@GET @Produces(MediaType.APPLICATION_JSON) public Iterable<String> getDataSources(@Context final HttpServletRequest request) { Function<String, Iterable<ResourceAction>> raGenerator = datasourceName -> { return Lists.newArrayList(AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR.apply(datasourceName)); }; return AuthorizationUtils.filterAuthorizedResources( request, getSegmentsForDatasources().keySet(), raGenerator, authorizerMapper ); }
@Override public Response apply(final SupervisorManager manager) { return Response.ok( AuthorizationUtils.filterAuthorizedResources( req, manager.getSupervisorHistory(), SPEC_DATASOURCE_READ_RA_GENERATOR, authorizerMapper ) ).build(); } }
@Override public Response apply(SupervisorManager manager) { Map<String, List<VersionedSupervisorSpec>> supervisorHistory = manager.getSupervisorHistory(); Iterable<VersionedSupervisorSpec> historyForId = supervisorHistory.get(id); if (historyForId != null) { final List<VersionedSupervisorSpec> authorizedHistoryForId = Lists.newArrayList( AuthorizationUtils.filterAuthorizedResources( req, historyForId, SPEC_DATASOURCE_READ_RA_GENERATOR, authorizerMapper ) ); if (authorizedHistoryForId.size() > 0) { return Response.ok(authorizedHistoryForId).build(); } } return Response.status(Response.Status.NOT_FOUND) .entity( ImmutableMap.of( "error", StringUtils.format("No history for [%s].", id) ) ) .build(); } }
private Set<String> filterAuthorizedSupervisorIds( final HttpServletRequest req, SupervisorManager manager, Collection<String> supervisorIds ) { Function<String, Iterable<ResourceAction>> raGenerator = supervisorId -> { Optional<SupervisorSpec> supervisorSpecOptional = manager.getSupervisorSpec(supervisorId); if (supervisorSpecOptional.isPresent()) { return Iterables.transform( supervisorSpecOptional.get().getDataSources(), AuthorizationUtils.DATASOURCE_WRITE_RA_GENERATOR ); } else { return null; } }; return Sets.newHashSet( AuthorizationUtils.filterAuthorizedResources( req, supervisorIds, raGenerator, authorizerMapper ) ); } }
AuthorizationUtils.filterAuthorizedResources( req, dataSourceNamesPreAuth,
static SortedSet<ImmutableDruidDataSource> getSecuredDataSources( HttpServletRequest request, InventoryView inventoryView, final AuthorizerMapper authorizerMapper ) { if (authorizerMapper == null) { throw new ISE("No authorization mapper found"); } Iterable<ImmutableDruidDataSource> filteredResources = AuthorizationUtils.filterAuthorizedResources( request, getDataSources(inventoryView), datasource -> Lists.newArrayList( AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR.apply(datasource.getName()) ), authorizerMapper ); SortedSet<ImmutableDruidDataSource> set = new TreeSet<>(comparingByName()); filteredResources.forEach(set::add); return Collections.unmodifiableSortedSet(set); } }
AuthorizationUtils.filterAuthorizedResources( authenticationResult, entry.getValue(),
final Iterable<ResType> filteredResources = filterAuthorizedResources( authenticationResult, resources,
AuthorizationUtils.filterAuthorizedResources( req, collectionToFilter,
AuthorizationUtils.filterAuthorizedResources( req, taskStorageQueryAdapter.getRecentlyFinishedTaskStatuses(maxTaskStatuses),
AuthorizationUtils.filterAuthorizedResources( req, allActiveTasks,