/** ********************************************************************************* */ private SourceMetricsImpl configureSourceMetrics(String sourceId) throws Exception { catalogProvider = mock(CatalogProvider.class); when(catalogProvider.getId()).thenReturn(sourceId); fedSource = mock(FederatedSource.class); when(fedSource.getId()).thenReturn("fs-1"); sourceMetrics = new SourceMetricsImpl(); sourceMetrics.setCatalogProviders(Collections.singletonList(catalogProvider)); sourceMetrics.setFederatedSources(Collections.singletonList(fedSource)); assertThat(sourceMetrics, not(nullValue())); return sourceMetrics; }
boolean canAccessSource(FederatedSource source, QueryRequest request) { Map<String, Set<String>> securityAttributes = source.getSecurityAttributes(); if (securityAttributes.isEmpty()) { return true; } Object requestSubject = request.getProperties().get(SecurityConstants.SECURITY_SUBJECT); if (requestSubject instanceof ddf.security.Subject) { Subject subject = (Subject) requestSubject; KeyValueCollectionPermission kvCollection = new KeyValueCollectionPermission(CollectionPermission.READ_ACTION, securityAttributes); return subject.isPermitted(kvCollection); } return false; }
QuerySources initializeSources( QueryOperations queryOps, QueryRequest queryRequest, Set<String> sourceIds) { if (queryRequest.isEnterprise()) { // Check if it's an enterprise query addConnectedSources = true; addCatalogProvider = queryOps.hasCatalogProvider(); if (sourceIds != null && !sourceIds.isEmpty()) { LOGGER.debug("Enterprise Query also included specific sites which will now be ignored"); sourceIds.clear(); } // add all the federated sources Set<String> notPermittedSources = new HashSet<>(); for (FederatedSource source : frameworkProperties.getFederatedSources().values()) { boolean canAccessSource = queryOps.canAccessSource(source, queryRequest); if (!canAccessSource) { notPermittedSources.add(source.getId()); } if (queryOps.sourceOperations.isSourceAvailable(source) && canAccessSource) { sourcesToQuery.add(source); } else { exceptions.add(queryOps.createUnavailableProcessingDetails(source)); } } if (!notPermittedSources.isEmpty()) { SecurityLogger.audit( "Subject is not permitted to access sources {}", notPermittedSources); } } else if (CollectionUtils.isNotEmpty(sourceIds)) { // it's a targeted federated query if (queryOps.includesLocalSources(sourceIds)) { LOGGER.debug("Local source is included in sourceIds"); addConnectedSources = CollectionUtils.isNotEmpty(frameworkProperties.getConnectedSources()); addCatalogProvider = queryOps.hasCatalogProvider(); sourceIds.remove(queryOps.getId()); sourceIds.remove(null); sourceIds.remove(""); } // See if we still have sources to look up by name if (!sourceIds.isEmpty()) { Set<String> notPermittedSources = new HashSet<>(); for (String id : sourceIds) { LOGGER.debug("Looking up source ID = {}", id); boolean sourceFound = false; if (frameworkProperties.getFederatedSources().containsKey(id)) { sourceFound = true; boolean canAccessSource = queryOps.canAccessSource( frameworkProperties.getFederatedSources().get(id), queryRequest); if (!canAccessSource) { notPermittedSources.add(frameworkProperties.getFederatedSources().get(id).getId()); } if (frameworkProperties.getFederatedSources().get(id).isAvailable() && canAccessSource) { sourcesToQuery.add(frameworkProperties.getFederatedSources().get(id)); } else { exceptions.add( queryOps.createUnavailableProcessingDetails( frameworkProperties.getFederatedSources().get(id))); } } if (!sourceFound) { exceptions.add( new ProcessingDetailsImpl( id, new SourceUnavailableException("Source id is not found"))); } } if (!notPermittedSources.isEmpty()) { SecurityLogger.audit( "Subject is not permitted to access sources {}", notPermittedSources); } } } else { // default to local sources addConnectedSources = CollectionUtils.isNotEmpty(frameworkProperties.getConnectedSources()); addCatalogProvider = queryOps.hasCatalogProvider(); } return this; }