Examples with AuthorizerMapper org.apache.druid.server.security.AuthorizerMapper used on opensource projects

Search in sources :

Example 16 with AuthorizerMapper

use of org.apache.druid.server.security.AuthorizerMapper in project druid by druid-io.

the class MetadataResource method getAllUsedSegmentsWithOvershadowedStatus.

private Response getAllUsedSegmentsWithOvershadowedStatus(HttpServletRequest req, @Nullable Set<String> dataSources) {
    DataSourcesSnapshot dataSourcesSnapshot = segmentsMetadataManager.getSnapshotOfDataSourcesWithAllUsedSegments();
    Collection<ImmutableDruidDataSource> dataSourcesWithUsedSegments = dataSourcesSnapshot.getDataSourcesWithAllUsedSegments();
    if (dataSources != null && !dataSources.isEmpty()) {
        dataSourcesWithUsedSegments = dataSourcesWithUsedSegments.stream().filter(dataSourceWithUsedSegments -> dataSources.contains(dataSourceWithUsedSegments.getName())).collect(Collectors.toList());
    }
    final Stream<DataSegment> usedSegments = dataSourcesWithUsedSegments.stream().flatMap(t -> t.getSegments().stream());
    final Set<SegmentId> overshadowedSegments = dataSourcesSnapshot.getOvershadowedSegments();
    final Stream<SegmentWithOvershadowedStatus> usedSegmentsWithOvershadowedStatus = usedSegments.map(segment -> new SegmentWithOvershadowedStatus(segment, overshadowedSegments.contains(segment.getId())));
    final Function<SegmentWithOvershadowedStatus, Iterable<ResourceAction>> raGenerator = segment -> Collections.singletonList(AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR.apply(segment.getDataSegment().getDataSource()));
    final Iterable<SegmentWithOvershadowedStatus> authorizedSegments = AuthorizationUtils.filterAuthorizedResources(req, usedSegmentsWithOvershadowedStatus::iterator, raGenerator, authorizerMapper);
    Response.ResponseBuilder builder = Response.status(Response.Status.OK);
    return builder.entity(authorizedSegments).build();
}
Also used : Iterables(com.google.common.collect.Iterables) PathParam(javax.ws.rs.PathParam) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) AuthorizerMapper(org.apache.druid.server.security.AuthorizerMapper) Inject(com.google.inject.Inject) SegmentWithOvershadowedStatus(org.apache.druid.timeline.SegmentWithOvershadowedStatus) Path(javax.ws.rs.Path) Collections2(com.google.common.collect.Collections2) ResourceFilters(com.sun.jersey.spi.container.ResourceFilters) DataSourcesSnapshot(org.apache.druid.client.DataSourcesSnapshot) TreeSet(java.util.TreeSet) Interval(org.joda.time.Interval) HttpServletRequest(javax.servlet.http.HttpServletRequest) MediaType(javax.ws.rs.core.MediaType) QueryParam(javax.ws.rs.QueryParam) ImmutableDruidDataSource(org.apache.druid.client.ImmutableDruidDataSource) Nullable(javax.annotation.Nullable) JettyUtils(org.apache.druid.server.JettyUtils) Function(com.google.common.base.Function) POST(javax.ws.rs.POST) Context(javax.ws.rs.core.Context) SegmentsMetadataManager(org.apache.druid.metadata.SegmentsMetadataManager) Collection(java.util.Collection) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Segments(org.apache.druid.indexing.overlord.Segments) Set(java.util.Set) Json(org.apache.druid.guice.annotations.Json) AuthorizationUtils(org.apache.druid.server.security.AuthorizationUtils) Collectors(java.util.stream.Collectors) DatasourceResourceFilter(org.apache.druid.server.http.security.DatasourceResourceFilter) List(java.util.List) Stream(java.util.stream.Stream) Response(javax.ws.rs.core.Response) ResourceAction(org.apache.druid.server.security.ResourceAction) IndexerMetadataStorageCoordinator(org.apache.druid.indexing.overlord.IndexerMetadataStorageCoordinator) DataSegment(org.apache.druid.timeline.DataSegment) UriInfo(javax.ws.rs.core.UriInfo) SegmentId(org.apache.druid.timeline.SegmentId) Collections(java.util.Collections) ImmutableDruidDataSource(org.apache.druid.client.ImmutableDruidDataSource) SegmentId(org.apache.druid.timeline.SegmentId) DataSegment(org.apache.druid.timeline.DataSegment) Response(javax.ws.rs.core.Response) SegmentWithOvershadowedStatus(org.apache.druid.timeline.SegmentWithOvershadowedStatus) DataSourcesSnapshot(org.apache.druid.client.DataSourcesSnapshot)

Example 17 with AuthorizerMapper

use of org.apache.druid.server.security.AuthorizerMapper in project druid by druid-io.

the class QueryResourceTest method testSecuredQuery.

@Test
public void testSecuredQuery() throws Exception {
    EasyMock.expect(testServletRequest.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).anyTimes();
    EasyMock.expect(testServletRequest.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).anyTimes();
    EasyMock.expect(testServletRequest.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(AUTHENTICATION_RESULT).anyTimes();
    testServletRequest.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, false);
    EasyMock.expectLastCall().times(1);
    testServletRequest.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true);
    EasyMock.expectLastCall().times(1);
    EasyMock.replay(testServletRequest);
    AuthorizerMapper authMapper = new AuthorizerMapper(null) {

        @Override
        public Authorizer getAuthorizer(String name) {
            return new Authorizer() {

                @Override
                public Access authorize(AuthenticationResult authenticationResult, Resource resource, Action action) {
                    if (resource.getName().equals("allow")) {
                        return new Access(true);
                    } else {
                        return new Access(false);
                    }
                }
            };
        }
    };
    queryResource = new QueryResource(new QueryLifecycleFactory(WAREHOUSE, TEST_SEGMENT_WALKER, new DefaultGenericQueryMetricsFactory(), new NoopServiceEmitter(), testRequestLogger, new AuthConfig(), authMapper, Suppliers.ofInstance(new DefaultQueryConfig(ImmutableMap.of()))), jsonMapper, smileMapper, queryScheduler, new AuthConfig(), authMapper, ResponseContextConfig.newConfig(true), DRUID_NODE);
    try {
        queryResource.doPost(new ByteArrayInputStream(SIMPLE_TIMESERIES_QUERY.getBytes(StandardCharsets.UTF_8)), null, /*pretty*/
        testServletRequest);
        Assert.fail("doPost did not throw ForbiddenException for an unauthorized query");
    } catch (ForbiddenException e) {
    }
    Response response = queryResource.doPost(new ByteArrayInputStream("{\"queryType\":\"timeBoundary\", \"dataSource\":\"allow\"}".getBytes(StandardCharsets.UTF_8)), null, /*pretty*/
    testServletRequest);
    final ByteArrayOutputStream baos = new ByteArrayOutputStream();
    ((StreamingOutput) response.getEntity()).write(baos);
    final List<Result<TimeBoundaryResultValue>> responses = jsonMapper.readValue(baos.toByteArray(), new TypeReference<List<Result<TimeBoundaryResultValue>>>() {
    });
    Assert.assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
    Assert.assertEquals(0, responses.size());
    Assert.assertEquals(1, testRequestLogger.getNativeQuerylogs().size());
    Assert.assertEquals(true, testRequestLogger.getNativeQuerylogs().get(0).getQueryStats().getStats().get("success"));
    Assert.assertEquals("druid", testRequestLogger.getNativeQuerylogs().get(0).getQueryStats().getStats().get("identity"));
}
Also used : Action(org.apache.druid.server.security.Action) ForbiddenException(org.apache.druid.server.security.ForbiddenException) Resource(org.apache.druid.server.security.Resource) Access(org.apache.druid.server.security.Access) NoopServiceEmitter(org.apache.druid.server.metrics.NoopServiceEmitter) StreamingOutput(javax.ws.rs.core.StreamingOutput) AuthConfig(org.apache.druid.server.security.AuthConfig) ByteArrayOutputStream(java.io.ByteArrayOutputStream) AuthenticationResult(org.apache.druid.server.security.AuthenticationResult) AuthenticationResult(org.apache.druid.server.security.AuthenticationResult) Result(org.apache.druid.query.Result) Response(javax.ws.rs.core.Response) ByteArrayInputStream(java.io.ByteArrayInputStream) Authorizer(org.apache.druid.server.security.Authorizer) TimeBoundaryResultValue(org.apache.druid.query.timeboundary.TimeBoundaryResultValue) AuthorizerMapper(org.apache.druid.server.security.AuthorizerMapper) List(java.util.List) ImmutableList(com.google.common.collect.ImmutableList) DefaultQueryConfig(org.apache.druid.query.DefaultQueryConfig) DefaultGenericQueryMetricsFactory(org.apache.druid.query.DefaultGenericQueryMetricsFactory) Test(org.junit.Test)

Example 18 with AuthorizerMapper

use of org.apache.druid.server.security.AuthorizerMapper in project druid by druid-io.

the class SqlResource method cancelQuery.

@DELETE
@Path("{id}")
@Produces(MediaType.APPLICATION_JSON)
public Response cancelQuery(@PathParam("id") String sqlQueryId, @Context final HttpServletRequest req) {
    log.debug("Received cancel request for query [%s]", sqlQueryId);
    List<SqlLifecycle> lifecycles = sqlLifecycleManager.getAll(sqlQueryId);
    if (lifecycles.isEmpty()) {
        return Response.status(Status.NOT_FOUND).build();
    }
    Set<ResourceAction> resources = lifecycles.stream().flatMap(lifecycle -> lifecycle.getRequiredResourceActions().stream()).collect(Collectors.toSet());
    Access access = AuthorizationUtils.authorizeAllResourceActions(req, resources, authorizerMapper);
    if (access.isAllowed()) {
        // should remove only the lifecycles in the snapshot.
        sqlLifecycleManager.removeAll(sqlQueryId, lifecycles);
        lifecycles.forEach(SqlLifecycle::cancel);
        return Response.status(Status.ACCEPTED).build();
    } else {
        return Response.status(Status.FORBIDDEN).build();
    }
}
Also used : Logger(org.apache.druid.java.util.common.logger.Logger) SqlLifecycle(org.apache.druid.sql.SqlLifecycle) PathParam(javax.ws.rs.PathParam) Produces(javax.ws.rs.Produces) AuthorizerMapper(org.apache.druid.server.security.AuthorizerMapper) Inject(com.google.inject.Inject) CountingOutputStream(com.google.common.io.CountingOutputStream) BadQueryException(org.apache.druid.query.BadQueryException) Path(javax.ws.rs.Path) Yielders(org.apache.druid.java.util.common.guava.Yielders) QueryCapacityExceededException(org.apache.druid.query.QueryCapacityExceededException) HttpServletRequest(javax.servlet.http.HttpServletRequest) MediaType(javax.ws.rs.core.MediaType) Consumes(javax.ws.rs.Consumes) SqlPlanningException(org.apache.druid.sql.SqlPlanningException) ForbiddenException(org.apache.druid.server.security.ForbiddenException) Yielder(org.apache.druid.java.util.common.guava.Yielder) Status(javax.ws.rs.core.Response.Status) Nullable(javax.annotation.Nullable) DELETE(javax.ws.rs.DELETE) SanitizableException(org.apache.druid.common.exception.SanitizableException) Sequence(org.apache.druid.java.util.common.guava.Sequence) Access(org.apache.druid.server.security.Access) POST(javax.ws.rs.POST) Context(javax.ws.rs.core.Context) ServerConfig(org.apache.druid.server.initialization.ServerConfig) QueryInterruptedException(org.apache.druid.query.QueryInterruptedException) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) SqlLifecycleFactory(org.apache.druid.sql.SqlLifecycleFactory) StringUtils(org.apache.druid.java.util.common.StringUtils) Set(java.util.Set) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) SqlRowTransformer(org.apache.druid.sql.SqlRowTransformer) StreamingOutput(javax.ws.rs.core.StreamingOutput) IOException(java.io.IOException) Json(org.apache.druid.guice.annotations.Json) AuthorizationUtils(org.apache.druid.server.security.AuthorizationUtils) SqlLifecycleManager(org.apache.druid.sql.SqlLifecycleManager) Collectors(java.util.stream.Collectors) List(java.util.List) QueryTimeoutException(org.apache.druid.query.QueryTimeoutException) Response(javax.ws.rs.core.Response) ResourceAction(org.apache.druid.server.security.ResourceAction) ResourceLimitExceededException(org.apache.druid.query.ResourceLimitExceededException) Preconditions(com.google.common.base.Preconditions) RelOptPlanner(org.apache.calcite.plan.RelOptPlanner) QueryUnsupportedException(org.apache.druid.query.QueryUnsupportedException) SqlLifecycle(org.apache.druid.sql.SqlLifecycle) Access(org.apache.druid.server.security.Access) ResourceAction(org.apache.druid.server.security.ResourceAction) Path(javax.ws.rs.Path) DELETE(javax.ws.rs.DELETE) Produces(javax.ws.rs.Produces)

Aggregations

AuthorizerMapper (org.apache.druid.server.security.AuthorizerMapper)18 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)10 Response (javax.ws.rs.core.Response)10 Access (org.apache.druid.server.security.Access)10 Action (org.apache.druid.server.security.Action)10 List (java.util.List)9 HttpServletRequest (javax.servlet.http.HttpServletRequest)8 Set (java.util.Set)7 Resource (org.apache.druid.server.security.Resource)7 Collections (java.util.Collections)6 Map (java.util.Map)6 Nullable (javax.annotation.Nullable)6 Path (javax.ws.rs.Path)6 Produces (javax.ws.rs.Produces)6 Context (javax.ws.rs.core.Context)6 MediaType (javax.ws.rs.core.MediaType)6 ForbiddenException (org.apache.druid.server.security.ForbiddenException)6 Collectors (java.util.stream.Collectors)5 GET (javax.ws.rs.GET)5 POST (javax.ws.rs.POST)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial