/** ********************************************************************************* */
private SourceMetricsImpl configureSourceMetrics(String sourceId) throws Exception {
catalogProvider = mock(CatalogProvider.class);
when(catalogProvider.getId()).thenReturn(sourceId);
fedSource = mock(FederatedSource.class);
when(fedSource.getId()).thenReturn("fs-1");
sourceMetrics = new SourceMetricsImpl();
sourceMetrics.setCatalogProviders(Collections.singletonList(catalogProvider));
sourceMetrics.setFederatedSources(Collections.singletonList(fedSource));
assertThat(sourceMetrics, not(nullValue()));
return sourceMetrics;
}
boolean canAccessSource(FederatedSource source, QueryRequest request) {
Map<String, Set<String>> securityAttributes = source.getSecurityAttributes();
if (securityAttributes.isEmpty()) {
return true;
}
Object requestSubject = request.getProperties().get(SecurityConstants.SECURITY_SUBJECT);
if (requestSubject instanceof ddf.security.Subject) {
Subject subject = (Subject) requestSubject;
KeyValueCollectionPermission kvCollection =
new KeyValueCollectionPermission(CollectionPermission.READ_ACTION, securityAttributes);
return subject.isPermitted(kvCollection);
}
return false;
}
QuerySources initializeSources(
QueryOperations queryOps, QueryRequest queryRequest, Set<String> sourceIds) {
if (queryRequest.isEnterprise()) { // Check if it's an enterprise query
addConnectedSources = true;
addCatalogProvider = queryOps.hasCatalogProvider();
if (sourceIds != null && !sourceIds.isEmpty()) {
LOGGER.debug("Enterprise Query also included specific sites which will now be ignored");
sourceIds.clear();
}
// add all the federated sources
Set<String> notPermittedSources = new HashSet<>();
for (FederatedSource source : frameworkProperties.getFederatedSources().values()) {
boolean canAccessSource = queryOps.canAccessSource(source, queryRequest);
if (!canAccessSource) {
notPermittedSources.add(source.getId());
}
if (queryOps.sourceOperations.isSourceAvailable(source) && canAccessSource) {
sourcesToQuery.add(source);
} else {
exceptions.add(queryOps.createUnavailableProcessingDetails(source));
}
}
if (!notPermittedSources.isEmpty()) {
SecurityLogger.audit(
"Subject is not permitted to access sources {}", notPermittedSources);
}
} else if (CollectionUtils.isNotEmpty(sourceIds)) {
// it's a targeted federated query
if (queryOps.includesLocalSources(sourceIds)) {
LOGGER.debug("Local source is included in sourceIds");
addConnectedSources =
CollectionUtils.isNotEmpty(frameworkProperties.getConnectedSources());
addCatalogProvider = queryOps.hasCatalogProvider();
sourceIds.remove(queryOps.getId());
sourceIds.remove(null);
sourceIds.remove("");
}
// See if we still have sources to look up by name
if (!sourceIds.isEmpty()) {
Set<String> notPermittedSources = new HashSet<>();
for (String id : sourceIds) {
LOGGER.debug("Looking up source ID = {}", id);
boolean sourceFound = false;
if (frameworkProperties.getFederatedSources().containsKey(id)) {
sourceFound = true;
boolean canAccessSource =
queryOps.canAccessSource(
frameworkProperties.getFederatedSources().get(id), queryRequest);
if (!canAccessSource) {
notPermittedSources.add(frameworkProperties.getFederatedSources().get(id).getId());
}
if (frameworkProperties.getFederatedSources().get(id).isAvailable()
&& canAccessSource) {
sourcesToQuery.add(frameworkProperties.getFederatedSources().get(id));
} else {
exceptions.add(
queryOps.createUnavailableProcessingDetails(
frameworkProperties.getFederatedSources().get(id)));
}
}
if (!sourceFound) {
exceptions.add(
new ProcessingDetailsImpl(
id, new SourceUnavailableException("Source id is not found")));
}
}
if (!notPermittedSources.isEmpty()) {
SecurityLogger.audit(
"Subject is not permitted to access sources {}", notPermittedSources);
}
}
} else {
// default to local sources
addConnectedSources = CollectionUtils.isNotEmpty(frameworkProperties.getConnectedSources());
addCatalogProvider = queryOps.hasCatalogProvider();
}
return this;
}
