@Override public boolean equals(Object o) { if (this == o) { return true; } if (o == null || getClass() != o.getClass()) { return false; } AuthenticationResult that = (AuthenticationResult) o; return Objects.equals(getIdentity(), that.getIdentity()) && Objects.equals(getAuthorizerName(), that.getAuthorizerName()) && Objects.equals(getAuthenticatedBy(), that.getAuthenticatedBy()) && Objects.equals(getContext(), that.getContext()); }
@Override public int hashCode() { return Objects.hash(getIdentity(), getAuthorizerName(), getAuthenticatedBy(), getContext()); } }
@Override public Authorizer getAuthorizer(String name) { return (authenticationResult, resource, action) -> { if (authenticationResult.getIdentity().equals("druid")) { return Access.OK; } else { if (resource.getName().equals("datasource2")) { return new Access(false, "not authorized."); } else { return Access.OK; } } }; } }
@Override public Authorizer getAuthorizer(String name) { return (authenticationResult, resource, action) -> { if (authenticationResult.getIdentity().equals(TEST_SUPERUSER_NAME)) { return Access.OK; } if (resource.getType() == ResourceType.DATASOURCE && resource.getName().equals(FORBIDDEN_DATASOURCE)) { return new Access(false); } else { return Access.OK; } }; } };
statsMap.put("context", queryContext); if (plannerContext != null) { statsMap.put("identity", plannerContext.getAuthenticationResult().getIdentity()); queryContext.put("nativeQueryIds", plannerContext.getNativeQueryIds().toString());
queryMetrics.identity(authenticationResult.getIdentity()); statsMap.put("identity", authenticationResult.getIdentity());
@SuppressWarnings("unchecked") private void checkSqlRequestLog(boolean success) { Assert.assertEquals(1, testRequestLogger.getSqlQueryLogs().size()); final Map<String, Object> stats = testRequestLogger.getSqlQueryLogs().get(0).getQueryStats().getStats(); final Map<String, Object> queryContext = (Map<String, Object>) stats.get("context"); Assert.assertEquals(success, stats.get("success")); Assert.assertEquals(CalciteTests.REGULAR_USER_AUTH_RESULT.getIdentity(), stats.get("identity")); Assert.assertTrue(stats.containsKey("sqlQuery/time")); Assert.assertTrue(queryContext.containsKey(PlannerContext.CTX_SQL_QUERY_ID)); if (success) { Assert.assertTrue(stats.containsKey("sqlQuery/bytes")); } else { Assert.assertTrue(stats.containsKey("exception")); } }
/** * Execute the query. Can only be called if the query has been authorized. Note that query logs and metrics will * not be emitted automatically when the Sequence is fully iterated. It is the caller's responsibility to call * {@link #emitLogsAndMetrics(Throwable, String, long)} to emit logs and metrics. * * @return result sequence and response context */ public QueryResponse execute() { transition(State.AUTHORIZED, State.EXECUTING); final Map<String, Object> responseContext = DirectDruidClient.makeResponseContextForQuery(); final Sequence res = QueryPlus.wrap(baseQuery) .withIdentity(authenticationResult.getIdentity()) .run(texasRanger, responseContext); return new QueryResponse(res == null ? Sequences.empty() : res, responseContext); }
@Override public Access authorize(AuthenticationResult authenticationResult, Resource resource, Action action) { if (authenticationResult == null) { throw new IAE("WTF? authenticationResult should never be null."); } Map<String, BasicAuthorizerUser> userMap = cacheManager.getUserMap(name); if (userMap == null) { throw new IAE("Could not load userMap for authorizer [%s]", name); } Map<String, BasicAuthorizerRole> roleMap = cacheManager.getRoleMap(name); if (roleMap == null) { throw new IAE("Could not load roleMap for authorizer [%s]", name); } BasicAuthorizerUser user = userMap.get(authenticationResult.getIdentity()); if (user == null) { return new Access(false); } for (String roleName : user.getRoles()) { BasicAuthorizerRole role = roleMap.get(roleName); for (BasicAuthorizerPermission permission : role.getPermissions()) { if (permissionCheck(resource, action, permission)) { return new Access(true); } } } return new Access(false); }
@Override public boolean equals(Object o) { if (this == o) { return true; } if (o == null || getClass() != o.getClass()) { return false; } AuthenticationResult that = (AuthenticationResult) o; return Objects.equals(getIdentity(), that.getIdentity()) && Objects.equals(getAuthorizerName(), that.getAuthorizerName()) && Objects.equals(getAuthenticatedBy(), that.getAuthenticatedBy()) && Objects.equals(getContext(), that.getContext()); }
@Override public int hashCode() { return Objects.hash(getIdentity(), getAuthorizerName(), getAuthenticatedBy(), getContext()); } }
queryMetrics.identity(authenticationResult.getIdentity()); statsMap.put("identity", authenticationResult.getIdentity());
/** * Execute the query. Can only be called if the query has been authorized. Note that query logs and metrics will * not be emitted automatically when the Sequence is fully iterated. It is the caller's responsibility to call * {@link #emitLogsAndMetrics(Throwable, String, long)} to emit logs and metrics. * * @return result sequence and response context */ public QueryResponse execute() { transition(State.AUTHORIZED, State.EXECUTING); final Map<String, Object> responseContext = DirectDruidClient.makeResponseContextForQuery(); final Sequence res = QueryPlus.wrap(baseQuery) .withIdentity(authenticationResult.getIdentity()) .run(texasRanger, responseContext); return new QueryResponse(res == null ? Sequences.empty() : res, responseContext); }
@Override public Access authorize( AuthenticationResult authenticationResult, Resource resource, Action action ) { if (authenticationResult == null) { throw new IAE("WTF? authenticationResult should never be null."); } Map<String, BasicAuthorizerUser> userMap = cacheManager.getUserMap(name); if (userMap == null) { throw new IAE("Could not load userMap for authorizer [%s]", name); } Map<String, BasicAuthorizerRole> roleMap = cacheManager.getRoleMap(name); if (roleMap == null) { throw new IAE("Could not load roleMap for authorizer [%s]", name); } BasicAuthorizerUser user = userMap.get(authenticationResult.getIdentity()); if (user == null) { return new Access(false); } for (String roleName : user.getRoles()) { BasicAuthorizerRole role = roleMap.get(roleName); for (BasicAuthorizerPermission permission : role.getPermissions()) { if (permissionCheck(resource, action, permission)) { return new Access(true); } } } return new Access(false); }