Search in sources :

Example 6 with ForbiddenException

use of org.apache.druid.server.security.ForbiddenException in project druid by druid-io.

the class SqlLifecycle method runSimple.

@VisibleForTesting
public Sequence<Object[]> runSimple(String sql, Map<String, Object> queryContext, List<SqlParameter> parameters, AuthenticationResult authenticationResult) throws RelConversionException {
    Sequence<Object[]> result;
    initialize(sql, queryContext);
    try {
        setParameters(SqlQuery.getParameterList(parameters));
        validateAndAuthorize(authenticationResult);
        plan();
        result = execute();
    } catch (Throwable e) {
        if (!(e instanceof ForbiddenException)) {
            finalizeStateAndEmitLogsAndMetrics(e, null, -1);
        }
        throw e;
    }
    return Sequences.wrap(result, new SequenceWrapper() {

        @Override
        public void after(boolean isDone, Throwable thrown) {
            finalizeStateAndEmitLogsAndMetrics(thrown, null, -1);
        }
    });
}
Also used : SequenceWrapper(org.apache.druid.java.util.common.guava.SequenceWrapper) ForbiddenException(org.apache.druid.server.security.ForbiddenException) VisibleForTesting(com.google.common.annotations.VisibleForTesting)

Example 7 with ForbiddenException

use of org.apache.druid.server.security.ForbiddenException in project druid by druid-io.

the class DruidMeta method prepare.

@Override
public StatementHandle prepare(final ConnectionHandle ch, final String sql, final long maxRowCount) {
    try {
        final StatementHandle statement = createStatement(ch);
        final DruidStatement druidStatement;
        try {
            druidStatement = getDruidStatement(statement);
        } catch (NoSuchStatementException e) {
            throw logFailure(new ISE(e, e.getMessage()));
        }
        final DruidConnection druidConnection = getDruidConnection(statement.connectionId);
        AuthenticationResult authenticationResult = authenticateConnection(druidConnection);
        if (authenticationResult == null) {
            throw logFailure(new ForbiddenException("Authentication failed."), "Authentication failed for statement[%s]", druidStatement.getStatementId());
        }
        statement.signature = druidStatement.prepare(sql, maxRowCount, authenticationResult).getSignature();
        LOG.debug("Successfully prepared statement[%s] for execution", druidStatement.getStatementId());
        return statement;
    } catch (NoSuchConnectionException e) {
        throw e;
    } catch (Throwable t) {
        throw errorHandler.sanitize(t);
    }
}
Also used : ForbiddenException(org.apache.druid.server.security.ForbiddenException) NoSuchConnectionException(org.apache.calcite.avatica.NoSuchConnectionException) NoSuchStatementException(org.apache.calcite.avatica.NoSuchStatementException) ISE(org.apache.druid.java.util.common.ISE) AuthenticationResult(org.apache.druid.server.security.AuthenticationResult)

Example 8 with ForbiddenException

use of org.apache.druid.server.security.ForbiddenException in project druid by druid-io.

the class IndexTaskUtils method datasourceAuthorizationCheck.

/**
 * Authorizes action to be performed on a task's datasource
 *
 * @return authorization result
 */
public static Access datasourceAuthorizationCheck(final HttpServletRequest req, Action action, String datasource, AuthorizerMapper authorizerMapper) {
    ResourceAction resourceAction = new ResourceAction(new Resource(datasource, ResourceType.DATASOURCE), action);
    Access access = AuthorizationUtils.authorizeResourceAction(req, resourceAction, authorizerMapper);
    if (!access.isAllowed()) {
        throw new ForbiddenException(access.toString());
    }
    return access;
}
Also used : ForbiddenException(org.apache.druid.server.security.ForbiddenException) Resource(org.apache.druid.server.security.Resource) Access(org.apache.druid.server.security.Access) ResourceAction(org.apache.druid.server.security.ResourceAction)

Example 9 with ForbiddenException

use of org.apache.druid.server.security.ForbiddenException in project druid by druid-io.

the class OverlordResource method taskPost.

/**
 * Warning, magic: {@link org.apache.druid.client.indexing.HttpIndexingServiceClient#runTask} may call this method
 * remotely with {@link ClientTaskQuery} objects, but we deserialize {@link Task} objects. See the comment for {@link
 * ClientTaskQuery} for details.
 */
@POST
@Path("/task")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public Response taskPost(final Task task, @Context final HttpServletRequest req) {
    final String dataSource = task.getDataSource();
    final ResourceAction resourceAction = new ResourceAction(new Resource(dataSource, ResourceType.DATASOURCE), Action.WRITE);
    Access authResult = AuthorizationUtils.authorizeResourceAction(req, resourceAction, authorizerMapper);
    if (!authResult.isAllowed()) {
        throw new ForbiddenException(authResult.getMessage());
    }
    return asLeaderWith(taskMaster.getTaskQueue(), new Function<TaskQueue, Response>() {

        @Override
        public Response apply(TaskQueue taskQueue) {
            try {
                taskQueue.add(task);
                return Response.ok(ImmutableMap.of("task", task.getId())).build();
            } catch (EntryExistsException e) {
                return Response.status(Response.Status.BAD_REQUEST).entity(ImmutableMap.of("error", StringUtils.format("Task[%s] already exists!", task.getId()))).build();
            }
        }
    });
}
Also used : Response(javax.ws.rs.core.Response) ForbiddenException(org.apache.druid.server.security.ForbiddenException) Resource(org.apache.druid.server.security.Resource) Access(org.apache.druid.server.security.Access) TaskQueue(org.apache.druid.indexing.overlord.TaskQueue) EntryExistsException(org.apache.druid.metadata.EntryExistsException) ResourceAction(org.apache.druid.server.security.ResourceAction) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces)

Example 10 with ForbiddenException

use of org.apache.druid.server.security.ForbiddenException in project druid by druid-io.

the class OverlordResource method killPendingSegments.

@DELETE
@Path("/pendingSegments/{dataSource}")
@Produces(MediaType.APPLICATION_JSON)
public Response killPendingSegments(@PathParam("dataSource") String dataSource, @QueryParam("interval") String deleteIntervalString, @Context HttpServletRequest request) {
    final Interval deleteInterval = Intervals.of(deleteIntervalString);
    // check auth for dataSource
    final Access authResult = AuthorizationUtils.authorizeAllResourceActions(request, ImmutableList.of(new ResourceAction(new Resource(dataSource, ResourceType.DATASOURCE), Action.READ), new ResourceAction(new Resource(dataSource, ResourceType.DATASOURCE), Action.WRITE)), authorizerMapper);
    if (!authResult.isAllowed()) {
        throw new ForbiddenException(authResult.getMessage());
    }
    if (taskMaster.isLeader()) {
        final int numDeleted = indexerMetadataStorageAdapter.deletePendingSegments(dataSource, deleteInterval);
        return Response.ok().entity(ImmutableMap.of("numDeleted", numDeleted)).build();
    } else {
        return Response.status(Status.SERVICE_UNAVAILABLE).build();
    }
}
Also used : ForbiddenException(org.apache.druid.server.security.ForbiddenException) Access(org.apache.druid.server.security.Access) Resource(org.apache.druid.server.security.Resource) Interval(org.joda.time.Interval) ResourceAction(org.apache.druid.server.security.ResourceAction) Path(javax.ws.rs.Path) DELETE(javax.ws.rs.DELETE) Produces(javax.ws.rs.Produces)

Aggregations

ForbiddenException (org.apache.druid.server.security.ForbiddenException)23 Access (org.apache.druid.server.security.Access)15 Resource (org.apache.druid.server.security.Resource)10 ResourceAction (org.apache.druid.server.security.ResourceAction)10 Produces (javax.ws.rs.Produces)6 Response (javax.ws.rs.core.Response)5 Test (org.junit.Test)5 IOException (java.io.IOException)4 Consumes (javax.ws.rs.Consumes)4 POST (javax.ws.rs.POST)4 AuthenticationResult (org.apache.druid.server.security.AuthenticationResult)4 JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)3 Path (javax.ws.rs.Path)3 WebApplicationException (javax.ws.rs.WebApplicationException)3 StreamingOutput (javax.ws.rs.core.StreamingOutput)3 QueryInterruptedException (org.apache.druid.query.QueryInterruptedException)3 CountingOutputStream (com.google.common.io.CountingOutputStream)2 ByteArrayInputStream (java.io.ByteArrayInputStream)2 DELETE (javax.ws.rs.DELETE)2 PathSegment (javax.ws.rs.core.PathSegment)2