Example 21 with ForbiddenException
use of org.apache.druid.server.security.ForbiddenException in project druid by druid-io.
the class SqlResourceTest method testUnauthorized.
@Test
public void testUnauthorized() throws Exception {
HttpServletRequest testRequest = EasyMock.createStrictMock(HttpServletRequest.class);
EasyMock.expect(testRequest.getRemoteAddr()).andReturn(null).once();
EasyMock.expect(testRequest.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(CalciteTests.REGULAR_USER_AUTH_RESULT).anyTimes();
EasyMock.expect(testRequest.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).anyTimes();
EasyMock.expect(testRequest.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).anyTimes();
EasyMock.expect(testRequest.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(CalciteTests.REGULAR_USER_AUTH_RESULT).anyTimes();
testRequest.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, false);
EasyMock.expectLastCall().once();
EasyMock.replay(testRequest);
try {
resource.doPost(createSimpleQueryWithId("id", "select count(*) from forbiddenDatasource"), testRequest);
Assert.fail("doPost did not throw ForbiddenException for an unauthorized query");
} catch (ForbiddenException e) {
// expected
}
Assert.assertEquals(0, testRequestLogger.getSqlQueryLogs().size());
Assert.assertTrue(lifecycleManager.getAll("id").isEmpty());
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ForbiddenException(org.apache.druid.server.security.ForbiddenException)
Test(org.junit.Test)
Example 22 with ForbiddenException
use of org.apache.druid.server.security.ForbiddenException in project druid by druid-io.
the class DruidMeta method prepareAndExecute.
@Override
public ExecuteResult prepareAndExecute(final StatementHandle statement, final String sql, final long maxRowCount, final int maxRowsInFirstFrame, final PrepareCallback callback) throws NoSuchStatementException {
try {
// Ignore "callback", this class is designed for use with LocalService which doesn't use it.
final DruidStatement druidStatement = getDruidStatement(statement);
final DruidConnection druidConnection = getDruidConnection(statement.connectionId);
AuthenticationResult authenticationResult = authenticateConnection(druidConnection);
if (authenticationResult == null) {
throw logFailure(new ForbiddenException("Authentication failed."), "Authentication failed for statement[%s]", druidStatement.getStatementId());
}
druidStatement.prepare(sql, maxRowCount, authenticationResult);
final Frame firstFrame = druidStatement.execute(Collections.emptyList()).nextFrame(DruidStatement.START_OFFSET, getEffectiveMaxRowsPerFrame(maxRowsInFirstFrame));
final Signature signature = druidStatement.getSignature();
LOG.debug("Successfully prepared statement[%s] and started execution", druidStatement.getStatementId());
return new ExecuteResult(ImmutableList.of(MetaResultSet.create(statement.connectionId, statement.id, false, signature, firstFrame)));
}// cannot affect these exceptions as avatica handles them
catch (NoSuchConnectionException | NoSuchStatementException e) {
throw e;
} catch (Throwable t) {
throw errorHandler.sanitize(t);
}
}
Also used :
ForbiddenException(org.apache.druid.server.security.ForbiddenException)
NoSuchConnectionException(org.apache.calcite.avatica.NoSuchConnectionException)
NoSuchStatementException(org.apache.calcite.avatica.NoSuchStatementException)
AuthenticationResult(org.apache.druid.server.security.AuthenticationResult)
Example 23 with ForbiddenException
use of org.apache.druid.server.security.ForbiddenException in project druid by druid-io.
the class BaseCalciteQueryTest method assertQueryIsForbidden.
public void assertQueryIsForbidden(final PlannerConfig plannerConfig, final String sql, final AuthenticationResult authenticationResult) {
Exception e = null;
try {
testQuery(plannerConfig, sql, authenticationResult, ImmutableList.of(), ImmutableList.of());
} catch (Exception e1) {
e = e1;
}
if (!(e instanceof ForbiddenException)) {
log.error(e, "Expected ForbiddenException for query: %s with authResult: %s", sql, authenticationResult);
Assert.fail(sql);
}
}
Also used :
ForbiddenException(org.apache.druid.server.security.ForbiddenException)
IOException(java.io.IOException)
ForbiddenException(org.apache.druid.server.security.ForbiddenException)
ExpectedException(org.junit.rules.ExpectedException)
JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)
Aggregations
ForbiddenException (org.apache.druid.server.security.ForbiddenException)23
Access (org.apache.druid.server.security.Access)15
Resource (org.apache.druid.server.security.Resource)10
ResourceAction (org.apache.druid.server.security.ResourceAction)10
Produces (javax.ws.rs.Produces)6
Response (javax.ws.rs.core.Response)5
Test (org.junit.Test)5
IOException (java.io.IOException)4
Consumes (javax.ws.rs.Consumes)4
POST (javax.ws.rs.POST)4
AuthenticationResult (org.apache.druid.server.security.AuthenticationResult)4
JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)3
Path (javax.ws.rs.Path)3
WebApplicationException (javax.ws.rs.WebApplicationException)3
StreamingOutput (javax.ws.rs.core.StreamingOutput)3
QueryInterruptedException (org.apache.druid.query.QueryInterruptedException)3
CountingOutputStream (com.google.common.io.CountingOutputStream)2
ByteArrayInputStream (java.io.ByteArrayInputStream)2
DELETE (javax.ws.rs.DELETE)2
PathSegment (javax.ws.rs.core.PathSegment)2
