This project has retired. For details please refer to its Attic page.
AuthorizeServerHandler xref
View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  
19  package org.apache.giraph.comm.netty.handler;
20  
21  import org.apache.giraph.comm.netty.NettyServer;
22  import org.apache.giraph.comm.netty.SaslNettyServer;
23  import org.apache.log4j.Logger;
24  
25  import io.netty.channel.ChannelInboundHandlerAdapter;
26  import io.netty.channel.ChannelHandlerContext;
27  /**
28   * Authorize or deny client requests based on existence and completeness
29   * of client's SASL authentication.
30   */
31  public class AuthorizeServerHandler extends
32      ChannelInboundHandlerAdapter {
33    /** Class logger */
34    private static final Logger LOG =
35        Logger.getLogger(AuthorizeServerHandler.class);
36  
37    /**
38     * Constructor.
39     */
40    public AuthorizeServerHandler() {
41    }
42  
43    @Override
44    public void channelRead(ChannelHandlerContext ctx, Object msg)
45      throws Exception {
46      if (LOG.isDebugEnabled()) {
47        LOG.debug("messageReceived: Got " + msg.getClass());
48      }
49      // Authorize: client is allowed to doRequest() if and only if the client
50      // has successfully authenticated with this server.
51      SaslNettyServer saslNettyServer =
52          ctx.attr(NettyServer.CHANNEL_SASL_NETTY_SERVERS).get();
53      if (saslNettyServer == null) {
54        LOG.warn("messageReceived: This client is *NOT* authorized to perform " +
55            "this action since there's no saslNettyServer to " +
56            "authenticate the client: " +
57            "refusing to perform requested action: " + msg);
58        return;
59      }
60  
61      if (!saslNettyServer.isComplete()) {
62        LOG.warn("messageReceived: This client is *NOT* authorized to perform " +
63            "this action because SASL authentication did not complete: " +
64            "refusing to perform requested action: " + msg);
65        // Return now *WITHOUT* sending upstream here, since client
66        // not authorized.
67        return;
68      }
69      if (LOG.isDebugEnabled()) {
70        LOG.debug("messageReceived: authenticated client: " +
71            saslNettyServer.getUserName() + " is authorized to do request " +
72            "on server.");
73      }
74      // We call fireChannelRead since the client is allowed to perform this
75      // request. The client's request will now proceed to the next
76      // pipeline component, namely, RequestServerHandler.
77      ctx.fireChannelRead(msg);
78    }
79  }