Tabnine Logo
AuthorizationUtils.authorizeAllResourceActions
Code IndexAdd Tabnine to your IDE (free)

How to use
authorizeAllResourceActions
method
in
org.apache.druid.server.security.AuthorizationUtils

Best Java code snippets using org.apache.druid.server.security.AuthorizationUtils.authorizeAllResourceActions (Showing top 20 results out of 315)

origin: apache/incubator-druid

/**
 * Check a resource-action using the authorization fields from the request.
 *
 * Otherwise, if the resource-actions is authorized, return ACCESS_OK.
 *
 * This function will set the DRUID_AUTHORIZATION_CHECKED attribute in the request.
 *
 * If this attribute is already set when this function is called, an exception is thrown.
 *
 * @param request          HTTP request to be authorized
 * @param resourceAction   A resource identifier and the action to be taken the resource.
 * @param authorizerMapper The singleton AuthorizerMapper instance
 *
 * @return ACCESS_OK or the failed Access object returned by the Authorizer that checked the request.
 */
public static Access authorizeResourceAction(
  final HttpServletRequest request,
  final ResourceAction resourceAction,
  final AuthorizerMapper authorizerMapper
)
{
 return authorizeAllResourceActions(
   request,
   Collections.singletonList(resourceAction),
   authorizerMapper
 );
}
origin: apache/incubator-druid

Access access = authorizeAllResourceActions(
  authenticationResultFromRequest(request),
  resourceActions,
origin: apache/incubator-druid

@DELETE
@Path("{id}")
@Produces(MediaType.APPLICATION_JSON)
public Response cancelQuery(@PathParam("id") String queryId, @Context final HttpServletRequest req)
{
 if (log.isDebugEnabled()) {
  log.debug("Received cancel request for query [%s]", queryId);
 }
 Set<String> datasources = queryManager.getQueryDatasources(queryId);
 if (datasources == null) {
  log.warn("QueryId [%s] not registered with QueryManager, cannot cancel", queryId);
  datasources = new TreeSet<>();
 }
 Access authResult = AuthorizationUtils.authorizeAllResourceActions(
   req,
   Iterables.transform(datasources, AuthorizationUtils.DATASOURCE_WRITE_RA_GENERATOR),
   authorizerMapper
 );
 if (!authResult.isAllowed()) {
  throw new ForbiddenException(authResult.toString());
 }
 queryManager.cancelQuery(queryId);
 return Response.status(Response.Status.ACCEPTED).build();
}
origin: apache/incubator-druid

@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public Response specPost(final SupervisorSpec spec, @Context final HttpServletRequest req)
{
 return asLeaderWithSupervisorManager(
   manager -> {
    Preconditions.checkArgument(
      spec.getDataSources() != null && spec.getDataSources().size() > 0,
      "No dataSources found to perform authorization checks"
    );
    Access authResult = AuthorizationUtils.authorizeAllResourceActions(
      req,
      Iterables.transform(spec.getDataSources(), AuthorizationUtils.DATASOURCE_WRITE_RA_GENERATOR),
      authorizerMapper
    );
    if (!authResult.isAllowed()) {
     throw new ForbiddenException(authResult.toString());
    }
    manager.createOrUpdateAndStartSupervisor(spec);
    return Response.ok(ImmutableMap.of("id", spec.getId())).build();
   }
 );
}
origin: apache/incubator-druid

@DELETE
@Path("/pendingSegments/{dataSource}")
@Produces(MediaType.APPLICATION_JSON)
public Response killPendingSegments(
  @PathParam("dataSource") String dataSource,
  @QueryParam("interval") String deleteIntervalString,
  @Context HttpServletRequest request
)
{
 final Interval deleteInterval = Intervals.of(deleteIntervalString);
 // check auth for dataSource
 final Access authResult = AuthorizationUtils.authorizeAllResourceActions(
   request,
   ImmutableList.of(
     new ResourceAction(new Resource(dataSource, ResourceType.DATASOURCE), Action.READ),
     new ResourceAction(new Resource(dataSource, ResourceType.DATASOURCE), Action.WRITE)
   ),
   authorizerMapper
 );
 if (!authResult.isAllowed()) {
  throw new ForbiddenException(authResult.getMessage());
 }
 if (taskMaster.isLeader()) {
  final int numDeleted = indexerMetadataStorageAdapter.deletePendingSegments(dataSource, deleteInterval);
  return Response.ok().entity(ImmutableMap.of("numDeleted", numDeleted)).build();
 } else {
  return Response.status(Status.SERVICE_UNAVAILABLE).build();
 }
}
origin: apache/incubator-druid

/**
 * Authorize the query. Will return an Access object denoting whether the query is authorized or not.
 *
 * @param authenticationResult authentication result indicating the identity of the requester
 *
 * @return authorization result
 */
public Access authorize(final AuthenticationResult authenticationResult)
{
 transition(State.INITIALIZED, State.AUTHORIZING);
 return doAuthorize(
   authenticationResult,
   AuthorizationUtils.authorizeAllResourceActions(
     authenticationResult,
     Iterables.transform(
       baseQuery.getDataSource().getNames(),
       AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR
     ),
     authorizerMapper
   )
 );
}
origin: apache/incubator-druid

public Access authorize()
{
 synchronized (lock) {
  transition(State.PLANNED, State.AUTHORIZING);
  if (req != null) {
   return doAuthorize(
     AuthorizationUtils.authorizeAllResourceActions(
       req,
       Iterables.transform(
         plannerResult.datasourceNames(),
         AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR
       ),
       plannerFactory.getAuthorizerMapper()
     )
   );
  }
  return doAuthorize(
    AuthorizationUtils.authorizeAllResourceActions(
      plannerContext.getAuthenticationResult(),
      Iterables.transform(plannerResult.datasourceNames(), AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR),
      plannerFactory.getAuthorizerMapper()
    )
  );
 }
}
origin: apache/incubator-druid

/**
 * Authorize the query. Will return an Access object denoting whether the query is authorized or not.
 *
 * @param req HTTP request object of the request. If provided, the auth-related fields in the HTTP request
 *            will be automatically set.
 *
 * @return authorization result
 */
public Access authorize(HttpServletRequest req)
{
 transition(State.INITIALIZED, State.AUTHORIZING);
 return doAuthorize(
   AuthorizationUtils.authenticationResultFromRequest(req),
   AuthorizationUtils.authorizeAllResourceActions(
     req,
     Iterables.transform(
       baseQuery.getDataSource().getNames(),
       AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR
     ),
     authorizerMapper
   )
 );
}
origin: apache/incubator-druid

                             AuthorizationUtils.DATASOURCE_WRITE_RA_GENERATOR;
Access authResult = AuthorizationUtils.authorizeAllResourceActions(
  getReq(),
  Iterables.transform(spec.getDataSources(), resourceActionFunction),
origin: apache/incubator-druid

 @Override
 public Enumerable<Object[]> scan(DataContext root)
 {
  final List<ImmutableDruidServer> druidServers = serverView.getDruidServers();
  final AuthenticationResult authenticationResult =
    (AuthenticationResult) root.get(PlannerContext.DATA_CTX_AUTHENTICATION_RESULT);
  final Access access = AuthorizationUtils.authorizeAllResourceActions(
    authenticationResult,
    Collections.singletonList(new ResourceAction(new Resource("STATE", ResourceType.STATE), Action.READ)),
    authorizerMapper
  );
  if (!access.isAllowed()) {
   throw new ForbiddenException("Insufficient permission to view servers :" + access);
  }
  final FluentIterable<Object[]> results = FluentIterable
    .from(druidServers)
    .transform(val -> new Object[]{
      val.getHost(),
      extractHost(val.getHost()),
      (long) extractPort(val.getHostAndPort()),
      (long) extractPort(val.getHostAndTlsPort()),
      toStringOrNull(val.getType()),
      val.getTier(),
      val.getCurrSize(),
      val.getMaxSize()
    });
  return Linq4j.asEnumerable(results);
 }
}
origin: org.apache.druid/druid-server

/**
 * Check a resource-action using the authorization fields from the request.
 *
 * Otherwise, if the resource-actions is authorized, return ACCESS_OK.
 *
 * This function will set the DRUID_AUTHORIZATION_CHECKED attribute in the request.
 *
 * If this attribute is already set when this function is called, an exception is thrown.
 *
 * @param request          HTTP request to be authorized
 * @param resourceAction   A resource identifier and the action to be taken the resource.
 * @param authorizerMapper The singleton AuthorizerMapper instance
 *
 * @return ACCESS_OK or the failed Access object returned by the Authorizer that checked the request.
 */
public static Access authorizeResourceAction(
  final HttpServletRequest request,
  final ResourceAction resourceAction,
  final AuthorizerMapper authorizerMapper
)
{
 return authorizeAllResourceActions(
   request,
   Collections.singletonList(resourceAction),
   authorizerMapper
 );
}
origin: org.apache.druid/druid-sql

   (AuthenticationResult) req.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)
 );
 return AuthorizationUtils.authorizeAllResourceActions(
   req,
   Iterables.transform(datasourceNames, AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR),
} else {
 plannerContext.setAuthenticationResult(authenticationResult);
 return AuthorizationUtils.authorizeAllResourceActions(
   authenticationResult,
   Iterables.transform(datasourceNames, AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR),
origin: org.apache.druid/druid-server

@DELETE
@Path("{id}")
@Produces(MediaType.APPLICATION_JSON)
public Response cancelQuery(@PathParam("id") String queryId, @Context final HttpServletRequest req)
{
 if (log.isDebugEnabled()) {
  log.debug("Received cancel request for query [%s]", queryId);
 }
 Set<String> datasources = queryManager.getQueryDatasources(queryId);
 if (datasources == null) {
  log.warn("QueryId [%s] not registered with QueryManager, cannot cancel", queryId);
  datasources = Sets.newTreeSet();
 }
 Access authResult = AuthorizationUtils.authorizeAllResourceActions(
   req,
   Iterables.transform(datasources, AuthorizationUtils.DATASOURCE_WRITE_RA_GENERATOR),
   authorizerMapper
 );
 if (!authResult.isAllowed()) {
  throw new ForbiddenException(authResult.toString());
 }
 queryManager.cancelQuery(queryId);
 return Response.status(Response.Status.ACCEPTED).build();
}
origin: org.apache.druid/druid-server

Access access = authorizeAllResourceActions(
  authenticationResultFromRequest(request),
  resourceActions,
origin: org.apache.druid/druid-indexing-service

@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public Response specPost(final SupervisorSpec spec, @Context final HttpServletRequest req)
{
 return asLeaderWithSupervisorManager(
   manager -> {
    Preconditions.checkArgument(
      spec.getDataSources() != null && spec.getDataSources().size() > 0,
      "No dataSources found to perform authorization checks"
    );
    Access authResult = AuthorizationUtils.authorizeAllResourceActions(
      req,
      Iterables.transform(spec.getDataSources(), AuthorizationUtils.DATASOURCE_WRITE_RA_GENERATOR),
      authorizerMapper
    );
    if (!authResult.isAllowed()) {
     throw new ForbiddenException(authResult.toString());
    }
    manager.createOrUpdateAndStartSupervisor(spec);
    return Response.ok(ImmutableMap.of("id", spec.getId())).build();
   }
 );
}
origin: org.apache.druid/druid-indexing-service

@DELETE
@Path("/pendingSegments/{dataSource}")
@Produces(MediaType.APPLICATION_JSON)
public Response killPendingSegments(
  @PathParam("dataSource") String dataSource,
  @QueryParam("interval") String deleteIntervalString,
  @Context HttpServletRequest request
)
{
 final Interval deleteInterval = Intervals.of(deleteIntervalString);
 // check auth for dataSource
 final Access authResult = AuthorizationUtils.authorizeAllResourceActions(
   request,
   ImmutableList.of(
     new ResourceAction(new Resource(dataSource, ResourceType.DATASOURCE), Action.READ),
     new ResourceAction(new Resource(dataSource, ResourceType.DATASOURCE), Action.WRITE)
   ),
   authorizerMapper
 );
 if (!authResult.isAllowed()) {
  throw new ForbiddenException(authResult.getMessage());
 }
 if (taskMaster.isLeader()) {
  final int numDeleted = indexerMetadataStorageAdapter.deletePendingSegments(dataSource, deleteInterval);
  return Response.ok().entity(ImmutableMap.of("numDeleted", numDeleted)).build();
 } else {
  return Response.status(Status.SERVICE_UNAVAILABLE).build();
 }
}
origin: org.apache.druid/druid-server

/**
 * Authorize the query. Will return an Access object denoting whether the query is authorized or not.
 *
 * @param authenticationResult authentication result indicating the identity of the requester
 *
 * @return authorization result
 */
public Access authorize(final AuthenticationResult authenticationResult)
{
 transition(State.INITIALIZED, State.AUTHORIZING);
 return doAuthorize(
   authenticationResult,
   AuthorizationUtils.authorizeAllResourceActions(
     authenticationResult,
     Iterables.transform(
       baseQuery.getDataSource().getNames(),
       AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR
     ),
     authorizerMapper
   )
 );
}
origin: org.apache.druid/druid-server

/**
 * Authorize the query. Will return an Access object denoting whether the query is authorized or not.
 *
 * @param req HTTP request object of the request. If provided, the auth-related fields in the HTTP request
 *            will be automatically set.
 *
 * @return authorization result
 */
public Access authorize(HttpServletRequest req)
{
 transition(State.INITIALIZED, State.AUTHORIZING);
 return doAuthorize(
   AuthorizationUtils.authenticationResultFromRequest(req),
   AuthorizationUtils.authorizeAllResourceActions(
     req,
     Iterables.transform(
       baseQuery.getDataSource().getNames(),
       AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR
     ),
     authorizerMapper
   )
 );
}
origin: org.apache.druid/druid-indexing-service

                             AuthorizationUtils.DATASOURCE_WRITE_RA_GENERATOR;
Access authResult = AuthorizationUtils.authorizeAllResourceActions(
  getReq(),
  Iterables.transform(spec.getDataSources(), resourceActionFunction),
origin: org.apache.druid/druid-sql

 @Override
 public Enumerable<Object[]> scan(DataContext root)
 {
  final List<ImmutableDruidServer> druidServers = serverView.getDruidServers();
  final AuthenticationResult authenticationResult =
    (AuthenticationResult) root.get(PlannerContext.DATA_CTX_AUTHENTICATION_RESULT);
  final Access access = AuthorizationUtils.authorizeAllResourceActions(
    authenticationResult,
    Collections.singletonList(new ResourceAction(new Resource("STATE", ResourceType.STATE), Action.READ)),
    authorizerMapper
  );
  if (!access.isAllowed()) {
   throw new ForbiddenException("Insufficient permission to view servers :" + access.toString());
  }
  final FluentIterable<Object[]> results = FluentIterable
    .from(druidServers)
    .transform(val -> new Object[]{
      val.getHost(),
      val.getHost().split(":")[0],
      val.getHostAndPort() == null ? -1 : val.getHostAndPort().split(":")[1],
      val.getHostAndTlsPort() == null ? -1 : val.getHostAndTlsPort().split(":")[1],
      val.getType(),
      val.getTier(),
      val.getCurrSize(),
      val.getMaxSize()
    });
  return Linq4j.asEnumerable(results);
 }
}
org.apache.druid.server.securityAuthorizationUtilsauthorizeAllResourceActions

Javadoc

Check a list of resource-actions to be performed as a result of an HTTP request. If one of the resource-actions fails the authorization check, this method returns the failed Access object from the check. Otherwise, return ACCESS_OK if all resource-actions were successfully authorized. This function will set the DRUID_AUTHORIZATION_CHECKED attribute in the request. If this attribute is already set when this function is called, an exception is thrown.

Popular methods of AuthorizationUtils

  • authorizeResourceAction
    Check a resource-action using the authorization fields from the request. Otherwise, if the resource-
  • filterAuthorizedResources
    Filter a collection of resources by applying the resourceActionGenerator to each resource, return an
  • authenticationResultFromRequest
    Returns the authentication information for a request.

Popular in Java

  • Parsing JSON documents to java classes using gson
  • startActivity (Activity)
  • getApplicationContext (Context)
  • scheduleAtFixedRate (Timer)
  • Connection (java.sql)
    A connection represents a link from a Java application to a database. All SQL statements and results
  • Date (java.sql)
    A class which can consume and produce dates in SQL Date format. Dates are represented in SQL as yyyy
  • SimpleDateFormat (java.text)
    Formats and parses dates in a locale-sensitive manner. Formatting turns a Date into a String, and pa
  • SortedSet (java.util)
    SortedSet is a Set which iterates over its elements in a sorted order. The order is determined eithe
  • ConcurrentHashMap (java.util.concurrent)
    A plug-in replacement for JDK1.5 java.util.concurrent.ConcurrentHashMap. This version is based on or
  • Table (org.hibernate.mapping)
    A relational table
  • From CI to AI: The AI layer in your organization
Tabnine Logo

  • Products

    Search for Java codeSearch for JavaScript code

  • IDE Plugins

    IntelliJ IDEAWebStormVisual StudioAndroid StudioEclipseVisual Studio CodePyCharmSublime TextPhpStormVimGoLandRubyMineEmacsJupyter NotebookJupyter LabRiderDataGripAppCode

  • Company

    About UsContact UsCareers

  • Resources

    FAQBlogTabnine AcademyTerms of usePrivacy policyJava Code IndexJavascript Code Index
Get Tabnine for your IDE now