Package org.apache.druid.server.security

Class AuthConfig

java.lang.Object
org.apache.druid.server.security.AuthConfig
public class AuthConfig extends Object

  • Field Details

    • DRUID_AUTHENTICATION_RESULT

      public static final String DRUID_AUTHENTICATION_RESULT
      HTTP attribute that holds an AuthenticationResult, with info about a successful authentication check.
      See Also:

    • DRUID_AUTHORIZATION_CHECKED

      public static final String DRUID_AUTHORIZATION_CHECKED
      HTTP attribute set when a static method in AuthorizationUtils performs an authorization check on the request.
      See Also:

    • DRUID_ALLOW_UNSECURED_PATH

      public static final String DRUID_ALLOW_UNSECURED_PATH
      See Also:

    • ALLOW_ALL_NAME

      public static final String ALLOW_ALL_NAME
      See Also:

    • ANONYMOUS_NAME

      public static final String ANONYMOUS_NAME
      See Also:

    • TRUSTED_DOMAIN_NAME

      public static final String TRUSTED_DOMAIN_NAME
      See Also:

    • ALLOWED_CONTEXT_KEYS

      public static final Set<String> ALLOWED_CONTEXT_KEYS
      Set of context keys which are always permissible because something in the Druid code itself sets the key before the security check.

  • Constructor Details

    • AuthConfig

      public AuthConfig()

    • AuthConfig

      public AuthConfig(List<String> authenticatorChain, List<String> authorizers, List<String> unsecuredPaths, boolean allowUnauthenticatedHttpOptions, boolean authorizeQueryContextParams, Set<String> unsecuredContextKeys, Set<String> securedContextKeys, boolean enableInputSourceSecurity)

  • Method Details

    • getAuthenticatorChain

      public List<String> getAuthenticatorChain()

    • getAuthorizers

      public List<String> getAuthorizers()

    • getUnsecuredPaths

      public List<String> getUnsecuredPaths()

    • isAllowUnauthenticatedHttpOptions

      public boolean isAllowUnauthenticatedHttpOptions()

    • authorizeQueryContextParams

      public boolean authorizeQueryContextParams()

    • isEnableInputSourceSecurity

      public boolean isEnableInputSourceSecurity()

    • contextKeysToAuthorize

      public Set<String> contextKeysToAuthorize(Set<String> userKeys)
      Filter the user-supplied context keys based on the context key security rules. If context key security is disabled, then allow all keys. Else, apply the three key lists defined here.
      • Allow Druid-defined keys.
      • Allow anything not in the secured context key list.
      • Allow anything in the config-defined unsecured key list.
      In the typical case, a site defines either the secured key list (to handle a few keys that are are not allowed) or the unsecured key list (to enumerate a few that are allowed.) If both lists are given, think of the secured list as exceptions to the unsecured key list.
      Returns:
      the list of secured keys to check via authentication

    • equals

      public boolean equals(Object o)
      Overrides:
      equals in class Object

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • newBuilder

      public static AuthConfig.Builder newBuilder()