Package org.apache.druid.server.security

Class AuthConfig

  • public class AuthConfig
extends Object

    • Field Detail

      • DRUID_AUTHENTICATION_RESULT

        public static final String DRUID_AUTHENTICATION_RESULT
        HTTP attribute that holds an AuthenticationResult, with info about a successful authentication check.
        See Also:
        Constant Field Values

      • DRUID_AUTHORIZATION_CHECKED

        public static final String DRUID_AUTHORIZATION_CHECKED
        HTTP attribute set when a static method in AuthorizationUtils performs an authorization check on the request.
        See Also:
        Constant Field Values

      • ALLOWED_CONTEXT_KEYS

        public static final Set<String> ALLOWED_CONTEXT_KEYS
        Set of context keys which are always permissible because something in the Druid code itself sets the key before the security check.

    • Constructor Detail

      • AuthConfig

        public AuthConfig()

      • AuthConfig

        public AuthConfig​(List<String> authenticatorChain,
                  List<String> authorizers,
                  List<String> unsecuredPaths,
                  boolean allowUnauthenticatedHttpOptions,
                  boolean authorizeQueryContextParams,
                  Set<String> unsecuredContextKeys,
                  Set<String> securedContextKeys,
                  boolean enableInputSourceSecurity)

    • Method Detail

      • getAuthenticatorChain

        public List<String> getAuthenticatorChain()

      • getAuthorizers

        public List<String> getAuthorizers()

      • getUnsecuredPaths

        public List<String> getUnsecuredPaths()

      • isAllowUnauthenticatedHttpOptions

        public boolean isAllowUnauthenticatedHttpOptions()

      • authorizeQueryContextParams

        public boolean authorizeQueryContextParams()

      • isEnableInputSourceSecurity

        public boolean isEnableInputSourceSecurity()

      • contextKeysToAuthorize

        public Set<String> contextKeysToAuthorize​(Set<String> userKeys)
        Filter the user-supplied context keys based on the context key security rules. If context key security is disabled, then allow all keys. Else, apply the three key lists defined here.
        • Allow Druid-defined keys.
        • Allow anything not in the secured context key list.
        • Allow anything in the config-defined unsecured key list.
        In the typical case, a site defines either the secured key list (to handle a few keys that are are not allowed) or the unsecured key list (to enumerate a few that are allowed.) If both lists are given, think of the secured list as exceptions to the unsecured key list.
        Returns:
        the list of secured keys to check via authentication

      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class Object