Package org.apache.pulsar.broker.authorization

Class AuthorizationService

java.lang.Object
org.apache.pulsar.broker.authorization.AuthorizationService
public class AuthorizationService extends Object
Authorization service that manages pluggable authorization provider and authorize requests accordingly.

  • Constructor Details

  • Method Details

    • isSuperUser

      public CompletableFuture<Boolean> isSuperUser(AuthenticationParameters authParams)

    • isSuperUser

      public CompletableFuture<Boolean> isSuperUser(String user, AuthenticationDataSource authenticationData)

    • isTenantAdmin

      public CompletableFuture<Boolean> isTenantAdmin(String tenant, String role, org.apache.pulsar.common.policies.data.TenantInfo tenantInfo, AuthenticationDataSource authenticationData)

    • grantPermissionAsync

      public CompletableFuture<Void> grantPermissionAsync(org.apache.pulsar.common.naming.NamespaceName namespace, Set<org.apache.pulsar.common.policies.data.AuthAction> actions, String role, String authDataJson)
      Grant authorization-action permission on a namespace to the given client. NOTE: used to complete with IllegalArgumentException when namespace not found or with IllegalStateException when failed to grant permission.
      Parameters:
      namespace -
      actions -
      role -
      authDataJson - additional authdata in json for targeted authorization provider

    • grantSubscriptionPermissionAsync

      public CompletableFuture<Void> grantSubscriptionPermissionAsync(org.apache.pulsar.common.naming.NamespaceName namespace, String subscriptionName, Set<String> roles, String authDataJson)
      Grant permission to roles that can access subscription-admin api.
      Parameters:
      namespace -
      subscriptionName -
      roles -
      authDataJson - additional authdata in json for targeted authorization provider
      Returns:

    • revokeSubscriptionPermissionAsync

      public CompletableFuture<Void> revokeSubscriptionPermissionAsync(org.apache.pulsar.common.naming.NamespaceName namespace, String subscriptionName, String role, String authDataJson)
      Revoke subscription admin-api access for a role.
      Parameters:
      namespace -
      subscriptionName -
      role -
      Returns:

    • grantPermissionAsync

      public CompletableFuture<Void> grantPermissionAsync(org.apache.pulsar.common.naming.TopicName topicname, Set<org.apache.pulsar.common.policies.data.AuthAction> actions, String role, String authDataJson)
      Grant authorization-action permission on a topic to the given client. NOTE: used to complete with IllegalArgumentException when namespace not found or with IllegalStateException when failed to grant permission.
      Parameters:
      topicname -
      role -
      authDataJson - additional authdata in json for targeted authorization provider

    • canProduceAsync

      public CompletableFuture<Boolean> canProduceAsync(org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData)
      Check if the specified role has permission to send messages to the specified fully qualified topic name.
      Parameters:
      topicName - the fully qualified topic name associated with the topic.
      role - the app id used to send messages to the topic.

    • canConsumeAsync

      public CompletableFuture<Boolean> canConsumeAsync(org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData, String subscription)
      Check if the specified role has permission to receive messages from the specified fully qualified topic name.
      Parameters:
      topicName - the fully qualified topic name associated with the topic.
      role - the app id used to receive messages from the topic.
      subscription - the subscription name defined by the client

    • canProduce

      public boolean canProduce(org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData) throws Exception
      Throws:
      Exception

    • canConsume

      public boolean canConsume(org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData, String subscription) throws Exception
      Throws:
      Exception

    • canLookup

      public boolean canLookup(org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData) throws Exception
      Check whether the specified role can perform a lookup for the specified topic. For that the caller needs to have producer or consumer permission.
      Parameters:
      topicName -
      role -
      Returns:
      Throws:
      Exception

    • canLookupAsync

      public CompletableFuture<Boolean> canLookupAsync(org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData)
      Check whether the specified role can perform a lookup for the specified topic. For that the caller needs to have producer or consumer permission.
      Parameters:
      topicName -
      role -
      Returns:
      Throws:
      Exception

    • allowFunctionOpsAsync

      public CompletableFuture<Boolean> allowFunctionOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, String role, AuthenticationDataSource authenticationData)

    • allowFunctionOpsAsync

      public CompletableFuture<Boolean> allowFunctionOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, AuthenticationParameters authParams)

    • allowSourceOpsAsync

      public CompletableFuture<Boolean> allowSourceOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, String role, AuthenticationDataSource authenticationData)

    • allowSourceOpsAsync

      public CompletableFuture<Boolean> allowSourceOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, AuthenticationParameters authParams)

    • allowSinkOpsAsync

      public CompletableFuture<Boolean> allowSinkOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, String role, AuthenticationDataSource authenticationData)

    • allowSinkOpsAsync

      public CompletableFuture<Boolean> allowSinkOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, AuthenticationParameters authParams)

    • isValidOriginalPrincipal

      public boolean isValidOriginalPrincipal(String authenticatedPrincipal, String originalPrincipal, AuthenticationDataSource authDataSource)
      Whether the authenticatedPrincipal and the originalPrincipal form a valid pair. This method assumes that authenticatedPrincipal and originalPrincipal can be equal, as long as they are not a proxy role. This use case is relvant for the admin server because of the way the proxy handles authentication. The binary protocol should not use this method.
      Returns:
      true when roles are a valid combination and false when roles are an invalid combination

    • isValidOriginalPrincipal

      public boolean isValidOriginalPrincipal(String authenticatedPrincipal, String originalPrincipal, SocketAddress remoteAddress, boolean allowNonProxyPrincipalsToBeEqual)
      Validates that the authenticatedPrincipal and the originalPrincipal are a valid combination. Valid combinations fulfills the following rule:

      The authenticatedPrincipal is in ServiceConfiguration#getProxyRoles(), if, and only if, the originalPrincipal is set to a role that is not also in ServiceConfiguration#getProxyRoles().

      Returns:
      true when roles are a valid combination and false when roles are an invalid combination

    • allowTenantOperationAsync

      public CompletableFuture<Boolean> allowTenantOperationAsync(String tenantName, org.apache.pulsar.common.policies.data.TenantOperation operation, String role, AuthenticationDataSource authData)
      Grant authorization-action permission on a tenant to the given client.
      Parameters:
      tenantName - tenant name
      operation - tenant operation
      role - role name
      authData - additional authdata in json for targeted authorization provider
      Returns:
      IllegalArgumentException when tenant not found
      Throws:
      IllegalStateException - when failed to grant permission

    • allowTenantOperationAsync

      public CompletableFuture<Boolean> allowTenantOperationAsync(String tenantName, org.apache.pulsar.common.policies.data.TenantOperation operation, String originalRole, String role, AuthenticationDataSource authData)

    • allowTenantOperation

      public boolean allowTenantOperation(String tenantName, org.apache.pulsar.common.policies.data.TenantOperation operation, String originalRole, String role, AuthenticationDataSource authData) throws Exception
      Throws:
      Exception

    • allowNamespaceOperationAsync

      public CompletableFuture<Boolean> allowNamespaceOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.NamespaceOperation operation, String role, AuthenticationDataSource authData)
      Grant authorization-action permission on a namespace to the given client.
      Parameters:
      namespaceName -
      operation -
      role -
      authData - additional authdata in json for targeted authorization provider
      Returns:
      IllegalArgumentException when namespace not found
      Throws:
      IllegalStateException - when failed to grant permission

    • allowNamespaceOperationAsync

      public CompletableFuture<Boolean> allowNamespaceOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.NamespaceOperation operation, String originalRole, String role, AuthenticationDataSource authData)

    • allowNamespacePolicyOperationAsync

      public CompletableFuture<Boolean> allowNamespacePolicyOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String role, AuthenticationDataSource authData)
      Grant authorization-action permission on a namespace to the given client.
      Parameters:
      namespaceName -
      operation -
      role -
      authData - additional authdata in json for targeted authorization provider
      Returns:
      IllegalArgumentException when namespace not found
      Throws:
      IllegalStateException - when failed to grant permission

    • allowNamespacePolicyOperationAsync

      public CompletableFuture<Boolean> allowNamespacePolicyOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String originalRole, String role, AuthenticationDataSource authData)

    • allowNamespacePolicyOperation

      public boolean allowNamespacePolicyOperation(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String originalRole, String role, AuthenticationDataSource authData) throws Exception
      Throws:
      Exception

    • allowTopicPolicyOperationAsync

      public CompletableFuture<Boolean> allowTopicPolicyOperationAsync(org.apache.pulsar.common.naming.TopicName topicName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String role, AuthenticationDataSource authData)
      Grant authorization-action permission on a topic to the given client.
      Parameters:
      topicName -
      policy -
      operation -
      role -
      authData - additional authdata in json for targeted authorization provider
      Throws:
      IllegalStateException - when failed to grant permission

    • allowTopicPolicyOperationAsync

      public CompletableFuture<Boolean> allowTopicPolicyOperationAsync(org.apache.pulsar.common.naming.TopicName topicName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String originalRole, String role, AuthenticationDataSource authData)

    • allowTopicPolicyOperation

      public Boolean allowTopicPolicyOperation(org.apache.pulsar.common.naming.TopicName topicName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String originalRole, String role, AuthenticationDataSource authData) throws Exception
      Throws:
      Exception

    • allowTopicOperationAsync

      public CompletableFuture<Boolean> allowTopicOperationAsync(org.apache.pulsar.common.naming.TopicName topicName, org.apache.pulsar.common.policies.data.TopicOperation operation, String role, AuthenticationDataSource authData)
      Grant authorization-action permission on a topic to the given client.
      Parameters:
      topicName -
      operation -
      role -
      authData - additional authdata in json for targeted authorization provider
      Returns:
      IllegalArgumentException when namespace not found
      Throws:
      IllegalStateException - when failed to grant permission

    • allowTopicOperationAsync

      public CompletableFuture<Boolean> allowTopicOperationAsync(org.apache.pulsar.common.naming.TopicName topicName, org.apache.pulsar.common.policies.data.TopicOperation operation, AuthenticationParameters authParams)

    • allowTopicOperationAsync

      public CompletableFuture<Boolean> allowTopicOperationAsync(org.apache.pulsar.common.naming.TopicName topicName, org.apache.pulsar.common.policies.data.TopicOperation operation, String originalRole, String role, AuthenticationDataSource authData)

    • allowTopicOperation

      public Boolean allowTopicOperation(org.apache.pulsar.common.naming.TopicName topicName, org.apache.pulsar.common.policies.data.TopicOperation operation, String originalRole, String role, AuthenticationDataSource authData) throws Exception
      Throws:
      Exception