From 0af5d8c8792a735d909b343ccc34e5acc93eb502 Mon Sep 17 00:00:00 2001 From: Eugene Sevastianov Date: Thu, 23 May 2019 15:02:35 +0300 Subject: [PATCH 1/7] druid-basic-security module update to make it work on any Druid component as user/role manager: 1. Added dependency on MetadataStorage because it is used as a storage for users/roles 2. Authenticator/authorizer cache/handler/notifier take class composition form a config --- .../BasicAuthClassCompositionConfig.java | 120 ++++++++++++++++++ .../basic/BasicSecurityDruidModule.java | 104 ++++++++++++--- .../NoopBasicAuthenticatorCacheNotifier.java | 29 +++++ .../NoopBasicAuthorizerCacheNotifier.java | 29 +++++ 4 files changed, 266 insertions(+), 16 deletions(-) create mode 100644 extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicAuthClassCompositionConfig.java create mode 100644 extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authentication/db/cache/NoopBasicAuthenticatorCacheNotifier.java create mode 100644 extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authorization/db/cache/NoopBasicAuthorizerCacheNotifier.java diff --git a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicAuthClassCompositionConfig.java b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicAuthClassCompositionConfig.java new file mode 100644 index 000000000000..fd9553a303fd --- /dev/null +++ b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicAuthClassCompositionConfig.java @@ -0,0 +1,120 @@ +/* + * Licensed to Metamarkets Group Inc. (Metamarkets) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. Metamarkets licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package io.druid.security.basic; + +import com.fasterxml.jackson.annotation.JsonCreator; +import com.fasterxml.jackson.annotation.JsonProperty; + +public class BasicAuthClassCompositionConfig +{ + @JsonProperty + private final String authenticatorMetadataStorageUpdater; + + @JsonProperty + private final String authenticatorCacheManager; + + @JsonProperty + private final String authenticatorResourceHandler; + + @JsonProperty + private final String authenticatorCacheNotifier; + + @JsonProperty + private final String authorizerMetadataStorageUpdater; + + @JsonProperty + private final String authorizerCacheManager; + + @JsonProperty + private final String authorizerResourceHandler; + + @JsonProperty + private final String authorizerCacheNotifier; + + @JsonCreator + public BasicAuthClassCompositionConfig( + @JsonProperty("authenticatorMetadataStorageUpdater") String authenticatorMetadataStorageUpdater, + @JsonProperty("authenticatorCacheManager") String authenticatorCacheManager, + @JsonProperty("authenticatorResourceHandler") String authenticatorResourceHandler, + @JsonProperty("authenticatorCacheNotifier") String authenticatorCacheNotifier, + @JsonProperty("authorizerMetadataStorageUpdater") String authorizerMetadataStorageUpdater, + @JsonProperty("authorizerCacheManager") String authorizerCacheManager, + @JsonProperty("authorizerResourceHandler") String authorizerResourceHandler, + @JsonProperty("authorizerCacheNotifier") String authorizerCacheNotifier + ) + { + this.authenticatorMetadataStorageUpdater = authenticatorMetadataStorageUpdater; + this.authenticatorCacheManager = authenticatorCacheManager; + this.authenticatorResourceHandler = authenticatorResourceHandler; + this.authenticatorCacheNotifier = authenticatorCacheNotifier; + this.authorizerMetadataStorageUpdater = authorizerMetadataStorageUpdater; + this.authorizerCacheManager = authorizerCacheManager; + this.authorizerResourceHandler = authorizerResourceHandler; + this.authorizerCacheNotifier = authorizerCacheNotifier; + } + + @JsonProperty + public String getAuthenticatorMetadataStorageUpdater() + { + return authenticatorMetadataStorageUpdater; + } + + @JsonProperty + public String getAuthenticatorCacheManager() + { + return authenticatorCacheManager; + } + + @JsonProperty + public String getAuthenticatorResourceHandler() + { + return authenticatorResourceHandler; + } + + @JsonProperty + public String getAuthenticatorCacheNotifier() + { + return authenticatorCacheNotifier; + } + + @JsonProperty + public String getAuthorizerMetadataStorageUpdater() + { + return authorizerMetadataStorageUpdater; + } + + @JsonProperty + public String getAuthorizerCacheManager() + { + return authorizerCacheManager; + } + + @JsonProperty + public String getAuthorizerResourceHandler() + { + return authorizerResourceHandler; + } + + @JsonProperty + public String getAuthorizerCacheNotifier() + { + return authorizerCacheNotifier; + } +} diff --git a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicSecurityDruidModule.java b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicSecurityDruidModule.java index 8e14d8770bee..d611b827c562 100644 --- a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicSecurityDruidModule.java +++ b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicSecurityDruidModule.java @@ -32,6 +32,8 @@ import io.druid.guice.LazySingleton; import io.druid.guice.LifecycleModule; import io.druid.initialization.DruidModule; +import io.druid.metadata.MetadataStorage; +import io.druid.metadata.MetadataStorageProvider; import io.druid.security.basic.authentication.BasicHTTPAuthenticator; import io.druid.security.basic.authentication.BasicHTTPEscalator; import io.druid.security.basic.authentication.db.cache.BasicAuthenticatorCacheManager; @@ -62,10 +64,12 @@ public class BasicSecurityDruidModule implements DruidModule { + @Override public void configure(Binder binder) { JsonConfigProvider.bind(binder, "druid.auth.basic.common", BasicAuthCommonCacheConfig.class); + JsonConfigProvider.bind(binder, "druid.auth.basic.composition", BasicAuthClassCompositionConfig.class); LifecycleModule.register(binder, BasicAuthenticatorMetadataStorageUpdater.class); LifecycleModule.register(binder, BasicAuthorizerMetadataStorageUpdater.class); @@ -74,11 +78,22 @@ public void configure(Binder binder) Jerseys.addResource(binder, BasicAuthenticatorResource.class); Jerseys.addResource(binder, BasicAuthorizerResource.class); + + binder.bind(MetadataStorage.class).toProvider(MetadataStorageProvider.class); + LifecycleModule.register(binder, MetadataStorage.class); } - @Provides @LazySingleton - public static BasicAuthenticatorMetadataStorageUpdater createAuthenticatorStorageUpdater(final Injector injector) + @Provides + @LazySingleton + public static BasicAuthenticatorMetadataStorageUpdater createAuthenticatorStorageUpdater( + final Injector injector, + BasicAuthClassCompositionConfig config + ) throws ClassNotFoundException { + if (config.getAuthenticatorMetadataStorageUpdater() != null) { + return (BasicAuthenticatorMetadataStorageUpdater) + injector.getInstance(Class.forName(config.getAuthenticatorMetadataStorageUpdater())); + } if (isCoordinator(injector)) { return injector.getInstance(CoordinatorBasicAuthenticatorMetadataStorageUpdater.class); } else { @@ -86,9 +101,17 @@ public static BasicAuthenticatorMetadataStorageUpdater createAuthenticatorStorag } } - @Provides @LazySingleton - public static BasicAuthenticatorCacheManager createAuthenticatorCacheManager(final Injector injector) + @Provides + @LazySingleton + public static BasicAuthenticatorCacheManager createAuthenticatorCacheManager( + final Injector injector, + BasicAuthClassCompositionConfig config + ) throws ClassNotFoundException { + if (config.getAuthenticatorCacheManager() != null) { + return (BasicAuthenticatorCacheManager) + injector.getInstance(Class.forName(config.getAuthenticatorCacheManager())); + } if (isCoordinator(injector)) { return injector.getInstance(MetadataStoragePollingBasicAuthenticatorCacheManager.class); } else { @@ -96,9 +119,17 @@ public static BasicAuthenticatorCacheManager createAuthenticatorCacheManager(fin } } - @Provides @LazySingleton - public static BasicAuthenticatorResourceHandler createAuthenticatorResourceHandler(final Injector injector) + @Provides + @LazySingleton + public static BasicAuthenticatorResourceHandler createAuthenticatorResourceHandler( + final Injector injector, + BasicAuthClassCompositionConfig config + ) throws ClassNotFoundException { + if (config.getAuthenticatorResourceHandler() != null) { + return (BasicAuthenticatorResourceHandler) + injector.getInstance(Class.forName(config.getAuthenticatorResourceHandler())); + } if (isCoordinator(injector)) { return injector.getInstance(CoordinatorBasicAuthenticatorResourceHandler.class); } else { @@ -106,9 +137,17 @@ public static BasicAuthenticatorResourceHandler createAuthenticatorResourceHandl } } - @Provides @LazySingleton - public static BasicAuthenticatorCacheNotifier createAuthenticatorCacheNotifier(final Injector injector) + @Provides + @LazySingleton + public static BasicAuthenticatorCacheNotifier createAuthenticatorCacheNotifier( + final Injector injector, + BasicAuthClassCompositionConfig config + ) throws ClassNotFoundException { + if (config.getAuthenticatorCacheNotifier() != null) { + return (BasicAuthenticatorCacheNotifier) + injector.getInstance(Class.forName(config.getAuthenticatorCacheNotifier())); + } if (isCoordinator(injector)) { return injector.getInstance(CoordinatorBasicAuthenticatorCacheNotifier.class); } else { @@ -116,9 +155,18 @@ public static BasicAuthenticatorCacheNotifier createAuthenticatorCacheNotifier(f } } - @Provides @LazySingleton - public static BasicAuthorizerMetadataStorageUpdater createAuthorizerStorageUpdater(final Injector injector) + @Provides + @LazySingleton + public static BasicAuthorizerMetadataStorageUpdater createAuthorizerStorageUpdater( + final Injector injector, + BasicAuthClassCompositionConfig config + ) + throws ClassNotFoundException { + if (config.getAuthorizerMetadataStorageUpdater() != null) { + return (BasicAuthorizerMetadataStorageUpdater) + injector.getInstance(Class.forName(config.getAuthorizerMetadataStorageUpdater())); + } if (isCoordinator(injector)) { return injector.getInstance(CoordinatorBasicAuthorizerMetadataStorageUpdater.class); } else { @@ -126,9 +174,17 @@ public static BasicAuthorizerMetadataStorageUpdater createAuthorizerStorageUpdat } } - @Provides @LazySingleton - public static BasicAuthorizerCacheManager createAuthorizerCacheManager(final Injector injector) + @Provides + @LazySingleton + public static BasicAuthorizerCacheManager createAuthorizerCacheManager( + final Injector injector, + BasicAuthClassCompositionConfig config + ) throws ClassNotFoundException { + if (config.getAuthorizerCacheManager() != null) { + return (BasicAuthorizerCacheManager) + injector.getInstance(Class.forName(config.getAuthorizerCacheManager())); + } if (isCoordinator(injector)) { return injector.getInstance(MetadataStoragePollingBasicAuthorizerCacheManager.class); } else { @@ -136,9 +192,17 @@ public static BasicAuthorizerCacheManager createAuthorizerCacheManager(final Inj } } - @Provides @LazySingleton - public static BasicAuthorizerResourceHandler createAuthorizerResourceHandler(final Injector injector) + @Provides + @LazySingleton + public static BasicAuthorizerResourceHandler createAuthorizerResourceHandler( + final Injector injector, + BasicAuthClassCompositionConfig config + ) throws ClassNotFoundException { + if (config.getAuthorizerResourceHandler() != null) { + return (BasicAuthorizerResourceHandler) + injector.getInstance(Class.forName(config.getAuthorizerResourceHandler())); + } if (isCoordinator(injector)) { return injector.getInstance(CoordinatorBasicAuthorizerResourceHandler.class); } else { @@ -146,9 +210,17 @@ public static BasicAuthorizerResourceHandler createAuthorizerResourceHandler(fin } } - @Provides @LazySingleton - public static BasicAuthorizerCacheNotifier createAuthorizerCacheNotifier(final Injector injector) + @Provides + @LazySingleton + public static BasicAuthorizerCacheNotifier createAuthorizerCacheNotifier( + final Injector injector, + BasicAuthClassCompositionConfig config + ) throws ClassNotFoundException { + if (config.getAuthorizerCacheNotifier() != null) { + return (BasicAuthorizerCacheNotifier) + injector.getInstance(Class.forName(config.getAuthorizerCacheNotifier())); + } if (isCoordinator(injector)) { return injector.getInstance(CoordinatorBasicAuthorizerCacheNotifier.class); } else { diff --git a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authentication/db/cache/NoopBasicAuthenticatorCacheNotifier.java b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authentication/db/cache/NoopBasicAuthenticatorCacheNotifier.java new file mode 100644 index 000000000000..375bb513d80b --- /dev/null +++ b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authentication/db/cache/NoopBasicAuthenticatorCacheNotifier.java @@ -0,0 +1,29 @@ +/* + * Licensed to Metamarkets Group Inc. (Metamarkets) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. Metamarkets licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package io.druid.security.basic.authentication.db.cache; + +public class NoopBasicAuthenticatorCacheNotifier implements BasicAuthenticatorCacheNotifier +{ + @Override + public void addUpdate(String updatedAuthenticatorPrefix, byte[] updatedUserMap) + { + // Do nothing as this is a noop implementation + } +} diff --git a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authorization/db/cache/NoopBasicAuthorizerCacheNotifier.java b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authorization/db/cache/NoopBasicAuthorizerCacheNotifier.java new file mode 100644 index 000000000000..cf24ccc25385 --- /dev/null +++ b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authorization/db/cache/NoopBasicAuthorizerCacheNotifier.java @@ -0,0 +1,29 @@ +/* + * Licensed to Metamarkets Group Inc. (Metamarkets) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. Metamarkets licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package io.druid.security.basic.authorization.db.cache; + +public class NoopBasicAuthorizerCacheNotifier implements BasicAuthorizerCacheNotifier +{ + @Override + public void addUpdate(String authorizerPrefix, byte[] userAndRoleMap) + { + // Do nothing as this is a noop implementation + } +} From d4237cfd432e7491e10b436c4343bcd3fe8e9345 Mon Sep 17 00:00:00 2001 From: Eugene Sevastianov Date: Tue, 28 May 2019 11:03:49 +0300 Subject: [PATCH 2/7] Refactored and added some comments --- .../BasicAuthClassCompositionConfig.java | 8 + .../basic/BasicSecurityDruidModule.java | 156 +++++++++--------- .../NoopBasicAuthenticatorCacheNotifier.java | 4 + .../NoopBasicAuthorizerCacheNotifier.java | 4 + ...thenticatorMetadataStorageUpdaterTest.java | 1 + ...dinatorBasicAuthenticatorResourceTest.java | 1 + .../NoopBasicAuthenticatorCacheNotifier.java | 31 ---- .../BasicRoleBasedAuthorizerTest.java | 1 + ...cAuthorizerMetadataStorageUpdaterTest.java | 1 + ...oordinatorBasicAuthorizerResourceTest.java | 1 + .../NoopBasicAuthorizerCacheNotifier.java | 31 ---- integration-tests/docker/historical.conf | 4 +- integration-tests/docker/middlemanager.conf | 4 +- .../src/main/java/io/druid/cli/CliRouter.java | 5 + 14 files changed, 107 insertions(+), 145 deletions(-) delete mode 100644 extensions-core/druid-basic-security/src/test/java/io/druid/security/authentication/NoopBasicAuthenticatorCacheNotifier.java delete mode 100644 extensions-core/druid-basic-security/src/test/java/io/druid/security/authorization/NoopBasicAuthorizerCacheNotifier.java diff --git a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicAuthClassCompositionConfig.java b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicAuthClassCompositionConfig.java index fd9553a303fd..68ae5109c8b7 100644 --- a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicAuthClassCompositionConfig.java +++ b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicAuthClassCompositionConfig.java @@ -22,6 +22,14 @@ import com.fasterxml.jackson.annotation.JsonCreator; import com.fasterxml.jackson.annotation.JsonProperty; +/** + * Basic authentication storage/cache/resource handler config. + * The config is an option to specify classes of user/role managers, caches and notifiers. + * If a config field is specified then the corresponding class is instantiated + * regardless of what type of Druid component runs it (see {@link BasicSecurityDruidModule}). + * Hence every Druid component might be a user/role manager and notify others by sending notifications. + * Every field must be a valid class name (appropriate for the corresponding goal) or null. + */ public class BasicAuthClassCompositionConfig { @JsonProperty diff --git a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicSecurityDruidModule.java b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicSecurityDruidModule.java index d611b827c562..bff52eed1274 100644 --- a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicSecurityDruidModule.java +++ b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicSecurityDruidModule.java @@ -32,8 +32,6 @@ import io.druid.guice.LazySingleton; import io.druid.guice.LifecycleModule; import io.druid.initialization.DruidModule; -import io.druid.metadata.MetadataStorage; -import io.druid.metadata.MetadataStorageProvider; import io.druid.security.basic.authentication.BasicHTTPAuthenticator; import io.druid.security.basic.authentication.BasicHTTPEscalator; import io.druid.security.basic.authentication.db.cache.BasicAuthenticatorCacheManager; @@ -60,6 +58,7 @@ import io.druid.security.basic.authorization.endpoint.CoordinatorBasicAuthorizerResourceHandler; import io.druid.security.basic.authorization.endpoint.DefaultBasicAuthorizerResourceHandler; +import javax.annotation.Nullable; import java.util.List; public class BasicSecurityDruidModule implements DruidModule @@ -78,9 +77,6 @@ public void configure(Binder binder) Jerseys.addResource(binder, BasicAuthenticatorResource.class); Jerseys.addResource(binder, BasicAuthorizerResource.class); - - binder.bind(MetadataStorage.class).toProvider(MetadataStorageProvider.class); - LifecycleModule.register(binder, MetadataStorage.class); } @Provides @@ -90,15 +86,12 @@ public static BasicAuthenticatorMetadataStorageUpdater createAuthenticatorStorag BasicAuthClassCompositionConfig config ) throws ClassNotFoundException { - if (config.getAuthenticatorMetadataStorageUpdater() != null) { - return (BasicAuthenticatorMetadataStorageUpdater) - injector.getInstance(Class.forName(config.getAuthenticatorMetadataStorageUpdater())); - } - if (isCoordinator(injector)) { - return injector.getInstance(CoordinatorBasicAuthenticatorMetadataStorageUpdater.class); - } else { - return null; - } + return getInstance( + injector, + config.getAuthenticatorMetadataStorageUpdater(), + CoordinatorBasicAuthenticatorMetadataStorageUpdater.class, + null + ); } @Provides @@ -108,15 +101,12 @@ public static BasicAuthenticatorCacheManager createAuthenticatorCacheManager( BasicAuthClassCompositionConfig config ) throws ClassNotFoundException { - if (config.getAuthenticatorCacheManager() != null) { - return (BasicAuthenticatorCacheManager) - injector.getInstance(Class.forName(config.getAuthenticatorCacheManager())); - } - if (isCoordinator(injector)) { - return injector.getInstance(MetadataStoragePollingBasicAuthenticatorCacheManager.class); - } else { - return injector.getInstance(CoordinatorPollingBasicAuthenticatorCacheManager.class); - } + return getInstance( + injector, + config.getAuthenticatorCacheManager(), + MetadataStoragePollingBasicAuthenticatorCacheManager.class, + CoordinatorPollingBasicAuthenticatorCacheManager.class + ); } @Provides @@ -126,15 +116,12 @@ public static BasicAuthenticatorResourceHandler createAuthenticatorResourceHandl BasicAuthClassCompositionConfig config ) throws ClassNotFoundException { - if (config.getAuthenticatorResourceHandler() != null) { - return (BasicAuthenticatorResourceHandler) - injector.getInstance(Class.forName(config.getAuthenticatorResourceHandler())); - } - if (isCoordinator(injector)) { - return injector.getInstance(CoordinatorBasicAuthenticatorResourceHandler.class); - } else { - return injector.getInstance(DefaultBasicAuthenticatorResourceHandler.class); - } + return getInstance( + injector, + config.getAuthenticatorResourceHandler(), + CoordinatorBasicAuthenticatorResourceHandler.class, + DefaultBasicAuthenticatorResourceHandler.class + ); } @Provides @@ -144,15 +131,12 @@ public static BasicAuthenticatorCacheNotifier createAuthenticatorCacheNotifier( BasicAuthClassCompositionConfig config ) throws ClassNotFoundException { - if (config.getAuthenticatorCacheNotifier() != null) { - return (BasicAuthenticatorCacheNotifier) - injector.getInstance(Class.forName(config.getAuthenticatorCacheNotifier())); - } - if (isCoordinator(injector)) { - return injector.getInstance(CoordinatorBasicAuthenticatorCacheNotifier.class); - } else { - return null; - } + return getInstance( + injector, + config.getAuthenticatorCacheNotifier(), + CoordinatorBasicAuthenticatorCacheNotifier.class, + null + ); } @Provides @@ -160,18 +144,14 @@ public static BasicAuthenticatorCacheNotifier createAuthenticatorCacheNotifier( public static BasicAuthorizerMetadataStorageUpdater createAuthorizerStorageUpdater( final Injector injector, BasicAuthClassCompositionConfig config - ) - throws ClassNotFoundException + ) throws ClassNotFoundException { - if (config.getAuthorizerMetadataStorageUpdater() != null) { - return (BasicAuthorizerMetadataStorageUpdater) - injector.getInstance(Class.forName(config.getAuthorizerMetadataStorageUpdater())); - } - if (isCoordinator(injector)) { - return injector.getInstance(CoordinatorBasicAuthorizerMetadataStorageUpdater.class); - } else { - return null; - } + return getInstance( + injector, + config.getAuthorizerMetadataStorageUpdater(), + CoordinatorBasicAuthorizerMetadataStorageUpdater.class, + null + ); } @Provides @@ -181,15 +161,12 @@ public static BasicAuthorizerCacheManager createAuthorizerCacheManager( BasicAuthClassCompositionConfig config ) throws ClassNotFoundException { - if (config.getAuthorizerCacheManager() != null) { - return (BasicAuthorizerCacheManager) - injector.getInstance(Class.forName(config.getAuthorizerCacheManager())); - } - if (isCoordinator(injector)) { - return injector.getInstance(MetadataStoragePollingBasicAuthorizerCacheManager.class); - } else { - return injector.getInstance(CoordinatorPollingBasicAuthorizerCacheManager.class); - } + return getInstance( + injector, + config.getAuthorizerCacheManager(), + MetadataStoragePollingBasicAuthorizerCacheManager.class, + CoordinatorPollingBasicAuthorizerCacheManager.class + ); } @Provides @@ -199,15 +176,12 @@ public static BasicAuthorizerResourceHandler createAuthorizerResourceHandler( BasicAuthClassCompositionConfig config ) throws ClassNotFoundException { - if (config.getAuthorizerResourceHandler() != null) { - return (BasicAuthorizerResourceHandler) - injector.getInstance(Class.forName(config.getAuthorizerResourceHandler())); - } - if (isCoordinator(injector)) { - return injector.getInstance(CoordinatorBasicAuthorizerResourceHandler.class); - } else { - return injector.getInstance(DefaultBasicAuthorizerResourceHandler.class); - } + return getInstance( + injector, + config.getAuthorizerResourceHandler(), + CoordinatorBasicAuthorizerResourceHandler.class, + DefaultBasicAuthorizerResourceHandler.class + ); } @Provides @@ -217,15 +191,12 @@ public static BasicAuthorizerCacheNotifier createAuthorizerCacheNotifier( BasicAuthClassCompositionConfig config ) throws ClassNotFoundException { - if (config.getAuthorizerCacheNotifier() != null) { - return (BasicAuthorizerCacheNotifier) - injector.getInstance(Class.forName(config.getAuthorizerCacheNotifier())); - } - if (isCoordinator(injector)) { - return injector.getInstance(CoordinatorBasicAuthorizerCacheNotifier.class); - } else { - return null; - } + return getInstance( + injector, + config.getAuthorizerCacheNotifier(), + CoordinatorBasicAuthorizerCacheNotifier.class, + null + ); } @Override @@ -240,6 +211,33 @@ public List getJacksonModules() ); } + /** + * Returns the instance provided either by a config property or coordinator-run class or default class. + * The order of check corresponds to the order of method params. + */ + @Nullable + public static T getInstance( + Injector injector, + String configClassName, + Class isCoordClass, + Class defaultClass + ) throws ClassNotFoundException + { + if (configClassName != null) { + // ClassCastException is thrown in case of a mismatch, configuration fix is required. + @SuppressWarnings("unchecked") + final T instance = (T) injector.getInstance(Class.forName(configClassName)); + return instance; + } + if (isCoordClass != null && isCoordinator(injector)) { + return injector.getInstance(isCoordClass); + } + if (defaultClass != null) { + return injector.getInstance(defaultClass); + } + return null; + } + private static boolean isCoordinator(Injector injector) { final String serviceName; diff --git a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authentication/db/cache/NoopBasicAuthenticatorCacheNotifier.java b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authentication/db/cache/NoopBasicAuthenticatorCacheNotifier.java index 375bb513d80b..98e09fd36f32 100644 --- a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authentication/db/cache/NoopBasicAuthenticatorCacheNotifier.java +++ b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authentication/db/cache/NoopBasicAuthenticatorCacheNotifier.java @@ -19,6 +19,10 @@ package io.druid.security.basic.authentication.db.cache; +/** + * Noop basic authenticator cache notifier. + * Might be used as a config option to override default authenticator cache notifier. + */ public class NoopBasicAuthenticatorCacheNotifier implements BasicAuthenticatorCacheNotifier { @Override diff --git a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authorization/db/cache/NoopBasicAuthorizerCacheNotifier.java b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authorization/db/cache/NoopBasicAuthorizerCacheNotifier.java index cf24ccc25385..233086e44dff 100644 --- a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authorization/db/cache/NoopBasicAuthorizerCacheNotifier.java +++ b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authorization/db/cache/NoopBasicAuthorizerCacheNotifier.java @@ -19,6 +19,10 @@ package io.druid.security.basic.authorization.db.cache; +/** + * Noop basic authorizer cache notifier. + * Might be used as a config option to override default authorizer cache notifier. + */ public class NoopBasicAuthorizerCacheNotifier implements BasicAuthorizerCacheNotifier { @Override diff --git a/extensions-core/druid-basic-security/src/test/java/io/druid/security/authentication/CoordinatorBasicAuthenticatorMetadataStorageUpdaterTest.java b/extensions-core/druid-basic-security/src/test/java/io/druid/security/authentication/CoordinatorBasicAuthenticatorMetadataStorageUpdaterTest.java index 3ea3b11847d6..c4d7978f035c 100644 --- a/extensions-core/druid-basic-security/src/test/java/io/druid/security/authentication/CoordinatorBasicAuthenticatorMetadataStorageUpdaterTest.java +++ b/extensions-core/druid-basic-security/src/test/java/io/druid/security/authentication/CoordinatorBasicAuthenticatorMetadataStorageUpdaterTest.java @@ -38,6 +38,7 @@ import io.druid.security.basic.BasicSecurityDBResourceException; import io.druid.security.basic.authentication.BasicHTTPAuthenticator; import io.druid.security.basic.authentication.BasicHTTPEscalator; +import io.druid.security.basic.authentication.db.cache.NoopBasicAuthenticatorCacheNotifier; import io.druid.security.basic.authentication.db.updater.CoordinatorBasicAuthenticatorMetadataStorageUpdater; import io.druid.security.basic.authentication.entity.BasicAuthenticatorCredentialUpdate; import io.druid.security.basic.authentication.entity.BasicAuthenticatorCredentials; diff --git a/extensions-core/druid-basic-security/src/test/java/io/druid/security/authentication/CoordinatorBasicAuthenticatorResourceTest.java b/extensions-core/druid-basic-security/src/test/java/io/druid/security/authentication/CoordinatorBasicAuthenticatorResourceTest.java index 3ab2a3855b07..59eb39787c1c 100644 --- a/extensions-core/druid-basic-security/src/test/java/io/druid/security/authentication/CoordinatorBasicAuthenticatorResourceTest.java +++ b/extensions-core/druid-basic-security/src/test/java/io/druid/security/authentication/CoordinatorBasicAuthenticatorResourceTest.java @@ -39,6 +39,7 @@ import io.druid.security.basic.BasicAuthUtils; import io.druid.security.basic.authentication.BasicHTTPAuthenticator; import io.druid.security.basic.authentication.BasicHTTPEscalator; +import io.druid.security.basic.authentication.db.cache.NoopBasicAuthenticatorCacheNotifier; import io.druid.security.basic.authentication.db.updater.CoordinatorBasicAuthenticatorMetadataStorageUpdater; import io.druid.security.basic.authentication.endpoint.BasicAuthenticatorResource; import io.druid.security.basic.authentication.endpoint.CoordinatorBasicAuthenticatorResourceHandler; diff --git a/extensions-core/druid-basic-security/src/test/java/io/druid/security/authentication/NoopBasicAuthenticatorCacheNotifier.java b/extensions-core/druid-basic-security/src/test/java/io/druid/security/authentication/NoopBasicAuthenticatorCacheNotifier.java deleted file mode 100644 index 22809cc8d4c6..000000000000 --- a/extensions-core/druid-basic-security/src/test/java/io/druid/security/authentication/NoopBasicAuthenticatorCacheNotifier.java +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Licensed to Metamarkets Group Inc. (Metamarkets) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. Metamarkets licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package io.druid.security.authentication; - -import io.druid.security.basic.authentication.db.cache.BasicAuthenticatorCacheNotifier; - -public class NoopBasicAuthenticatorCacheNotifier implements BasicAuthenticatorCacheNotifier -{ - @Override - public void addUpdate(String updatedAuthenticatorPrefix, byte[] updatedUserMap) - { - - } -} diff --git a/extensions-core/druid-basic-security/src/test/java/io/druid/security/authorization/BasicRoleBasedAuthorizerTest.java b/extensions-core/druid-basic-security/src/test/java/io/druid/security/authorization/BasicRoleBasedAuthorizerTest.java index aafac305525a..e9238fa978eb 100644 --- a/extensions-core/druid-basic-security/src/test/java/io/druid/security/authorization/BasicRoleBasedAuthorizerTest.java +++ b/extensions-core/druid-basic-security/src/test/java/io/druid/security/authorization/BasicRoleBasedAuthorizerTest.java @@ -28,6 +28,7 @@ import io.druid.security.basic.BasicAuthCommonCacheConfig; import io.druid.security.basic.authorization.BasicRoleBasedAuthorizer; import io.druid.security.basic.authorization.db.cache.MetadataStoragePollingBasicAuthorizerCacheManager; +import io.druid.security.basic.authorization.db.cache.NoopBasicAuthorizerCacheNotifier; import io.druid.security.basic.authorization.db.updater.CoordinatorBasicAuthorizerMetadataStorageUpdater; import io.druid.server.security.Access; import io.druid.server.security.Action; diff --git a/extensions-core/druid-basic-security/src/test/java/io/druid/security/authorization/CoordinatorBasicAuthorizerMetadataStorageUpdaterTest.java b/extensions-core/druid-basic-security/src/test/java/io/druid/security/authorization/CoordinatorBasicAuthorizerMetadataStorageUpdaterTest.java index d1f6b1fb17ea..2091521bc302 100644 --- a/extensions-core/druid-basic-security/src/test/java/io/druid/security/authorization/CoordinatorBasicAuthorizerMetadataStorageUpdaterTest.java +++ b/extensions-core/druid-basic-security/src/test/java/io/druid/security/authorization/CoordinatorBasicAuthorizerMetadataStorageUpdaterTest.java @@ -31,6 +31,7 @@ import io.druid.security.basic.BasicAuthUtils; import io.druid.security.basic.BasicSecurityDBResourceException; import io.druid.security.basic.authorization.BasicRoleBasedAuthorizer; +import io.druid.security.basic.authorization.db.cache.NoopBasicAuthorizerCacheNotifier; import io.druid.security.basic.authorization.db.updater.CoordinatorBasicAuthorizerMetadataStorageUpdater; import io.druid.security.basic.authorization.entity.BasicAuthorizerPermission; import io.druid.security.basic.authorization.entity.BasicAuthorizerRole; diff --git a/extensions-core/druid-basic-security/src/test/java/io/druid/security/authorization/CoordinatorBasicAuthorizerResourceTest.java b/extensions-core/druid-basic-security/src/test/java/io/druid/security/authorization/CoordinatorBasicAuthorizerResourceTest.java index 763b1f7d5f94..609bbf050b02 100644 --- a/extensions-core/druid-basic-security/src/test/java/io/druid/security/authorization/CoordinatorBasicAuthorizerResourceTest.java +++ b/extensions-core/druid-basic-security/src/test/java/io/druid/security/authorization/CoordinatorBasicAuthorizerResourceTest.java @@ -30,6 +30,7 @@ import io.druid.security.basic.BasicAuthCommonCacheConfig; import io.druid.security.basic.BasicAuthUtils; import io.druid.security.basic.authorization.BasicRoleBasedAuthorizer; +import io.druid.security.basic.authorization.db.cache.NoopBasicAuthorizerCacheNotifier; import io.druid.security.basic.authorization.db.updater.CoordinatorBasicAuthorizerMetadataStorageUpdater; import io.druid.security.basic.authorization.endpoint.BasicAuthorizerResource; import io.druid.security.basic.authorization.endpoint.CoordinatorBasicAuthorizerResourceHandler; diff --git a/extensions-core/druid-basic-security/src/test/java/io/druid/security/authorization/NoopBasicAuthorizerCacheNotifier.java b/extensions-core/druid-basic-security/src/test/java/io/druid/security/authorization/NoopBasicAuthorizerCacheNotifier.java deleted file mode 100644 index ca37a214c820..000000000000 --- a/extensions-core/druid-basic-security/src/test/java/io/druid/security/authorization/NoopBasicAuthorizerCacheNotifier.java +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Licensed to Metamarkets Group Inc. (Metamarkets) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. Metamarkets licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package io.druid.security.authorization; - -import io.druid.security.basic.authorization.db.cache.BasicAuthorizerCacheNotifier; - -public class NoopBasicAuthorizerCacheNotifier implements BasicAuthorizerCacheNotifier -{ - @Override - public void addUpdate(String authorizerPrefix, byte[] userAndRoleMap) - { - - } -} diff --git a/integration-tests/docker/historical.conf b/integration-tests/docker/historical.conf index 58cbd84e2416..2b507e299388 100644 --- a/integration-tests/docker/historical.conf +++ b/integration-tests/docker/historical.conf @@ -12,8 +12,8 @@ command=java -Dfile.encoding=UTF-8 -Ddruid.host=%(ENV_HOST_IP)s -Ddruid.zk.service.host=druid-zookeeper-kafka - -Ddruid.s3.accessKey=AKIAIMKECRUYKDQGR6YQ - -Ddruid.s3.secretKey=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 + -Ddruid.s3.accessKey=AKIAJI7DG7CDECGBQ6NA + -Ddruid.s3.secretKey=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 -Ddruid.processing.buffer.sizeBytes=75000000 -Ddruid.processing.numThreads=3 -Ddruid.server.http.numThreads=100 diff --git a/integration-tests/docker/middlemanager.conf b/integration-tests/docker/middlemanager.conf index 2ca1560fb2c7..ea9db536428e 100644 --- a/integration-tests/docker/middlemanager.conf +++ b/integration-tests/docker/middlemanager.conf @@ -17,8 +17,8 @@ command=java -Ddruid.indexer.fork.property.druid.processing.buffer.sizeBytes=75000000 -Ddruid.indexer.fork.property.druid.processing.numThreads=1 -Ddruid.indexer.fork.server.http.numThreads=100 - -Ddruid.s3.accessKey=AKIAIMKECRUYKDQGR6YQ - -Ddruid.s3.secretKey=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 + -Ddruid.s3.accessKey=AKIAJI7DG7CDECGBQ6NA + -Ddruid.s3.secretKey=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 -Ddruid.worker.ip=%(ENV_HOST_IP)s -Ddruid.selectors.indexing.serviceName=druid/overlord -Ddruid.indexer.task.chathandler.type=announce diff --git a/services/src/main/java/io/druid/cli/CliRouter.java b/services/src/main/java/io/druid/cli/CliRouter.java index 51a9a8ef04d0..e44b80af1469 100644 --- a/services/src/main/java/io/druid/cli/CliRouter.java +++ b/services/src/main/java/io/druid/cli/CliRouter.java @@ -45,6 +45,8 @@ import io.druid.guice.http.JettyHttpClientModule; import io.druid.java.util.common.logger.Logger; import io.druid.java.util.http.client.HttpClient; +import io.druid.metadata.MetadataStorage; +import io.druid.metadata.MetadataStorageProvider; import io.druid.query.lookup.LookupModule; import io.druid.server.AsyncQueryForwardingServlet; import io.druid.server.http.RouterResource; @@ -112,6 +114,9 @@ public void configure(Binder binder) binder.bind(QueryCountStatsProvider.class).to(AsyncQueryForwardingServlet.class).in(LazySingleton.class); binder.bind(JettyServerInitializer.class).to(RouterJettyServerInitializer.class).in(LazySingleton.class); + binder.bind(MetadataStorage.class).toProvider(MetadataStorageProvider.class); + LifecycleModule.register(binder, MetadataStorage.class); + Jerseys.addResource(binder, RouterResource.class); LifecycleModule.register(binder, RouterResource.class); From 517b7144434539696a76e399022ab53a4f2bcda8 Mon Sep 17 00:00:00 2001 From: Eugene Sevastianov Date: Wed, 29 May 2019 13:27:50 +0300 Subject: [PATCH 3/7] Added comments --- .../security/basic/BasicAuthClassCompositionConfig.java | 4 ++-- .../io/druid/security/basic/BasicSecurityDruidModule.java | 6 +++--- .../db/cache/NoopBasicAuthenticatorCacheNotifier.java | 1 + .../db/cache/NoopBasicAuthorizerCacheNotifier.java | 1 + 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicAuthClassCompositionConfig.java b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicAuthClassCompositionConfig.java index 68ae5109c8b7..ad15ecc0bced 100644 --- a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicAuthClassCompositionConfig.java +++ b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicAuthClassCompositionConfig.java @@ -24,8 +24,8 @@ /** * Basic authentication storage/cache/resource handler config. - * The config is an option to specify classes of user/role managers, caches and notifiers. - * If a config field is specified then the corresponding class is instantiated + * BasicAuthClassCompositionConfig provides options to specify authenticator/authorizer classes. + * If a field in this class is non-null then the corresponding class is instantiated * regardless of what type of Druid component runs it (see {@link BasicSecurityDruidModule}). * Hence every Druid component might be a user/role manager and notify others by sending notifications. * Every field must be a valid class name (appropriate for the corresponding goal) or null. diff --git a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicSecurityDruidModule.java b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicSecurityDruidModule.java index bff52eed1274..6b2fcdfe780b 100644 --- a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicSecurityDruidModule.java +++ b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicSecurityDruidModule.java @@ -219,7 +219,7 @@ public List getJacksonModules() public static T getInstance( Injector injector, String configClassName, - Class isCoordClass, + Class classRunByCoordinator, Class defaultClass ) throws ClassNotFoundException { @@ -229,8 +229,8 @@ public static T getInstance( final T instance = (T) injector.getInstance(Class.forName(configClassName)); return instance; } - if (isCoordClass != null && isCoordinator(injector)) { - return injector.getInstance(isCoordClass); + if (classRunByCoordinator != null && isCoordinator(injector)) { + return injector.getInstance(classRunByCoordinator); } if (defaultClass != null) { return injector.getInstance(defaultClass); diff --git a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authentication/db/cache/NoopBasicAuthenticatorCacheNotifier.java b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authentication/db/cache/NoopBasicAuthenticatorCacheNotifier.java index 98e09fd36f32..647af43ccf7b 100644 --- a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authentication/db/cache/NoopBasicAuthenticatorCacheNotifier.java +++ b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authentication/db/cache/NoopBasicAuthenticatorCacheNotifier.java @@ -21,6 +21,7 @@ /** * Noop basic authenticator cache notifier. + * No notification is sent on user udpate. * Might be used as a config option to override default authenticator cache notifier. */ public class NoopBasicAuthenticatorCacheNotifier implements BasicAuthenticatorCacheNotifier diff --git a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authorization/db/cache/NoopBasicAuthorizerCacheNotifier.java b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authorization/db/cache/NoopBasicAuthorizerCacheNotifier.java index 233086e44dff..461dff2dc8f0 100644 --- a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authorization/db/cache/NoopBasicAuthorizerCacheNotifier.java +++ b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authorization/db/cache/NoopBasicAuthorizerCacheNotifier.java @@ -21,6 +21,7 @@ /** * Noop basic authorizer cache notifier. + * No notification is sent on user/role udpate. * Might be used as a config option to override default authorizer cache notifier. */ public class NoopBasicAuthorizerCacheNotifier implements BasicAuthorizerCacheNotifier From 2ad064ef3a856be21dec6fb39e109b4d68b0c051 Mon Sep 17 00:00:00 2001 From: Eugene Sevastianov Date: Wed, 29 May 2019 21:55:18 +0300 Subject: [PATCH 4/7] Reduced nulls --- .../basic/BasicSecurityDruidModule.java | 27 ++++++++++--------- 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicSecurityDruidModule.java b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicSecurityDruidModule.java index 6b2fcdfe780b..efe5c5873501 100644 --- a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicSecurityDruidModule.java +++ b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicSecurityDruidModule.java @@ -58,7 +58,6 @@ import io.druid.security.basic.authorization.endpoint.CoordinatorBasicAuthorizerResourceHandler; import io.druid.security.basic.authorization.endpoint.DefaultBasicAuthorizerResourceHandler; -import javax.annotation.Nullable; import java.util.List; public class BasicSecurityDruidModule implements DruidModule @@ -89,8 +88,7 @@ public static BasicAuthenticatorMetadataStorageUpdater createAuthenticatorStorag return getInstance( injector, config.getAuthenticatorMetadataStorageUpdater(), - CoordinatorBasicAuthenticatorMetadataStorageUpdater.class, - null + CoordinatorBasicAuthenticatorMetadataStorageUpdater.class ); } @@ -134,8 +132,7 @@ public static BasicAuthenticatorCacheNotifier createAuthenticatorCacheNotifier( return getInstance( injector, config.getAuthenticatorCacheNotifier(), - CoordinatorBasicAuthenticatorCacheNotifier.class, - null + CoordinatorBasicAuthenticatorCacheNotifier.class ); } @@ -149,8 +146,7 @@ public static BasicAuthorizerMetadataStorageUpdater createAuthorizerStorageUpdat return getInstance( injector, config.getAuthorizerMetadataStorageUpdater(), - CoordinatorBasicAuthorizerMetadataStorageUpdater.class, - null + CoordinatorBasicAuthorizerMetadataStorageUpdater.class ); } @@ -194,8 +190,7 @@ public static BasicAuthorizerCacheNotifier createAuthorizerCacheNotifier( return getInstance( injector, config.getAuthorizerCacheNotifier(), - CoordinatorBasicAuthorizerCacheNotifier.class, - null + CoordinatorBasicAuthorizerCacheNotifier.class ); } @@ -215,8 +210,7 @@ public List getJacksonModules() * Returns the instance provided either by a config property or coordinator-run class or default class. * The order of check corresponds to the order of method params. */ - @Nullable - public static T getInstance( + private static T getInstance( Injector injector, String configClassName, Class classRunByCoordinator, @@ -235,7 +229,16 @@ public static T getInstance( if (defaultClass != null) { return injector.getInstance(defaultClass); } - return null; + throw new AssertionError("The instance must not be null"); + } + + private static T getInstance( + Injector injector, + String configClassName, + Class classRunByCoordinator + ) throws ClassNotFoundException + { + return getInstance(injector, configClassName, classRunByCoordinator, null); } private static boolean isCoordinator(Injector injector) From 945d752ba997f80bf037b20294d87814996cb2d1 Mon Sep 17 00:00:00 2001 From: Eugene Sevastianov Date: Thu, 30 May 2019 13:34:29 +0300 Subject: [PATCH 5/7] Removed nulls from BasicSecurityDruidModule completely --- .../basic/BasicSecurityDruidModule.java | 32 +++--- ...icAuthenticatorMetadataStorageUpdater.java | 71 ++++++++++++++ ...BasicAuthorizerMetadataStorageUpdater.java | 97 +++++++++++++++++++ 3 files changed, 182 insertions(+), 18 deletions(-) create mode 100644 extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authentication/db/updater/NoopBasicAuthenticatorMetadataStorageUpdater.java create mode 100644 extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authorization/db/updater/NoopBasicAuthorizerMetadataStorageUpdater.java diff --git a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicSecurityDruidModule.java b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicSecurityDruidModule.java index efe5c5873501..a65e09487230 100644 --- a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicSecurityDruidModule.java +++ b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicSecurityDruidModule.java @@ -39,8 +39,10 @@ import io.druid.security.basic.authentication.db.cache.CoordinatorBasicAuthenticatorCacheNotifier; import io.druid.security.basic.authentication.db.cache.CoordinatorPollingBasicAuthenticatorCacheManager; import io.druid.security.basic.authentication.db.cache.MetadataStoragePollingBasicAuthenticatorCacheManager; +import io.druid.security.basic.authentication.db.cache.NoopBasicAuthenticatorCacheNotifier; import io.druid.security.basic.authentication.db.updater.BasicAuthenticatorMetadataStorageUpdater; import io.druid.security.basic.authentication.db.updater.CoordinatorBasicAuthenticatorMetadataStorageUpdater; +import io.druid.security.basic.authentication.db.updater.NoopBasicAuthenticatorMetadataStorageUpdater; import io.druid.security.basic.authentication.endpoint.BasicAuthenticatorResource; import io.druid.security.basic.authentication.endpoint.BasicAuthenticatorResourceHandler; import io.druid.security.basic.authentication.endpoint.CoordinatorBasicAuthenticatorResourceHandler; @@ -51,8 +53,10 @@ import io.druid.security.basic.authorization.db.cache.CoordinatorBasicAuthorizerCacheNotifier; import io.druid.security.basic.authorization.db.cache.CoordinatorPollingBasicAuthorizerCacheManager; import io.druid.security.basic.authorization.db.cache.MetadataStoragePollingBasicAuthorizerCacheManager; +import io.druid.security.basic.authorization.db.cache.NoopBasicAuthorizerCacheNotifier; import io.druid.security.basic.authorization.db.updater.BasicAuthorizerMetadataStorageUpdater; import io.druid.security.basic.authorization.db.updater.CoordinatorBasicAuthorizerMetadataStorageUpdater; +import io.druid.security.basic.authorization.db.updater.NoopBasicAuthorizerMetadataStorageUpdater; import io.druid.security.basic.authorization.endpoint.BasicAuthorizerResource; import io.druid.security.basic.authorization.endpoint.BasicAuthorizerResourceHandler; import io.druid.security.basic.authorization.endpoint.CoordinatorBasicAuthorizerResourceHandler; @@ -88,7 +92,8 @@ public static BasicAuthenticatorMetadataStorageUpdater createAuthenticatorStorag return getInstance( injector, config.getAuthenticatorMetadataStorageUpdater(), - CoordinatorBasicAuthenticatorMetadataStorageUpdater.class + CoordinatorBasicAuthenticatorMetadataStorageUpdater.class, + NoopBasicAuthenticatorMetadataStorageUpdater.class ); } @@ -132,7 +137,8 @@ public static BasicAuthenticatorCacheNotifier createAuthenticatorCacheNotifier( return getInstance( injector, config.getAuthenticatorCacheNotifier(), - CoordinatorBasicAuthenticatorCacheNotifier.class + CoordinatorBasicAuthenticatorCacheNotifier.class, + NoopBasicAuthenticatorCacheNotifier.class ); } @@ -146,7 +152,8 @@ public static BasicAuthorizerMetadataStorageUpdater createAuthorizerStorageUpdat return getInstance( injector, config.getAuthorizerMetadataStorageUpdater(), - CoordinatorBasicAuthorizerMetadataStorageUpdater.class + CoordinatorBasicAuthorizerMetadataStorageUpdater.class, + NoopBasicAuthorizerMetadataStorageUpdater.class ); } @@ -190,7 +197,8 @@ public static BasicAuthorizerCacheNotifier createAuthorizerCacheNotifier( return getInstance( injector, config.getAuthorizerCacheNotifier(), - CoordinatorBasicAuthorizerCacheNotifier.class + CoordinatorBasicAuthorizerCacheNotifier.class, + NoopBasicAuthorizerCacheNotifier.class ); } @@ -223,22 +231,10 @@ private static T getInstance( final T instance = (T) injector.getInstance(Class.forName(configClassName)); return instance; } - if (classRunByCoordinator != null && isCoordinator(injector)) { + if (isCoordinator(injector)) { return injector.getInstance(classRunByCoordinator); } - if (defaultClass != null) { - return injector.getInstance(defaultClass); - } - throw new AssertionError("The instance must not be null"); - } - - private static T getInstance( - Injector injector, - String configClassName, - Class classRunByCoordinator - ) throws ClassNotFoundException - { - return getInstance(injector, configClassName, classRunByCoordinator, null); + return injector.getInstance(defaultClass); } private static boolean isCoordinator(Injector injector) diff --git a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authentication/db/updater/NoopBasicAuthenticatorMetadataStorageUpdater.java b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authentication/db/updater/NoopBasicAuthenticatorMetadataStorageUpdater.java new file mode 100644 index 000000000000..df07b740de8f --- /dev/null +++ b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authentication/db/updater/NoopBasicAuthenticatorMetadataStorageUpdater.java @@ -0,0 +1,71 @@ +/* + * Licensed to Metamarkets Group Inc. (Metamarkets) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. Metamarkets licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package io.druid.security.basic.authentication.db.updater; + +import io.druid.security.basic.authentication.entity.BasicAuthenticatorCredentialUpdate; +import io.druid.security.basic.authentication.entity.BasicAuthenticatorUser; + +import javax.annotation.Nullable; +import java.util.Collections; +import java.util.Map; + +public class NoopBasicAuthenticatorMetadataStorageUpdater implements BasicAuthenticatorMetadataStorageUpdater +{ + @Override + public void createUser(String prefix, String userName) + { + } + + @Override + public void deleteUser(String prefix, String userName) + { + } + + @Override + public void setUserCredentials( + String prefix, String userName, BasicAuthenticatorCredentialUpdate update + ) + { + } + + @Nullable + @Override + public Map getCachedUserMap(String prefix) + { + return Collections.emptyMap(); + } + + @Override + public byte[] getCachedSerializedUserMap(String prefix) + { + return new byte[0]; + } + + @Override + public byte[] getCurrentUserMapBytes(String prefix) + { + return new byte[0]; + } + + @Override + public void refreshAllNotification() + { + } +} diff --git a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authorization/db/updater/NoopBasicAuthorizerMetadataStorageUpdater.java b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authorization/db/updater/NoopBasicAuthorizerMetadataStorageUpdater.java new file mode 100644 index 000000000000..a39932d9c032 --- /dev/null +++ b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authorization/db/updater/NoopBasicAuthorizerMetadataStorageUpdater.java @@ -0,0 +1,97 @@ +/* + * Licensed to Metamarkets Group Inc. (Metamarkets) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. Metamarkets licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package io.druid.security.basic.authorization.db.updater; + +import io.druid.security.basic.authorization.entity.BasicAuthorizerRole; +import io.druid.security.basic.authorization.entity.BasicAuthorizerUser; +import io.druid.server.security.ResourceAction; + +import java.util.Collections; +import java.util.List; +import java.util.Map; + +public class NoopBasicAuthorizerMetadataStorageUpdater implements BasicAuthorizerMetadataStorageUpdater +{ + @Override + public void createUser(String prefix, String userName) + { + } + + @Override + public void deleteUser(String prefix, String userName) + { + } + + @Override + public void createRole(String prefix, String roleName) + { + } + + @Override + public void deleteRole(String prefix, String roleName) + { + } + + @Override + public void assignRole(String prefix, String userName, String roleName) + { + } + + @Override + public void unassignRole(String prefix, String userName, String roleName) + { + } + + @Override + public void setPermissions( + String prefix, String roleName, List permissions + ) + { + } + + @Override + public Map getCachedUserMap(String prefix) + { + return Collections.emptyMap(); + } + + @Override + public Map getCachedRoleMap(String prefix) + { + return Collections.emptyMap(); + } + + @Override + public byte[] getCurrentUserMapBytes(String prefix) + { + return new byte[0]; + } + + @Override + public byte[] getCurrentRoleMapBytes(String prefix) + { + return new byte[0]; + } + + @Override + public void refreshAllNotification() + { + } +} From d047b2c9c4808c2b8af8342187da757addeba42f Mon Sep 17 00:00:00 2001 From: Eugene Sevastianov Date: Mon, 24 Jun 2019 11:59:36 +0300 Subject: [PATCH 6/7] Added metadata storage to broker for authentication/authorization --- services/src/main/java/io/druid/cli/CliBroker.java | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/services/src/main/java/io/druid/cli/CliBroker.java b/services/src/main/java/io/druid/cli/CliBroker.java index fd6de82de355..951202c40f42 100644 --- a/services/src/main/java/io/druid/cli/CliBroker.java +++ b/services/src/main/java/io/druid/cli/CliBroker.java @@ -46,6 +46,8 @@ import io.druid.guice.QueryableModule; import io.druid.guice.annotations.Self; import io.druid.java.util.common.logger.Logger; +import io.druid.metadata.MetadataStorage; +import io.druid.metadata.MetadataStorageProvider; import io.druid.query.QuerySegmentWalker; import io.druid.query.RetryQueryRunnerConfig; import io.druid.query.lookup.LookupModule; @@ -112,6 +114,9 @@ public void configure(Binder binder) JsonConfigProvider.bind(binder, "druid.broker.retryPolicy", RetryQueryRunnerConfig.class); JsonConfigProvider.bind(binder, "druid.broker.segment", BrokerSegmentWatcherConfig.class); + binder.bind(MetadataStorage.class).toProvider(MetadataStorageProvider.class); + LifecycleModule.register(binder, MetadataStorage.class); + binder.bind(QuerySegmentWalker.class).to(ClientQuerySegmentWalker.class).in(LazySingleton.class); binder.bind(JettyServerInitializer.class).to(QueryJettyServerInitializer.class).in(LazySingleton.class); From 5619b2f2e7246cf72e1d719598aa547e7749db2a Mon Sep 17 00:00:00 2001 From: Eugene Sevastianov Date: Fri, 28 Jun 2019 17:29:33 +0300 Subject: [PATCH 7/7] Updated new class comments --- .../security/basic/BasicAuthClassCompositionConfig.java | 4 ++-- .../NoopBasicAuthenticatorMetadataStorageUpdater.java | 8 +++++--- .../NoopBasicAuthorizerMetadataStorageUpdater.java | 8 +++++--- 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicAuthClassCompositionConfig.java b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicAuthClassCompositionConfig.java index ad15ecc0bced..533dabc7dda7 100644 --- a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicAuthClassCompositionConfig.java +++ b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/BasicAuthClassCompositionConfig.java @@ -24,8 +24,8 @@ /** * Basic authentication storage/cache/resource handler config. - * BasicAuthClassCompositionConfig provides options to specify authenticator/authorizer classes. - * If a field in this class is non-null then the corresponding class is instantiated + * BasicAuthClassCompositionConfig provides options to specify authenticator/authorizer classes of user/role managers, + * caches and notifiers. If a field in this class is non-null then the corresponding class is instantiated * regardless of what type of Druid component runs it (see {@link BasicSecurityDruidModule}). * Hence every Druid component might be a user/role manager and notify others by sending notifications. * Every field must be a valid class name (appropriate for the corresponding goal) or null. diff --git a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authentication/db/updater/NoopBasicAuthenticatorMetadataStorageUpdater.java b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authentication/db/updater/NoopBasicAuthenticatorMetadataStorageUpdater.java index df07b740de8f..da96cff7b200 100644 --- a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authentication/db/updater/NoopBasicAuthenticatorMetadataStorageUpdater.java +++ b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authentication/db/updater/NoopBasicAuthenticatorMetadataStorageUpdater.java @@ -26,6 +26,10 @@ import java.util.Collections; import java.util.Map; +/** + * Empty implementation of {@link BasicAuthenticatorMetadataStorageUpdater}. + * Void methods do nothing, other return empty maps or empty arrays depending on the return type. + */ public class NoopBasicAuthenticatorMetadataStorageUpdater implements BasicAuthenticatorMetadataStorageUpdater { @Override @@ -39,9 +43,7 @@ public void deleteUser(String prefix, String userName) } @Override - public void setUserCredentials( - String prefix, String userName, BasicAuthenticatorCredentialUpdate update - ) + public void setUserCredentials(String prefix, String userName, BasicAuthenticatorCredentialUpdate update) { } diff --git a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authorization/db/updater/NoopBasicAuthorizerMetadataStorageUpdater.java b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authorization/db/updater/NoopBasicAuthorizerMetadataStorageUpdater.java index a39932d9c032..cbc41c791ef6 100644 --- a/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authorization/db/updater/NoopBasicAuthorizerMetadataStorageUpdater.java +++ b/extensions-core/druid-basic-security/src/main/java/io/druid/security/basic/authorization/db/updater/NoopBasicAuthorizerMetadataStorageUpdater.java @@ -27,6 +27,10 @@ import java.util.List; import java.util.Map; +/** + * Empty implementation of {@link BasicAuthorizerMetadataStorageUpdater}. + * Void methods do nothing, other return empty maps or empty arrays depending on the return type. + */ public class NoopBasicAuthorizerMetadataStorageUpdater implements BasicAuthorizerMetadataStorageUpdater { @Override @@ -60,9 +64,7 @@ public void unassignRole(String prefix, String userName, String roleName) } @Override - public void setPermissions( - String prefix, String roleName, List permissions - ) + public void setPermissions(String prefix, String roleName, List permissions) { }