Search in sources :

Example 1 with CommandLookupTopic

use of org.apache.pulsar.common.api.proto.PulsarApi.CommandLookupTopic in project incubator-pulsar by apache.

the class ServerCnx method handleLookup.

// ////
// // Incoming commands handling
// ////
@Override
protected void handleLookup(CommandLookupTopic lookup) {
    final long requestId = lookup.getRequestId();
    final boolean authoritative = lookup.getAuthoritative();
    if (log.isDebugEnabled()) {
        log.debug("[{}] Received Lookup from {} for {}", lookup.getTopic(), remoteAddress, requestId);
    }
    TopicName topicName = validateTopicName(lookup.getTopic(), requestId, lookup);
    if (topicName == null) {
        return;
    }
    String originalPrincipal = null;
    if (authenticateOriginalAuthData && lookup.hasOriginalAuthData()) {
        originalPrincipal = validateOriginalPrincipal(lookup.hasOriginalAuthData() ? lookup.getOriginalAuthData() : null, lookup.hasOriginalAuthMethod() ? lookup.getOriginalAuthMethod() : null, lookup.hasOriginalPrincipal() ? lookup.getOriginalPrincipal() : this.originalPrincipal, requestId, lookup);
        if (originalPrincipal == null) {
            return;
        }
    } else {
        originalPrincipal = lookup.hasOriginalPrincipal() ? lookup.getOriginalPrincipal() : this.originalPrincipal;
    }
    final Semaphore lookupSemaphore = service.getLookupRequestSemaphore();
    if (lookupSemaphore.tryAcquire()) {
        if (invalidOriginalPrincipal(originalPrincipal)) {
            final String msg = "Valid Proxy Client role should be provided for lookup ";
            log.warn("[{}] {} with role {} and proxyClientAuthRole {} on topic {}", remoteAddress, msg, authRole, originalPrincipal, topicName);
            ctx.writeAndFlush(newLookupErrorResponse(ServerError.AuthorizationError, msg, requestId));
            lookupSemaphore.release();
            return;
        }
        CompletableFuture<Boolean> isProxyAuthorizedFuture;
        if (service.isAuthorizationEnabled() && originalPrincipal != null) {
            isProxyAuthorizedFuture = service.getAuthorizationService().canLookupAsync(topicName, authRole, authenticationData);
        } else {
            isProxyAuthorizedFuture = CompletableFuture.completedFuture(true);
        }
        String finalOriginalPrincipal = originalPrincipal;
        isProxyAuthorizedFuture.thenApply(isProxyAuthorized -> {
            if (isProxyAuthorized) {
                lookupTopicAsync(getBrokerService().pulsar(), topicName, authoritative, finalOriginalPrincipal != null ? finalOriginalPrincipal : authRole, authenticationData, requestId).handle((lookupResponse, ex) -> {
                    if (ex == null) {
                        ctx.writeAndFlush(lookupResponse);
                    } else {
                        // it should never happen
                        log.warn("[{}] lookup failed with error {}, {}", remoteAddress, topicName, ex.getMessage(), ex);
                        ctx.writeAndFlush(newLookupErrorResponse(ServerError.ServiceNotReady, ex.getMessage(), requestId));
                    }
                    lookupSemaphore.release();
                    return null;
                });
            } else {
                final String msg = "Proxy Client is not authorized to Lookup";
                log.warn("[{}] {} with role {} on topic {}", remoteAddress, msg, authRole, topicName);
                ctx.writeAndFlush(newLookupErrorResponse(ServerError.AuthorizationError, msg, requestId));
                lookupSemaphore.release();
            }
            return null;
        }).exceptionally(ex -> {
            final String msg = "Exception occured while trying to authorize lookup";
            log.warn("[{}] {} with role {} on topic {}", remoteAddress, msg, authRole, topicName, ex);
            ctx.writeAndFlush(newLookupErrorResponse(ServerError.AuthorizationError, msg, requestId));
            lookupSemaphore.release();
            return null;
        });
    } else {
        if (log.isDebugEnabled()) {
            log.debug("[{}] Failed lookup due to too many lookup-requests {}", remoteAddress, topicName);
        }
        ctx.writeAndFlush(newLookupErrorResponse(ServerError.TooManyRequests, "Failed due to too many pending lookup requests", requestId));
    }
}
Also used : PulsarApi(org.apache.pulsar.common.api.proto.PulsarApi) ServiceUnitNotReadyException(org.apache.pulsar.broker.service.BrokerServiceException.ServiceUnitNotReadyException) CommandUtils(org.apache.pulsar.common.api.CommandUtils) SocketAddress(java.net.SocketAddress) PersistentTopicsBase.getPartitionedTopicMetadata(org.apache.pulsar.broker.admin.impl.PersistentTopicsBase.getPartitionedTopicMetadata) SchemaVersion(org.apache.pulsar.common.schema.SchemaVersion) CommandAck(org.apache.pulsar.common.api.proto.PulsarApi.CommandAck) LoggerFactory(org.slf4j.LoggerFactory) AuthenticationException(javax.naming.AuthenticationException) StringUtils(org.apache.commons.lang3.StringUtils) CommandCloseConsumer(org.apache.pulsar.common.api.proto.PulsarApi.CommandCloseConsumer) CommandGetLastMessageId(org.apache.pulsar.common.api.proto.PulsarApi.CommandGetLastMessageId) CommandSend(org.apache.pulsar.common.api.proto.PulsarApi.CommandSend) ServerError(org.apache.pulsar.common.api.proto.PulsarApi.ServerError) Preconditions.checkArgument(com.google.common.base.Preconditions.checkArgument) PulsarHandler(org.apache.pulsar.common.api.PulsarHandler) Map(java.util.Map) RestException(org.apache.pulsar.broker.web.RestException) NamespaceName(org.apache.pulsar.common.naming.NamespaceName) CommandGetTopicsOfNamespace(org.apache.pulsar.common.api.proto.PulsarApi.CommandGetTopicsOfNamespace) PulsarClientException(org.apache.pulsar.client.api.PulsarClientException) ProtocolVersion.v5(org.apache.pulsar.common.api.proto.PulsarApi.ProtocolVersion.v5) PositionImpl(org.apache.bookkeeper.mledger.impl.PositionImpl) CommandConnect(org.apache.pulsar.common.api.proto.PulsarApi.CommandConnect) Commands(org.apache.pulsar.common.api.Commands) Commands.newLookupErrorResponse(org.apache.pulsar.common.api.Commands.newLookupErrorResponse) CommandSubscribe(org.apache.pulsar.common.api.proto.PulsarApi.CommandSubscribe) Set(java.util.Set) CommandRedeliverUnacknowledgedMessages(org.apache.pulsar.common.api.proto.PulsarApi.CommandRedeliverUnacknowledgedMessages) Position(org.apache.bookkeeper.mledger.Position) CommandCloseProducer(org.apache.pulsar.common.api.proto.PulsarApi.CommandCloseProducer) CommandFlow(org.apache.pulsar.common.api.proto.PulsarApi.CommandFlow) Collectors(java.util.stream.Collectors) AuthenticationDataSource(org.apache.pulsar.broker.authentication.AuthenticationDataSource) MessageIdImpl(org.apache.pulsar.client.impl.MessageIdImpl) List(java.util.List) StringUtils.isNotBlank(org.apache.commons.lang3.StringUtils.isNotBlank) BatchMessageIdImpl(org.apache.pulsar.client.impl.BatchMessageIdImpl) SafeRun(org.apache.bookkeeper.mledger.util.SafeRun) SslHandler(io.netty.handler.ssl.SslHandler) SchemaData(org.apache.pulsar.common.schema.SchemaData) CommandConsumerStatsResponse(org.apache.pulsar.common.api.proto.PulsarApi.CommandConsumerStatsResponse) CommandPartitionedTopicMetadata(org.apache.pulsar.common.api.proto.PulsarApi.CommandPartitionedTopicMetadata) MessageIdData(org.apache.pulsar.common.api.proto.PulsarApi.MessageIdData) ClientCnx(org.apache.pulsar.client.impl.ClientCnx) TopicName(org.apache.pulsar.common.naming.TopicName) ChannelOption(io.netty.channel.ChannelOption) CommandConsumerStats(org.apache.pulsar.common.api.proto.PulsarApi.CommandConsumerStats) GeneratedMessageLite(com.google.protobuf.GeneratedMessageLite) BacklogQuota(org.apache.pulsar.common.policies.data.BacklogQuota) CompletableFuture(java.util.concurrent.CompletableFuture) ProtocolVersion(org.apache.pulsar.common.api.proto.PulsarApi.ProtocolVersion) SchemaType(org.apache.pulsar.common.schema.SchemaType) ChannelHandlerContext(io.netty.channel.ChannelHandlerContext) ServerMetadataException(org.apache.pulsar.broker.service.BrokerServiceException.ServerMetadataException) SSLSession(javax.net.ssl.SSLSession) ByteBuf(io.netty.buffer.ByteBuf) MessageMetadata(org.apache.pulsar.common.api.proto.PulsarApi.MessageMetadata) CommandProducer(org.apache.pulsar.common.api.proto.PulsarApi.CommandProducer) CommandSeek(org.apache.pulsar.common.api.proto.PulsarApi.CommandSeek) AuthenticationDataCommand(org.apache.pulsar.broker.authentication.AuthenticationDataCommand) Metadata(org.apache.pulsar.common.naming.Metadata) Logger(org.slf4j.Logger) SubType(org.apache.pulsar.common.api.proto.PulsarApi.CommandSubscribe.SubType) Semaphore(java.util.concurrent.Semaphore) CommandLookupTopic(org.apache.pulsar.common.api.proto.PulsarApi.CommandLookupTopic) TimeUnit(java.util.concurrent.TimeUnit) CommandUnsubscribe(org.apache.pulsar.common.api.proto.PulsarApi.CommandUnsubscribe) ConcurrentLongHashMap(org.apache.pulsar.common.util.collections.ConcurrentLongHashMap) TopicLookup.lookupTopicAsync(org.apache.pulsar.broker.lookup.TopicLookup.lookupTopicAsync) PulsarServerException(org.apache.pulsar.broker.PulsarServerException) ConsumerBusyException(org.apache.pulsar.broker.service.BrokerServiceException.ConsumerBusyException) ChannelHandler(io.netty.channel.ChannelHandler) ConsumerStats(org.apache.pulsar.common.policies.data.ConsumerStats) InitialPosition(org.apache.pulsar.common.api.proto.PulsarApi.CommandSubscribe.InitialPosition) Semaphore(java.util.concurrent.Semaphore) TopicName(org.apache.pulsar.common.naming.TopicName)

Example 2 with CommandLookupTopic

use of org.apache.pulsar.common.api.proto.PulsarApi.CommandLookupTopic in project incubator-pulsar by apache.

the class Commands method newLookup.

public static ByteBuf newLookup(String topic, boolean authoritative, String originalAuthRole, String originalAuthData, String originalAuthMethod, long requestId) {
    CommandLookupTopic.Builder lookupTopicBuilder = CommandLookupTopic.newBuilder();
    lookupTopicBuilder.setTopic(topic);
    lookupTopicBuilder.setRequestId(requestId);
    lookupTopicBuilder.setAuthoritative(authoritative);
    if (originalAuthRole != null) {
        lookupTopicBuilder.setOriginalPrincipal(originalAuthRole);
    }
    if (originalAuthData != null) {
        lookupTopicBuilder.setOriginalAuthData(originalAuthData);
    }
    if (originalAuthMethod != null) {
        lookupTopicBuilder.setOriginalAuthMethod(originalAuthMethod);
    }
    CommandLookupTopic lookupBroker = lookupTopicBuilder.build();
    ByteBuf res = serializeWithSize(BaseCommand.newBuilder().setType(Type.LOOKUP).setLookupTopic(lookupBroker));
    lookupTopicBuilder.recycle();
    lookupBroker.recycle();
    return res;
}
Also used : CommandLookupTopic(org.apache.pulsar.common.api.proto.PulsarApi.CommandLookupTopic) ByteBuf(io.netty.buffer.ByteBuf)

Example 3 with CommandLookupTopic

use of org.apache.pulsar.common.api.proto.PulsarApi.CommandLookupTopic in project incubator-pulsar by apache.

the class ServerCnx method validateOriginalPrincipal.

private String validateOriginalPrincipal(String originalAuthData, String originalAuthMethod, String originalPrincipal, Long requestId, GeneratedMessageLite request) {
    ChannelHandler sslHandler = ctx.channel().pipeline().get(PulsarChannelInitializer.TLS_HANDLER);
    SSLSession sslSession = null;
    if (sslHandler != null) {
        sslSession = ((SslHandler) sslHandler).engine().getSession();
    }
    try {
        return getOriginalPrincipal(originalAuthData, originalAuthMethod, originalPrincipal, sslSession);
    } catch (AuthenticationException e) {
        String msg = "Unable to authenticate original authdata ";
        log.warn("[{}] {}: {}", remoteAddress, msg, e.getMessage());
        if (request instanceof CommandLookupTopic) {
            ctx.writeAndFlush(newLookupErrorResponse(ServerError.AuthenticationError, msg, requestId));
        } else if (request instanceof CommandPartitionedTopicMetadata) {
            ctx.writeAndFlush(Commands.newPartitionMetadataResponse(ServerError.AuthenticationError, msg, requestId));
        }
        return null;
    }
}
Also used : CommandLookupTopic(org.apache.pulsar.common.api.proto.PulsarApi.CommandLookupTopic) AuthenticationException(javax.naming.AuthenticationException) SSLSession(javax.net.ssl.SSLSession) ChannelHandler(io.netty.channel.ChannelHandler) SslHandler(io.netty.handler.ssl.SslHandler) CommandPartitionedTopicMetadata(org.apache.pulsar.common.api.proto.PulsarApi.CommandPartitionedTopicMetadata)

Aggregations

ByteBuf (io.netty.buffer.ByteBuf)2 ChannelHandler (io.netty.channel.ChannelHandler)2 SslHandler (io.netty.handler.ssl.SslHandler)2 AuthenticationException (javax.naming.AuthenticationException)2 SSLSession (javax.net.ssl.SSLSession)2 CommandLookupTopic (org.apache.pulsar.common.api.proto.PulsarApi.CommandLookupTopic)2 Preconditions.checkArgument (com.google.common.base.Preconditions.checkArgument)1 GeneratedMessageLite (com.google.protobuf.GeneratedMessageLite)1 ChannelHandlerContext (io.netty.channel.ChannelHandlerContext)1 ChannelOption (io.netty.channel.ChannelOption)1 SocketAddress (java.net.SocketAddress)1 List (java.util.List)1 Map (java.util.Map)1 Set (java.util.Set)1 CompletableFuture (java.util.concurrent.CompletableFuture)1 Semaphore (java.util.concurrent.Semaphore)1 TimeUnit (java.util.concurrent.TimeUnit)1 Collectors (java.util.stream.Collectors)1 Position (org.apache.bookkeeper.mledger.Position)1 PositionImpl (org.apache.bookkeeper.mledger.impl.PositionImpl)1