@DELETE @Path("{id}") @Produces(MediaType.APPLICATION_JSON) public Response cancelQuery(@PathParam("id") String queryId, @Context final HttpServletRequest req) { if (log.isDebugEnabled()) { log.debug("Received cancel request for query [%s]", queryId); } Set<String> datasources = queryManager.getQueryDatasources(queryId); if (datasources == null) { log.warn("QueryId [%s] not registered with QueryManager, cannot cancel", queryId); datasources = new TreeSet<>(); } Access authResult = AuthorizationUtils.authorizeAllResourceActions( req, Iterables.transform(datasources, AuthorizationUtils.DATASOURCE_WRITE_RA_GENERATOR), authorizerMapper ); if (!authResult.isAllowed()) { throw new ForbiddenException(authResult.toString()); } queryManager.cancelQuery(queryId); return Response.status(Response.Status.ACCEPTED).build(); }
@POST @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) public Response specPost(final SupervisorSpec spec, @Context final HttpServletRequest req) { return asLeaderWithSupervisorManager( manager -> { Preconditions.checkArgument( spec.getDataSources() != null && spec.getDataSources().size() > 0, "No dataSources found to perform authorization checks" ); Access authResult = AuthorizationUtils.authorizeAllResourceActions( req, Iterables.transform(spec.getDataSources(), AuthorizationUtils.DATASOURCE_WRITE_RA_GENERATOR), authorizerMapper ); if (!authResult.isAllowed()) { throw new ForbiddenException(authResult.toString()); } manager.createOrUpdateAndStartSupervisor(spec); return Response.ok(ImmutableMap.of("id", spec.getId())).build(); } ); }
@DELETE @Path("/pendingSegments/{dataSource}") @Produces(MediaType.APPLICATION_JSON) public Response killPendingSegments( @PathParam("dataSource") String dataSource, @QueryParam("interval") String deleteIntervalString, @Context HttpServletRequest request ) { final Interval deleteInterval = Intervals.of(deleteIntervalString); // check auth for dataSource final Access authResult = AuthorizationUtils.authorizeAllResourceActions( request, ImmutableList.of( new ResourceAction(new Resource(dataSource, ResourceType.DATASOURCE), Action.READ), new ResourceAction(new Resource(dataSource, ResourceType.DATASOURCE), Action.WRITE) ), authorizerMapper ); if (!authResult.isAllowed()) { throw new ForbiddenException(authResult.getMessage()); } if (taskMaster.isLeader()) { final int numDeleted = indexerMetadataStorageAdapter.deletePendingSegments(dataSource, deleteInterval); return Response.ok().entity(ImmutableMap.of("numDeleted", numDeleted)).build(); } else { return Response.status(Status.SERVICE_UNAVAILABLE).build(); } }
public PlannerContext planAndAuthorize(final HttpServletRequest req) throws SqlParseException, RelConversionException, ValidationException { PlannerContext plannerContext = plan(req); Access access = authorize(); if (!access.isAllowed()) { throw new ForbiddenException(access.toString()); } return plannerContext; }
public PlannerContext planAndAuthorize(final AuthenticationResult authenticationResult) throws SqlParseException, RelConversionException, ValidationException { PlannerContext plannerContext = plan(authenticationResult); Access access = authorize(); if (!access.isAllowed()) { throw new ForbiddenException(access.toString()); } return plannerContext; }
throw new ForbiddenException(authResult.getMessage());
throw new ForbiddenException(authResult.toString());
@Override public StatementHandle prepare( final ConnectionHandle ch, final String sql, final long maxRowCount ) { final StatementHandle statement = createStatement(ch); final DruidStatement druidStatement; try { druidStatement = getDruidStatement(statement); } catch (NoSuchStatementException e) { throw new IllegalStateException(e); } final DruidConnection druidConnection = getDruidConnection(statement.connectionId); AuthenticationResult authenticationResult = authenticateConnection(druidConnection); if (authenticationResult == null) { throw new ForbiddenException("Authentication failed."); } statement.signature = druidStatement.prepare(sql, maxRowCount, authenticationResult).getSignature(); return statement; }
throw new ForbiddenException(authResult.toString());
AuthenticationResult authenticationResult = authenticateConnection(druidConnection); if (authenticationResult == null) { throw new ForbiddenException("Authentication failed.");
throw new ForbiddenException(authResult.toString());
/** * Authorizes action to be performed on a task's datasource * * @return authorization result */ public static Access datasourceAuthorizationCheck( final HttpServletRequest req, Action action, String datasource, AuthorizerMapper authorizerMapper ) { ResourceAction resourceAction = new ResourceAction( new Resource(datasource, ResourceType.DATASOURCE), action ); Access access = AuthorizationUtils.authorizeResourceAction(req, resourceAction, authorizerMapper); if (!access.isAllowed()) { throw new ForbiddenException(access.toString()); } return access; }
/** * Check authorization for the given action and dataSource. * * @return authorization result */ public static Access authorizationCheck( HttpServletRequest req, Action action, String dataSource, AuthorizerMapper authorizerMapper ) { ResourceAction resourceAction = new ResourceAction( new Resource(dataSource, ResourceType.DATASOURCE), action ); Access access = AuthorizationUtils.authorizeResourceAction(req, resourceAction, authorizerMapper); if (!access.isAllowed()) { throw new ForbiddenException(access.toString()); } return access; } }
@Override public Enumerable<Object[]> scan(DataContext root) { final List<ImmutableDruidServer> druidServers = serverView.getDruidServers(); final AuthenticationResult authenticationResult = (AuthenticationResult) root.get(PlannerContext.DATA_CTX_AUTHENTICATION_RESULT); final Access access = AuthorizationUtils.authorizeAllResourceActions( authenticationResult, Collections.singletonList(new ResourceAction(new Resource("STATE", ResourceType.STATE), Action.READ)), authorizerMapper ); if (!access.isAllowed()) { throw new ForbiddenException("Insufficient permission to view servers :" + access); } final FluentIterable<Object[]> results = FluentIterable .from(druidServers) .transform(val -> new Object[]{ val.getHost(), extractHost(val.getHost()), (long) extractPort(val.getHostAndPort()), (long) extractPort(val.getHostAndTlsPort()), toStringOrNull(val.getType()), val.getTier(), val.getCurrSize(), val.getMaxSize() }); return Linq4j.asEnumerable(results); } }
throw new ForbiddenException(authResult.toString());
@Override public ContainerRequest filter(ContainerRequest request) { final ResourceAction resourceAction = new ResourceAction( new Resource("CONFIG", ResourceType.CONFIG), getAction(request) ); final Access authResult = AuthorizationUtils.authorizeResourceAction( getReq(), resourceAction, getAuthorizerMapper() ); if (!authResult.isAllowed()) { throw new ForbiddenException(authResult.toString()); } return request; } }
@Override public ContainerRequest filter(ContainerRequest request) { final ResourceAction resourceAction = new ResourceAction( new Resource("STATE", ResourceType.STATE), getAction(request) ); final Access authResult = AuthorizationUtils.authorizeResourceAction( getReq(), resourceAction, getAuthorizerMapper() ); if (!authResult.isAllowed()) { throw new ForbiddenException(authResult.toString()); } return request; } }
@Override public ContainerRequest filter(ContainerRequest request) { final ResourceAction resourceAction = new ResourceAction( new Resource(getRequestDatasourceName(request), ResourceType.DATASOURCE), getAction(request) ); final Access authResult = AuthorizationUtils.authorizeResourceAction( getReq(), resourceAction, getAuthorizerMapper() ); if (!authResult.isAllowed()) { throw new ForbiddenException(authResult.toString()); } return request; }
@Override public ContainerRequest filter(ContainerRequest request) { final ResourceAction resourceAction = new ResourceAction( new Resource("CONFIG", ResourceType.CONFIG), getAction(request) ); final Access authResult = AuthorizationUtils.authorizeResourceAction( getReq(), resourceAction, getAuthorizerMapper() ); if (!authResult.isAllowed()) { throw new ForbiddenException(authResult.toString()); } return request; }
@Override public ContainerRequest filter(ContainerRequest request) { final ResourceAction resourceAction = new ResourceAction( new Resource(getRequestDatasourceName(request), ResourceType.DATASOURCE), getAction(request) ); final Access authResult = AuthorizationUtils.authorizeResourceAction( getReq(), resourceAction, getAuthorizerMapper() ); if (!authResult.isAllowed()) { throw new ForbiddenException(authResult.toString()); } return request; }