/** Main entry point, should be called by a scheduler. */ public void run() { Security.runAsAdmin( () -> { Subject runSubject = subject != null ? subject : Security.getInstance().getSystemSubject(); return runSubject.execute( () -> { LOGGER.trace("running workspace query service"); Map<String, Pair<WorkspaceMetacardImpl, List<QueryMetacardImpl>>> queryMetacards = workspaceService.getQueryMetacards(); LOGGER.debug("queryMetacards: size={}", queryMetacards.size()); List<WorkspaceTask> workspaceTasks = createWorkspaceTasks(queryMetacards); LOGGER.debug("workspaceTasks: size={}", workspaceTasks.size()); Map<String, Pair<WorkspaceMetacardImpl, Long>> results = executeWorkspaceTasks(workspaceTasks, queryTimeoutMinutes, TimeUnit.MINUTES); LOGGER.debug("results: {}", results); queryUpdateSubscriber.notify(results); return null; }); }); }
private void getVersionedMetacards( List<Metacard> metacards, final HistoryMetacardImpl.Action action) throws PluginExecutionException { final List<Metacard> versionedMetacards = metacards .stream() .filter( metacard -> !metacard .getMetacardType() .equals(HistoryMetacardImpl.getVersionHistoryMetacardType())) .map(metacard -> new HistoryMetacardImpl(metacard, action, SecurityUtils.getSubject())) .collect(Collectors.toList()); if (versionedMetacards.isEmpty()) { return; } Subject system = Security.getSystemSubject(); if (system == null) { LOGGER.warn("Could not get system subject to create versioned metacards."); return; } system.execute( () -> { this.store(versionedMetacards); return true; }); }
boolean canAccessSource(FederatedSource source, QueryRequest request) { Map<String, Set<String>> securityAttributes = source.getSecurityAttributes(); if (securityAttributes.isEmpty()) { return true; } Object requestSubject = request.getProperties().get(SecurityConstants.SECURITY_SUBJECT); if (requestSubject instanceof ddf.security.Subject) { Subject subject = (Subject) requestSubject; KeyValueCollectionPermission kvCollection = new KeyValueCollectionPermission(CollectionPermission.READ_ACTION, securityAttributes); return subject.isPermitted(kvCollection); } return false; }