Example 11 with Authorizer
use of org.apache.druid.server.security.Authorizer in project druid by druid-io.
the class QueryResourceTest method testSecuredQuery.
@Test
public void testSecuredQuery() throws Exception {
EasyMock.expect(testServletRequest.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).anyTimes();
EasyMock.expect(testServletRequest.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).anyTimes();
EasyMock.expect(testServletRequest.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(AUTHENTICATION_RESULT).anyTimes();
testServletRequest.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, false);
EasyMock.expectLastCall().times(1);
testServletRequest.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
EasyMock.expectLastCall().times(1);
EasyMock.replay(testServletRequest);
AuthorizerMapper authMapper = new AuthorizerMapper(null) {
@Override
public Authorizer getAuthorizer(String name) {
return new Authorizer() {
@Override
public Access authorize(AuthenticationResult authenticationResult, Resource resource, Action action) {
if (resource.getName().equals("allow")) {
return new Access(true);
} else {
return new Access(false);
}
}
};
}
};
queryResource = new QueryResource(new QueryLifecycleFactory(WAREHOUSE, TEST_SEGMENT_WALKER, new DefaultGenericQueryMetricsFactory(), new NoopServiceEmitter(), testRequestLogger, new AuthConfig(), authMapper, Suppliers.ofInstance(new DefaultQueryConfig(ImmutableMap.of()))), jsonMapper, smileMapper, queryScheduler, new AuthConfig(), authMapper, ResponseContextConfig.newConfig(true), DRUID_NODE);
try {
queryResource.doPost(new ByteArrayInputStream(SIMPLE_TIMESERIES_QUERY.getBytes(StandardCharsets.UTF_8)), null, /*pretty*/
testServletRequest);
Assert.fail("doPost did not throw ForbiddenException for an unauthorized query");
} catch (ForbiddenException e) {
}
Response response = queryResource.doPost(new ByteArrayInputStream("{\"queryType\":\"timeBoundary\", \"dataSource\":\"allow\"}".getBytes(StandardCharsets.UTF_8)), null, /*pretty*/
testServletRequest);
final ByteArrayOutputStream baos = new ByteArrayOutputStream();
((StreamingOutput) response.getEntity()).write(baos);
final List<Result<TimeBoundaryResultValue>> responses = jsonMapper.readValue(baos.toByteArray(), new TypeReference<List<Result<TimeBoundaryResultValue>>>() {
});
Assert.assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
Assert.assertEquals(0, responses.size());
Assert.assertEquals(1, testRequestLogger.getNativeQuerylogs().size());
Assert.assertEquals(true, testRequestLogger.getNativeQuerylogs().get(0).getQueryStats().getStats().get("success"));
Assert.assertEquals("druid", testRequestLogger.getNativeQuerylogs().get(0).getQueryStats().getStats().get("identity"));
}
Also used :
Action(org.apache.druid.server.security.Action)
ForbiddenException(org.apache.druid.server.security.ForbiddenException)
Resource(org.apache.druid.server.security.Resource)
Access(org.apache.druid.server.security.Access)
NoopServiceEmitter(org.apache.druid.server.metrics.NoopServiceEmitter)
StreamingOutput(javax.ws.rs.core.StreamingOutput)
AuthConfig(org.apache.druid.server.security.AuthConfig)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
AuthenticationResult(org.apache.druid.server.security.AuthenticationResult)
AuthenticationResult(org.apache.druid.server.security.AuthenticationResult)
Result(org.apache.druid.query.Result)
Response(javax.ws.rs.core.Response)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Authorizer(org.apache.druid.server.security.Authorizer)
TimeBoundaryResultValue(org.apache.druid.query.timeboundary.TimeBoundaryResultValue)
AuthorizerMapper(org.apache.druid.server.security.AuthorizerMapper)
List(java.util.List)
ImmutableList(com.google.common.collect.ImmutableList)
DefaultQueryConfig(org.apache.druid.query.DefaultQueryConfig)
DefaultGenericQueryMetricsFactory(org.apache.druid.query.DefaultGenericQueryMetricsFactory)
Test(org.junit.Test)
Example 12 with Authorizer
use of org.apache.druid.server.security.Authorizer in project druid by druid-io.
the class ResourceFilterTestHelper method setUpMockExpectations.
public void setUpMockExpectations(String requestPath, boolean authCheckResult, String requestMethod) {
EasyMock.expect(request.getPath()).andReturn(requestPath).anyTimes();
EasyMock.expect(request.getPathSegments()).andReturn(ImmutableList.copyOf(Iterables.transform(Arrays.asList(requestPath.split("/")), new Function<String, PathSegment>() {
@Override
public PathSegment apply(final String input) {
return new PathSegment() {
@Override
public String getPath() {
return input;
}
@Override
public MultivaluedMap<String, String> getMatrixParameters() {
return null;
}
};
}
}))).anyTimes();
EasyMock.expect(request.getMethod()).andReturn(requestMethod).anyTimes();
EasyMock.expect(req.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).anyTimes();
EasyMock.expect(req.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).anyTimes();
AuthenticationResult authenticationResult = new AuthenticationResult("druid", "druid", null, null);
EasyMock.expect(req.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(authenticationResult).atLeastOnce();
req.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, authCheckResult);
EasyMock.expectLastCall().anyTimes();
EasyMock.expect(authorizerMapper.getAuthorizer(EasyMock.anyString())).andReturn(new Authorizer() {
@Override
public Access authorize(AuthenticationResult authenticationResult1, Resource resource, Action action) {
return new Access(authCheckResult);
}
}).atLeastOnce();
}
Also used :
Function(com.google.common.base.Function)
Action(org.apache.druid.server.security.Action)
Authorizer(org.apache.druid.server.security.Authorizer)
Resource(org.apache.druid.server.security.Resource)
Access(org.apache.druid.server.security.Access)
PathSegment(javax.ws.rs.core.PathSegment)
AuthenticationResult(org.apache.druid.server.security.AuthenticationResult)
Aggregations
Authorizer (org.apache.druid.server.security.Authorizer)12
Access (org.apache.druid.server.security.Access)8
AuthenticationResult (org.apache.druid.server.security.AuthenticationResult)8
AuthorizerMapper (org.apache.druid.server.security.AuthorizerMapper)8
Action (org.apache.druid.server.security.Action)7
Resource (org.apache.druid.server.security.Resource)7
Test (org.junit.Test)5
Map (java.util.Map)4
Response (javax.ws.rs.core.Response)4
AuthConfig (org.apache.druid.server.security.AuthConfig)4
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)3
ByteArrayInputStream (java.io.ByteArrayInputStream)3
List (java.util.List)3
HttpServletRequest (javax.servlet.http.HttpServletRequest)3
BasicRoleBasedAuthorizer (org.apache.druid.security.basic.authorization.BasicRoleBasedAuthorizer)3
ForbiddenException (org.apache.druid.server.security.ForbiddenException)3
ImmutableList (com.google.common.collect.ImmutableList)2
IOException (java.io.IOException)2
Set (java.util.Set)2
ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)2
