Search in sources :

Example 11 with ForbiddenException

use of org.apache.druid.server.security.ForbiddenException in project druid by druid-io.

the class SupervisorResource method specPost.

@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public Response specPost(final SupervisorSpec spec, @Context final HttpServletRequest req) {
    return asLeaderWithSupervisorManager(manager -> {
        Preconditions.checkArgument(spec.getDataSources() != null && spec.getDataSources().size() > 0, "No dataSources found to perform authorization checks");
        Access authResult = AuthorizationUtils.authorizeAllResourceActions(req, Iterables.transform(spec.getDataSources(), AuthorizationUtils.DATASOURCE_WRITE_RA_GENERATOR), authorizerMapper);
        if (!authResult.isAllowed()) {
            throw new ForbiddenException(authResult.toString());
        }
        manager.createOrUpdateAndStartSupervisor(spec);
        return Response.ok(ImmutableMap.of("id", spec.getId())).build();
    });
}
Also used : ForbiddenException(org.apache.druid.server.security.ForbiddenException) Access(org.apache.druid.server.security.Access) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces)

Example 12 with ForbiddenException

use of org.apache.druid.server.security.ForbiddenException in project druid by druid-io.

the class SupervisorResourceFilter method filter.

@Override
public ContainerRequest filter(ContainerRequest request) {
    final String supervisorId = Preconditions.checkNotNull(request.getPathSegments().get(Iterables.indexOf(request.getPathSegments(), new Predicate<PathSegment>() {

        @Override
        public boolean apply(PathSegment input) {
            return "supervisor".equals(input.getPath());
        }
    }) + 1).getPath());
    Optional<SupervisorSpec> supervisorSpecOptional = supervisorManager.getSupervisorSpec(supervisorId);
    if (!supervisorSpecOptional.isPresent()) {
        throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND).entity(StringUtils.format("Cannot find any supervisor with id: [%s]", supervisorId)).build());
    }
    final SupervisorSpec spec = supervisorSpecOptional.get();
    Preconditions.checkArgument(spec.getDataSources() != null && spec.getDataSources().size() > 0, "No dataSources found to perform authorization checks");
    Function<String, ResourceAction> resourceActionFunction = getAction(request) == Action.READ ? AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR : AuthorizationUtils.DATASOURCE_WRITE_RA_GENERATOR;
    Access authResult = AuthorizationUtils.authorizeAllResourceActions(getReq(), Iterables.transform(spec.getDataSources(), resourceActionFunction), getAuthorizerMapper());
    if (!authResult.isAllowed()) {
        throw new ForbiddenException(authResult.toString());
    }
    return request;
}
Also used : ForbiddenException(org.apache.druid.server.security.ForbiddenException) WebApplicationException(javax.ws.rs.WebApplicationException) Access(org.apache.druid.server.security.Access) PathSegment(javax.ws.rs.core.PathSegment) SupervisorSpec(org.apache.druid.indexing.overlord.supervisor.SupervisorSpec) ResourceAction(org.apache.druid.server.security.ResourceAction)

Example 13 with ForbiddenException

use of org.apache.druid.server.security.ForbiddenException in project druid by druid-io.

the class SupervisorResourceFilterTest method testPostWhenUserHasNoWriteAccess.

@Test
public void testPostWhenUserHasNoWriteAccess() {
    setExpectations("/druid/indexer/v1/supervisor/datasource1", "POST", "datasource1", Action.WRITE, false);
    ForbiddenException expected = null;
    try {
        resourceFilter.filter(containerRequest);
    } catch (ForbiddenException e) {
        expected = e;
    }
    Assert.assertNotNull(expected);
    verifyMocks();
}
Also used : ForbiddenException(org.apache.druid.server.security.ForbiddenException) Test(org.junit.Test)

Example 14 with ForbiddenException

use of org.apache.druid.server.security.ForbiddenException in project druid by druid-io.

the class SupervisorResourceFilterTest method testGetWhenUserHasNoReadAccess.

@Test
public void testGetWhenUserHasNoReadAccess() {
    setExpectations("/druid/indexer/v1/supervisor/datasource1", "GET", "datasource1", Action.READ, false);
    ForbiddenException expected = null;
    try {
        resourceFilter.filter(containerRequest);
    } catch (ForbiddenException e) {
        expected = e;
    }
    Assert.assertNotNull(expected);
    verifyMocks();
}
Also used : ForbiddenException(org.apache.druid.server.security.ForbiddenException) Test(org.junit.Test)

Example 15 with ForbiddenException

use of org.apache.druid.server.security.ForbiddenException in project druid by druid-io.

the class ConfigResourceFilter method filter.

@Override
public ContainerRequest filter(ContainerRequest request) {
    final ResourceAction resourceAction = new ResourceAction(new Resource("CONFIG", ResourceType.CONFIG), getAction(request));
    final Access authResult = AuthorizationUtils.authorizeResourceAction(getReq(), resourceAction, getAuthorizerMapper());
    if (!authResult.isAllowed()) {
        throw new ForbiddenException(authResult.toString());
    }
    return request;
}
Also used : ForbiddenException(org.apache.druid.server.security.ForbiddenException) Resource(org.apache.druid.server.security.Resource) Access(org.apache.druid.server.security.Access) ResourceAction(org.apache.druid.server.security.ResourceAction)

Aggregations

ForbiddenException (org.apache.druid.server.security.ForbiddenException)23 Access (org.apache.druid.server.security.Access)15 Resource (org.apache.druid.server.security.Resource)10 ResourceAction (org.apache.druid.server.security.ResourceAction)10 Produces (javax.ws.rs.Produces)6 Response (javax.ws.rs.core.Response)5 Test (org.junit.Test)5 IOException (java.io.IOException)4 Consumes (javax.ws.rs.Consumes)4 POST (javax.ws.rs.POST)4 AuthenticationResult (org.apache.druid.server.security.AuthenticationResult)4 JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)3 Path (javax.ws.rs.Path)3 WebApplicationException (javax.ws.rs.WebApplicationException)3 StreamingOutput (javax.ws.rs.core.StreamingOutput)3 QueryInterruptedException (org.apache.druid.query.QueryInterruptedException)3 CountingOutputStream (com.google.common.io.CountingOutputStream)2 ByteArrayInputStream (java.io.ByteArrayInputStream)2 DELETE (javax.ws.rs.DELETE)2 PathSegment (javax.ws.rs.core.PathSegment)2