Tabnine Logo
AuthorizationUtils
Code IndexAdd Tabnine to your IDE (free)

How to use
AuthorizationUtils
in
org.apache.druid.server.security

Best Java code snippets using org.apache.druid.server.security.AuthorizationUtils (Showing top 20 results out of 315)

  • Add the Codota plugin to your IDE and get smart completions
private void myMethod () {
 BufferedReader b =
  • Codota IconInputStream in;new BufferedReader(new InputStreamReader(in))
  • Codota IconReader in;new BufferedReader(in)
  • Codota IconFile file;new BufferedReader(new FileReader(file))
  • Smart code suggestions by Tabnine
}
origin: apache/incubator-druid

/**
 * Check a resource-action using the authorization fields from the request.
 *
 * Otherwise, if the resource-actions is authorized, return ACCESS_OK.
 *
 * This function will set the DRUID_AUTHORIZATION_CHECKED attribute in the request.
 *
 * If this attribute is already set when this function is called, an exception is thrown.
 *
 * @param request          HTTP request to be authorized
 * @param resourceAction   A resource identifier and the action to be taken the resource.
 * @param authorizerMapper The singleton AuthorizerMapper instance
 *
 * @return ACCESS_OK or the failed Access object returned by the Authorizer that checked the request.
 */
public static Access authorizeResourceAction(
  final HttpServletRequest request,
  final ResourceAction resourceAction,
  final AuthorizerMapper authorizerMapper
)
{
 return authorizeAllResourceActions(
   request,
   Collections.singletonList(resourceAction),
   authorizerMapper
 );
}
origin: apache/incubator-druid

Access accessResult = AuthorizationUtils.authorizeResourceAction(
  req,
  new ResourceAction(
origin: apache/incubator-druid

@GET
@Produces(MediaType.APPLICATION_JSON)
public Iterable<String> getDataSources(@Context final HttpServletRequest request)
{
 Function<String, Iterable<ResourceAction>> raGenerator = datasourceName -> {
  return Collections.singletonList(AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR.apply(datasourceName));
 };
 return AuthorizationUtils.filterAuthorizedResources(
   request,
   getAllDataSources(),
   raGenerator,
   authorizerMapper
 );
}
origin: apache/incubator-druid

final AuthenticationResult authenticationResult = authenticationResultFromRequest(request);
final Iterable<ResType> filteredResources = filterAuthorizedResources(
  authenticationResult,
  resources,
origin: apache/incubator-druid

Access access = authorizeAllResourceActions(
  authenticationResultFromRequest(request),
  resourceActions,
  authorizerMapper
origin: apache/incubator-druid

public PlannerContext plan(HttpServletRequest req)
  throws SqlParseException, RelConversionException, ValidationException
{
 synchronized (lock) {
  this.req = req;
  return plan(AuthorizationUtils.authenticationResultFromRequest(req));
 }
}
origin: apache/incubator-druid

/**
 * Authorize the query. Will return an Access object denoting whether the query is authorized or not.
 *
 * @param req HTTP request object of the request. If provided, the auth-related fields in the HTTP request
 *            will be automatically set.
 *
 * @return authorization result
 */
public Access authorize(HttpServletRequest req)
{
 transition(State.INITIALIZED, State.AUTHORIZING);
 return doAuthorize(
   AuthorizationUtils.authenticationResultFromRequest(req),
   AuthorizationUtils.authorizeAllResourceActions(
     req,
     Iterables.transform(
       baseQuery.getDataSource().getNames(),
       AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR
     ),
     authorizerMapper
   )
 );
}
origin: apache/incubator-druid

final AuthenticationResult authenticationResult = AuthorizationUtils.authenticationResultFromRequest(request);
   AuthorizationUtils.filterAuthorizedResources(
     authenticationResult,
     entry.getValue(),
origin: apache/incubator-druid

@GET
@Path("/history")
@Produces(MediaType.APPLICATION_JSON)
public Response specGetAllHistory(@Context final HttpServletRequest req)
{
 return asLeaderWithSupervisorManager(
   manager -> Response.ok(
     AuthorizationUtils.filterAuthorizedResources(
       req,
       manager.getSupervisorHistory(),
       SPEC_DATASOURCE_READ_RA_GENERATOR,
       authorizerMapper
     )
   ).build()
 );
}
origin: apache/incubator-druid

Access accessResult = AuthorizationUtils.authorizeResourceAction(
  req,
  new ResourceAction(
origin: apache/incubator-druid

@DELETE
@Path("{id}")
@Produces(MediaType.APPLICATION_JSON)
public Response cancelQuery(@PathParam("id") String queryId, @Context final HttpServletRequest req)
{
 if (log.isDebugEnabled()) {
  log.debug("Received cancel request for query [%s]", queryId);
 }
 Set<String> datasources = queryManager.getQueryDatasources(queryId);
 if (datasources == null) {
  log.warn("QueryId [%s] not registered with QueryManager, cannot cancel", queryId);
  datasources = new TreeSet<>();
 }
 Access authResult = AuthorizationUtils.authorizeAllResourceActions(
   req,
   Iterables.transform(datasources, AuthorizationUtils.DATASOURCE_WRITE_RA_GENERATOR),
   authorizerMapper
 );
 if (!authResult.isAllowed()) {
  throw new ForbiddenException(authResult.toString());
 }
 queryManager.cancelQuery(queryId);
 return Response.status(Response.Status.ACCEPTED).build();
}
origin: org.apache.druid/druid-server

Access access = authorizeAllResourceActions(
  authenticationResultFromRequest(request),
  resourceActions,
  authorizerMapper
origin: org.apache.druid/druid-server

final AuthenticationResult authenticationResult = authenticationResultFromRequest(request);
final Iterable<ResType> filteredResources = filterAuthorizedResources(
  authenticationResult,
  resources,
origin: apache/incubator-druid

private Iterator<Entry<DataSegment, SegmentMetadataHolder>> getAuthorizedAvailableSegments(
  Iterator<Entry<DataSegment, SegmentMetadataHolder>> availableSegmentEntries,
  DataContext root
)
{
 final AuthenticationResult authenticationResult =
   (AuthenticationResult) root.get(PlannerContext.DATA_CTX_AUTHENTICATION_RESULT);
 Function<Entry<DataSegment, SegmentMetadataHolder>, Iterable<ResourceAction>> raGenerator = segment -> Collections
   .singletonList(AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR.apply(segment.getKey().getDataSource()));
 final Iterable<Entry<DataSegment, SegmentMetadataHolder>> authorizedSegments =
   AuthorizationUtils.filterAuthorizedResources(
     authenticationResult,
     () -> availableSegmentEntries,
     raGenerator,
     authorizerMapper
   );
 return authorizedSegments.iterator();
}
origin: apache/incubator-druid

 @Override
 public ContainerRequest filter(ContainerRequest request)
 {
  final ResourceAction resourceAction = new ResourceAction(
    new Resource(SECURITY_RESOURCE_NAME, ResourceType.CONFIG),
    getAction(request)
  );

  final Access authResult = AuthorizationUtils.authorizeResourceAction(
    getReq(),
    resourceAction,
    getAuthorizerMapper()
  );

  if (!authResult.isAllowed()) {
   throw new WebApplicationException(
     Response.status(Response.Status.FORBIDDEN)
         .entity(StringUtils.format("Access-Check-Result: %s", authResult.toString()))
         .build()
   );
  }

  return request;
 }
}
origin: apache/incubator-druid

@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public Response specPost(final SupervisorSpec spec, @Context final HttpServletRequest req)
{
 return asLeaderWithSupervisorManager(
   manager -> {
    Preconditions.checkArgument(
      spec.getDataSources() != null && spec.getDataSources().size() > 0,
      "No dataSources found to perform authorization checks"
    );
    Access authResult = AuthorizationUtils.authorizeAllResourceActions(
      req,
      Iterables.transform(spec.getDataSources(), AuthorizationUtils.DATASOURCE_WRITE_RA_GENERATOR),
      authorizerMapper
    );
    if (!authResult.isAllowed()) {
     throw new ForbiddenException(authResult.toString());
    }
    manager.createOrUpdateAndStartSupervisor(spec);
    return Response.ok(ImmutableMap.of("id", spec.getId())).build();
   }
 );
}
origin: org.apache.druid/druid-server

/**
 * Authorize the query. Will return an Access object denoting whether the query is authorized or not.
 *
 * @param req HTTP request object of the request. If provided, the auth-related fields in the HTTP request
 *            will be automatically set.
 *
 * @return authorization result
 */
public Access authorize(HttpServletRequest req)
{
 transition(State.INITIALIZED, State.AUTHORIZING);
 return doAuthorize(
   AuthorizationUtils.authenticationResultFromRequest(req),
   AuthorizationUtils.authorizeAllResourceActions(
     req,
     Iterables.transform(
       baseQuery.getDataSource().getNames(),
       AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR
     ),
     authorizerMapper
   )
 );
}
origin: org.apache.druid/druid-server

final AuthenticationResult authenticationResult = AuthorizationUtils.authenticationResultFromRequest(request);
   AuthorizationUtils.filterAuthorizedResources(
     authenticationResult,
     entry.getValue(),
origin: apache/incubator-druid

private CloseableIterator<DataSegment> getAuthorizedPublishedSegments(
  JsonParserIterator<DataSegment> it,
  DataContext root
)
{
 final AuthenticationResult authenticationResult =
   (AuthenticationResult) root.get(PlannerContext.DATA_CTX_AUTHENTICATION_RESULT);
 Function<DataSegment, Iterable<ResourceAction>> raGenerator = segment -> Collections.singletonList(
   AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR.apply(segment.getDataSource()));
 final Iterable<DataSegment> authorizedSegments = AuthorizationUtils.filterAuthorizedResources(
   authenticationResult,
   () -> it,
   raGenerator,
   authorizerMapper
 );
 return wrap(authorizedSegments.iterator(), it);
}
origin: apache/incubator-druid

);
Access authResult = AuthorizationUtils.authorizeResourceAction(
  req,
  resourceAction,
org.apache.druid.server.securityAuthorizationUtils

Javadoc

Static utility functions for performing authorization checks.

Most used methods

  • authorizeAllResourceActions
    Check a list of resource-actions to be performed by the identity represented by authenticationResult
  • authorizeResourceAction
    Check a resource-action using the authorization fields from the request. Otherwise, if the resource-
  • filterAuthorizedResources
    Filter a collection of resources by applying the resourceActionGenerator to each resource, return an
  • authenticationResultFromRequest
    Returns the authentication information for a request.

Popular in Java

  • Parsing JSON documents to java classes using gson
  • setRequestProperty (URLConnection)
  • findViewById (Activity)
  • compareTo (BigDecimal)
  • Font (java.awt)
    The Font class represents fonts, which are used to render text in a visible way. A font provides the
  • GridBagLayout (java.awt)
    The GridBagLayout class is a flexible layout manager that aligns components vertically and horizonta
  • SocketException (java.net)
    This SocketException may be thrown during socket creation or setting options, and is the superclass
  • ArrayList (java.util)
    ArrayList is an implementation of List, backed by an array. All optional operations including adding
  • LinkedList (java.util)
    Doubly-linked list implementation of the List and Dequeinterfaces. Implements all optional list oper
  • CountDownLatch (java.util.concurrent)
    A synchronization aid that allows one or more threads to wait until a set of operations being perfor
  • Sublime Text for Python
Tabnine Logo

  • Products

    Search for Java codeSearch for JavaScript code

  • IDE Plugins

    IntelliJ IDEAWebStormVisual StudioAndroid StudioEclipseVisual Studio CodePyCharmSublime TextPhpStormVimAtomGoLandRubyMineEmacsJupyter NotebookJupyter LabRiderDataGripAppCode

  • Company

    About UsContact UsCareers

  • Resources

    FAQBlogTabnine AcademyStudentsTerms of usePrivacy policyJava Code IndexJavascript Code Index
Get Tabnine for your IDE now