extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/BasicSecurityDruidModule.java - druid - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */

 package org.apache.druid.security.basic;

 import com.fasterxml.jackson.databind.Module;
 import com.fasterxml.jackson.databind.module.SimpleModule;
 import com.google.common.collect.ImmutableList;
 import com.google.inject.Binder;
 import com.google.inject.Injector;
 import com.google.inject.Key;
 import com.google.inject.Provides;
 import com.google.inject.name.Names;
 import org.apache.druid.guice.Jerseys;
 import org.apache.druid.guice.JsonConfigProvider;
 import org.apache.druid.guice.LazySingleton;
 import org.apache.druid.guice.LifecycleModule;
 import org.apache.druid.initialization.DruidModule;
 import org.apache.druid.java.util.http.client.NettyHttpClient;
 import org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator;
 import org.apache.druid.security.basic.authentication.BasicHTTPEscalator;
 import org.apache.druid.security.basic.authentication.db.cache.BasicAuthenticatorCacheManager;
 import org.apache.druid.security.basic.authentication.db.cache.BasicAuthenticatorCacheNotifier;
 import org.apache.druid.security.basic.authentication.db.cache.CoordinatorBasicAuthenticatorCacheNotifier;
 import org.apache.druid.security.basic.authentication.db.cache.CoordinatorPollingBasicAuthenticatorCacheManager;
 import org.apache.druid.security.basic.authentication.db.cache.MetadataStoragePollingBasicAuthenticatorCacheManager;
 import org.apache.druid.security.basic.authentication.db.cache.NoopBasicAuthenticatorCacheNotifier;
 import org.apache.druid.security.basic.authentication.db.updater.BasicAuthenticatorMetadataStorageUpdater;
 import org.apache.druid.security.basic.authentication.db.updater.CoordinatorBasicAuthenticatorMetadataStorageUpdater;
 import org.apache.druid.security.basic.authentication.db.updater.NoopBasicAuthenticatorMetadataStorageUpdater;
 import org.apache.druid.security.basic.authentication.endpoint.BasicAuthenticatorResource;
 import org.apache.druid.security.basic.authentication.endpoint.BasicAuthenticatorResourceHandler;
 import org.apache.druid.security.basic.authentication.endpoint.CoordinatorBasicAuthenticatorResourceHandler;
 import org.apache.druid.security.basic.authentication.endpoint.DefaultBasicAuthenticatorResourceHandler;
 import org.apache.druid.security.basic.authorization.BasicRoleBasedAuthorizer;
 import org.apache.druid.security.basic.authorization.db.cache.BasicAuthorizerCacheManager;
 import org.apache.druid.security.basic.authorization.db.cache.BasicAuthorizerCacheNotifier;
 import org.apache.druid.security.basic.authorization.db.cache.CoordinatorBasicAuthorizerCacheNotifier;
 import org.apache.druid.security.basic.authorization.db.cache.CoordinatorPollingBasicAuthorizerCacheManager;
 import org.apache.druid.security.basic.authorization.db.cache.MetadataStoragePollingBasicAuthorizerCacheManager;
 import org.apache.druid.security.basic.authorization.db.cache.NoopBasicAuthorizerCacheNotifier;
 import org.apache.druid.security.basic.authorization.db.updater.BasicAuthorizerMetadataStorageUpdater;
 import org.apache.druid.security.basic.authorization.db.updater.CoordinatorBasicAuthorizerMetadataStorageUpdater;
 import org.apache.druid.security.basic.authorization.db.updater.NoopBasicAuthorizerMetadataStorageUpdater;
 import org.apache.druid.security.basic.authorization.endpoint.BasicAuthorizerResource;
 import org.apache.druid.security.basic.authorization.endpoint.BasicAuthorizerResourceHandler;
 import org.apache.druid.security.basic.authorization.endpoint.CoordinatorBasicAuthorizerResourceHandler;
 import org.apache.druid.security.basic.authorization.endpoint.DefaultBasicAuthorizerResourceHandler;

 import java.util.List;

 public class BasicSecurityDruidModule implements DruidModule
 {

   @Override
   public void configure(Binder binder)
   {
     JsonConfigProvider.bind(binder, "druid.auth.basic.common", BasicAuthCommonCacheConfig.class);
     JsonConfigProvider.bind(binder, "druid.auth.basic.composition", BasicAuthClassCompositionConfig.class);
     JsonConfigProvider.bind(binder, "druid.auth.basic.ssl", BasicAuthSSLConfig.class);

     LifecycleModule.register(binder, BasicAuthenticatorMetadataStorageUpdater.class);
     LifecycleModule.register(binder, BasicAuthorizerMetadataStorageUpdater.class);
     LifecycleModule.register(binder, BasicAuthenticatorCacheManager.class);
     LifecycleModule.register(binder, BasicAuthorizerCacheManager.class);
     LifecycleModule.register(binder, BasicAuthenticatorCacheNotifier.class);
     LifecycleModule.register(binder, BasicAuthorizerCacheNotifier.class);

     Jerseys.addResource(binder, BasicAuthenticatorResource.class);
     Jerseys.addResource(binder, BasicAuthorizerResource.class);

     binder.requestStaticInjection(BasicSecuritySSLSocketFactory.class);
   }

   @Provides
   @LazySingleton
   public static BasicAuthenticatorMetadataStorageUpdater createAuthenticatorStorageUpdater(
       final Injector injector,
       BasicAuthClassCompositionConfig config
   ) throws ClassNotFoundException
   {
     return getInstance(
         injector,
         config.getAuthenticatorMetadataStorageUpdater(),
         CoordinatorBasicAuthenticatorMetadataStorageUpdater.class,
         NoopBasicAuthenticatorMetadataStorageUpdater.class
     );
   }

   @Provides
   @LazySingleton
   public static BasicAuthenticatorCacheManager createAuthenticatorCacheManager(
       final Injector injector,
       BasicAuthClassCompositionConfig config
   ) throws ClassNotFoundException
   {
     return getInstance(
         injector,
         config.getAuthenticatorCacheManager(),
         MetadataStoragePollingBasicAuthenticatorCacheManager.class,
         CoordinatorPollingBasicAuthenticatorCacheManager.class
     );
   }

   @Provides
   @LazySingleton
   public static BasicAuthenticatorResourceHandler createAuthenticatorResourceHandler(
       final Injector injector,
       BasicAuthClassCompositionConfig config
   ) throws ClassNotFoundException
   {
     return getInstance(
         injector,
         config.getAuthenticatorResourceHandler(),
         CoordinatorBasicAuthenticatorResourceHandler.class,
         DefaultBasicAuthenticatorResourceHandler.class
     );
   }

   @Provides
   @LazySingleton
   public static BasicAuthenticatorCacheNotifier createAuthenticatorCacheNotifier(
       final Injector injector,
       BasicAuthClassCompositionConfig config
   ) throws ClassNotFoundException
   {
     return getInstance(
         injector,
         config.getAuthenticatorCacheNotifier(),
         CoordinatorBasicAuthenticatorCacheNotifier.class,
         NoopBasicAuthenticatorCacheNotifier.class
     );
   }

   @Provides
   @LazySingleton
   public static BasicAuthorizerMetadataStorageUpdater createAuthorizerStorageUpdater(
       final Injector injector,
       BasicAuthClassCompositionConfig config
   ) throws ClassNotFoundException
   {
     return getInstance(
         injector,
         config.getAuthorizerMetadataStorageUpdater(),
         CoordinatorBasicAuthorizerMetadataStorageUpdater.class,
         NoopBasicAuthorizerMetadataStorageUpdater.class
     );
   }

   @Provides
   @LazySingleton
   public static BasicAuthorizerCacheManager createAuthorizerCacheManager(
       final Injector injector,
       BasicAuthClassCompositionConfig config
   ) throws ClassNotFoundException
   {
     return getInstance(
         injector,
         config.getAuthorizerCacheManager(),
         MetadataStoragePollingBasicAuthorizerCacheManager.class,
         CoordinatorPollingBasicAuthorizerCacheManager.class
     );
   }

   @Provides
   @LazySingleton
   public static BasicAuthorizerResourceHandler createAuthorizerResourceHandler(
       final Injector injector,
       BasicAuthClassCompositionConfig config
   ) throws ClassNotFoundException
   {
     return getInstance(
         injector,
         config.getAuthorizerResourceHandler(),
         CoordinatorBasicAuthorizerResourceHandler.class,
         DefaultBasicAuthorizerResourceHandler.class
     );
   }

   @Provides
   @LazySingleton
   public static BasicAuthorizerCacheNotifier createAuthorizerCacheNotifier(
       final Injector injector,
       BasicAuthClassCompositionConfig config
   ) throws ClassNotFoundException
   {
     return getInstance(
         injector,
         config.getAuthorizerCacheNotifier(),
         CoordinatorBasicAuthorizerCacheNotifier.class,
         NoopBasicAuthorizerCacheNotifier.class
     );
   }

   @Override
   public List<? extends Module> getJacksonModules()
   {
     return ImmutableList.of(
         new SimpleModule("BasicDruidSecurity").registerSubtypes(
             BasicHTTPAuthenticator.class,
             BasicHTTPEscalator.class,
             BasicRoleBasedAuthorizer.class,
             NettyHttpClient.class
         )
     );
   }

   /**
    * Returns the instance provided either by a config property or coordinator-run class or default class.
    * The order of check corresponds to the order of method params.
    */
   private static <T> T getInstance(
       Injector injector,
       String configClassName,
       Class<? extends T> classRunByCoordinator,
       Class<? extends T> defaultClass
   ) throws ClassNotFoundException
   {
     if (configClassName != null) {
       // ClassCastException is thrown in case of a mismatch, configuration fix is required.
       @SuppressWarnings("unchecked")
       final T instance = (T) injector.getInstance(Class.forName(configClassName));
       return instance;
     }
     if (isCoordinator(injector)) {
       return injector.getInstance(classRunByCoordinator);
     }
     return injector.getInstance(defaultClass);
   }

   private static boolean isCoordinator(Injector injector)
   {
     final String serviceName;
     try {
       serviceName = injector.getInstance(Key.get(String.class, Names.named("serviceName")));
     }
     catch (Exception e) {
       return false;
     }

     return "druid/coordinator".equals(serviceName);
   }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/

	package org.apache.druid.security.basic;

	import com.fasterxml.jackson.databind.Module;
	import com.fasterxml.jackson.databind.module.SimpleModule;
	import com.google.common.collect.ImmutableList;
	import com.google.inject.Binder;
	import com.google.inject.Injector;
	import com.google.inject.Key;
	import com.google.inject.Provides;
	import com.google.inject.name.Names;
	import org.apache.druid.guice.Jerseys;
	import org.apache.druid.guice.JsonConfigProvider;
	import org.apache.druid.guice.LazySingleton;
	import org.apache.druid.guice.LifecycleModule;
	import org.apache.druid.initialization.DruidModule;
	import org.apache.druid.java.util.http.client.NettyHttpClient;
	import org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator;
	import org.apache.druid.security.basic.authentication.BasicHTTPEscalator;
	import org.apache.druid.security.basic.authentication.db.cache.BasicAuthenticatorCacheManager;
	import org.apache.druid.security.basic.authentication.db.cache.BasicAuthenticatorCacheNotifier;
	import org.apache.druid.security.basic.authentication.db.cache.CoordinatorBasicAuthenticatorCacheNotifier;
	import org.apache.druid.security.basic.authentication.db.cache.CoordinatorPollingBasicAuthenticatorCacheManager;
	import org.apache.druid.security.basic.authentication.db.cache.MetadataStoragePollingBasicAuthenticatorCacheManager;
	import org.apache.druid.security.basic.authentication.db.cache.NoopBasicAuthenticatorCacheNotifier;
	import org.apache.druid.security.basic.authentication.db.updater.BasicAuthenticatorMetadataStorageUpdater;
	import org.apache.druid.security.basic.authentication.db.updater.CoordinatorBasicAuthenticatorMetadataStorageUpdater;
	import org.apache.druid.security.basic.authentication.db.updater.NoopBasicAuthenticatorMetadataStorageUpdater;
	import org.apache.druid.security.basic.authentication.endpoint.BasicAuthenticatorResource;
	import org.apache.druid.security.basic.authentication.endpoint.BasicAuthenticatorResourceHandler;
	import org.apache.druid.security.basic.authentication.endpoint.CoordinatorBasicAuthenticatorResourceHandler;
	import org.apache.druid.security.basic.authentication.endpoint.DefaultBasicAuthenticatorResourceHandler;
	import org.apache.druid.security.basic.authorization.BasicRoleBasedAuthorizer;
	import org.apache.druid.security.basic.authorization.db.cache.BasicAuthorizerCacheManager;
	import org.apache.druid.security.basic.authorization.db.cache.BasicAuthorizerCacheNotifier;
	import org.apache.druid.security.basic.authorization.db.cache.CoordinatorBasicAuthorizerCacheNotifier;
	import org.apache.druid.security.basic.authorization.db.cache.CoordinatorPollingBasicAuthorizerCacheManager;
	import org.apache.druid.security.basic.authorization.db.cache.MetadataStoragePollingBasicAuthorizerCacheManager;
	import org.apache.druid.security.basic.authorization.db.cache.NoopBasicAuthorizerCacheNotifier;
	import org.apache.druid.security.basic.authorization.db.updater.BasicAuthorizerMetadataStorageUpdater;
	import org.apache.druid.security.basic.authorization.db.updater.CoordinatorBasicAuthorizerMetadataStorageUpdater;
	import org.apache.druid.security.basic.authorization.db.updater.NoopBasicAuthorizerMetadataStorageUpdater;
	import org.apache.druid.security.basic.authorization.endpoint.BasicAuthorizerResource;
	import org.apache.druid.security.basic.authorization.endpoint.BasicAuthorizerResourceHandler;
	import org.apache.druid.security.basic.authorization.endpoint.CoordinatorBasicAuthorizerResourceHandler;
	import org.apache.druid.security.basic.authorization.endpoint.DefaultBasicAuthorizerResourceHandler;

	import java.util.List;

	public class BasicSecurityDruidModule implements DruidModule
	{

	@Override
	public void configure(Binder binder)
	{
	JsonConfigProvider.bind(binder, "druid.auth.basic.common", BasicAuthCommonCacheConfig.class);
	JsonConfigProvider.bind(binder, "druid.auth.basic.composition", BasicAuthClassCompositionConfig.class);
	JsonConfigProvider.bind(binder, "druid.auth.basic.ssl", BasicAuthSSLConfig.class);

	LifecycleModule.register(binder, BasicAuthenticatorMetadataStorageUpdater.class);
	LifecycleModule.register(binder, BasicAuthorizerMetadataStorageUpdater.class);
	LifecycleModule.register(binder, BasicAuthenticatorCacheManager.class);
	LifecycleModule.register(binder, BasicAuthorizerCacheManager.class);
	LifecycleModule.register(binder, BasicAuthenticatorCacheNotifier.class);
	LifecycleModule.register(binder, BasicAuthorizerCacheNotifier.class);

	Jerseys.addResource(binder, BasicAuthenticatorResource.class);
	Jerseys.addResource(binder, BasicAuthorizerResource.class);

	binder.requestStaticInjection(BasicSecuritySSLSocketFactory.class);
	}

	@Provides
	@LazySingleton
	public static BasicAuthenticatorMetadataStorageUpdater createAuthenticatorStorageUpdater(
	final Injector injector,
	BasicAuthClassCompositionConfig config
	) throws ClassNotFoundException
	{
	return getInstance(
	injector,
	config.getAuthenticatorMetadataStorageUpdater(),
	CoordinatorBasicAuthenticatorMetadataStorageUpdater.class,
	NoopBasicAuthenticatorMetadataStorageUpdater.class
	);
	}

	@Provides
	@LazySingleton
	public static BasicAuthenticatorCacheManager createAuthenticatorCacheManager(
	final Injector injector,
	BasicAuthClassCompositionConfig config
	) throws ClassNotFoundException
	{
	return getInstance(
	injector,
	config.getAuthenticatorCacheManager(),
	MetadataStoragePollingBasicAuthenticatorCacheManager.class,
	CoordinatorPollingBasicAuthenticatorCacheManager.class
	);
	}

	@Provides
	@LazySingleton
	public static BasicAuthenticatorResourceHandler createAuthenticatorResourceHandler(
	final Injector injector,
	BasicAuthClassCompositionConfig config
	) throws ClassNotFoundException
	{
	return getInstance(
	injector,
	config.getAuthenticatorResourceHandler(),
	CoordinatorBasicAuthenticatorResourceHandler.class,
	DefaultBasicAuthenticatorResourceHandler.class
	);
	}

	@Provides
	@LazySingleton
	public static BasicAuthenticatorCacheNotifier createAuthenticatorCacheNotifier(
	final Injector injector,
	BasicAuthClassCompositionConfig config
	) throws ClassNotFoundException
	{
	return getInstance(
	injector,
	config.getAuthenticatorCacheNotifier(),
	CoordinatorBasicAuthenticatorCacheNotifier.class,
	NoopBasicAuthenticatorCacheNotifier.class
	);
	}

	@Provides
	@LazySingleton
	public static BasicAuthorizerMetadataStorageUpdater createAuthorizerStorageUpdater(
	final Injector injector,
	BasicAuthClassCompositionConfig config
	) throws ClassNotFoundException
	{
	return getInstance(
	injector,
	config.getAuthorizerMetadataStorageUpdater(),
	CoordinatorBasicAuthorizerMetadataStorageUpdater.class,
	NoopBasicAuthorizerMetadataStorageUpdater.class
	);
	}

	@Provides
	@LazySingleton
	public static BasicAuthorizerCacheManager createAuthorizerCacheManager(
	final Injector injector,
	BasicAuthClassCompositionConfig config
	) throws ClassNotFoundException
	{
	return getInstance(
	injector,
	config.getAuthorizerCacheManager(),
	MetadataStoragePollingBasicAuthorizerCacheManager.class,
	CoordinatorPollingBasicAuthorizerCacheManager.class
	);
	}

	@Provides
	@LazySingleton
	public static BasicAuthorizerResourceHandler createAuthorizerResourceHandler(
	final Injector injector,
	BasicAuthClassCompositionConfig config
	) throws ClassNotFoundException
	{
	return getInstance(
	injector,
	config.getAuthorizerResourceHandler(),
	CoordinatorBasicAuthorizerResourceHandler.class,
	DefaultBasicAuthorizerResourceHandler.class
	);
	}

	@Provides
	@LazySingleton
	public static BasicAuthorizerCacheNotifier createAuthorizerCacheNotifier(
	final Injector injector,
	BasicAuthClassCompositionConfig config
	) throws ClassNotFoundException
	{
	return getInstance(
	injector,
	config.getAuthorizerCacheNotifier(),
	CoordinatorBasicAuthorizerCacheNotifier.class,
	NoopBasicAuthorizerCacheNotifier.class
	);
	}

	@Override
	public List<? extends Module> getJacksonModules()
	{
	return ImmutableList.of(
	new SimpleModule("BasicDruidSecurity").registerSubtypes(
	BasicHTTPAuthenticator.class,
	BasicHTTPEscalator.class,
	BasicRoleBasedAuthorizer.class,
	NettyHttpClient.class
	)
	);
	}

	/**
	* Returns the instance provided either by a config property or coordinator-run class or default class.
	* The order of check corresponds to the order of method params.
	*/
	private static <T> T getInstance(
	Injector injector,
	String configClassName,
	Class<? extends T> classRunByCoordinator,
	Class<? extends T> defaultClass
	) throws ClassNotFoundException
	{
	if (configClassName != null) {
	// ClassCastException is thrown in case of a mismatch, configuration fix is required.
	@SuppressWarnings("unchecked")
	final T instance = (T) injector.getInstance(Class.forName(configClassName));
	return instance;
	}
	if (isCoordinator(injector)) {
	return injector.getInstance(classRunByCoordinator);
	}
	return injector.getInstance(defaultClass);
	}

	private static boolean isCoordinator(Injector injector)
	{
	final String serviceName;
	try {
	serviceName = injector.getInstance(Key.get(String.class, Names.named("serviceName")));
	}
	catch (Exception e) {
	return false;
	}

	return "druid/coordinator".equals(serviceName);
	}
	}