| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| |
| package org.apache.druid.cli; |
| |
| import com.fasterxml.jackson.databind.ObjectMapper; |
| import com.google.inject.Inject; |
| import com.google.inject.Injector; |
| import com.google.inject.Key; |
| import com.google.inject.servlet.GuiceFilter; |
| import org.apache.druid.guice.annotations.Json; |
| import org.apache.druid.java.util.common.logger.Logger; |
| import org.apache.druid.server.initialization.ServerConfig; |
| import org.apache.druid.server.initialization.jetty.JettyServerInitUtils; |
| import org.apache.druid.server.initialization.jetty.JettyServerInitializer; |
| import org.apache.druid.server.security.AuthConfig; |
| import org.apache.druid.server.security.AuthenticationUtils; |
| import org.apache.druid.server.security.Authenticator; |
| import org.apache.druid.server.security.AuthenticatorMapper; |
| import org.eclipse.jetty.server.Handler; |
| import org.eclipse.jetty.server.Server; |
| import org.eclipse.jetty.server.handler.DefaultHandler; |
| import org.eclipse.jetty.server.handler.HandlerList; |
| import org.eclipse.jetty.servlet.DefaultServlet; |
| import org.eclipse.jetty.servlet.ServletContextHandler; |
| import org.eclipse.jetty.servlet.ServletHolder; |
| |
| import java.util.Collections; |
| import java.util.List; |
| |
| /** |
| */ |
| class MiddleManagerJettyServerInitializer implements JettyServerInitializer |
| { |
| private static Logger log = new Logger(MiddleManagerJettyServerInitializer.class); |
| |
| private final ServerConfig serverConfig; |
| private final AuthConfig authConfig; |
| |
| @Inject |
| public MiddleManagerJettyServerInitializer(ServerConfig serverConfig, AuthConfig authConfig) |
| { |
| this.serverConfig = serverConfig; |
| this.authConfig = authConfig; |
| } |
| |
| private static List<String> UNSECURED_PATHS = Collections.singletonList("/status/health"); |
| |
| @Override |
| public void initialize(Server server, Injector injector) |
| { |
| final ServletContextHandler root = new ServletContextHandler(ServletContextHandler.SESSIONS); |
| root.addServlet(new ServletHolder(new DefaultServlet()), "/*"); |
| |
| final AuthConfig authConfig = injector.getInstance(AuthConfig.class); |
| final ObjectMapper jsonMapper = injector.getInstance(Key.get(ObjectMapper.class, Json.class)); |
| final AuthenticatorMapper authenticatorMapper = injector.getInstance(AuthenticatorMapper.class); |
| |
| AuthenticationUtils.addSecuritySanityCheckFilter(root, jsonMapper); |
| |
| // perform no-op authorization/authentication for these resources |
| AuthenticationUtils.addNoopAuthenticationAndAuthorizationFilters(root, UNSECURED_PATHS); |
| AuthenticationUtils.addNoopAuthenticationAndAuthorizationFilters(root, authConfig.getUnsecuredPaths()); |
| |
| final List<Authenticator> authenticators = authenticatorMapper.getAuthenticatorChain(); |
| AuthenticationUtils.addAuthenticationFilterChain(root, authenticators); |
| |
| AuthenticationUtils.addAllowOptionsFilter(root, authConfig.isAllowUnauthenticatedHttpOptions()); |
| JettyServerInitUtils.addAllowHttpMethodsFilter(root, serverConfig.getAllowedHttpMethods()); |
| |
| JettyServerInitUtils.addExtensionFilters(root, injector); |
| |
| // Check that requests were authorized before sending responses |
| AuthenticationUtils.addPreResponseAuthorizationCheckFilter( |
| root, |
| authenticators, |
| jsonMapper |
| ); |
| |
| root.addFilter(GuiceFilter.class, "/*", null); |
| |
| final HandlerList handlerList = new HandlerList(); |
| handlerList.setHandlers( |
| new Handler[]{ |
| JettyServerInitUtils.getJettyRequestLogHandler(), |
| JettyServerInitUtils.wrapWithDefaultGzipHandler( |
| root, |
| serverConfig.getInflateBufferSize(), |
| serverConfig.getCompressionLevel() |
| ), |
| new DefaultHandler() |
| } |
| ); |
| server.setHandler(handlerList); |
| } |
| } |