use of org.apache.druid.server.security.ForbiddenException in project druid by druid-io.
the class SqlLifecycle method runSimple.
@VisibleForTesting
public Sequence<Object[]> runSimple(String sql, Map<String, Object> queryContext, List<SqlParameter> parameters, AuthenticationResult authenticationResult) throws RelConversionException {
Sequence<Object[]> result;
initialize(sql, queryContext);
try {
setParameters(SqlQuery.getParameterList(parameters));
validateAndAuthorize(authenticationResult);
plan();
result = execute();
} catch (Throwable e) {
if (!(e instanceof ForbiddenException)) {
finalizeStateAndEmitLogsAndMetrics(e, null, -1);
}
throw e;
}
return Sequences.wrap(result, new SequenceWrapper() {
@Override
public void after(boolean isDone, Throwable thrown) {
finalizeStateAndEmitLogsAndMetrics(thrown, null, -1);
}
});
}
use of org.apache.druid.server.security.ForbiddenException in project druid by druid-io.
the class DruidMeta method prepare.
@Override
public StatementHandle prepare(final ConnectionHandle ch, final String sql, final long maxRowCount) {
try {
final StatementHandle statement = createStatement(ch);
final DruidStatement druidStatement;
try {
druidStatement = getDruidStatement(statement);
} catch (NoSuchStatementException e) {
throw logFailure(new ISE(e, e.getMessage()));
}
final DruidConnection druidConnection = getDruidConnection(statement.connectionId);
AuthenticationResult authenticationResult = authenticateConnection(druidConnection);
if (authenticationResult == null) {
throw logFailure(new ForbiddenException("Authentication failed."), "Authentication failed for statement[%s]", druidStatement.getStatementId());
}
statement.signature = druidStatement.prepare(sql, maxRowCount, authenticationResult).getSignature();
LOG.debug("Successfully prepared statement[%s] for execution", druidStatement.getStatementId());
return statement;
} catch (NoSuchConnectionException e) {
throw e;
} catch (Throwable t) {
throw errorHandler.sanitize(t);
}
}
use of org.apache.druid.server.security.ForbiddenException in project druid by druid-io.
the class IndexTaskUtils method datasourceAuthorizationCheck.
/**
* Authorizes action to be performed on a task's datasource
*
* @return authorization result
*/
public static Access datasourceAuthorizationCheck(final HttpServletRequest req, Action action, String datasource, AuthorizerMapper authorizerMapper) {
ResourceAction resourceAction = new ResourceAction(new Resource(datasource, ResourceType.DATASOURCE), action);
Access access = AuthorizationUtils.authorizeResourceAction(req, resourceAction, authorizerMapper);
if (!access.isAllowed()) {
throw new ForbiddenException(access.toString());
}
return access;
}
use of org.apache.druid.server.security.ForbiddenException in project druid by druid-io.
the class OverlordResource method taskPost.
/**
* Warning, magic: {@link org.apache.druid.client.indexing.HttpIndexingServiceClient#runTask} may call this method
* remotely with {@link ClientTaskQuery} objects, but we deserialize {@link Task} objects. See the comment for {@link
* ClientTaskQuery} for details.
*/
@POST
@Path("/task")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public Response taskPost(final Task task, @Context final HttpServletRequest req) {
final String dataSource = task.getDataSource();
final ResourceAction resourceAction = new ResourceAction(new Resource(dataSource, ResourceType.DATASOURCE), Action.WRITE);
Access authResult = AuthorizationUtils.authorizeResourceAction(req, resourceAction, authorizerMapper);
if (!authResult.isAllowed()) {
throw new ForbiddenException(authResult.getMessage());
}
return asLeaderWith(taskMaster.getTaskQueue(), new Function<TaskQueue, Response>() {
@Override
public Response apply(TaskQueue taskQueue) {
try {
taskQueue.add(task);
return Response.ok(ImmutableMap.of("task", task.getId())).build();
} catch (EntryExistsException e) {
return Response.status(Response.Status.BAD_REQUEST).entity(ImmutableMap.of("error", StringUtils.format("Task[%s] already exists!", task.getId()))).build();
}
}
});
}
use of org.apache.druid.server.security.ForbiddenException in project druid by druid-io.
the class OverlordResource method killPendingSegments.
@DELETE
@Path("/pendingSegments/{dataSource}")
@Produces(MediaType.APPLICATION_JSON)
public Response killPendingSegments(@PathParam("dataSource") String dataSource, @QueryParam("interval") String deleteIntervalString, @Context HttpServletRequest request) {
final Interval deleteInterval = Intervals.of(deleteIntervalString);
// check auth for dataSource
final Access authResult = AuthorizationUtils.authorizeAllResourceActions(request, ImmutableList.of(new ResourceAction(new Resource(dataSource, ResourceType.DATASOURCE), Action.READ), new ResourceAction(new Resource(dataSource, ResourceType.DATASOURCE), Action.WRITE)), authorizerMapper);
if (!authResult.isAllowed()) {
throw new ForbiddenException(authResult.getMessage());
}
if (taskMaster.isLeader()) {
final int numDeleted = indexerMetadataStorageAdapter.deletePendingSegments(dataSource, deleteInterval);
return Response.ok().entity(ImmutableMap.of("numDeleted", numDeleted)).build();
} else {
return Response.status(Status.SERVICE_UNAVAILABLE).build();
}
}
Aggregations