@Override public int hashCode() { int result = getResource().hashCode(); result = 31 * result + getAction().hashCode(); return result; }
@Override public ResourceAction apply(String input) { return new ResourceAction( new Resource(input, ResourceType.DATASOURCE), Action.READ ); } };
@Override public AuthenticationResult createEscalatedAuthenticationResult() { // if you found your self asking why the authenticatedBy field is set to null please read this: // https://github.com/apache/incubator-druid/pull/5706#discussion_r185940889 return new AuthenticationResult(internalClientPrincipal, authorizerName, null, null); }
/** * Authorizes action to be performed on a task's datasource * * @return authorization result */ public static Access datasourceAuthorizationCheck( final HttpServletRequest req, Action action, String datasource, AuthorizerMapper authorizerMapper ) { ResourceAction resourceAction = new ResourceAction( new Resource(datasource, ResourceType.DATASOURCE), action ); Access access = AuthorizationUtils.authorizeResourceAction(req, resourceAction, authorizerMapper); if (!access.isAllowed()) { throw new ForbiddenException(access.toString()); } return access; }
@Override public Authorizer getAuthorizer(String name) { return (authenticationResult, resource, action) -> { if (authenticationResult.getIdentity().equals(TEST_SUPERUSER_NAME)) { return Access.OK; } if (resource.getType() == ResourceType.DATASOURCE && resource.getName().equals(FORBIDDEN_DATASOURCE)) { return new Access(false); } else { return Access.OK; } }; } };
public PlannerContext planAndAuthorize(final HttpServletRequest req) throws SqlParseException, RelConversionException, ValidationException { PlannerContext plannerContext = plan(req); Access access = authorize(); if (!access.isAllowed()) { throw new ForbiddenException(access.toString()); } return plannerContext; }
@Override public Authorizer getAuthorizer(String name) { return (authenticationResult, resource, action) -> { if (authenticationResult.getIdentity().equals("druid")) { return Access.OK; } else { if (resource.getName().equals("datasource2")) { return new Access(false, "not authorized."); } else { return Access.OK; } } }; } }
@Override public boolean equals(Object o) { if (this == o) { return true; } if (o == null || getClass() != o.getClass()) { return false; } ResourceAction that = (ResourceAction) o; if (!getResource().equals(that.getResource())) { return false; } return getAction() == that.getAction(); }
@Override public Access authorize(AuthenticationResult authenticationResult1, Resource resource, Action action) { return new Access(authCheckResult); }
@Override public Authorizer getAuthorizer(String name) { return new AllowAllAuthorizer(); } };
@Override public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException { certificateChecker.checkClient(chain, authType, engine, delegate); }
/** * Check authorization for the given action and dataSource. * * @return authorization result */ public static Access authorizationCheck( HttpServletRequest req, Action action, String dataSource, AuthorizerMapper authorizerMapper ) { ResourceAction resourceAction = new ResourceAction( new Resource(dataSource, ResourceType.DATASOURCE), action ); Access access = AuthorizationUtils.authorizeResourceAction(req, resourceAction, authorizerMapper); if (!access.isAllowed()) { throw new ForbiddenException(access.toString()); } return access; } }
public PlannerContext planAndAuthorize(final AuthenticationResult authenticationResult) throws SqlParseException, RelConversionException, ValidationException { PlannerContext plannerContext = plan(authenticationResult); Access access = authorize(); if (!access.isAllowed()) { throw new ForbiddenException(access.toString()); } return plannerContext; }
@Override public ResourceAction apply(String input) { return new ResourceAction( new Resource(input, ResourceType.DATASOURCE), Action.WRITE ); } };
@Override public AuthenticationResult createEscalatedAuthenticationResult() { // if you found your self asking why the authenticatedBy field is set to null please read this: // https://github.com/apache/incubator-druid/pull/5706#discussion_r185940889 return new AuthenticationResult(internalClientUsername, authorizerName, null, null); } }
@Override public Authorizer getAuthorizer(String name) { return (authenticationResult, resource, action) -> new Access(true); } };
@Override public Authorizer getAuthorizer(String name) { return new AllowAllAuthorizer(); } },
@Override public ContainerRequest filter(ContainerRequest request) { final ResourceAction resourceAction = new ResourceAction( new Resource("STATE", ResourceType.STATE), getAction(request) ); final Access authResult = AuthorizationUtils.authorizeResourceAction( getReq(), resourceAction, getAuthorizerMapper() ); if (!authResult.isAllowed()) { throw new ForbiddenException(authResult.toString()); } return request; } }
@Override public ContainerRequest filter(ContainerRequest request) { final ResourceAction resourceAction = new ResourceAction( new Resource("CONFIG", ResourceType.CONFIG), getAction(request) ); final Access authResult = AuthorizationUtils.authorizeResourceAction( getReq(), resourceAction, getAuthorizerMapper() ); if (!authResult.isAllowed()) { throw new ForbiddenException(authResult.toString()); } return request; } }
@Override public ContainerRequest filter(ContainerRequest request) { final ResourceAction resourceAction = new ResourceAction( new Resource(getRequestDatasourceName(request), ResourceType.DATASOURCE), getAction(request) ); final Access authResult = AuthorizationUtils.authorizeResourceAction( getReq(), resourceAction, getAuthorizerMapper() ); if (!authResult.isAllowed()) { throw new ForbiddenException(authResult.toString()); } return request; }