use of org.apache.druid.server.security.ForbiddenException in project druid by druid-io.
the class SqlResourceTest method testUnauthorized.
@Test
public void testUnauthorized() throws Exception {
HttpServletRequest testRequest = EasyMock.createStrictMock(HttpServletRequest.class);
EasyMock.expect(testRequest.getRemoteAddr()).andReturn(null).once();
EasyMock.expect(testRequest.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(CalciteTests.REGULAR_USER_AUTH_RESULT).anyTimes();
EasyMock.expect(testRequest.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).anyTimes();
EasyMock.expect(testRequest.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).anyTimes();
EasyMock.expect(testRequest.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(CalciteTests.REGULAR_USER_AUTH_RESULT).anyTimes();
testRequest.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, false);
EasyMock.expectLastCall().once();
EasyMock.replay(testRequest);
try {
resource.doPost(createSimpleQueryWithId("id", "select count(*) from forbiddenDatasource"), testRequest);
Assert.fail("doPost did not throw ForbiddenException for an unauthorized query");
} catch (ForbiddenException e) {
// expected
}
Assert.assertEquals(0, testRequestLogger.getSqlQueryLogs().size());
Assert.assertTrue(lifecycleManager.getAll("id").isEmpty());
}
use of org.apache.druid.server.security.ForbiddenException in project druid by druid-io.
the class DruidMeta method prepareAndExecute.
@Override
public ExecuteResult prepareAndExecute(final StatementHandle statement, final String sql, final long maxRowCount, final int maxRowsInFirstFrame, final PrepareCallback callback) throws NoSuchStatementException {
try {
// Ignore "callback", this class is designed for use with LocalService which doesn't use it.
final DruidStatement druidStatement = getDruidStatement(statement);
final DruidConnection druidConnection = getDruidConnection(statement.connectionId);
AuthenticationResult authenticationResult = authenticateConnection(druidConnection);
if (authenticationResult == null) {
throw logFailure(new ForbiddenException("Authentication failed."), "Authentication failed for statement[%s]", druidStatement.getStatementId());
}
druidStatement.prepare(sql, maxRowCount, authenticationResult);
final Frame firstFrame = druidStatement.execute(Collections.emptyList()).nextFrame(DruidStatement.START_OFFSET, getEffectiveMaxRowsPerFrame(maxRowsInFirstFrame));
final Signature signature = druidStatement.getSignature();
LOG.debug("Successfully prepared statement[%s] and started execution", druidStatement.getStatementId());
return new ExecuteResult(ImmutableList.of(MetaResultSet.create(statement.connectionId, statement.id, false, signature, firstFrame)));
}// cannot affect these exceptions as avatica handles them
catch (NoSuchConnectionException | NoSuchStatementException e) {
throw e;
} catch (Throwable t) {
throw errorHandler.sanitize(t);
}
}
use of org.apache.druid.server.security.ForbiddenException in project druid by druid-io.
the class BaseCalciteQueryTest method assertQueryIsForbidden.
public void assertQueryIsForbidden(final PlannerConfig plannerConfig, final String sql, final AuthenticationResult authenticationResult) {
Exception e = null;
try {
testQuery(plannerConfig, sql, authenticationResult, ImmutableList.of(), ImmutableList.of());
} catch (Exception e1) {
e = e1;
}
if (!(e instanceof ForbiddenException)) {
log.error(e, "Expected ForbiddenException for query: %s with authResult: %s", sql, authenticationResult);
Assert.fail(sql);
}
}
Aggregations