congrats Icon
New! Announcing Tabnine Chat Beta
Learn More
Tabnine Logo
AuthorizationUtils
Code IndexAdd Tabnine to your IDE (free)

How to use
AuthorizationUtils
in
org.apache.druid.server.security

Best Java code snippets using org.apache.druid.server.security.AuthorizationUtils (Showing top 20 results out of 315)

origin: apache/incubator-druid

/**
 * Check a resource-action using the authorization fields from the request.
 *
 * Otherwise, if the resource-actions is authorized, return ACCESS_OK.
 *
 * This function will set the DRUID_AUTHORIZATION_CHECKED attribute in the request.
 *
 * If this attribute is already set when this function is called, an exception is thrown.
 *
 * @param request          HTTP request to be authorized
 * @param resourceAction   A resource identifier and the action to be taken the resource.
 * @param authorizerMapper The singleton AuthorizerMapper instance
 *
 * @return ACCESS_OK or the failed Access object returned by the Authorizer that checked the request.
 */
public static Access authorizeResourceAction(
  final HttpServletRequest request,
  final ResourceAction resourceAction,
  final AuthorizerMapper authorizerMapper
)
{
 return authorizeAllResourceActions(
   request,
   Collections.singletonList(resourceAction),
   authorizerMapper
 );
}
origin: apache/incubator-druid

Access accessResult = AuthorizationUtils.authorizeResourceAction(
  req,
  new ResourceAction(
origin: apache/incubator-druid

@GET
@Produces(MediaType.APPLICATION_JSON)
public Iterable<String> getDataSources(@Context final HttpServletRequest request)
{
 Function<String, Iterable<ResourceAction>> raGenerator = datasourceName -> {
  return Collections.singletonList(AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR.apply(datasourceName));
 };
 return AuthorizationUtils.filterAuthorizedResources(
   request,
   getAllDataSources(),
   raGenerator,
   authorizerMapper
 );
}
origin: apache/incubator-druid

final AuthenticationResult authenticationResult = authenticationResultFromRequest(request);
final Iterable<ResType> filteredResources = filterAuthorizedResources(
  authenticationResult,
  resources,
origin: apache/incubator-druid

Access access = authorizeAllResourceActions(
  authenticationResultFromRequest(request),
  resourceActions,
  authorizerMapper
origin: apache/incubator-druid

public PlannerContext plan(HttpServletRequest req)
  throws SqlParseException, RelConversionException, ValidationException
{
 synchronized (lock) {
  this.req = req;
  return plan(AuthorizationUtils.authenticationResultFromRequest(req));
 }
}
origin: apache/incubator-druid

/**
 * Authorize the query. Will return an Access object denoting whether the query is authorized or not.
 *
 * @param req HTTP request object of the request. If provided, the auth-related fields in the HTTP request
 *            will be automatically set.
 *
 * @return authorization result
 */
public Access authorize(HttpServletRequest req)
{
 transition(State.INITIALIZED, State.AUTHORIZING);
 return doAuthorize(
   AuthorizationUtils.authenticationResultFromRequest(req),
   AuthorizationUtils.authorizeAllResourceActions(
     req,
     Iterables.transform(
       baseQuery.getDataSource().getNames(),
       AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR
     ),
     authorizerMapper
   )
 );
}
origin: apache/incubator-druid

final AuthenticationResult authenticationResult = AuthorizationUtils.authenticationResultFromRequest(request);
   AuthorizationUtils.filterAuthorizedResources(
     authenticationResult,
     entry.getValue(),
origin: apache/incubator-druid

@GET
@Path("/history")
@Produces(MediaType.APPLICATION_JSON)
public Response specGetAllHistory(@Context final HttpServletRequest req)
{
 return asLeaderWithSupervisorManager(
   manager -> Response.ok(
     AuthorizationUtils.filterAuthorizedResources(
       req,
       manager.getSupervisorHistory(),
       SPEC_DATASOURCE_READ_RA_GENERATOR,
       authorizerMapper
     )
   ).build()
 );
}
origin: apache/incubator-druid

Access accessResult = AuthorizationUtils.authorizeResourceAction(
  req,
  new ResourceAction(
origin: apache/incubator-druid

@DELETE
@Path("{id}")
@Produces(MediaType.APPLICATION_JSON)
public Response cancelQuery(@PathParam("id") String queryId, @Context final HttpServletRequest req)
{
 if (log.isDebugEnabled()) {
  log.debug("Received cancel request for query [%s]", queryId);
 }
 Set<String> datasources = queryManager.getQueryDatasources(queryId);
 if (datasources == null) {
  log.warn("QueryId [%s] not registered with QueryManager, cannot cancel", queryId);
  datasources = new TreeSet<>();
 }
 Access authResult = AuthorizationUtils.authorizeAllResourceActions(
   req,
   Iterables.transform(datasources, AuthorizationUtils.DATASOURCE_WRITE_RA_GENERATOR),
   authorizerMapper
 );
 if (!authResult.isAllowed()) {
  throw new ForbiddenException(authResult.toString());
 }
 queryManager.cancelQuery(queryId);
 return Response.status(Response.Status.ACCEPTED).build();
}
origin: org.apache.druid/druid-server

Access access = authorizeAllResourceActions(
  authenticationResultFromRequest(request),
  resourceActions,
  authorizerMapper
origin: org.apache.druid/druid-server

final AuthenticationResult authenticationResult = authenticationResultFromRequest(request);
final Iterable<ResType> filteredResources = filterAuthorizedResources(
  authenticationResult,
  resources,
origin: apache/incubator-druid

private Iterator<Entry<DataSegment, SegmentMetadataHolder>> getAuthorizedAvailableSegments(
  Iterator<Entry<DataSegment, SegmentMetadataHolder>> availableSegmentEntries,
  DataContext root
)
{
 final AuthenticationResult authenticationResult =
   (AuthenticationResult) root.get(PlannerContext.DATA_CTX_AUTHENTICATION_RESULT);
 Function<Entry<DataSegment, SegmentMetadataHolder>, Iterable<ResourceAction>> raGenerator = segment -> Collections
   .singletonList(AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR.apply(segment.getKey().getDataSource()));
 final Iterable<Entry<DataSegment, SegmentMetadataHolder>> authorizedSegments =
   AuthorizationUtils.filterAuthorizedResources(
     authenticationResult,
     () -> availableSegmentEntries,
     raGenerator,
     authorizerMapper
   );
 return authorizedSegments.iterator();
}
origin: apache/incubator-druid

 @Override
 public ContainerRequest filter(ContainerRequest request)
 {
  final ResourceAction resourceAction = new ResourceAction(
    new Resource(SECURITY_RESOURCE_NAME, ResourceType.CONFIG),
    getAction(request)
  );

  final Access authResult = AuthorizationUtils.authorizeResourceAction(
    getReq(),
    resourceAction,
    getAuthorizerMapper()
  );

  if (!authResult.isAllowed()) {
   throw new WebApplicationException(
     Response.status(Response.Status.FORBIDDEN)
         .entity(StringUtils.format("Access-Check-Result: %s", authResult.toString()))
         .build()
   );
  }

  return request;
 }
}
origin: apache/incubator-druid

@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public Response specPost(final SupervisorSpec spec, @Context final HttpServletRequest req)
{
 return asLeaderWithSupervisorManager(
   manager -> {
    Preconditions.checkArgument(
      spec.getDataSources() != null && spec.getDataSources().size() > 0,
      "No dataSources found to perform authorization checks"
    );
    Access authResult = AuthorizationUtils.authorizeAllResourceActions(
      req,
      Iterables.transform(spec.getDataSources(), AuthorizationUtils.DATASOURCE_WRITE_RA_GENERATOR),
      authorizerMapper
    );
    if (!authResult.isAllowed()) {
     throw new ForbiddenException(authResult.toString());
    }
    manager.createOrUpdateAndStartSupervisor(spec);
    return Response.ok(ImmutableMap.of("id", spec.getId())).build();
   }
 );
}
origin: org.apache.druid/druid-server

/**
 * Authorize the query. Will return an Access object denoting whether the query is authorized or not.
 *
 * @param req HTTP request object of the request. If provided, the auth-related fields in the HTTP request
 *            will be automatically set.
 *
 * @return authorization result
 */
public Access authorize(HttpServletRequest req)
{
 transition(State.INITIALIZED, State.AUTHORIZING);
 return doAuthorize(
   AuthorizationUtils.authenticationResultFromRequest(req),
   AuthorizationUtils.authorizeAllResourceActions(
     req,
     Iterables.transform(
       baseQuery.getDataSource().getNames(),
       AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR
     ),
     authorizerMapper
   )
 );
}
origin: org.apache.druid/druid-server

final AuthenticationResult authenticationResult = AuthorizationUtils.authenticationResultFromRequest(request);
   AuthorizationUtils.filterAuthorizedResources(
     authenticationResult,
     entry.getValue(),
origin: apache/incubator-druid

private CloseableIterator<DataSegment> getAuthorizedPublishedSegments(
  JsonParserIterator<DataSegment> it,
  DataContext root
)
{
 final AuthenticationResult authenticationResult =
   (AuthenticationResult) root.get(PlannerContext.DATA_CTX_AUTHENTICATION_RESULT);
 Function<DataSegment, Iterable<ResourceAction>> raGenerator = segment -> Collections.singletonList(
   AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR.apply(segment.getDataSource()));
 final Iterable<DataSegment> authorizedSegments = AuthorizationUtils.filterAuthorizedResources(
   authenticationResult,
   () -> it,
   raGenerator,
   authorizerMapper
 );
 return wrap(authorizedSegments.iterator(), it);
}
origin: apache/incubator-druid

);
Access authResult = AuthorizationUtils.authorizeResourceAction(
  req,
  resourceAction,
org.apache.druid.server.securityAuthorizationUtils

Javadoc

Static utility functions for performing authorization checks.

Most used methods

  • authorizeAllResourceActions
    Check a list of resource-actions to be performed by the identity represented by authenticationResult
  • authorizeResourceAction
    Check a resource-action using the authorization fields from the request. Otherwise, if the resource-
  • filterAuthorizedResources
    Filter a collection of resources by applying the resourceActionGenerator to each resource, return an
  • authenticationResultFromRequest
    Returns the authentication information for a request.

Popular in Java

  • Updating database using SQL prepared statement
  • putExtra (Intent)
  • getSystemService (Context)
  • onRequestPermissionsResult (Fragment)
  • System (java.lang)
    Provides access to system-related information and resources including standard input and output. Ena
  • Timestamp (java.sql)
    A Java representation of the SQL TIMESTAMP type. It provides the capability of representing the SQL
  • SimpleDateFormat (java.text)
    Formats and parses dates in a locale-sensitive manner. Formatting turns a Date into a String, and pa
  • ConcurrentHashMap (java.util.concurrent)
    A plug-in replacement for JDK1.5 java.util.concurrent.ConcurrentHashMap. This version is based on or
  • Pattern (java.util.regex)
    Patterns are compiled regular expressions. In many cases, convenience methods such as String#matches
  • StringUtils (org.apache.commons.lang)
    Operations on java.lang.String that arenull safe. * IsEmpty/IsBlank - checks if a String contains
  • Top Sublime Text plugins
Tabnine Logo
  • Products

    Search for Java codeSearch for JavaScript code
  • IDE Plugins

    IntelliJ IDEAWebStormVisual StudioAndroid StudioEclipseVisual Studio CodePyCharmSublime TextPhpStormVimGoLandRubyMineEmacsJupyter NotebookJupyter LabRiderDataGripAppCode
  • Company

    About UsContact UsCareers
  • Resources

    FAQBlogTabnine AcademyTerms of usePrivacy policyJava Code IndexJavascript Code Index
Get Tabnine for your IDE now