnsecuredPaths());
if (beOverlord) {
AuthenticationUtils.addNoopAuthenticationAndAuthorizationFilters(root, CliOverlord.UNSECURED_PATHS);
}
List<Authenticator> authenticators = authenticatorMapper.getAuthenticatorChain();
AuthenticationUtils.addAuthenticationFilterChain(root, authenticators);
AuthenticationUtils.addAllowOptionsFilter(root, authConfig.isAllowUnauthenticatedHttpOptions());
JettyServerInitUtils.addAllowHttpMethodsFilter(root, serverConfig.getAllowedHttpMethods());
JettyServerInitUtils.addExtensionFilters(root, injector);
// Check that requests were authorized before sending responses
AuthenticationUtils.addPreResponseAuthorizationCheckFilter(root, authenticators, jsonMapper);
// add some paths not to be redirected to leader.
root.addFilter(GuiceFilter.class, "/status/*", null);
root.addFilter(GuiceFilter.class, "/druid-internal/*", null);
// redirect anything other than status to the current lead
root.addFilter(new FilterHolder(injector.getInstance(RedirectFilter.class)), "/*", null);
// The coordinator really needs a standarized api path
// Can't use '/*' here because of Guice and Jetty static content conflicts
root.addFilter(GuiceFilter.class, "/info/*", null);
root.addFilter(GuiceFilter.class, "/druid/coordinator/*", null);
if (beOverlord) {
root.addFilter(GuiceFilter.class, "/druid/indexer/*", null);
}
root.addFilter(GuiceFilter.class, "/druid-ext/*", null);
// this will be removed in the next major release
root.addFilter(GuiceFilter.class, "/coordinator/*", null);
if (!beOverlord) {
root.addServlet(new ServletHolder(injector.getInstance(OverlordProxyServlet.class)), "/druid/indexer/*");
}
HandlerList handlerList = new HandlerList();
handlerList.setHandlers(new Handler[] { WebConsoleJettyServerInitializer.createWebConsoleRewriteHandler(), JettyServerInitUtils.getJettyRequestLogHandler(), JettyServerInitUtils.wrapWithDefaultGzipHandler(root, serverConfig.getInflateBufferSize(), serverConfig.getCompressionLevel()) });
server.setHandler(handlerList);
}
use of org.apache.druid.server.security.AuthenticatorMapper in project druid by druid-io.
the class AsyncQueryForwardingServletTest method testHandleQueryParseExceptionWithFilterEnabled.
@Test
public void testHandleQueryParseExceptionWithFilterEnabled() throws Exception {
String errorMessage = "test exception message";
ObjectMapper mockMapper = Mockito.mock(ObjectMapper.class);
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
ServletOutputStream outputStream = Mockito.mock(ServletOutputStream.class);
Mockito.when(response.getOutputStream()).thenReturn(outputStream);
final AsyncQueryForwardingServlet servlet = new AsyncQueryForwardingServlet(new MapQueryToolChestWarehouse(ImmutableMap.of()), mockMapper, TestHelper.makeSmileMapper(), null, null, null, new NoopServiceEmitter(), new NoopRequestLogger(), new DefaultGenericQueryMetricsFactory(), new AuthenticatorMapper(ImmutableMap.of()), new Properties(), new ServerConfig() {
@Override
public boolean isShowDetailedJettyErrors() {
return true;
}
@Override
public ErrorResponseTransformStrategy getErrorResponseTransformStrategy() {
return new AllowedRegexErrorResponseTransformStrategy(ImmutableList.of());
}
});
IOException testException = new IOException(errorMessage);
servlet.handleQueryParseException(request, response, mockMapper, testException, false);
ArgumentCaptor<Exception> captor = ArgumentCaptor.forClass(Exception.class);
Mockito.verify(mockMapper).writeValue(ArgumentMatchers.eq(outputStream), captor.capture());
Assert.assertTrue(captor.getValue() instanceof QueryException);
Assert.assertEquals(QueryInterruptedException.UNKNOWN_EXCEPTION, ((QueryException) captor.getValue()).getErrorCode());
Assert.assertNull(captor.getValue().getMessage());
Assert.assertNull(((QueryException) captor.getValue()).getErrorClass());
Assert.assertNull(((QueryException) captor.getValue()).getHost());
}
Aggregations