@Override public ResourceAction apply(String input) { return new ResourceAction( new Resource(input, ResourceType.DATASOURCE), Action.READ ); } };
@Override public ResourceAction apply(String input) { return new ResourceAction( new Resource(input, ResourceType.DATASOURCE), Action.WRITE ); } };
@DELETE @Path("/pendingSegments/{dataSource}") @Produces(MediaType.APPLICATION_JSON) public Response killPendingSegments( @PathParam("dataSource") String dataSource, @QueryParam("interval") String deleteIntervalString, @Context HttpServletRequest request ) { final Interval deleteInterval = Intervals.of(deleteIntervalString); // check auth for dataSource final Access authResult = AuthorizationUtils.authorizeAllResourceActions( request, ImmutableList.of( new ResourceAction(new Resource(dataSource, ResourceType.DATASOURCE), Action.READ), new ResourceAction(new Resource(dataSource, ResourceType.DATASOURCE), Action.WRITE) ), authorizerMapper ); if (!authResult.isAllowed()) { throw new ForbiddenException(authResult.getMessage()); } if (taskMaster.isLeader()) { final int numDeleted = indexerMetadataStorageAdapter.deletePendingSegments(dataSource, deleteInterval); return Response.ok().entity(ImmutableMap.of("numDeleted", numDeleted)).build(); } else { return Response.status(Status.SERVICE_UNAVAILABLE).build(); } }
ResourceAction datasourceR = new ResourceAction( new Resource(".*", ResourceType.DATASOURCE), Action.READ ); ResourceAction datasourceW = new ResourceAction( new Resource(".*", ResourceType.DATASOURCE), Action.WRITE ); ResourceAction configR = new ResourceAction( new Resource(".*", ResourceType.CONFIG), Action.READ ); ResourceAction configW = new ResourceAction( new Resource(".*", ResourceType.CONFIG), Action.WRITE ); ResourceAction stateR = new ResourceAction( new Resource(".*", ResourceType.STATE), Action.READ ); ResourceAction stateW = new ResourceAction( new Resource(".*", ResourceType.STATE), Action.WRITE
new ResourceAction( new Resource("STATE", ResourceType.STATE), Action.WRITE
new ResourceAction( new Resource("STATE", ResourceType.STATE), Action.WRITE
new ResourceAction( new Resource(optionalTask.get().getDataSource(), ResourceType.DATASOURCE), Action.READ
new ResourceAction( new Resource(optionalTask.get().getDataSource(), ResourceType.DATASOURCE), Action.READ
@Override public ContainerRequest filter(ContainerRequest request) { final ResourceAction resourceAction = new ResourceAction( new Resource(SECURITY_RESOURCE_NAME, ResourceType.CONFIG), getAction(request) ); final Access authResult = AuthorizationUtils.authorizeResourceAction( getReq(), resourceAction, getAuthorizerMapper() ); if (!authResult.isAllowed()) { throw new WebApplicationException( Response.status(Response.Status.FORBIDDEN) .entity(StringUtils.format("Access-Check-Result: %s", authResult.toString())) .build() ); } return request; }
Function<Task, Iterable<ResourceAction>> raGenerator = task -> { return Lists.newArrayList( new ResourceAction( new Resource(task.getDataSource(), ResourceType.DATASOURCE), Action.READ
final ResourceAction resourceAction = new ResourceAction( new Resource(dataSource, ResourceType.DATASOURCE), Action.WRITE
final ResourceAction resourceAction = new ResourceAction( new Resource(dataSourceName, ResourceType.DATASOURCE), getAction(request)
/** * Authorizes action to be performed on this task's datasource * * @return authorization result */ private Access authorizationCheck(final HttpServletRequest req, Action action) { ResourceAction resourceAction = new ResourceAction( new Resource(dataSchema.getDataSource(), ResourceType.DATASOURCE), action ); Access access = AuthorizationUtils.authorizeResourceAction(req, resourceAction, authorizerMapper); if (!access.isAllowed()) { throw new ForbiddenException(access.toString()); } return access; }
Preconditions.checkNotNull(dataSourceName); final ResourceAction resourceAction = new ResourceAction( new Resource(dataSourceName, ResourceType.DATASOURCE), getAction(request)
@Override public ContainerRequest filter(ContainerRequest request) { final ResourceAction resourceAction = new ResourceAction( new Resource("STATE", ResourceType.STATE), getAction(request) ); final Access authResult = AuthorizationUtils.authorizeResourceAction( getReq(), resourceAction, getAuthorizerMapper() ); if (!authResult.isAllowed()) { throw new ForbiddenException(authResult.toString()); } return request; }
@Override public ContainerRequest filter(ContainerRequest request) { final ResourceAction resourceAction = new ResourceAction( new Resource("CONFIG", ResourceType.CONFIG), getAction(request) ); final Access authResult = AuthorizationUtils.authorizeResourceAction( getReq(), resourceAction, getAuthorizerMapper() ); if (!authResult.isAllowed()) { throw new ForbiddenException(authResult.toString()); } return request; }
@Override public ContainerRequest filter(ContainerRequest request) { final ResourceAction resourceAction = new ResourceAction( new Resource(getRequestDatasourceName(request), ResourceType.DATASOURCE), getAction(request) ); final Access authResult = AuthorizationUtils.authorizeResourceAction( getReq(), resourceAction, getAuthorizerMapper() ); if (!authResult.isAllowed()) { throw new ForbiddenException(authResult.toString()); } return request; }