示例#1
0
 Filter getFilterWithAdditionalFilters(List<Filter> originalFilter) {
   return frameworkProperties
       .getFilterBuilder()
       .allOf(
           getNonVersionTagsFilter(),
           frameworkProperties.getValidationQueryFactory().getFilterWithValidationFilter(),
           frameworkProperties.getFilterBuilder().anyOf(originalFilter));
 }
示例#2
0
 private Filter getNonVersionTagsFilter() {
   return frameworkProperties
       .getFilterBuilder()
       .not(
           frameworkProperties
               .getFilterBuilder()
               .attribute(Metacard.TAGS)
               .is()
               .like()
               .text(MetacardVersion.VERSION_TAG));
 }
示例#3
0
  /**
   * Executes a query using the specified {@link QueryRequest} and {@link FederationStrategy}. Based
   * on the isEnterprise and sourceIds list in the query request, the federated query may include
   * the local provider and {@link ConnectedSource}s.
   *
   * @param queryRequest the {@link QueryRequest}
   * @param strategy the {@link FederationStrategy}
   * @return the {@link QueryResponse}
   * @throws FederationException
   */
  QueryResponse doQuery(QueryRequest queryRequest, FederationStrategy strategy)
      throws FederationException {
    Set<String> sourceIds = getCombinedIdSet(queryRequest);
    LOGGER.debug("source ids: {}", sourceIds);

    QuerySources querySources =
        new QuerySources(frameworkProperties)
            .initializeSources(this, queryRequest, sourceIds)
            .addConnectedSources(this, frameworkProperties)
            .addCatalogProvider(this);

    if (querySources.isEmpty()) {
      // We have nothing to query at all.
      // TODO change to SourceUnavailableException
      throw new FederationException(
          "SiteNames could not be resolved due to invalid site names, none of the sites "
              + "were available, or the current subject doesn't have permission to access the sites.");
    }

    LOGGER.debug("Calling strategy.federate()");

    QueryResponse response = strategy.federate(querySources.sourcesToQuery, queryRequest);
    frameworkProperties.getQueryResponsePostProcessor().processResponse(response);
    return addProcessingDetails(querySources.exceptions, response);
  }
示例#4
0
  //
  // Helper methods
  //
  QueryResponse query(
      QueryRequest queryRequest,
      FederationStrategy strategy,
      boolean overrideFanoutRename,
      boolean fanoutEnabled)
      throws UnsupportedQueryException, FederationException {

    FederationStrategy fedStrategy = strategy;
    QueryResponse queryResponse;

    queryRequest = setFlagsOnRequest(queryRequest);

    try {
      queryRequest = validateQueryRequest(queryRequest);
      queryRequest = getFanoutQuery(queryRequest, fanoutEnabled);
      queryRequest = preProcessPreAuthorizationPlugins(queryRequest);
      queryRequest = populateQueryRequestPolicyMap(queryRequest);
      queryRequest = processPreQueryAccessPlugins(queryRequest);
      queryRequest = processPreQueryPlugins(queryRequest);
      queryRequest = validateQueryRequest(queryRequest);

      if (fedStrategy == null) {
        if (frameworkProperties.getFederationStrategy() == null) {
          throw new FederationException(
              "No Federation Strategies exist.  Cannot execute federated query.");
        } else {
          LOGGER.debug(
              "FederationStrategy was not specified, using default strategy: "
                  + frameworkProperties.getFederationStrategy().getClass());
          fedStrategy = frameworkProperties.getFederationStrategy();
        }
      }

      queryResponse = doQuery(queryRequest, fedStrategy);
      queryResponse = injectAttributes(queryResponse);
      queryResponse = validateFixQueryResponse(queryResponse, overrideFanoutRename, fanoutEnabled);
      queryResponse = postProcessPreAuthorizationPlugins(queryResponse);
      queryResponse = populateQueryResponsePolicyMap(queryResponse);
      queryResponse = processPostQueryAccessPlugins(queryResponse);
      queryResponse = processPostQueryPlugins(queryResponse);

    } catch (RuntimeException re) {
      throw new UnsupportedQueryException("Exception during runtime while performing query", re);
    }

    return queryResponse;
  }
示例#5
0
 private QueryResponse postProcessPreAuthorizationPlugins(QueryResponse queryResponse)
     throws FederationException {
   for (PreAuthorizationPlugin plugin : frameworkProperties.getPreAuthorizationPlugins()) {
     try {
       queryResponse = plugin.processPostQuery(queryResponse);
     } catch (StopProcessingException e) {
       throw new FederationException("Query could not be executed.", e);
     }
   }
   return queryResponse;
 }
示例#6
0
 private QueryRequest processPreQueryAccessPlugins(QueryRequest queryReq)
     throws FederationException {
   for (AccessPlugin plugin : frameworkProperties.getAccessPlugins()) {
     try {
       queryReq = plugin.processPreQuery(queryReq);
     } catch (StopProcessingException e) {
       throw new FederationException("Query could not be executed.", e);
     }
   }
   return queryReq;
 }
示例#7
0
 private QueryRequest processPreQueryPlugins(QueryRequest queryReq) throws FederationException {
   for (PreQueryPlugin service : frameworkProperties.getPreQuery()) {
     try {
       queryReq = service.process(queryReq);
     } catch (PluginExecutionException see) {
       LOGGER.debug("Error executing PreQueryPlugin: {}", see.getMessage(), see);
     } catch (StopProcessingException e) {
       throw new FederationException("Query could not be executed.", e);
     }
   }
   return queryReq;
 }
示例#8
0
    QuerySources addConnectedSources(
        QueryOperations queryOps, FrameworkProperties frameworkProperties) {
      if (addConnectedSources) {
        // add Connected Sources
        for (ConnectedSource source : frameworkProperties.getConnectedSources()) {
          if (queryOps.sourceOperations.isSourceAvailable(source)) {
            sourcesToQuery.add(source);
          } else {
            LOGGER.debug(
                "Connected Source {} is unavailable and will not be queried.", source.getId());
          }
        }
      }

      return this;
    }
示例#9
0
  private QueryRequest populateQueryRequestPolicyMap(QueryRequest queryReq)
      throws FederationException {
    HashMap<String, Set<String>> requestPolicyMap = new HashMap<>();
    Map<String, Serializable> unmodifiableProperties =
        Collections.unmodifiableMap(queryReq.getProperties());
    for (PolicyPlugin plugin : frameworkProperties.getPolicyPlugins()) {
      try {
        PolicyResponse policyResponse =
            plugin.processPreQuery(queryReq.getQuery(), unmodifiableProperties);
        opsSecuritySupport.buildPolicyMap(
            requestPolicyMap, policyResponse.operationPolicy().entrySet());
      } catch (StopProcessingException e) {
        throw new FederationException("Query could not be executed.", e);
      }
    }
    queryReq.getProperties().put(PolicyPlugin.OPERATION_SECURITY, requestPolicyMap);

    return queryReq;
  }
示例#10
0
  private QueryResponse injectAttributes(QueryResponse response) {
    List<Result> results =
        response
            .getResults()
            .stream()
            .map(
                result -> {
                  Metacard original = result.getMetacard();
                  Metacard metacard =
                      opsMetacardSupport.applyInjectors(
                          original, frameworkProperties.getAttributeInjectors());
                  ResultImpl newResult = new ResultImpl(metacard);
                  newResult.setDistanceInMeters(result.getDistanceInMeters());
                  newResult.setRelevanceScore(result.getRelevanceScore());
                  return newResult;
                })
            .collect(Collectors.toList());

    return new QueryResponseImpl(
        response.getRequest(), results, true, response.getHits(), response.getProperties());
  }
示例#11
0
  private QueryResponse populateQueryResponsePolicyMap(QueryResponse queryResponse)
      throws FederationException {
    HashMap<String, Set<String>> responsePolicyMap = new HashMap<>();
    Map<String, Serializable> unmodifiableProperties =
        Collections.unmodifiableMap(queryResponse.getProperties());
    for (Result result : queryResponse.getResults()) {
      HashMap<String, Set<String>> itemPolicyMap = new HashMap<>();
      for (PolicyPlugin plugin : frameworkProperties.getPolicyPlugins()) {
        try {
          PolicyResponse policyResponse = plugin.processPostQuery(result, unmodifiableProperties);
          opsSecuritySupport.buildPolicyMap(itemPolicyMap, policyResponse.itemPolicy().entrySet());
          opsSecuritySupport.buildPolicyMap(
              responsePolicyMap, policyResponse.operationPolicy().entrySet());
        } catch (StopProcessingException e) {
          throw new FederationException("Query could not be executed.", e);
        }
      }
      result.getMetacard().setAttribute(new AttributeImpl(Metacard.SECURITY, itemPolicyMap));
    }
    queryResponse.getProperties().put(PolicyPlugin.OPERATION_SECURITY, responsePolicyMap);

    return queryResponse;
  }
示例#12
0
    QuerySources initializeSources(
        QueryOperations queryOps, QueryRequest queryRequest, Set<String> sourceIds) {
      if (queryRequest.isEnterprise()) { // Check if it's an enterprise query
        addConnectedSources = true;
        addCatalogProvider = queryOps.hasCatalogProvider();

        if (sourceIds != null && !sourceIds.isEmpty()) {
          LOGGER.debug("Enterprise Query also included specific sites which will now be ignored");
          sourceIds.clear();
        }

        // add all the federated sources
        Set<String> notPermittedSources = new HashSet<>();
        for (FederatedSource source : frameworkProperties.getFederatedSources().values()) {
          boolean canAccessSource = queryOps.canAccessSource(source, queryRequest);
          if (!canAccessSource) {
            notPermittedSources.add(source.getId());
          }
          if (queryOps.sourceOperations.isSourceAvailable(source) && canAccessSource) {
            sourcesToQuery.add(source);
          } else {
            exceptions.add(queryOps.createUnavailableProcessingDetails(source));
          }
        }
        if (!notPermittedSources.isEmpty()) {
          SecurityLogger.audit(
              "Subject is not permitted to access sources {}", notPermittedSources);
        }

      } else if (CollectionUtils.isNotEmpty(sourceIds)) {
        // it's a targeted federated query
        if (queryOps.includesLocalSources(sourceIds)) {
          LOGGER.debug("Local source is included in sourceIds");
          addConnectedSources =
              CollectionUtils.isNotEmpty(frameworkProperties.getConnectedSources());
          addCatalogProvider = queryOps.hasCatalogProvider();
          sourceIds.remove(queryOps.getId());
          sourceIds.remove(null);
          sourceIds.remove("");
        }

        // See if we still have sources to look up by name
        if (!sourceIds.isEmpty()) {
          Set<String> notPermittedSources = new HashSet<>();
          for (String id : sourceIds) {
            LOGGER.debug("Looking up source ID = {}", id);
            boolean sourceFound = false;
            if (frameworkProperties.getFederatedSources().containsKey(id)) {
              sourceFound = true;
              boolean canAccessSource =
                  queryOps.canAccessSource(
                      frameworkProperties.getFederatedSources().get(id), queryRequest);
              if (!canAccessSource) {
                notPermittedSources.add(frameworkProperties.getFederatedSources().get(id).getId());
              }
              if (frameworkProperties.getFederatedSources().get(id).isAvailable()
                  && canAccessSource) {
                sourcesToQuery.add(frameworkProperties.getFederatedSources().get(id));
              } else {
                exceptions.add(
                    queryOps.createUnavailableProcessingDetails(
                        frameworkProperties.getFederatedSources().get(id)));
              }
            }

            if (!sourceFound) {
              exceptions.add(
                  new ProcessingDetailsImpl(
                      id, new SourceUnavailableException("Source id is not found")));
            }
          }
          if (!notPermittedSources.isEmpty()) {
            SecurityLogger.audit(
                "Subject is not permitted to access sources {}", notPermittedSources);
          }
        }
      } else {
        // default to local sources
        addConnectedSources = CollectionUtils.isNotEmpty(frameworkProperties.getConnectedSources());
        addCatalogProvider = queryOps.hasCatalogProvider();
      }

      return this;
    }