• Home
• org.apache.bookkeeper
• bookkeeper-server
• 4.16.6
• source code
• BookieAuthZFactory.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.apache.bookkeeper.tls.BookieAuthZFactory Maven / Gradle / Ivy

/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.bookkeeper.tls;

import com.google.common.base.Strings;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import lombok.extern.slf4j.Slf4j;
import org.apache.bookkeeper.auth.AuthCallbacks;
import org.apache.bookkeeper.auth.AuthToken;
import org.apache.bookkeeper.auth.BookKeeperPrincipal;
import org.apache.bookkeeper.auth.BookieAuthProvider;
import org.apache.bookkeeper.client.BKException;
import org.apache.bookkeeper.conf.ServerConfiguration;
import org.apache.bookkeeper.proto.BookieConnectionPeer;
import org.apache.bookkeeper.util.CertUtils;


/**
 * Authorization factory class.
 */
@Slf4j
public class BookieAuthZFactory implements BookieAuthProvider.Factory {

    public String[] allowedRoles;

    @Override
    public String getPluginName() {
        return "BookieAuthZFactory";
    }

    @Override
    public void init(ServerConfiguration conf) throws IOException {
        // Read from config
        allowedRoles = conf.getAuthorizedRoles();

        if (allowedRoles == null || allowedRoles.length == 0) {
            throw new RuntimeException("Configuration option \'bookieAuthProviderFactoryClass\' is set to"
                    + " \'BookieAuthZFactory\' but no roles set for configuration field \'authorizedRoles\'.");
        }

        // If authorization is enabled and there are no roles, exit
        for (String allowedRole : allowedRoles) {
            if (Strings.isNullOrEmpty(allowedRole)) {
                throw new RuntimeException("Configuration option \'bookieAuthProviderFactoryClass\' is set to"
                        + " \'BookieAuthZFactory\' but no roles set for configuration field \'authorizedRoles\'.");
            }
        }
    }

    @Override
    public BookieAuthProvider newProvider(BookieConnectionPeer addr,
                                          final AuthCallbacks.GenericCallback completeCb) {
        return new BookieAuthProvider() {

            AuthCallbacks.GenericCallback completeCallback = completeCb;

            @Override
            public void onProtocolUpgrade() {

                try {
                    boolean secureBookieSideChannel = addr.isSecure();
                    Collection