use of org.apache.pulsar.broker.authorization.AuthorizationService in project incubator-pulsar by apache.
the class ProxyService method start.
public void start() throws Exception {
ServiceConfiguration serviceConfiguration = PulsarConfigurationLoader.convertFrom(proxyConfig);
authenticationService = new AuthenticationService(serviceConfiguration);
if (!isBlank(proxyConfig.getZookeeperServers()) && !isBlank(proxyConfig.getGlobalZookeeperServers())) {
localZooKeeperConnectionService = new LocalZooKeeperConnectionService(getZooKeeperClientFactory(), proxyConfig.getZookeeperServers(), proxyConfig.getZookeeperSessionTimeoutMs());
localZooKeeperConnectionService.start(new ShutdownService() {
@Override
public void shutdown(int exitCode) {
LOG.error("Lost local ZK session. Shutting down the proxy");
Runtime.getRuntime().halt(-1);
}
});
discoveryProvider = new BrokerDiscoveryProvider(this.proxyConfig, getZooKeeperClientFactory());
this.configurationCacheService = new ConfigurationCacheService(discoveryProvider.globalZkCache);
authorizationService = new AuthorizationService(serviceConfiguration, configurationCacheService);
}
ServerBootstrap bootstrap = new ServerBootstrap();
bootstrap.childOption(ChannelOption.ALLOCATOR, PooledByteBufAllocator.DEFAULT);
bootstrap.group(acceptorGroup, workerGroup);
bootstrap.childOption(ChannelOption.TCP_NODELAY, true);
bootstrap.childOption(ChannelOption.RCVBUF_ALLOCATOR, new AdaptiveRecvByteBufAllocator(1024, 16 * 1024, 1 * 1024 * 1024));
bootstrap.channel(EventLoopUtil.getServerSocketChannelClass(workerGroup));
EventLoopUtil.enableTriggeredMode(bootstrap);
bootstrap.childHandler(new ServiceChannelInitializer(this, proxyConfig, false));
// Bind and start to accept incoming connections.
bootstrap.bind(proxyConfig.getServicePort()).sync();
LOG.info("Started Pulsar Proxy at {}", serviceUrl);
if (proxyConfig.isTlsEnabledInProxy()) {
ServerBootstrap tlsBootstrap = bootstrap.clone();
tlsBootstrap.childHandler(new ServiceChannelInitializer(this, proxyConfig, true));
tlsBootstrap.bind(proxyConfig.getServicePortTls()).sync();
LOG.info("Started Pulsar TLS Proxy on port {}", proxyConfig.getServicePortTls());
}
}
use of org.apache.pulsar.broker.authorization.AuthorizationService in project incubator-pulsar by apache.
the class WebSocketService method start.
public void start() throws PulsarServerException, PulsarClientException, MalformedURLException, ServletException, DeploymentException {
if (isNotBlank(config.getGlobalZookeeperServers())) {
this.globalZkCache = new GlobalZooKeeperCache(getZooKeeperClientFactory(), (int) config.getZooKeeperSessionTimeoutMillis(), config.getGlobalZookeeperServers(), this.orderedExecutor, this.executor);
try {
this.globalZkCache.start();
} catch (IOException e) {
throw new PulsarServerException(e);
}
this.configurationCacheService = new ConfigurationCacheService(getGlobalZkCache());
log.info("Global Zookeeper cache started");
}
// start authorizationService
if (config.isAuthorizationEnabled()) {
if (configurationCacheService == null) {
throw new PulsarServerException("Failed to initialize authorization manager due to empty GlobalZookeeperServers");
}
authorizationService = new AuthorizationService(this.config, configurationCacheService);
}
// start authentication service
authenticationService = new AuthenticationService(this.config);
log.info("Pulsar WebSocket Service started");
}
use of org.apache.pulsar.broker.authorization.AuthorizationService in project incubator-pulsar by apache.
the class ServerCnxTest method testProducerCommandWithAuthorizationPositive.
@Test(timeOut = 30000)
public void testProducerCommandWithAuthorizationPositive() throws Exception {
AuthorizationService authorizationService = mock(AuthorizationService.class);
doReturn(CompletableFuture.completedFuture(true)).when(authorizationService).canProduceAsync(Mockito.any(), Mockito.any(), Mockito.any());
doReturn(authorizationService).when(brokerService).getAuthorizationService();
doReturn(true).when(brokerService).isAuthenticationEnabled();
resetChannel();
setChannelConnected();
// test PRODUCER success case
ByteBuf clientCommand = Commands.newProducer(successTopicName, 1, /* producer id */
1, /* request id */
"prod-name", Collections.emptyMap());
channel.writeInbound(clientCommand);
assertEquals(getResponse().getClass(), CommandProducerSuccess.class);
PersistentTopic topicRef = (PersistentTopic) brokerService.getTopicReference(successTopicName);
assertNotNull(topicRef);
assertEquals(topicRef.getProducers().size(), 1);
channel.finish();
assertEquals(topicRef.getProducers().size(), 0);
}
use of org.apache.pulsar.broker.authorization.AuthorizationService in project incubator-pulsar by apache.
the class ServerCnxTest method testSubscribeCommandWithAuthorizationNegative.
@Test(timeOut = 30000)
public void testSubscribeCommandWithAuthorizationNegative() throws Exception {
AuthorizationService authorizationService = mock(AuthorizationService.class);
doReturn(CompletableFuture.completedFuture(false)).when(authorizationService).canConsumeAsync(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any());
doReturn(authorizationService).when(brokerService).getAuthorizationService();
doReturn(true).when(brokerService).isAuthenticationEnabled();
doReturn(true).when(brokerService).isAuthorizationEnabled();
resetChannel();
setChannelConnected();
// test SUBSCRIBE on topic and cursor creation success
ByteBuf clientCommand = //
Commands.newSubscribe(//
successTopicName, successSubName, 1, /* consumer id */
1, /* request id */
SubType.Exclusive, 0, "test");
channel.writeInbound(clientCommand);
assertTrue(getResponse() instanceof CommandError);
channel.finish();
}
use of org.apache.pulsar.broker.authorization.AuthorizationService in project incubator-pulsar by apache.
the class ServerCnxTest method testNonExistentTopic.
@Test(timeOut = 30000)
public void testNonExistentTopic() throws Exception {
ZooKeeperDataCache<Policies> zkDataCache = mock(ZooKeeperDataCache.class);
ConfigurationCacheService configCacheService = mock(ConfigurationCacheService.class);
doReturn(configCacheService).when(pulsar).getConfigurationCache();
doReturn(zkDataCache).when(configCacheService).policiesCache();
doReturn(CompletableFuture.completedFuture(Optional.empty())).when(zkDataCache).getAsync(matches(".*nonexistent.*"));
AuthorizationService authorizationService = spy(new AuthorizationService(svcConfig, configCacheService));
doReturn(authorizationService).when(brokerService).getAuthorizationService();
doReturn(true).when(brokerService).isAuthorizationEnabled();
svcConfig.setAuthorizationEnabled(true);
Field providerField = AuthorizationService.class.getDeclaredField("provider");
providerField.setAccessible(true);
PulsarAuthorizationProvider authorizationProvider = spy(new PulsarAuthorizationProvider(svcConfig, configCacheService));
providerField.set(authorizationService, authorizationProvider);
doReturn(false).when(authorizationProvider).isSuperUser(Mockito.anyString());
// Test producer creation
resetChannel();
setChannelConnected();
ByteBuf newProducerCmd = Commands.newProducer(nonExistentTopicName, 1, /* producer id */
1, /* request id */
"prod-name", Collections.emptyMap());
channel.writeInbound(newProducerCmd);
assertTrue(getResponse() instanceof CommandError);
channel.finish();
// Test consumer creation
resetChannel();
setChannelConnected();
ByteBuf newSubscribeCmd = //
Commands.newSubscribe(//
nonExistentTopicName, successSubName, 1, /* consumer id */
1, /* request id */
SubType.Exclusive, 0, "test");
channel.writeInbound(newSubscribeCmd);
assertTrue(getResponse() instanceof CommandError);
}
Aggregations