@Override public int hashCode() { int result = getResource().hashCode(); result = 31 * result + getAction().hashCode(); return result; }
@Override public ResourceAction apply(String input) { return new ResourceAction( new Resource(input, ResourceType.DATASOURCE), Action.READ ); } };
@Override public AuthenticationResult createEscalatedAuthenticationResult() { // if you found your self asking why the authenticatedBy field is set to null please read this: // https://github.com/druid-io/druid/pull/5706#discussion_r185940889 return new AuthenticationResult(internalClientUsername, authorizerName, null, null); } }
/** * Authorizes action to be performed on this task's datasource * * @return authorization result */ private Access authorizationCheck(final HttpServletRequest req, Action action) { ResourceAction resourceAction = new ResourceAction( new Resource(dataSchema.getDataSource(), ResourceType.DATASOURCE), action ); Access access = AuthorizationUtils.authorizeResourceAction(req, resourceAction, authorizerMapper); if (!access.isAllowed()) { throw new ForbiddenException(access.toString()); } return access; }
private boolean permissionCheck(Resource resource, Action action, BasicAuthorizerPermission permission) { if (action != permission.getResourceAction().getAction()) { return false; } Resource permissionResource = permission.getResourceAction().getResource(); if (permissionResource.getType() != resource.getType()) { return false; } Pattern resourceNamePattern = permission.getResourceNamePattern(); Matcher resourceNameMatcher = resourceNamePattern.matcher(resource.getName()); return resourceNameMatcher.matches(); }
private Access doAuthorize(final AuthenticationResult authenticationResult, final Access authorizationResult) { if (!authorizationResult.isAllowed()) { // Not authorized; go straight to Jail, do not pass Go. transition(State.AUTHORIZING, State.UNAUTHORIZED); } else { transition(State.AUTHORIZING, State.AUTHORIZED); } this.authenticationResult = authenticationResult; final QueryMetrics queryMetrics = queryPlus.getQueryMetrics(); if (queryMetrics != null) { queryMetrics.identity(authenticationResult.getIdentity()); } return authorizationResult; }
@Override public int hashCode() { return Objects.hash(getIdentity(), getAuthorizerName(), getAuthenticatedBy(), getContext()); } }
@Override public boolean equals(Object o) { if (this == o) { return true; } if (o == null || getClass() != o.getClass()) { return false; } ResourceAction that = (ResourceAction) o; if (!getResource().equals(that.getResource())) { return false; } return getAction() == that.getAction(); }
@Override public int hashCode() { return Objects.hash(getAuthenticatorChain(), getAuthorizers(), isAllowUnauthenticatedHttpOptions()); } }
public BasicAuthorizerPermission( ResourceAction resourceAction ) { this.resourceAction = resourceAction; try { this.resourceNamePattern = Pattern.compile(resourceAction.getResource().getName()); } catch (PatternSyntaxException pse) { throw new BasicSecurityDBResourceException( pse, "Invalid permission, resource name regex[%s] does not compile.", resourceAction.getResource().getName() ); } }
public static void addAuthenticationFilterChain( ServletContextHandler root, List<Authenticator> authenticators ) { for (Authenticator authenticator : authenticators) { FilterHolder holder = new FilterHolder( new AuthenticationWrappingFilter(authenticator.getFilter()) ); if (authenticator.getInitParameters() != null) { holder.setInitParameters(authenticator.getInitParameters()); } root.addFilter( holder, "/*", null ); } }
@Override public Authorizer getAuthorizer(String name) { return new AllowAllAuthorizer(); } };
@Override public int hashCode() { int result = name.hashCode(); result = 31 * result + type.hashCode(); return result; }
@JsonCreator public static Action fromString(String name) { if (name == null) { return null; } return valueOf(StringUtils.toUpperCase(name)); } }
public static void addNoopAuthorizationFilters(ServletContextHandler root, List<String> unsecuredPaths) { for (String unsecuredPath : unsecuredPaths) { root.addFilter(new FilterHolder(new UnsecuredResourceFilter()), unsecuredPath, null); } }
@Override public ContainerRequest filter(ContainerRequest request) { final ResourceAction resourceAction = new ResourceAction( new Resource("STATE", ResourceType.STATE), getAction(request) ); final Access authResult = AuthorizationUtils.authorizeResourceAction( getReq(), resourceAction, getAuthorizerMapper() ); if (!authResult.isAllowed()) { throw new ForbiddenException(authResult.toString()); } return request; }
@Override public ResourceAction apply(String input) { return new ResourceAction( new Resource(input, ResourceType.DATASOURCE), Action.WRITE ); } };
@Provides @Named(AuthConfig.ALLOW_ALL_NAME) public Authorizer getAuthorizer() { return new AllowAllAuthorizer(); } }
@Override public ContainerRequest filter(ContainerRequest request) { final ResourceAction resourceAction = new ResourceAction( new Resource("CONFIG", ResourceType.CONFIG), getAction(request) ); final Access authResult = AuthorizationUtils.authorizeResourceAction( getReq(), resourceAction, getAuthorizerMapper() ); if (!authResult.isAllowed()) { throw new ForbiddenException(authResult.toString()); } return request; }
@Override public ContainerRequest filter(ContainerRequest request) { final ResourceAction resourceAction = new ResourceAction( new Resource(getRequestDatasourceName(request), ResourceType.DATASOURCE), getAction(request) ); final Access authResult = AuthorizationUtils.authorizeResourceAction( getReq(), resourceAction, getAuthorizerMapper() ); if (!authResult.isAllowed()) { throw new ForbiddenException(authResult.toString()); } return request; }