org.apache.pulsar.broker.web

Class PulsarWebResource

java.lang.Object

org.apache.pulsar.broker.web.PulsarWebResource

Direct Known Subclasses:

AdminResource, BrokersBase, ClustersBase, TenantsBase, TopicLookupBase

public abstract class PulsarWebResource
extends Object

Base class for Web resources in Pulsar. It provides basic authorization functions.

Field Summary

Fields

Modifier and Type	Field and Description
protected javax.servlet.http.HttpServletRequest	httpRequest
protected static int	NOT_IMPLEMENTED
protected javax.servlet.ServletContext	servletContext
protected javax.ws.rs.core.UriInfo	uri

Constructor Summary

Constructors

Constructor and Description
PulsarWebResource()

Method Summary

Modifier and Type	Method and Description
protected CompletableFuture<Void>	canUpdateCluster(String tenant, Set<String> oldClusters, Set<String> newClusters)
protected static void	checkAuthorization(PulsarService pulsarService, org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData)
static CompletableFuture<org.apache.pulsar.common.policies.data.ClusterDataImpl>	checkLocalOrGetPeerReplicationCluster(PulsarService pulsarService, org.apache.pulsar.common.naming.NamespaceName namespace)
String	clientAppId() Gets a caller id (IP + role).
AuthenticationDataHttps	clientAuthData()
protected ClusterResources	clusterResources()
protected ServiceConfiguration	config()
static void	deleteRecursive(BaseResources resources, String pathRoot)
protected DynamicConfigurationResources	dynamicConfigurationResources()
protected static CompletableFuture<org.apache.pulsar.common.policies.data.ClusterDataImpl>	getClusterDataIfDifferentCluster(PulsarService pulsar, String cluster, String clientAppId)
protected List<String>	getListOfNamespaces(String tenant)
protected List<String>	getListOfResourcegroups(String property) Get the list of resourcegroups.
protected LocalPoliciesResources	getLocalPolicies()
protected PulsarResources	getPulsarResources()
protected CompletableFuture<Void>	hasActiveNamespace(String tenant)
protected boolean	hasSuperUserAccess()
protected CompletableFuture<Boolean>	isBundleOwnedByAnyBroker(org.apache.pulsar.common.naming.NamespaceName fqnn, org.apache.pulsar.common.policies.data.BundlesData bundles, String bundleRange) Checks whether a given bundle is currently loaded by any broker.
static boolean	isClientAuthenticated(String appId)
protected boolean	isLeaderBroker()
protected static boolean	isLeaderBroker(PulsarService pulsar)
boolean	isRequestHttps()
static String	joinPath(String... parts)
static com.fasterxml.jackson.databind.ObjectMapper	jsonMapper()
static List<String>	listSubTreeBFS(BaseResources resources, String pathRoot)
protected NamespaceResources.IsolationPolicyResources	namespaceIsolationPolicies()
protected NamespaceResources	namespaceResources()
String	originalPrincipal()
static String	path(String... parts)
protected PulsarService	pulsar()
protected ResourceGroupResources	resourceGroupResources()
void	setPulsar(PulsarService pulsar)
static String	splitPath(String source, int slice)
protected TenantResources	tenantResources()
protected static void	validateAdminAccessForTenant(PulsarService pulsar, String clientAppId, String originalPrincipal, String tenant, AuthenticationDataSource authenticationData)
protected void	validateAdminAccessForTenant(String tenant) Checks that the http client role has admin access to the specified tenant.
protected void	validateBrokerName(String broker) Redirect the call to the specified broker.
void	validateBundleOwnership(NamespaceBundle bundle, boolean authoritative, boolean readOnly)
protected void	validateBundleOwnership(String tenant, String cluster, String namespace, boolean authoritative, boolean readOnly, NamespaceBundle bundle)
protected void	validateClusterExists(String cluster)
protected void	validateClusterForTenant(String tenant, String cluster)
protected void	validateClusterOwnership(String cluster) Check if the cluster exists and redirect the call to the owning cluster.
protected void	validateGlobalNamespaceOwnership(org.apache.pulsar.common.naming.NamespaceName namespace) If the namespace is global, validate the following - 1.
protected CompletableFuture<Void>	validateGlobalNamespaceOwnershipAsync(org.apache.pulsar.common.naming.NamespaceName namespace)
protected NamespaceBundle	validateNamespaceBundleOwnership(org.apache.pulsar.common.naming.NamespaceName fqnn, org.apache.pulsar.common.policies.data.BundlesData bundles, String bundleRange, boolean authoritative, boolean readOnly)
protected NamespaceBundle	validateNamespaceBundleRange(org.apache.pulsar.common.naming.NamespaceName fqnn, org.apache.pulsar.common.policies.data.BundlesData bundles, String bundleRange)
void	validateNamespaceOperation(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.NamespaceOperation operation)
void	validateNamespacePolicyOperation(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation)
void	validatePoliciesReadOnlyAccess()
void	validateSuperUserAccess() Checks whether the user has Pulsar Super-User access to the system.
void	validateTenantOperation(String tenant, org.apache.pulsar.common.policies.data.TenantOperation operation)
void	validateTopicOperation(org.apache.pulsar.common.naming.TopicName topicName, org.apache.pulsar.common.policies.data.TopicOperation operation)
void	validateTopicOperation(org.apache.pulsar.common.naming.TopicName topicName, org.apache.pulsar.common.policies.data.TopicOperation operation, String subscription)
protected void	validateTopicOwnership(org.apache.pulsar.common.naming.TopicName topicName, boolean authoritative) Checks whether the broker is the owner of the namespace.
protected CompletableFuture<Void>	validateTopicOwnershipAsync(org.apache.pulsar.common.naming.TopicName topicName, boolean authoritative)
void	validateTopicPolicyOperation(org.apache.pulsar.common.naming.TopicName topicName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

servletContext

@Context
protected javax.servlet.ServletContext servletContext

httpRequest

@Context
protected javax.servlet.http.HttpServletRequest httpRequest

uri

@Context
protected javax.ws.rs.core.UriInfo uri

NOT_IMPLEMENTED

protected static final int NOT_IMPLEMENTED

See Also:

Constant Field Values

Constructor Detail

PulsarWebResource

public PulsarWebResource()

Method Detail

pulsar

protected PulsarService pulsar()

config

protected ServiceConfiguration config()

path

public static String path(String... parts)

joinPath

public static String joinPath(String... parts)

splitPath

public static String splitPath(String source,
                               int slice)

clientAppId

public String clientAppId()

Gets a caller id (IP + role).

Returns:

the web service caller identification

originalPrincipal

public String originalPrincipal()

clientAuthData

public AuthenticationDataHttps clientAuthData()

isRequestHttps

public boolean isRequestHttps()

isClientAuthenticated

public static boolean isClientAuthenticated(String appId)

hasSuperUserAccess

protected boolean hasSuperUserAccess()

validateSuperUserAccess

public void validateSuperUserAccess()

Checks whether the user has Pulsar Super-User access to the system.

Throws:

javax.ws.rs.WebApplicationException - if not authorized

validateAdminAccessForTenant

protected void validateAdminAccessForTenant(String tenant)

Checks that the http client role has admin access to the specified tenant.

Parameters:

tenant - the tenant id

Throws:

javax.ws.rs.WebApplicationException - if not authorized

validateAdminAccessForTenant

protected static void validateAdminAccessForTenant(PulsarService pulsar,
                                                   String clientAppId,
                                                   String originalPrincipal,
                                                   String tenant,
                                                   AuthenticationDataSource authenticationData)
                                            throws Exception

Throws:

Exception

validateClusterForTenant

protected void validateClusterForTenant(String tenant,
                                        String cluster)

validateClusterOwnership

protected void validateClusterOwnership(String cluster)
                                 throws javax.ws.rs.WebApplicationException

Check if the cluster exists and redirect the call to the owning cluster.

Parameters:

cluster - Cluster name

Throws:

Exception - In case the redirect happens

javax.ws.rs.WebApplicationException

getClusterDataIfDifferentCluster

protected static CompletableFuture<org.apache.pulsar.common.policies.data.ClusterDataImpl> getClusterDataIfDifferentCluster(PulsarService pulsar,
                                                                                                                            String cluster,
                                                                                                                            String clientAppId)

validateBundleOwnership

protected void validateBundleOwnership(String tenant,
                                       String cluster,
                                       String namespace,
                                       boolean authoritative,
                                       boolean readOnly,
                                       NamespaceBundle bundle)

validateNamespaceBundleRange

protected NamespaceBundle validateNamespaceBundleRange(org.apache.pulsar.common.naming.NamespaceName fqnn,
                                                       org.apache.pulsar.common.policies.data.BundlesData bundles,
                                                       String bundleRange)

isBundleOwnedByAnyBroker

protected CompletableFuture<Boolean> isBundleOwnedByAnyBroker(org.apache.pulsar.common.naming.NamespaceName fqnn,
                                                              org.apache.pulsar.common.policies.data.BundlesData bundles,
                                                              String bundleRange)

Checks whether a given bundle is currently loaded by any broker.

validateNamespaceBundleOwnership

protected NamespaceBundle validateNamespaceBundleOwnership(org.apache.pulsar.common.naming.NamespaceName fqnn,
                                                           org.apache.pulsar.common.policies.data.BundlesData bundles,
                                                           String bundleRange,
                                                           boolean authoritative,
                                                           boolean readOnly)

validateBundleOwnership

public void validateBundleOwnership(NamespaceBundle bundle,
                                    boolean authoritative,
                                    boolean readOnly)
                             throws Exception

Throws:

Exception

validateTopicOwnership

protected void validateTopicOwnership(org.apache.pulsar.common.naming.TopicName topicName,
                                      boolean authoritative)

Checks whether the broker is the owner of the namespace. Otherwise it will raise an exception to redirect the client to the appropriate broker. If no broker owns the namespace yet, this function will try to acquire the ownership by default.

Parameters:

topicName - topic name

authoritative -

validateTopicOwnershipAsync

protected CompletableFuture<Void> validateTopicOwnershipAsync(org.apache.pulsar.common.naming.TopicName topicName,
                                                              boolean authoritative)

validateGlobalNamespaceOwnership

protected void validateGlobalNamespaceOwnership(org.apache.pulsar.common.naming.NamespaceName namespace)

If the namespace is global, validate the following - 1. If replicated clusters are configured for this global namespace 2. If local cluster belonging to this namespace is replicated 3. If replication is enabled for this namespace
It validates if local cluster is part of replication-cluster. If local cluster is not part of the replication cluster then it redirects request to peer-cluster if any of the peer-cluster is part of replication-cluster of this namespace. If none of the cluster is part of the replication cluster then it fails the validation.

Parameters:

namespace -

Throws:

Exception

validateGlobalNamespaceOwnershipAsync

protected CompletableFuture<Void> validateGlobalNamespaceOwnershipAsync(org.apache.pulsar.common.naming.NamespaceName namespace)

checkLocalOrGetPeerReplicationCluster

public static CompletableFuture<org.apache.pulsar.common.policies.data.ClusterDataImpl> checkLocalOrGetPeerReplicationCluster(PulsarService pulsarService,
                                                                                                                              org.apache.pulsar.common.naming.NamespaceName namespace)

checkAuthorization

protected static void checkAuthorization(PulsarService pulsarService,
                                         org.apache.pulsar.common.naming.TopicName topicName,
                                         String role,
                                         AuthenticationDataSource authenticationData)
                                  throws Exception

Throws:

Exception

setPulsar

public void setPulsar(PulsarService pulsar)

isLeaderBroker

protected boolean isLeaderBroker()

isLeaderBroker

protected static boolean isLeaderBroker(PulsarService pulsar)

validateTenantOperation

public void validateTenantOperation(String tenant,
                                    org.apache.pulsar.common.policies.data.TenantOperation operation)

validateNamespaceOperation

public void validateNamespaceOperation(org.apache.pulsar.common.naming.NamespaceName namespaceName,
                                       org.apache.pulsar.common.policies.data.NamespaceOperation operation)

validateNamespacePolicyOperation

public void validateNamespacePolicyOperation(org.apache.pulsar.common.naming.NamespaceName namespaceName,
                                             org.apache.pulsar.common.policies.data.PolicyName policy,
                                             org.apache.pulsar.common.policies.data.PolicyOperation operation)

getPulsarResources

protected PulsarResources getPulsarResources()

tenantResources

protected TenantResources tenantResources()

clusterResources

protected ClusterResources clusterResources()

namespaceResources

protected NamespaceResources namespaceResources()

resourceGroupResources

protected ResourceGroupResources resourceGroupResources()

getLocalPolicies

protected LocalPoliciesResources getLocalPolicies()

namespaceIsolationPolicies

protected NamespaceResources.IsolationPolicyResources namespaceIsolationPolicies()

dynamicConfigurationResources

protected DynamicConfigurationResources dynamicConfigurationResources()

jsonMapper

public static com.fasterxml.jackson.databind.ObjectMapper jsonMapper()

validatePoliciesReadOnlyAccess

public void validatePoliciesReadOnlyAccess()

hasActiveNamespace

protected CompletableFuture<Void> hasActiveNamespace(String tenant)

validateClusterExists

protected void validateClusterExists(String cluster)

canUpdateCluster

protected CompletableFuture<Void> canUpdateCluster(String tenant,
                                                   Set<String> oldClusters,
                                                   Set<String> newClusters)

validateBrokerName

protected void validateBrokerName(String broker)

Redirect the call to the specified broker.

Parameters:

broker - Broker name

validateTopicPolicyOperation

public void validateTopicPolicyOperation(org.apache.pulsar.common.naming.TopicName topicName,
                                         org.apache.pulsar.common.policies.data.PolicyName policy,
                                         org.apache.pulsar.common.policies.data.PolicyOperation operation)

validateTopicOperation

public void validateTopicOperation(org.apache.pulsar.common.naming.TopicName topicName,
                                   org.apache.pulsar.common.policies.data.TopicOperation operation)

validateTopicOperation

public void validateTopicOperation(org.apache.pulsar.common.naming.TopicName topicName,
                                   org.apache.pulsar.common.policies.data.TopicOperation operation,
                                   String subscription)

getListOfNamespaces

protected List<String> getListOfNamespaces(String tenant)
                                    throws Exception

Throws:

Exception

getListOfResourcegroups

protected List<String> getListOfResourcegroups(String property)
                                        throws Exception

Get the list of resourcegroups.

Returns:

the list of resourcegroups

Throws:

Exception

deleteRecursive

public static void deleteRecursive(BaseResources resources,
                                   String pathRoot)
                            throws org.apache.pulsar.metadata.api.MetadataStoreException

Throws:

org.apache.pulsar.metadata.api.MetadataStoreException

listSubTreeBFS

public static List<String> listSubTreeBFS(BaseResources resources,
                                          String pathRoot)
                                   throws org.apache.pulsar.metadata.api.MetadataStoreException

Throws:

org.apache.pulsar.metadata.api.MetadataStoreException