@Override public AuthenticationResult createEscalatedAuthenticationResult() { // if you found your self asking why the authenticatedBy field is set to null please read this: // https://github.com/apache/incubator-druid/pull/5706#discussion_r185940889 return new AuthenticationResult(internalClientPrincipal, authorizerName, null, null); }
@Override public int hashCode() { return Objects.hash(getIdentity(), getAuthorizerName(), getAuthenticatedBy(), getContext()); } }
@Override public Authorizer getAuthorizer(String name) { return (authenticationResult, resource, action) -> { if (authenticationResult.getIdentity().equals("druid")) { return Access.OK; } else { if (resource.getName().equals("datasource2")) { return new Access(false, "not authorized."); } else { return Access.OK; } } }; } }
final Authorizer authorizer = authorizerMapper.getAuthorizer(authenticationResult.getAuthorizerName()); if (authorizer == null) { throw new ISE("No authorizer found with name: [%s].", authenticationResult.getAuthorizerName());
if (authenticationResult != null && authenticationResult.getAuthenticatedBy() != null) { Authenticator authenticator = authenticatorMapper.getAuthenticatorMap() .get(authenticationResult.getAuthenticatedBy()); if (authenticator != null) { authenticator.decorateProxyRequest( ); } else { log.error("Can not find Authenticator with Name [%s]", authenticationResult.getAuthenticatedBy());
@Override public Authorizer getAuthorizer(String name) { return (authenticationResult, resource, action) -> { if (authenticationResult.getIdentity().equals(TEST_SUPERUSER_NAME)) { return Access.OK; } if (resource.getType() == ResourceType.DATASOURCE && resource.getName().equals(FORBIDDEN_DATASOURCE)) { return new Access(false); } else { return Access.OK; } }; } };
final Authorizer authorizer = authorizerMapper.getAuthorizer(authenticationResult.getAuthorizerName()); if (authorizer == null) { throw new ISE("No authorizer found with name: [%s].", authenticationResult.getAuthorizerName());
if (authenticationResult != null && authenticationResult.getAuthenticatedBy() != null) { Authenticator authenticator = authenticatorMapper.getAuthenticatorMap() .get(authenticationResult.getAuthenticatedBy()); if (authenticator != null) { authenticator.decorateProxyRequest( ); } else { log.error("Can not find Authenticator with Name [%s]", authenticationResult.getAuthenticatedBy());
@Override public AuthenticationResult createEscalatedAuthenticationResult() { // if you found your self asking why the authenticatedBy field is set to null please read this: // https://github.com/apache/incubator-druid/pull/5706#discussion_r185940889 return new AuthenticationResult(internalClientUsername, authorizerName, null, null); } }
@Override public boolean equals(Object o) { if (this == o) { return true; } if (o == null || getClass() != o.getClass()) { return false; } AuthenticationResult that = (AuthenticationResult) o; return Objects.equals(getIdentity(), that.getIdentity()) && Objects.equals(getAuthorizerName(), that.getAuthorizerName()) && Objects.equals(getAuthenticatedBy(), that.getAuthenticatedBy()) && Objects.equals(getContext(), that.getContext()); }
queryMetrics.identity(authenticationResult.getIdentity()); statsMap.put("identity", authenticationResult.getIdentity());
final Authorizer authorizer = authorizerMapper.getAuthorizer(authenticationResult.getAuthorizerName()); if (authorizer == null) { throw new ISE("No authorizer found with name: [%s].", authenticationResult.getAuthorizerName());
@JsonCreator public AnonymousAuthenticator( @JsonProperty("name") String name, @JsonProperty("authorizerName") String authorizerName, @JsonProperty("identity") String identity ) { this.anonymousResult = new AuthenticationResult( identity == null ? DEFAULT_IDENTITY : identity, authorizerName, name, null ); }
@Override public int hashCode() { return Objects.hash(getIdentity(), getAuthorizerName(), getAuthenticatedBy(), getContext()); } }
statsMap.put("context", queryContext); if (plannerContext != null) { statsMap.put("identity", plannerContext.getAuthenticationResult().getIdentity()); queryContext.put("nativeQueryIds", plannerContext.getNativeQueryIds().toString());
final Authorizer authorizer = authorizerMapper.getAuthorizer(authenticationResult.getAuthorizerName()); if (authorizer == null) { throw new ISE("No authorizer found with name: [%s].", authenticationResult.getAuthorizerName());
@Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { // PreResponseAuthorizationCheckFilter checks that this attribute is set, // but the value doesn't matter since we skip authorization checks for requests that go through this filter servletRequest.setAttribute( AuthConfig.DRUID_AUTHENTICATION_RESULT, new AuthenticationResult(AuthConfig.ALLOW_ALL_NAME, AuthConfig.ALLOW_ALL_NAME, AuthConfig.ALLOW_ALL_NAME, null) ); // This request will not go to an Authorizer, so we need to set this for PreResponseAuthorizationCheckFilter servletRequest.setAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED, true); servletRequest.setAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH, true); filterChain.doFilter(servletRequest, servletResponse); }
@Override public boolean equals(Object o) { if (this == o) { return true; } if (o == null || getClass() != o.getClass()) { return false; } AuthenticationResult that = (AuthenticationResult) o; return Objects.equals(getIdentity(), that.getIdentity()) && Objects.equals(getAuthorizerName(), that.getAuthorizerName()) && Objects.equals(getAuthenticatedBy(), that.getAuthenticatedBy()) && Objects.equals(getContext(), that.getContext()); }
@SuppressWarnings("unchecked") private void checkSqlRequestLog(boolean success) { Assert.assertEquals(1, testRequestLogger.getSqlQueryLogs().size()); final Map<String, Object> stats = testRequestLogger.getSqlQueryLogs().get(0).getQueryStats().getStats(); final Map<String, Object> queryContext = (Map<String, Object>) stats.get("context"); Assert.assertEquals(success, stats.get("success")); Assert.assertEquals(CalciteTests.REGULAR_USER_AUTH_RESULT.getIdentity(), stats.get("identity")); Assert.assertTrue(stats.containsKey("sqlQuery/time")); Assert.assertTrue(queryContext.containsKey(PlannerContext.CTX_SQL_QUERY_ID)); if (success) { Assert.assertTrue(stats.containsKey("sqlQuery/bytes")); } else { Assert.assertTrue(stats.containsKey("exception")); } }
@Override @Nullable public AuthenticationResult authenticateJDBCContext(Map<String, Object> context) { String user = (String) context.get("user"); String password = (String) context.get("password"); if (user == null || password == null) { return null; } if (checkCredentials(user, password.toCharArray())) { return new AuthenticationResult(user, authorizerName, name, null); } else { return null; } }