Search in sources :

Example 21 with ForbiddenException

use of org.apache.druid.server.security.ForbiddenException in project druid by druid-io.

the class SqlResourceTest method testUnauthorized.

@Test
public void testUnauthorized() throws Exception {
    HttpServletRequest testRequest = EasyMock.createStrictMock(HttpServletRequest.class);
    EasyMock.expect(testRequest.getRemoteAddr()).andReturn(null).once();
    EasyMock.expect(testRequest.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(CalciteTests.REGULAR_USER_AUTH_RESULT).anyTimes();
    EasyMock.expect(testRequest.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).anyTimes();
    EasyMock.expect(testRequest.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).anyTimes();
    EasyMock.expect(testRequest.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(CalciteTests.REGULAR_USER_AUTH_RESULT).anyTimes();
    testRequest.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, false);
    EasyMock.expectLastCall().once();
    EasyMock.replay(testRequest);
    try {
        resource.doPost(createSimpleQueryWithId("id", "select count(*) from forbiddenDatasource"), testRequest);
        Assert.fail("doPost did not throw ForbiddenException for an unauthorized query");
    } catch (ForbiddenException e) {
    // expected
    }
    Assert.assertEquals(0, testRequestLogger.getSqlQueryLogs().size());
    Assert.assertTrue(lifecycleManager.getAll("id").isEmpty());
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ForbiddenException(org.apache.druid.server.security.ForbiddenException) Test(org.junit.Test)

Example 22 with ForbiddenException

use of org.apache.druid.server.security.ForbiddenException in project druid by druid-io.

the class DruidMeta method prepareAndExecute.

@Override
public ExecuteResult prepareAndExecute(final StatementHandle statement, final String sql, final long maxRowCount, final int maxRowsInFirstFrame, final PrepareCallback callback) throws NoSuchStatementException {
    try {
        // Ignore "callback", this class is designed for use with LocalService which doesn't use it.
        final DruidStatement druidStatement = getDruidStatement(statement);
        final DruidConnection druidConnection = getDruidConnection(statement.connectionId);
        AuthenticationResult authenticationResult = authenticateConnection(druidConnection);
        if (authenticationResult == null) {
            throw logFailure(new ForbiddenException("Authentication failed."), "Authentication failed for statement[%s]", druidStatement.getStatementId());
        }
        druidStatement.prepare(sql, maxRowCount, authenticationResult);
        final Frame firstFrame = druidStatement.execute(Collections.emptyList()).nextFrame(DruidStatement.START_OFFSET, getEffectiveMaxRowsPerFrame(maxRowsInFirstFrame));
        final Signature signature = druidStatement.getSignature();
        LOG.debug("Successfully prepared statement[%s] and started execution", druidStatement.getStatementId());
        return new ExecuteResult(ImmutableList.of(MetaResultSet.create(statement.connectionId, statement.id, false, signature, firstFrame)));
    }// cannot affect these exceptions as avatica handles them
     catch (NoSuchConnectionException | NoSuchStatementException e) {
        throw e;
    } catch (Throwable t) {
        throw errorHandler.sanitize(t);
    }
}
Also used : ForbiddenException(org.apache.druid.server.security.ForbiddenException) NoSuchConnectionException(org.apache.calcite.avatica.NoSuchConnectionException) NoSuchStatementException(org.apache.calcite.avatica.NoSuchStatementException) AuthenticationResult(org.apache.druid.server.security.AuthenticationResult)

Example 23 with ForbiddenException

use of org.apache.druid.server.security.ForbiddenException in project druid by druid-io.

the class BaseCalciteQueryTest method assertQueryIsForbidden.

public void assertQueryIsForbidden(final PlannerConfig plannerConfig, final String sql, final AuthenticationResult authenticationResult) {
    Exception e = null;
    try {
        testQuery(plannerConfig, sql, authenticationResult, ImmutableList.of(), ImmutableList.of());
    } catch (Exception e1) {
        e = e1;
    }
    if (!(e instanceof ForbiddenException)) {
        log.error(e, "Expected ForbiddenException for query: %s with authResult: %s", sql, authenticationResult);
        Assert.fail(sql);
    }
}
Also used : ForbiddenException(org.apache.druid.server.security.ForbiddenException) IOException(java.io.IOException) ForbiddenException(org.apache.druid.server.security.ForbiddenException) ExpectedException(org.junit.rules.ExpectedException) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)

Aggregations

ForbiddenException (org.apache.druid.server.security.ForbiddenException)23 Access (org.apache.druid.server.security.Access)15 Resource (org.apache.druid.server.security.Resource)10 ResourceAction (org.apache.druid.server.security.ResourceAction)10 Produces (javax.ws.rs.Produces)6 Response (javax.ws.rs.core.Response)5 Test (org.junit.Test)5 IOException (java.io.IOException)4 Consumes (javax.ws.rs.Consumes)4 POST (javax.ws.rs.POST)4 AuthenticationResult (org.apache.druid.server.security.AuthenticationResult)4 JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)3 Path (javax.ws.rs.Path)3 WebApplicationException (javax.ws.rs.WebApplicationException)3 StreamingOutput (javax.ws.rs.core.StreamingOutput)3 QueryInterruptedException (org.apache.druid.query.QueryInterruptedException)3 CountingOutputStream (com.google.common.io.CountingOutputStream)2 ByteArrayInputStream (java.io.ByteArrayInputStream)2 DELETE (javax.ws.rs.DELETE)2 PathSegment (javax.ws.rs.core.PathSegment)2