Example 1 with AuthorizationService
use of org.apache.pulsar.broker.authorization.AuthorizationService in project incubator-pulsar by apache.
the class ProxyService method start.
public void start() throws Exception {
ServiceConfiguration serviceConfiguration = PulsarConfigurationLoader.convertFrom(proxyConfig);
authenticationService = new AuthenticationService(serviceConfiguration);
if (!isBlank(proxyConfig.getZookeeperServers()) && !isBlank(proxyConfig.getGlobalZookeeperServers())) {
localZooKeeperConnectionService = new LocalZooKeeperConnectionService(getZooKeeperClientFactory(), proxyConfig.getZookeeperServers(), proxyConfig.getZookeeperSessionTimeoutMs());
localZooKeeperConnectionService.start(new ShutdownService() {
@Override
public void shutdown(int exitCode) {
LOG.error("Lost local ZK session. Shutting down the proxy");
Runtime.getRuntime().halt(-1);
}
});
discoveryProvider = new BrokerDiscoveryProvider(this.proxyConfig, getZooKeeperClientFactory());
this.configurationCacheService = new ConfigurationCacheService(discoveryProvider.globalZkCache);
authorizationService = new AuthorizationService(serviceConfiguration, configurationCacheService);
}
ServerBootstrap bootstrap = new ServerBootstrap();
bootstrap.childOption(ChannelOption.ALLOCATOR, PooledByteBufAllocator.DEFAULT);
bootstrap.group(acceptorGroup, workerGroup);
bootstrap.childOption(ChannelOption.TCP_NODELAY, true);
bootstrap.childOption(ChannelOption.RCVBUF_ALLOCATOR, new AdaptiveRecvByteBufAllocator(1024, 16 * 1024, 1 * 1024 * 1024));
bootstrap.channel(EventLoopUtil.getServerSocketChannelClass(workerGroup));
EventLoopUtil.enableTriggeredMode(bootstrap);
bootstrap.childHandler(new ServiceChannelInitializer(this, proxyConfig, false));
// Bind and start to accept incoming connections.
bootstrap.bind(proxyConfig.getServicePort()).sync();
LOG.info("Started Pulsar Proxy at {}", serviceUrl);
if (proxyConfig.isTlsEnabledInProxy()) {
ServerBootstrap tlsBootstrap = bootstrap.clone();
tlsBootstrap.childHandler(new ServiceChannelInitializer(this, proxyConfig, true));
tlsBootstrap.bind(proxyConfig.getServicePortTls()).sync();
LOG.info("Started Pulsar TLS Proxy on port {}", proxyConfig.getServicePortTls());
}
}
Also used :
ServiceConfiguration(org.apache.pulsar.broker.ServiceConfiguration)
AdaptiveRecvByteBufAllocator(io.netty.channel.AdaptiveRecvByteBufAllocator)
LocalZooKeeperConnectionService(org.apache.pulsar.zookeeper.LocalZooKeeperConnectionService)
AuthorizationService(org.apache.pulsar.broker.authorization.AuthorizationService)
ShutdownService(org.apache.pulsar.zookeeper.ZooKeeperSessionWatcher.ShutdownService)
ConfigurationCacheService(org.apache.pulsar.broker.cache.ConfigurationCacheService)
AuthenticationService(org.apache.pulsar.broker.authentication.AuthenticationService)
ServerBootstrap(io.netty.bootstrap.ServerBootstrap)
Example 2 with AuthorizationService
use of org.apache.pulsar.broker.authorization.AuthorizationService in project incubator-pulsar by apache.
the class WebSocketService method start.
public void start() throws PulsarServerException, PulsarClientException, MalformedURLException, ServletException, DeploymentException {
if (isNotBlank(config.getGlobalZookeeperServers())) {
this.globalZkCache = new GlobalZooKeeperCache(getZooKeeperClientFactory(), (int) config.getZooKeeperSessionTimeoutMillis(), config.getGlobalZookeeperServers(), this.orderedExecutor, this.executor);
try {
this.globalZkCache.start();
} catch (IOException e) {
throw new PulsarServerException(e);
}
this.configurationCacheService = new ConfigurationCacheService(getGlobalZkCache());
log.info("Global Zookeeper cache started");
}
// start authorizationService
if (config.isAuthorizationEnabled()) {
if (configurationCacheService == null) {
throw new PulsarServerException("Failed to initialize authorization manager due to empty GlobalZookeeperServers");
}
authorizationService = new AuthorizationService(this.config, configurationCacheService);
}
// start authentication service
authenticationService = new AuthenticationService(this.config);
log.info("Pulsar WebSocket Service started");
}
Also used :
PulsarServerException(org.apache.pulsar.broker.PulsarServerException)
GlobalZooKeeperCache(org.apache.pulsar.zookeeper.GlobalZooKeeperCache)
AuthorizationService(org.apache.pulsar.broker.authorization.AuthorizationService)
ConfigurationCacheService(org.apache.pulsar.broker.cache.ConfigurationCacheService)
IOException(java.io.IOException)
AuthenticationService(org.apache.pulsar.broker.authentication.AuthenticationService)
Example 3 with AuthorizationService
use of org.apache.pulsar.broker.authorization.AuthorizationService in project incubator-pulsar by apache.
the class ServerCnxTest method testProducerCommandWithAuthorizationPositive.
@Test(timeOut = 30000)
public void testProducerCommandWithAuthorizationPositive() throws Exception {
AuthorizationService authorizationService = mock(AuthorizationService.class);
doReturn(CompletableFuture.completedFuture(true)).when(authorizationService).canProduceAsync(Mockito.any(), Mockito.any(), Mockito.any());
doReturn(authorizationService).when(brokerService).getAuthorizationService();
doReturn(true).when(brokerService).isAuthenticationEnabled();
resetChannel();
setChannelConnected();
// test PRODUCER success case
ByteBuf clientCommand = Commands.newProducer(successTopicName, 1, /* producer id */
1, /* request id */
"prod-name", Collections.emptyMap());
channel.writeInbound(clientCommand);
assertEquals(getResponse().getClass(), CommandProducerSuccess.class);
PersistentTopic topicRef = (PersistentTopic) brokerService.getTopicReference(successTopicName);
assertNotNull(topicRef);
assertEquals(topicRef.getProducers().size(), 1);
channel.finish();
assertEquals(topicRef.getProducers().size(), 0);
}
Also used :
AuthorizationService(org.apache.pulsar.broker.authorization.AuthorizationService)
PersistentTopic(org.apache.pulsar.broker.service.persistent.PersistentTopic)
ByteBuf(io.netty.buffer.ByteBuf)
Test(org.testng.annotations.Test)
Example 4 with AuthorizationService
use of org.apache.pulsar.broker.authorization.AuthorizationService in project incubator-pulsar by apache.
the class ServerCnxTest method testSubscribeCommandWithAuthorizationNegative.
@Test(timeOut = 30000)
public void testSubscribeCommandWithAuthorizationNegative() throws Exception {
AuthorizationService authorizationService = mock(AuthorizationService.class);
doReturn(CompletableFuture.completedFuture(false)).when(authorizationService).canConsumeAsync(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any());
doReturn(authorizationService).when(brokerService).getAuthorizationService();
doReturn(true).when(brokerService).isAuthenticationEnabled();
doReturn(true).when(brokerService).isAuthorizationEnabled();
resetChannel();
setChannelConnected();
// test SUBSCRIBE on topic and cursor creation success
ByteBuf clientCommand = //
Commands.newSubscribe(//
successTopicName, successSubName, 1, /* consumer id */
1, /* request id */
SubType.Exclusive, 0, "test");
channel.writeInbound(clientCommand);
assertTrue(getResponse() instanceof CommandError);
channel.finish();
}
Also used :
AuthorizationService(org.apache.pulsar.broker.authorization.AuthorizationService)
CommandError(org.apache.pulsar.common.api.proto.PulsarApi.CommandError)
ByteBuf(io.netty.buffer.ByteBuf)
Test(org.testng.annotations.Test)
Example 5 with AuthorizationService
use of org.apache.pulsar.broker.authorization.AuthorizationService in project incubator-pulsar by apache.
the class ServerCnxTest method testNonExistentTopic.
@Test(timeOut = 30000)
public void testNonExistentTopic() throws Exception {
ZooKeeperDataCache<Policies> zkDataCache = mock(ZooKeeperDataCache.class);
ConfigurationCacheService configCacheService = mock(ConfigurationCacheService.class);
doReturn(configCacheService).when(pulsar).getConfigurationCache();
doReturn(zkDataCache).when(configCacheService).policiesCache();
doReturn(CompletableFuture.completedFuture(Optional.empty())).when(zkDataCache).getAsync(matches(".*nonexistent.*"));
AuthorizationService authorizationService = spy(new AuthorizationService(svcConfig, configCacheService));
doReturn(authorizationService).when(brokerService).getAuthorizationService();
doReturn(true).when(brokerService).isAuthorizationEnabled();
svcConfig.setAuthorizationEnabled(true);
Field providerField = AuthorizationService.class.getDeclaredField("provider");
providerField.setAccessible(true);
PulsarAuthorizationProvider authorizationProvider = spy(new PulsarAuthorizationProvider(svcConfig, configCacheService));
providerField.set(authorizationService, authorizationProvider);
doReturn(false).when(authorizationProvider).isSuperUser(Mockito.anyString());
// Test producer creation
resetChannel();
setChannelConnected();
ByteBuf newProducerCmd = Commands.newProducer(nonExistentTopicName, 1, /* producer id */
1, /* request id */
"prod-name", Collections.emptyMap());
channel.writeInbound(newProducerCmd);
assertTrue(getResponse() instanceof CommandError);
channel.finish();
// Test consumer creation
resetChannel();
setChannelConnected();
ByteBuf newSubscribeCmd = //
Commands.newSubscribe(//
nonExistentTopicName, successSubName, 1, /* consumer id */
1, /* request id */
SubType.Exclusive, 0, "test");
channel.writeInbound(newSubscribeCmd);
assertTrue(getResponse() instanceof CommandError);
}
Also used :
Field(java.lang.reflect.Field)
Policies(org.apache.pulsar.common.policies.data.Policies)
AuthorizationService(org.apache.pulsar.broker.authorization.AuthorizationService)
ConfigurationCacheService(org.apache.pulsar.broker.cache.ConfigurationCacheService)
PulsarAuthorizationProvider(org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider)
CommandError(org.apache.pulsar.common.api.proto.PulsarApi.CommandError)
ByteBuf(io.netty.buffer.ByteBuf)
Test(org.testng.annotations.Test)
Aggregations
AuthorizationService (org.apache.pulsar.broker.authorization.AuthorizationService)14
Test (org.testng.annotations.Test)10
ByteBuf (io.netty.buffer.ByteBuf)7
ConfigurationCacheService (org.apache.pulsar.broker.cache.ConfigurationCacheService)4
CommandError (org.apache.pulsar.common.api.proto.PulsarApi.CommandError)4
Field (java.lang.reflect.Field)3
AuthenticationService (org.apache.pulsar.broker.authentication.AuthenticationService)3
PulsarAuthorizationProvider (org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider)3
TopicName (org.apache.pulsar.common.naming.TopicName)3
AuthAction (org.apache.pulsar.common.policies.data.AuthAction)3
ServiceConfiguration (org.apache.pulsar.broker.ServiceConfiguration)2
PersistentTopic (org.apache.pulsar.broker.service.persistent.PersistentTopic)2
CommandProducerSuccess (org.apache.pulsar.common.api.proto.PulsarApi.CommandProducerSuccess)2
CommandSuccess (org.apache.pulsar.common.api.proto.PulsarApi.CommandSuccess)2
ClusterData (org.apache.pulsar.common.policies.data.ClusterData)2
PropertyAdmin (org.apache.pulsar.common.policies.data.PropertyAdmin)2
ServerBootstrap (io.netty.bootstrap.ServerBootstrap)1
AdaptiveRecvByteBufAllocator (io.netty.channel.AdaptiveRecvByteBufAllocator)1
IOException (java.io.IOException)1
PulsarServerException (org.apache.pulsar.broker.PulsarServerException)1
