Filter getFilterWithAdditionalFilters(List<Filter> originalFilter) {
return frameworkProperties
.getFilterBuilder()
.allOf(
getNonVersionTagsFilter(),
frameworkProperties.getValidationQueryFactory().getFilterWithValidationFilter(),
frameworkProperties.getFilterBuilder().anyOf(originalFilter));
}
private Filter getNonVersionTagsFilter() {
return frameworkProperties
.getFilterBuilder()
.not(
frameworkProperties
.getFilterBuilder()
.attribute(Metacard.TAGS)
.is()
.like()
.text(MetacardVersion.VERSION_TAG));
}
/**
* Executes a query using the specified {@link QueryRequest} and {@link FederationStrategy}. Based
* on the isEnterprise and sourceIds list in the query request, the federated query may include
* the local provider and {@link ConnectedSource}s.
*
* @param queryRequest the {@link QueryRequest}
* @param strategy the {@link FederationStrategy}
* @return the {@link QueryResponse}
* @throws FederationException
*/
QueryResponse doQuery(QueryRequest queryRequest, FederationStrategy strategy)
throws FederationException {
Set<String> sourceIds = getCombinedIdSet(queryRequest);
LOGGER.debug("source ids: {}", sourceIds);
QuerySources querySources =
new QuerySources(frameworkProperties)
.initializeSources(this, queryRequest, sourceIds)
.addConnectedSources(this, frameworkProperties)
.addCatalogProvider(this);
if (querySources.isEmpty()) {
// We have nothing to query at all.
// TODO change to SourceUnavailableException
throw new FederationException(
"SiteNames could not be resolved due to invalid site names, none of the sites "
+ "were available, or the current subject doesn't have permission to access the sites.");
}
LOGGER.debug("Calling strategy.federate()");
QueryResponse response = strategy.federate(querySources.sourcesToQuery, queryRequest);
frameworkProperties.getQueryResponsePostProcessor().processResponse(response);
return addProcessingDetails(querySources.exceptions, response);
}
//
// Helper methods
//
QueryResponse query(
QueryRequest queryRequest,
FederationStrategy strategy,
boolean overrideFanoutRename,
boolean fanoutEnabled)
throws UnsupportedQueryException, FederationException {
FederationStrategy fedStrategy = strategy;
QueryResponse queryResponse;
queryRequest = setFlagsOnRequest(queryRequest);
try {
queryRequest = validateQueryRequest(queryRequest);
queryRequest = getFanoutQuery(queryRequest, fanoutEnabled);
queryRequest = preProcessPreAuthorizationPlugins(queryRequest);
queryRequest = populateQueryRequestPolicyMap(queryRequest);
queryRequest = processPreQueryAccessPlugins(queryRequest);
queryRequest = processPreQueryPlugins(queryRequest);
queryRequest = validateQueryRequest(queryRequest);
if (fedStrategy == null) {
if (frameworkProperties.getFederationStrategy() == null) {
throw new FederationException(
"No Federation Strategies exist. Cannot execute federated query.");
} else {
LOGGER.debug(
"FederationStrategy was not specified, using default strategy: "
+ frameworkProperties.getFederationStrategy().getClass());
fedStrategy = frameworkProperties.getFederationStrategy();
}
}
queryResponse = doQuery(queryRequest, fedStrategy);
queryResponse = injectAttributes(queryResponse);
queryResponse = validateFixQueryResponse(queryResponse, overrideFanoutRename, fanoutEnabled);
queryResponse = postProcessPreAuthorizationPlugins(queryResponse);
queryResponse = populateQueryResponsePolicyMap(queryResponse);
queryResponse = processPostQueryAccessPlugins(queryResponse);
queryResponse = processPostQueryPlugins(queryResponse);
} catch (RuntimeException re) {
throw new UnsupportedQueryException("Exception during runtime while performing query", re);
}
return queryResponse;
}
private QueryResponse postProcessPreAuthorizationPlugins(QueryResponse queryResponse)
throws FederationException {
for (PreAuthorizationPlugin plugin : frameworkProperties.getPreAuthorizationPlugins()) {
try {
queryResponse = plugin.processPostQuery(queryResponse);
} catch (StopProcessingException e) {
throw new FederationException("Query could not be executed.", e);
}
}
return queryResponse;
}
private QueryRequest processPreQueryAccessPlugins(QueryRequest queryReq)
throws FederationException {
for (AccessPlugin plugin : frameworkProperties.getAccessPlugins()) {
try {
queryReq = plugin.processPreQuery(queryReq);
} catch (StopProcessingException e) {
throw new FederationException("Query could not be executed.", e);
}
}
return queryReq;
}
private QueryRequest processPreQueryPlugins(QueryRequest queryReq) throws FederationException {
for (PreQueryPlugin service : frameworkProperties.getPreQuery()) {
try {
queryReq = service.process(queryReq);
} catch (PluginExecutionException see) {
LOGGER.debug("Error executing PreQueryPlugin: {}", see.getMessage(), see);
} catch (StopProcessingException e) {
throw new FederationException("Query could not be executed.", e);
}
}
return queryReq;
}
QuerySources addConnectedSources(
QueryOperations queryOps, FrameworkProperties frameworkProperties) {
if (addConnectedSources) {
// add Connected Sources
for (ConnectedSource source : frameworkProperties.getConnectedSources()) {
if (queryOps.sourceOperations.isSourceAvailable(source)) {
sourcesToQuery.add(source);
} else {
LOGGER.debug(
"Connected Source {} is unavailable and will not be queried.", source.getId());
}
}
}
return this;
}
private QueryRequest populateQueryRequestPolicyMap(QueryRequest queryReq)
throws FederationException {
HashMap<String, Set<String>> requestPolicyMap = new HashMap<>();
Map<String, Serializable> unmodifiableProperties =
Collections.unmodifiableMap(queryReq.getProperties());
for (PolicyPlugin plugin : frameworkProperties.getPolicyPlugins()) {
try {
PolicyResponse policyResponse =
plugin.processPreQuery(queryReq.getQuery(), unmodifiableProperties);
opsSecuritySupport.buildPolicyMap(
requestPolicyMap, policyResponse.operationPolicy().entrySet());
} catch (StopProcessingException e) {
throw new FederationException("Query could not be executed.", e);
}
}
queryReq.getProperties().put(PolicyPlugin.OPERATION_SECURITY, requestPolicyMap);
return queryReq;
}
private QueryResponse injectAttributes(QueryResponse response) {
List<Result> results =
response
.getResults()
.stream()
.map(
result -> {
Metacard original = result.getMetacard();
Metacard metacard =
opsMetacardSupport.applyInjectors(
original, frameworkProperties.getAttributeInjectors());
ResultImpl newResult = new ResultImpl(metacard);
newResult.setDistanceInMeters(result.getDistanceInMeters());
newResult.setRelevanceScore(result.getRelevanceScore());
return newResult;
})
.collect(Collectors.toList());
return new QueryResponseImpl(
response.getRequest(), results, true, response.getHits(), response.getProperties());
}
private QueryResponse populateQueryResponsePolicyMap(QueryResponse queryResponse)
throws FederationException {
HashMap<String, Set<String>> responsePolicyMap = new HashMap<>();
Map<String, Serializable> unmodifiableProperties =
Collections.unmodifiableMap(queryResponse.getProperties());
for (Result result : queryResponse.getResults()) {
HashMap<String, Set<String>> itemPolicyMap = new HashMap<>();
for (PolicyPlugin plugin : frameworkProperties.getPolicyPlugins()) {
try {
PolicyResponse policyResponse = plugin.processPostQuery(result, unmodifiableProperties);
opsSecuritySupport.buildPolicyMap(itemPolicyMap, policyResponse.itemPolicy().entrySet());
opsSecuritySupport.buildPolicyMap(
responsePolicyMap, policyResponse.operationPolicy().entrySet());
} catch (StopProcessingException e) {
throw new FederationException("Query could not be executed.", e);
}
}
result.getMetacard().setAttribute(new AttributeImpl(Metacard.SECURITY, itemPolicyMap));
}
queryResponse.getProperties().put(PolicyPlugin.OPERATION_SECURITY, responsePolicyMap);
return queryResponse;
}
QuerySources initializeSources(
QueryOperations queryOps, QueryRequest queryRequest, Set<String> sourceIds) {
if (queryRequest.isEnterprise()) { // Check if it's an enterprise query
addConnectedSources = true;
addCatalogProvider = queryOps.hasCatalogProvider();
if (sourceIds != null && !sourceIds.isEmpty()) {
LOGGER.debug("Enterprise Query also included specific sites which will now be ignored");
sourceIds.clear();
}
// add all the federated sources
Set<String> notPermittedSources = new HashSet<>();
for (FederatedSource source : frameworkProperties.getFederatedSources().values()) {
boolean canAccessSource = queryOps.canAccessSource(source, queryRequest);
if (!canAccessSource) {
notPermittedSources.add(source.getId());
}
if (queryOps.sourceOperations.isSourceAvailable(source) && canAccessSource) {
sourcesToQuery.add(source);
} else {
exceptions.add(queryOps.createUnavailableProcessingDetails(source));
}
}
if (!notPermittedSources.isEmpty()) {
SecurityLogger.audit(
"Subject is not permitted to access sources {}", notPermittedSources);
}
} else if (CollectionUtils.isNotEmpty(sourceIds)) {
// it's a targeted federated query
if (queryOps.includesLocalSources(sourceIds)) {
LOGGER.debug("Local source is included in sourceIds");
addConnectedSources =
CollectionUtils.isNotEmpty(frameworkProperties.getConnectedSources());
addCatalogProvider = queryOps.hasCatalogProvider();
sourceIds.remove(queryOps.getId());
sourceIds.remove(null);
sourceIds.remove("");
}
// See if we still have sources to look up by name
if (!sourceIds.isEmpty()) {
Set<String> notPermittedSources = new HashSet<>();
for (String id : sourceIds) {
LOGGER.debug("Looking up source ID = {}", id);
boolean sourceFound = false;
if (frameworkProperties.getFederatedSources().containsKey(id)) {
sourceFound = true;
boolean canAccessSource =
queryOps.canAccessSource(
frameworkProperties.getFederatedSources().get(id), queryRequest);
if (!canAccessSource) {
notPermittedSources.add(frameworkProperties.getFederatedSources().get(id).getId());
}
if (frameworkProperties.getFederatedSources().get(id).isAvailable()
&& canAccessSource) {
sourcesToQuery.add(frameworkProperties.getFederatedSources().get(id));
} else {
exceptions.add(
queryOps.createUnavailableProcessingDetails(
frameworkProperties.getFederatedSources().get(id)));
}
}
if (!sourceFound) {
exceptions.add(
new ProcessingDetailsImpl(
id, new SourceUnavailableException("Source id is not found")));
}
}
if (!notPermittedSources.isEmpty()) {
SecurityLogger.audit(
"Subject is not permitted to access sources {}", notPermittedSources);
}
}
} else {
// default to local sources
addConnectedSources = CollectionUtils.isNotEmpty(frameworkProperties.getConnectedSources());
addCatalogProvider = queryOps.hasCatalogProvider();
}
return this;
}
