Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
AuthorizeServerHandler |
|
| 4.0;4 |
1 | /* | |
2 | * Licensed to the Apache Software Foundation (ASF) under one | |
3 | * or more contributor license agreements. See the NOTICE file | |
4 | * distributed with this work for additional information | |
5 | * regarding copyright ownership. The ASF licenses this file | |
6 | * to you under the Apache License, Version 2.0 (the | |
7 | * "License"); you may not use this file except in compliance | |
8 | * with the License. You may obtain a copy of the License at | |
9 | * | |
10 | * http://www.apache.org/licenses/LICENSE-2.0 | |
11 | * | |
12 | * Unless required by applicable law or agreed to in writing, software | |
13 | * distributed under the License is distributed on an "AS IS" BASIS, | |
14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
15 | * See the License for the specific language governing permissions and | |
16 | * limitations under the License. | |
17 | */ | |
18 | ||
19 | package org.apache.giraph.comm.netty.handler; | |
20 | ||
21 | import org.apache.giraph.comm.netty.NettyServer; | |
22 | import org.apache.giraph.comm.netty.SaslNettyServer; | |
23 | import org.apache.log4j.Logger; | |
24 | ||
25 | import io.netty.channel.ChannelInboundHandlerAdapter; | |
26 | import io.netty.channel.ChannelHandlerContext; | |
27 | /** | |
28 | * Authorize or deny client requests based on existence and completeness | |
29 | * of client's SASL authentication. | |
30 | */ | |
31 | public class AuthorizeServerHandler extends | |
32 | ChannelInboundHandlerAdapter { | |
33 | /** Class logger */ | |
34 | 0 | private static final Logger LOG = |
35 | 0 | Logger.getLogger(AuthorizeServerHandler.class); |
36 | ||
37 | /** | |
38 | * Constructor. | |
39 | */ | |
40 | 0 | public AuthorizeServerHandler() { |
41 | 0 | } |
42 | ||
43 | @Override | |
44 | public void channelRead(ChannelHandlerContext ctx, Object msg) | |
45 | throws Exception { | |
46 | 0 | if (LOG.isDebugEnabled()) { |
47 | 0 | LOG.debug("messageReceived: Got " + msg.getClass()); |
48 | } | |
49 | // Authorize: client is allowed to doRequest() if and only if the client | |
50 | // has successfully authenticated with this server. | |
51 | 0 | SaslNettyServer saslNettyServer = |
52 | 0 | ctx.attr(NettyServer.CHANNEL_SASL_NETTY_SERVERS).get(); |
53 | 0 | if (saslNettyServer == null) { |
54 | 0 | LOG.warn("messageReceived: This client is *NOT* authorized to perform " + |
55 | "this action since there's no saslNettyServer to " + | |
56 | "authenticate the client: " + | |
57 | "refusing to perform requested action: " + msg); | |
58 | 0 | return; |
59 | } | |
60 | ||
61 | 0 | if (!saslNettyServer.isComplete()) { |
62 | 0 | LOG.warn("messageReceived: This client is *NOT* authorized to perform " + |
63 | "this action because SASL authentication did not complete: " + | |
64 | "refusing to perform requested action: " + msg); | |
65 | // Return now *WITHOUT* sending upstream here, since client | |
66 | // not authorized. | |
67 | 0 | return; |
68 | } | |
69 | 0 | if (LOG.isDebugEnabled()) { |
70 | 0 | LOG.debug("messageReceived: authenticated client: " + |
71 | 0 | saslNettyServer.getUserName() + " is authorized to do request " + |
72 | "on server."); | |
73 | } | |
74 | // We call fireChannelRead since the client is allowed to perform this | |
75 | // request. The client's request will now proceed to the next | |
76 | // pipeline component, namely, RequestServerHandler. | |
77 | 0 | ctx.fireChannelRead(msg); |
78 | 0 | } |
79 | } |