Search in sources :

Example 1 with AuthorizationService

use of org.apache.pulsar.broker.authorization.AuthorizationService in project incubator-pulsar by apache.

the class ProxyService method start.

public void start() throws Exception {
    ServiceConfiguration serviceConfiguration = PulsarConfigurationLoader.convertFrom(proxyConfig);
    authenticationService = new AuthenticationService(serviceConfiguration);
    if (!isBlank(proxyConfig.getZookeeperServers()) && !isBlank(proxyConfig.getGlobalZookeeperServers())) {
        localZooKeeperConnectionService = new LocalZooKeeperConnectionService(getZooKeeperClientFactory(), proxyConfig.getZookeeperServers(), proxyConfig.getZookeeperSessionTimeoutMs());
        localZooKeeperConnectionService.start(new ShutdownService() {

            @Override
            public void shutdown(int exitCode) {
                LOG.error("Lost local ZK session. Shutting down the proxy");
                Runtime.getRuntime().halt(-1);
            }
        });
        discoveryProvider = new BrokerDiscoveryProvider(this.proxyConfig, getZooKeeperClientFactory());
        this.configurationCacheService = new ConfigurationCacheService(discoveryProvider.globalZkCache);
        authorizationService = new AuthorizationService(serviceConfiguration, configurationCacheService);
    }
    ServerBootstrap bootstrap = new ServerBootstrap();
    bootstrap.childOption(ChannelOption.ALLOCATOR, PooledByteBufAllocator.DEFAULT);
    bootstrap.group(acceptorGroup, workerGroup);
    bootstrap.childOption(ChannelOption.TCP_NODELAY, true);
    bootstrap.childOption(ChannelOption.RCVBUF_ALLOCATOR, new AdaptiveRecvByteBufAllocator(1024, 16 * 1024, 1 * 1024 * 1024));
    bootstrap.channel(EventLoopUtil.getServerSocketChannelClass(workerGroup));
    EventLoopUtil.enableTriggeredMode(bootstrap);
    bootstrap.childHandler(new ServiceChannelInitializer(this, proxyConfig, false));
    // Bind and start to accept incoming connections.
    bootstrap.bind(proxyConfig.getServicePort()).sync();
    LOG.info("Started Pulsar Proxy at {}", serviceUrl);
    if (proxyConfig.isTlsEnabledInProxy()) {
        ServerBootstrap tlsBootstrap = bootstrap.clone();
        tlsBootstrap.childHandler(new ServiceChannelInitializer(this, proxyConfig, true));
        tlsBootstrap.bind(proxyConfig.getServicePortTls()).sync();
        LOG.info("Started Pulsar TLS Proxy on port {}", proxyConfig.getServicePortTls());
    }
}
Also used : ServiceConfiguration(org.apache.pulsar.broker.ServiceConfiguration) AdaptiveRecvByteBufAllocator(io.netty.channel.AdaptiveRecvByteBufAllocator) LocalZooKeeperConnectionService(org.apache.pulsar.zookeeper.LocalZooKeeperConnectionService) AuthorizationService(org.apache.pulsar.broker.authorization.AuthorizationService) ShutdownService(org.apache.pulsar.zookeeper.ZooKeeperSessionWatcher.ShutdownService) ConfigurationCacheService(org.apache.pulsar.broker.cache.ConfigurationCacheService) AuthenticationService(org.apache.pulsar.broker.authentication.AuthenticationService) ServerBootstrap(io.netty.bootstrap.ServerBootstrap)

Example 2 with AuthorizationService

use of org.apache.pulsar.broker.authorization.AuthorizationService in project incubator-pulsar by apache.

the class WebSocketService method start.

public void start() throws PulsarServerException, PulsarClientException, MalformedURLException, ServletException, DeploymentException {
    if (isNotBlank(config.getGlobalZookeeperServers())) {
        this.globalZkCache = new GlobalZooKeeperCache(getZooKeeperClientFactory(), (int) config.getZooKeeperSessionTimeoutMillis(), config.getGlobalZookeeperServers(), this.orderedExecutor, this.executor);
        try {
            this.globalZkCache.start();
        } catch (IOException e) {
            throw new PulsarServerException(e);
        }
        this.configurationCacheService = new ConfigurationCacheService(getGlobalZkCache());
        log.info("Global Zookeeper cache started");
    }
    // start authorizationService
    if (config.isAuthorizationEnabled()) {
        if (configurationCacheService == null) {
            throw new PulsarServerException("Failed to initialize authorization manager due to empty GlobalZookeeperServers");
        }
        authorizationService = new AuthorizationService(this.config, configurationCacheService);
    }
    // start authentication service
    authenticationService = new AuthenticationService(this.config);
    log.info("Pulsar WebSocket Service started");
}
Also used : PulsarServerException(org.apache.pulsar.broker.PulsarServerException) GlobalZooKeeperCache(org.apache.pulsar.zookeeper.GlobalZooKeeperCache) AuthorizationService(org.apache.pulsar.broker.authorization.AuthorizationService) ConfigurationCacheService(org.apache.pulsar.broker.cache.ConfigurationCacheService) IOException(java.io.IOException) AuthenticationService(org.apache.pulsar.broker.authentication.AuthenticationService)

Example 3 with AuthorizationService

use of org.apache.pulsar.broker.authorization.AuthorizationService in project incubator-pulsar by apache.

the class ServerCnxTest method testProducerCommandWithAuthorizationPositive.

@Test(timeOut = 30000)
public void testProducerCommandWithAuthorizationPositive() throws Exception {
    AuthorizationService authorizationService = mock(AuthorizationService.class);
    doReturn(CompletableFuture.completedFuture(true)).when(authorizationService).canProduceAsync(Mockito.any(), Mockito.any(), Mockito.any());
    doReturn(authorizationService).when(brokerService).getAuthorizationService();
    doReturn(true).when(brokerService).isAuthenticationEnabled();
    resetChannel();
    setChannelConnected();
    // test PRODUCER success case
    ByteBuf clientCommand = Commands.newProducer(successTopicName, 1, /* producer id */
    1, /* request id */
    "prod-name", Collections.emptyMap());
    channel.writeInbound(clientCommand);
    assertEquals(getResponse().getClass(), CommandProducerSuccess.class);
    PersistentTopic topicRef = (PersistentTopic) brokerService.getTopicReference(successTopicName);
    assertNotNull(topicRef);
    assertEquals(topicRef.getProducers().size(), 1);
    channel.finish();
    assertEquals(topicRef.getProducers().size(), 0);
}
Also used : AuthorizationService(org.apache.pulsar.broker.authorization.AuthorizationService) PersistentTopic(org.apache.pulsar.broker.service.persistent.PersistentTopic) ByteBuf(io.netty.buffer.ByteBuf) Test(org.testng.annotations.Test)

Example 4 with AuthorizationService

use of org.apache.pulsar.broker.authorization.AuthorizationService in project incubator-pulsar by apache.

the class ServerCnxTest method testSubscribeCommandWithAuthorizationNegative.

@Test(timeOut = 30000)
public void testSubscribeCommandWithAuthorizationNegative() throws Exception {
    AuthorizationService authorizationService = mock(AuthorizationService.class);
    doReturn(CompletableFuture.completedFuture(false)).when(authorizationService).canConsumeAsync(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any());
    doReturn(authorizationService).when(brokerService).getAuthorizationService();
    doReturn(true).when(brokerService).isAuthenticationEnabled();
    doReturn(true).when(brokerService).isAuthorizationEnabled();
    resetChannel();
    setChannelConnected();
    // test SUBSCRIBE on topic and cursor creation success
    ByteBuf clientCommand = // 
    Commands.newSubscribe(// 
    successTopicName, successSubName, 1, /* consumer id */
    1, /* request id */
    SubType.Exclusive, 0, "test");
    channel.writeInbound(clientCommand);
    assertTrue(getResponse() instanceof CommandError);
    channel.finish();
}
Also used : AuthorizationService(org.apache.pulsar.broker.authorization.AuthorizationService) CommandError(org.apache.pulsar.common.api.proto.PulsarApi.CommandError) ByteBuf(io.netty.buffer.ByteBuf) Test(org.testng.annotations.Test)

Example 5 with AuthorizationService

use of org.apache.pulsar.broker.authorization.AuthorizationService in project incubator-pulsar by apache.

the class ServerCnxTest method testNonExistentTopic.

@Test(timeOut = 30000)
public void testNonExistentTopic() throws Exception {
    ZooKeeperDataCache<Policies> zkDataCache = mock(ZooKeeperDataCache.class);
    ConfigurationCacheService configCacheService = mock(ConfigurationCacheService.class);
    doReturn(configCacheService).when(pulsar).getConfigurationCache();
    doReturn(zkDataCache).when(configCacheService).policiesCache();
    doReturn(CompletableFuture.completedFuture(Optional.empty())).when(zkDataCache).getAsync(matches(".*nonexistent.*"));
    AuthorizationService authorizationService = spy(new AuthorizationService(svcConfig, configCacheService));
    doReturn(authorizationService).when(brokerService).getAuthorizationService();
    doReturn(true).when(brokerService).isAuthorizationEnabled();
    svcConfig.setAuthorizationEnabled(true);
    Field providerField = AuthorizationService.class.getDeclaredField("provider");
    providerField.setAccessible(true);
    PulsarAuthorizationProvider authorizationProvider = spy(new PulsarAuthorizationProvider(svcConfig, configCacheService));
    providerField.set(authorizationService, authorizationProvider);
    doReturn(false).when(authorizationProvider).isSuperUser(Mockito.anyString());
    // Test producer creation
    resetChannel();
    setChannelConnected();
    ByteBuf newProducerCmd = Commands.newProducer(nonExistentTopicName, 1, /* producer id */
    1, /* request id */
    "prod-name", Collections.emptyMap());
    channel.writeInbound(newProducerCmd);
    assertTrue(getResponse() instanceof CommandError);
    channel.finish();
    // Test consumer creation
    resetChannel();
    setChannelConnected();
    ByteBuf newSubscribeCmd = // 
    Commands.newSubscribe(// 
    nonExistentTopicName, successSubName, 1, /* consumer id */
    1, /* request id */
    SubType.Exclusive, 0, "test");
    channel.writeInbound(newSubscribeCmd);
    assertTrue(getResponse() instanceof CommandError);
}
Also used : Field(java.lang.reflect.Field) Policies(org.apache.pulsar.common.policies.data.Policies) AuthorizationService(org.apache.pulsar.broker.authorization.AuthorizationService) ConfigurationCacheService(org.apache.pulsar.broker.cache.ConfigurationCacheService) PulsarAuthorizationProvider(org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider) CommandError(org.apache.pulsar.common.api.proto.PulsarApi.CommandError) ByteBuf(io.netty.buffer.ByteBuf) Test(org.testng.annotations.Test)

Aggregations

AuthorizationService (org.apache.pulsar.broker.authorization.AuthorizationService)14 Test (org.testng.annotations.Test)10 ByteBuf (io.netty.buffer.ByteBuf)7 ConfigurationCacheService (org.apache.pulsar.broker.cache.ConfigurationCacheService)4 CommandError (org.apache.pulsar.common.api.proto.PulsarApi.CommandError)4 Field (java.lang.reflect.Field)3 AuthenticationService (org.apache.pulsar.broker.authentication.AuthenticationService)3 PulsarAuthorizationProvider (org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider)3 TopicName (org.apache.pulsar.common.naming.TopicName)3 AuthAction (org.apache.pulsar.common.policies.data.AuthAction)3 ServiceConfiguration (org.apache.pulsar.broker.ServiceConfiguration)2 PersistentTopic (org.apache.pulsar.broker.service.persistent.PersistentTopic)2 CommandProducerSuccess (org.apache.pulsar.common.api.proto.PulsarApi.CommandProducerSuccess)2 CommandSuccess (org.apache.pulsar.common.api.proto.PulsarApi.CommandSuccess)2 ClusterData (org.apache.pulsar.common.policies.data.ClusterData)2 PropertyAdmin (org.apache.pulsar.common.policies.data.PropertyAdmin)2 ServerBootstrap (io.netty.bootstrap.ServerBootstrap)1 AdaptiveRecvByteBufAllocator (io.netty.channel.AdaptiveRecvByteBufAllocator)1 IOException (java.io.IOException)1 PulsarServerException (org.apache.pulsar.broker.PulsarServerException)1