All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.druid.security.basic.BasicSecurityDruidModule Maven / Gradle / Ivy

/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

package org.apache.druid.security.basic;

import com.fasterxml.jackson.databind.Module;
import com.fasterxml.jackson.databind.module.SimpleModule;
import com.google.common.collect.ImmutableList;
import com.google.inject.Binder;
import com.google.inject.Injector;
import com.google.inject.Key;
import com.google.inject.Provides;
import com.google.inject.name.Names;
import org.apache.druid.guice.Jerseys;
import org.apache.druid.guice.JsonConfigProvider;
import org.apache.druid.guice.LazySingleton;
import org.apache.druid.guice.LifecycleModule;
import org.apache.druid.initialization.DruidModule;
import org.apache.druid.java.util.http.client.NettyHttpClient;
import org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator;
import org.apache.druid.security.basic.authentication.BasicHTTPEscalator;
import org.apache.druid.security.basic.authentication.db.cache.BasicAuthenticatorCacheManager;
import org.apache.druid.security.basic.authentication.db.cache.BasicAuthenticatorCacheNotifier;
import org.apache.druid.security.basic.authentication.db.cache.CoordinatorBasicAuthenticatorCacheNotifier;
import org.apache.druid.security.basic.authentication.db.cache.CoordinatorPollingBasicAuthenticatorCacheManager;
import org.apache.druid.security.basic.authentication.db.cache.MetadataStoragePollingBasicAuthenticatorCacheManager;
import org.apache.druid.security.basic.authentication.db.cache.NoopBasicAuthenticatorCacheNotifier;
import org.apache.druid.security.basic.authentication.db.updater.BasicAuthenticatorMetadataStorageUpdater;
import org.apache.druid.security.basic.authentication.db.updater.CoordinatorBasicAuthenticatorMetadataStorageUpdater;
import org.apache.druid.security.basic.authentication.db.updater.NoopBasicAuthenticatorMetadataStorageUpdater;
import org.apache.druid.security.basic.authentication.endpoint.BasicAuthenticatorResource;
import org.apache.druid.security.basic.authentication.endpoint.BasicAuthenticatorResourceHandler;
import org.apache.druid.security.basic.authentication.endpoint.CoordinatorBasicAuthenticatorResourceHandler;
import org.apache.druid.security.basic.authentication.endpoint.DefaultBasicAuthenticatorResourceHandler;
import org.apache.druid.security.basic.authorization.BasicRoleBasedAuthorizer;
import org.apache.druid.security.basic.authorization.db.cache.BasicAuthorizerCacheManager;
import org.apache.druid.security.basic.authorization.db.cache.BasicAuthorizerCacheNotifier;
import org.apache.druid.security.basic.authorization.db.cache.CoordinatorBasicAuthorizerCacheNotifier;
import org.apache.druid.security.basic.authorization.db.cache.CoordinatorPollingBasicAuthorizerCacheManager;
import org.apache.druid.security.basic.authorization.db.cache.MetadataStoragePollingBasicAuthorizerCacheManager;
import org.apache.druid.security.basic.authorization.db.cache.NoopBasicAuthorizerCacheNotifier;
import org.apache.druid.security.basic.authorization.db.updater.BasicAuthorizerMetadataStorageUpdater;
import org.apache.druid.security.basic.authorization.db.updater.CoordinatorBasicAuthorizerMetadataStorageUpdater;
import org.apache.druid.security.basic.authorization.db.updater.NoopBasicAuthorizerMetadataStorageUpdater;
import org.apache.druid.security.basic.authorization.endpoint.BasicAuthorizerResource;
import org.apache.druid.security.basic.authorization.endpoint.BasicAuthorizerResourceHandler;
import org.apache.druid.security.basic.authorization.endpoint.CoordinatorBasicAuthorizerResourceHandler;
import org.apache.druid.security.basic.authorization.endpoint.DefaultBasicAuthorizerResourceHandler;

import java.util.List;

public class BasicSecurityDruidModule implements DruidModule
{

  @Override
  public void configure(Binder binder)
  {
    JsonConfigProvider.bind(binder, "druid.auth.basic.common", BasicAuthCommonCacheConfig.class);
    JsonConfigProvider.bind(binder, "druid.auth.basic.composition", BasicAuthClassCompositionConfig.class);
    JsonConfigProvider.bind(binder, "druid.auth.basic.ssl", BasicAuthSSLConfig.class);

    LifecycleModule.register(binder, BasicAuthenticatorMetadataStorageUpdater.class);
    LifecycleModule.register(binder, BasicAuthorizerMetadataStorageUpdater.class);
    LifecycleModule.register(binder, BasicAuthenticatorCacheManager.class);
    LifecycleModule.register(binder, BasicAuthorizerCacheManager.class);
    LifecycleModule.register(binder, BasicAuthenticatorCacheNotifier.class);
    LifecycleModule.register(binder, BasicAuthorizerCacheNotifier.class);

    Jerseys.addResource(binder, BasicAuthenticatorResource.class);
    Jerseys.addResource(binder, BasicAuthorizerResource.class);

    binder.requestStaticInjection(BasicSecuritySSLSocketFactory.class);
  }

  @Provides
  @LazySingleton
  public static BasicAuthenticatorMetadataStorageUpdater createAuthenticatorStorageUpdater(
      final Injector injector,
      BasicAuthClassCompositionConfig config
  ) throws ClassNotFoundException
  {
    return getInstance(
        injector,
        config.getAuthenticatorMetadataStorageUpdater(),
        CoordinatorBasicAuthenticatorMetadataStorageUpdater.class,
        NoopBasicAuthenticatorMetadataStorageUpdater.class
    );
  }

  @Provides
  @LazySingleton
  public static BasicAuthenticatorCacheManager createAuthenticatorCacheManager(
      final Injector injector,
      BasicAuthClassCompositionConfig config
  ) throws ClassNotFoundException
  {
    return getInstance(
        injector,
        config.getAuthenticatorCacheManager(),
        MetadataStoragePollingBasicAuthenticatorCacheManager.class,
        CoordinatorPollingBasicAuthenticatorCacheManager.class
    );
  }

  @Provides
  @LazySingleton
  public static BasicAuthenticatorResourceHandler createAuthenticatorResourceHandler(
      final Injector injector,
      BasicAuthClassCompositionConfig config
  ) throws ClassNotFoundException
  {
    return getInstance(
        injector,
        config.getAuthenticatorResourceHandler(),
        CoordinatorBasicAuthenticatorResourceHandler.class,
        DefaultBasicAuthenticatorResourceHandler.class
    );
  }

  @Provides
  @LazySingleton
  public static BasicAuthenticatorCacheNotifier createAuthenticatorCacheNotifier(
      final Injector injector,
      BasicAuthClassCompositionConfig config
  ) throws ClassNotFoundException
  {
    return getInstance(
        injector,
        config.getAuthenticatorCacheNotifier(),
        CoordinatorBasicAuthenticatorCacheNotifier.class,
        NoopBasicAuthenticatorCacheNotifier.class
    );
  }

  @Provides
  @LazySingleton
  public static BasicAuthorizerMetadataStorageUpdater createAuthorizerStorageUpdater(
      final Injector injector,
      BasicAuthClassCompositionConfig config
  ) throws ClassNotFoundException
  {
    return getInstance(
        injector,
        config.getAuthorizerMetadataStorageUpdater(),
        CoordinatorBasicAuthorizerMetadataStorageUpdater.class,
        NoopBasicAuthorizerMetadataStorageUpdater.class
    );
  }

  @Provides
  @LazySingleton
  public static BasicAuthorizerCacheManager createAuthorizerCacheManager(
      final Injector injector,
      BasicAuthClassCompositionConfig config
  ) throws ClassNotFoundException
  {
    return getInstance(
        injector,
        config.getAuthorizerCacheManager(),
        MetadataStoragePollingBasicAuthorizerCacheManager.class,
        CoordinatorPollingBasicAuthorizerCacheManager.class
    );
  }

  @Provides
  @LazySingleton
  public static BasicAuthorizerResourceHandler createAuthorizerResourceHandler(
      final Injector injector,
      BasicAuthClassCompositionConfig config
  ) throws ClassNotFoundException
  {
    return getInstance(
        injector,
        config.getAuthorizerResourceHandler(),
        CoordinatorBasicAuthorizerResourceHandler.class,
        DefaultBasicAuthorizerResourceHandler.class
    );
  }

  @Provides
  @LazySingleton
  public static BasicAuthorizerCacheNotifier createAuthorizerCacheNotifier(
      final Injector injector,
      BasicAuthClassCompositionConfig config
  ) throws ClassNotFoundException
  {
    return getInstance(
        injector,
        config.getAuthorizerCacheNotifier(),
        CoordinatorBasicAuthorizerCacheNotifier.class,
        NoopBasicAuthorizerCacheNotifier.class
    );
  }
  
  @Override
  public List getJacksonModules()
  {
    return ImmutableList.of(
        new SimpleModule("BasicDruidSecurity").registerSubtypes(
            BasicHTTPAuthenticator.class,
            BasicHTTPEscalator.class,
            BasicRoleBasedAuthorizer.class,
            NettyHttpClient.class
        )
    );
  }

  /**
   * Returns the instance provided either by a config property or coordinator-run class or default class.
   * The order of check corresponds to the order of method params.
   */
  private static  T getInstance(
      Injector injector,
      String configClassName,
      Class classRunByCoordinator,
      Class defaultClass
  ) throws ClassNotFoundException
  {
    if (configClassName != null) {
      // ClassCastException is thrown in case of a mismatch, configuration fix is required.
      @SuppressWarnings("unchecked")
      final T instance = (T) injector.getInstance(Class.forName(configClassName));
      return instance;
    }
    if (isCoordinator(injector)) {
      return injector.getInstance(classRunByCoordinator);
    }
    return injector.getInstance(defaultClass);
  }

  private static boolean isCoordinator(Injector injector)
  {
    final String serviceName;
    try {
      serviceName = injector.getInstance(Key.get(String.class, Names.named("serviceName")));
    }
    catch (Exception e) {
      return false;
    }

    return "druid/coordinator".equals(serviceName);
  }
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy