All Downloads are FREE. Search and download functionalities are using the official Maven repository.

io.trino.server.security.HeaderAuthenticatorManager Maven / Gradle / Ivy

There is a newer version: 465
Show newest version
/*
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package io.trino.server.security;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.inject.Inject;
import io.airlift.configuration.secrets.SecretsResolver;
import io.airlift.log.Logger;
import io.trino.spi.classloader.ThreadContextClassLoader;
import io.trino.spi.security.HeaderAuthenticator;
import io.trino.spi.security.HeaderAuthenticatorFactory;

import java.io.File;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference;

import static com.google.common.base.Preconditions.checkArgument;
import static com.google.common.base.Preconditions.checkState;
import static com.google.common.base.Strings.isNullOrEmpty;
import static io.airlift.configuration.ConfigurationLoader.loadPropertiesFrom;
import static java.util.Objects.requireNonNull;

public class HeaderAuthenticatorManager
{
    private static final Logger log = Logger.get(HeaderAuthenticatorManager.class);
    private static final String NAME_PROPERTY = "header-authenticator.name";

    private final List configFiles;
    private final AtomicBoolean required = new AtomicBoolean();
    private final Map factories = new ConcurrentHashMap<>();
    private final AtomicReference> authenticators = new AtomicReference<>();
    private final SecretsResolver secretsResolver;

    @Inject
    public HeaderAuthenticatorManager(HeaderAuthenticatorConfig config, SecretsResolver secretsResolver)
    {
        this.configFiles = ImmutableList.copyOf(config.getHeaderAuthenticatorFiles());
        checkArgument(!configFiles.isEmpty(), "header authenticator files list is empty");
        this.secretsResolver = requireNonNull(secretsResolver, "secretsResolver is null");
    }

    public List getAuthenticators()
    {
        checkState(isLoaded(), "authenticators were not loaded");
        return this.authenticators.get();
    }

    public void addHeaderAuthenticatorFactory(HeaderAuthenticatorFactory factory)
    {
        checkArgument(this.factories.putIfAbsent(factory.getName(), factory) == null,
                "Header authenticator '%s' is already registered", factory.getName());
    }

    public void loadHeaderAuthenticator()
    {
        if (!required.get()) {
            return;
        }

        ImmutableList.Builder authenticators = ImmutableList.builder();
        for (File configFile : configFiles) {
            authenticators.add(loadAuthenticator(configFile.getAbsoluteFile()));
        }

        this.authenticators.set(authenticators.build());
    }

    private HeaderAuthenticator loadAuthenticator(File configFile)
    {
        Map properties;
        try {
            properties = new HashMap<>(secretsResolver.getResolvedConfiguration(loadPropertiesFrom(configFile.getPath())));
        }
        catch (IOException e) {
            throw new UncheckedIOException(e);
        }

        String name = properties.remove(NAME_PROPERTY);
        checkState(!isNullOrEmpty(name), "Header authenticator configuration %s does not contain '%s'", configFile, NAME_PROPERTY);

        log.info("-- Loading header authenticator --");

        HeaderAuthenticatorFactory factory = factories.get(name);
        checkState(factory != null, "Header authenticator '%s' is not registered", name);

        HeaderAuthenticator authenticator;
        try (ThreadContextClassLoader _ = new ThreadContextClassLoader(factory.getClass().getClassLoader())) {
            authenticator = factory.create(ImmutableMap.copyOf(properties));
        }

        log.info("-- Loaded header authenticator %s --", name);
        return authenticator;
    }

    public void setRequired()
    {
        required.set(true);
    }

    public boolean isLoaded()
    {
        return authenticators.get() != null;
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy