Package org.apache.pulsar.broker.authorization

Class AuthorizationService

java.lang.Object

org.apache.pulsar.broker.authorization.AuthorizationService

public class AuthorizationService
extends Object

Authorization service that manages pluggable authorization provider and authorize requests accordingly.

Constructor Summary

Constructors

Constructor	Description
AuthorizationService(ServiceConfiguration conf, PulsarResources pulsarResources)

Method Summary

Modifier and Type	Method	Description
CompletableFuture<Boolean>	allowFunctionOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, String role, AuthenticationDataSource authenticationData)
CompletableFuture<Boolean>	allowFunctionOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, AuthenticationParameters authParams)
CompletableFuture<Boolean>	allowNamespaceOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.NamespaceOperation operation, String originalRole, String role, AuthenticationDataSource authData)
CompletableFuture<Boolean>	allowNamespaceOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.NamespaceOperation operation, String role, AuthenticationDataSource authData)	Grant authorization-action permission on a namespace to the given client.
boolean	allowNamespacePolicyOperation(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String originalRole, String role, AuthenticationDataSource authData)	Deprecated. - will be removed after 2.12.
CompletableFuture<Boolean>	allowNamespacePolicyOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String originalRole, String role, AuthenticationDataSource authData)
CompletableFuture<Boolean>	allowNamespacePolicyOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String role, AuthenticationDataSource authData)	Grant authorization-action permission on a namespace to the given client.
CompletableFuture<Boolean>	allowSinkOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, String role, AuthenticationDataSource authenticationData)
CompletableFuture<Boolean>	allowSinkOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, AuthenticationParameters authParams)
CompletableFuture<Boolean>	allowSourceOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, String role, AuthenticationDataSource authenticationData)
CompletableFuture<Boolean>	allowSourceOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, AuthenticationParameters authParams)
boolean	allowTenantOperation(String tenantName, org.apache.pulsar.common.policies.data.TenantOperation operation, String originalRole, String role, AuthenticationDataSource authData)	Deprecated. - will be removed after 2.12.
CompletableFuture<Boolean>	allowTenantOperationAsync(String tenantName, org.apache.pulsar.common.policies.data.TenantOperation operation, String originalRole, String role, AuthenticationDataSource authData)
CompletableFuture<Boolean>	allowTenantOperationAsync(String tenantName, org.apache.pulsar.common.policies.data.TenantOperation operation, String role, AuthenticationDataSource authData)	Grant authorization-action permission on a tenant to the given client.
Boolean	allowTopicOperation(org.apache.pulsar.common.naming.TopicName topicName, org.apache.pulsar.common.policies.data.TopicOperation operation, String originalRole, String role, AuthenticationDataSource authData)	Deprecated. - will be removed after 2.12.
CompletableFuture<Boolean>	allowTopicOperationAsync(org.apache.pulsar.common.naming.TopicName topicName, org.apache.pulsar.common.policies.data.TopicOperation operation, String originalRole, String role, AuthenticationDataSource authData)
CompletableFuture<Boolean>	allowTopicOperationAsync(org.apache.pulsar.common.naming.TopicName topicName, org.apache.pulsar.common.policies.data.TopicOperation operation, String role, AuthenticationDataSource authData)	Grant authorization-action permission on a topic to the given client.
CompletableFuture<Boolean>	allowTopicOperationAsync(org.apache.pulsar.common.naming.TopicName topicName, org.apache.pulsar.common.policies.data.TopicOperation operation, AuthenticationParameters authParams)
Boolean	allowTopicPolicyOperation(org.apache.pulsar.common.naming.TopicName topicName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String originalRole, String role, AuthenticationDataSource authData)	Deprecated. - will be removed after 2.12.
CompletableFuture<Boolean>	allowTopicPolicyOperationAsync(org.apache.pulsar.common.naming.TopicName topicName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String originalRole, String role, AuthenticationDataSource authData)
CompletableFuture<Boolean>	allowTopicPolicyOperationAsync(org.apache.pulsar.common.naming.TopicName topicName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String role, AuthenticationDataSource authData)	Grant authorization-action permission on a topic to the given client.
boolean	canConsume(org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData, String subscription)
CompletableFuture<Boolean>	canConsumeAsync(org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData, String subscription)	Check if the specified role has permission to receive messages from the specified fully qualified topic name.
boolean	canLookup(org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData)	Check whether the specified role can perform a lookup for the specified topic.
CompletableFuture<Boolean>	canLookupAsync(org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData)	Check whether the specified role can perform a lookup for the specified topic.
boolean	canProduce(org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData)
CompletableFuture<Boolean>	canProduceAsync(org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData)	Check if the specified role has permission to send messages to the specified fully qualified topic name.
CompletableFuture<Map<String,Set<org.apache.pulsar.common.policies.data.AuthAction>>>	getPermissionsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName)
CompletableFuture<Map<String,Set<org.apache.pulsar.common.policies.data.AuthAction>>>	getPermissionsAsync(org.apache.pulsar.common.naming.TopicName topicName)
CompletableFuture<Map<String,Set<String>>>	getSubscriptionPermissionsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName)
CompletableFuture<Void>	grantPermissionAsync(org.apache.pulsar.common.naming.NamespaceName namespace, Set<org.apache.pulsar.common.policies.data.AuthAction> actions, String role, String authDataJson)	Grant authorization-action permission on a namespace to the given client.
CompletableFuture<Void>	grantPermissionAsync(org.apache.pulsar.common.naming.TopicName topicName, Set<org.apache.pulsar.common.policies.data.AuthAction> actions, String role, String authDataJson)	Grant authorization-action permission on a topic to the given client.
CompletableFuture<Void>	grantSubscriptionPermissionAsync(org.apache.pulsar.common.naming.NamespaceName namespace, String subscriptionName, Set<String> roles, String authDataJson)	Grant permission to roles that can access subscription-admin api.
boolean	isProxyRole(String role)
CompletableFuture<Boolean>	isSuperUser(String user, AuthenticationDataSource authenticationData)
CompletableFuture<Boolean>	isSuperUser(AuthenticationParameters authParams)
CompletableFuture<Boolean>	isTenantAdmin(String tenant, String role, org.apache.pulsar.common.policies.data.TenantInfo tenantInfo, AuthenticationDataSource authenticationData)
boolean	isValidOriginalPrincipal(String authenticatedPrincipal, String originalPrincipal, SocketAddress remoteAddress, boolean allowNonProxyPrincipalsToBeEqual)	Validates that the authenticatedPrincipal and the originalPrincipal are a valid combination.
boolean	isValidOriginalPrincipal(String authenticatedPrincipal, String originalPrincipal, AuthenticationDataSource authDataSource)	Whether the authenticatedPrincipal and the originalPrincipal form a valid pair.
CompletableFuture<Void>	removePermissionsAsync(org.apache.pulsar.common.naming.TopicName topicName)
CompletableFuture<Void>	revokePermissionAsync(org.apache.pulsar.common.naming.NamespaceName namespace, String role)	Revoke authorization-action permission on a namespace to the given client.
CompletableFuture<Void>	revokePermissionAsync(org.apache.pulsar.common.naming.TopicName topicName, String role)	Revoke authorization-action permission on a topic to the given client.
CompletableFuture<Void>	revokeSubscriptionPermissionAsync(org.apache.pulsar.common.naming.NamespaceName namespace, String subscriptionName, String role, String authDataJson)	Revoke subscription admin-api access for a role.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

AuthorizationService

public AuthorizationService(ServiceConfiguration conf,
 PulsarResources pulsarResources)
                     throws PulsarServerException

Throws:

PulsarServerException

Method Details

isSuperUser

public CompletableFuture<Boolean> isSuperUser(AuthenticationParameters authParams)

isSuperUser

public CompletableFuture<Boolean> isSuperUser(String user,
 AuthenticationDataSource authenticationData)

isTenantAdmin

public CompletableFuture<Boolean> isTenantAdmin(String tenant,
 String role,
 org.apache.pulsar.common.policies.data.TenantInfo tenantInfo,
 AuthenticationDataSource authenticationData)

grantPermissionAsync

public CompletableFuture<Void> grantPermissionAsync(org.apache.pulsar.common.naming.NamespaceName namespace,
 Set<org.apache.pulsar.common.policies.data.AuthAction> actions,
 String role,
 String authDataJson)

Grant authorization-action permission on a namespace to the given client. NOTE: used to complete with IllegalArgumentException when namespace not found or with IllegalStateException when failed to grant permission.

Parameters:

namespace -

actions -

role -

authDataJson - additional authdata in json for targeted authorization provider

revokePermissionAsync

public CompletableFuture<Void> revokePermissionAsync(org.apache.pulsar.common.naming.NamespaceName namespace,
 String role)

Revoke authorization-action permission on a namespace to the given client.

Parameters:

namespace -

role -

grantSubscriptionPermissionAsync

public CompletableFuture<Void> grantSubscriptionPermissionAsync(org.apache.pulsar.common.naming.NamespaceName namespace,
 String subscriptionName,
 Set<String> roles,
 String authDataJson)

Grant permission to roles that can access subscription-admin api.

Parameters:

namespace -

subscriptionName -

roles -

authDataJson - additional authdata in json for targeted authorization provider

Returns:

revokeSubscriptionPermissionAsync

public CompletableFuture<Void> revokeSubscriptionPermissionAsync(org.apache.pulsar.common.naming.NamespaceName namespace,
 String subscriptionName,
 String role,
 String authDataJson)

Revoke subscription admin-api access for a role.

Parameters:

namespace -

subscriptionName -

role -

Returns:

grantPermissionAsync

public CompletableFuture<Void> grantPermissionAsync(org.apache.pulsar.common.naming.TopicName topicName,
 Set<org.apache.pulsar.common.policies.data.AuthAction> actions,
 String role,
 String authDataJson)

Grant authorization-action permission on a topic to the given client. NOTE: used to complete with IllegalArgumentException when namespace not found or with IllegalStateException when failed to grant permission.

Parameters:

topicName -

role -

authDataJson - additional authdata in json for targeted authorization provider

revokePermissionAsync

public CompletableFuture<Void> revokePermissionAsync(org.apache.pulsar.common.naming.TopicName topicName,
 String role)

Revoke authorization-action permission on a topic to the given client.

Parameters:

topicName -

role -

canProduceAsync

public CompletableFuture<Boolean> canProduceAsync(org.apache.pulsar.common.naming.TopicName topicName,
 String role,
 AuthenticationDataSource authenticationData)

Check if the specified role has permission to send messages to the specified fully qualified topic name.

Parameters:

topicName - the fully qualified topic name associated with the topic.

role - the app id used to send messages to the topic.

canConsumeAsync

public CompletableFuture<Boolean> canConsumeAsync(org.apache.pulsar.common.naming.TopicName topicName,
 String role,
 AuthenticationDataSource authenticationData,
 String subscription)

Check if the specified role has permission to receive messages from the specified fully qualified topic name.

Parameters:

topicName - the fully qualified topic name associated with the topic.

role - the app id used to receive messages from the topic.

subscription - the subscription name defined by the client

canProduce

public boolean canProduce(org.apache.pulsar.common.naming.TopicName topicName,
 String role,
 AuthenticationDataSource authenticationData)
                   throws Exception

Throws:

Exception

canConsume

public boolean canConsume(org.apache.pulsar.common.naming.TopicName topicName,
 String role,
 AuthenticationDataSource authenticationData,
 String subscription)
                   throws Exception

Throws:

Exception

canLookup

public boolean canLookup(org.apache.pulsar.common.naming.TopicName topicName,
 String role,
 AuthenticationDataSource authenticationData)
                  throws Exception

Check whether the specified role can perform a lookup for the specified topic. For that the caller needs to have producer or consumer permission.

Parameters:

topicName -

role -

Returns:

Throws:

Exception

canLookupAsync

public CompletableFuture<Boolean> canLookupAsync(org.apache.pulsar.common.naming.TopicName topicName,
 String role,
 AuthenticationDataSource authenticationData)

Check whether the specified role can perform a lookup for the specified topic. For that the caller needs to have producer or consumer permission.

Parameters:

topicName -

role -

Returns:

Throws:

Exception

allowFunctionOpsAsync

public CompletableFuture<Boolean> allowFunctionOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName,
 String role,
 AuthenticationDataSource authenticationData)

allowFunctionOpsAsync

public CompletableFuture<Boolean> allowFunctionOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName,
 AuthenticationParameters authParams)

allowSourceOpsAsync

public CompletableFuture<Boolean> allowSourceOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName,
 String role,
 AuthenticationDataSource authenticationData)

allowSourceOpsAsync

public CompletableFuture<Boolean> allowSourceOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName,
 AuthenticationParameters authParams)

allowSinkOpsAsync

public CompletableFuture<Boolean> allowSinkOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName,
 String role,
 AuthenticationDataSource authenticationData)

allowSinkOpsAsync

public CompletableFuture<Boolean> allowSinkOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName,
 AuthenticationParameters authParams)

isValidOriginalPrincipal

public boolean isValidOriginalPrincipal(String authenticatedPrincipal,
 String originalPrincipal,
 AuthenticationDataSource authDataSource)

Whether the authenticatedPrincipal and the originalPrincipal form a valid pair. This method assumes that authenticatedPrincipal and originalPrincipal can be equal, as long as they are not a proxy role. This use case is relevant for the admin server because of the way the proxy handles authentication. The binary protocol should not use this method.

Returns:

true when roles are a valid combination and false when roles are an invalid combination

isValidOriginalPrincipal

public boolean isValidOriginalPrincipal(String authenticatedPrincipal,
 String originalPrincipal,
 SocketAddress remoteAddress,
 boolean allowNonProxyPrincipalsToBeEqual)

Validates that the authenticatedPrincipal and the originalPrincipal are a valid combination. Valid combinations fulfill one of the following two rules:

1. The authenticatedPrincipal is in ServiceConfiguration#getProxyRoles(), if, and only if, the originalPrincipal is set to a role that is not also in ServiceConfiguration#getProxyRoles().

2. The authenticatedPrincipal and the originalPrincipal are the same, but are not a proxyRole, when allowNonProxyPrincipalsToBeEqual is true.

Returns:

true when roles are a valid combination and false when roles are an invalid combination

isProxyRole

public boolean isProxyRole(String role)

allowTenantOperationAsync

public CompletableFuture<Boolean> allowTenantOperationAsync(String tenantName,
 org.apache.pulsar.common.policies.data.TenantOperation operation,
 String role,
 AuthenticationDataSource authData)

Grant authorization-action permission on a tenant to the given client.

Parameters:

tenantName - tenant name

operation - tenant operation

role - role name

authData - additional authdata in json for targeted authorization provider

Returns:

IllegalArgumentException when tenant not found

Throws:

IllegalStateException - when failed to grant permission

allowTenantOperationAsync

public CompletableFuture<Boolean> allowTenantOperationAsync(String tenantName,
 org.apache.pulsar.common.policies.data.TenantOperation operation,
 String originalRole,
 String role,
 AuthenticationDataSource authData)

allowTenantOperation

@Deprecated
public boolean allowTenantOperation(String tenantName,
 org.apache.pulsar.common.policies.data.TenantOperation operation,
 String originalRole,
 String role,
 AuthenticationDataSource authData)
                             throws Exception

Deprecated.

- will be removed after 2.12. Use async variant.

Throws:

Exception

allowNamespaceOperationAsync

public CompletableFuture<Boolean> allowNamespaceOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName,
 org.apache.pulsar.common.policies.data.NamespaceOperation operation,
 String role,
 AuthenticationDataSource authData)

Grant authorization-action permission on a namespace to the given client.

Parameters:

namespaceName -

operation -

role -

authData - additional authdata in json for targeted authorization provider

Returns:

IllegalArgumentException when namespace not found

Throws:

IllegalStateException - when failed to grant permission

allowNamespaceOperationAsync

public CompletableFuture<Boolean> allowNamespaceOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName,
 org.apache.pulsar.common.policies.data.NamespaceOperation operation,
 String originalRole,
 String role,
 AuthenticationDataSource authData)

allowNamespacePolicyOperationAsync

public CompletableFuture<Boolean> allowNamespacePolicyOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName,
 org.apache.pulsar.common.policies.data.PolicyName policy,
 org.apache.pulsar.common.policies.data.PolicyOperation operation,
 String role,
 AuthenticationDataSource authData)

Grant authorization-action permission on a namespace to the given client.

Parameters:

namespaceName -

operation -

role -

authData - additional authdata in json for targeted authorization provider

Returns:

IllegalArgumentException when namespace not found

Throws:

IllegalStateException - when failed to grant permission

allowNamespacePolicyOperationAsync

public CompletableFuture<Boolean> allowNamespacePolicyOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName,
 org.apache.pulsar.common.policies.data.PolicyName policy,
 org.apache.pulsar.common.policies.data.PolicyOperation operation,
 String originalRole,
 String role,
 AuthenticationDataSource authData)

allowNamespacePolicyOperation

@Deprecated
public boolean allowNamespacePolicyOperation(org.apache.pulsar.common.naming.NamespaceName namespaceName,
 org.apache.pulsar.common.policies.data.PolicyName policy,
 org.apache.pulsar.common.policies.data.PolicyOperation operation,
 String originalRole,
 String role,
 AuthenticationDataSource authData)
                                      throws Exception

Deprecated.

- will be removed after 2.12. Use async variant.

Throws:

Exception

allowTopicPolicyOperationAsync

public CompletableFuture<Boolean> allowTopicPolicyOperationAsync(org.apache.pulsar.common.naming.TopicName topicName,
 org.apache.pulsar.common.policies.data.PolicyName policy,
 org.apache.pulsar.common.policies.data.PolicyOperation operation,
 String role,
 AuthenticationDataSource authData)

Grant authorization-action permission on a topic to the given client.

Parameters:

topicName -

policy -

operation -

role -

authData - additional authdata in json for targeted authorization provider

Throws:

IllegalStateException - when failed to grant permission

allowTopicPolicyOperationAsync

public CompletableFuture<Boolean> allowTopicPolicyOperationAsync(org.apache.pulsar.common.naming.TopicName topicName,
 org.apache.pulsar.common.policies.data.PolicyName policy,
 org.apache.pulsar.common.policies.data.PolicyOperation operation,
 String originalRole,
 String role,
 AuthenticationDataSource authData)

allowTopicPolicyOperation

@Deprecated
public Boolean allowTopicPolicyOperation(org.apache.pulsar.common.naming.TopicName topicName,
 org.apache.pulsar.common.policies.data.PolicyName policy,
 org.apache.pulsar.common.policies.data.PolicyOperation operation,
 String originalRole,
 String role,
 AuthenticationDataSource authData)
                                  throws Exception

Deprecated.

- will be removed after 2.12. Use async variant.

Throws:

Exception

allowTopicOperationAsync

public CompletableFuture<Boolean> allowTopicOperationAsync(org.apache.pulsar.common.naming.TopicName topicName,
 org.apache.pulsar.common.policies.data.TopicOperation operation,
 String role,
 AuthenticationDataSource authData)

Grant authorization-action permission on a topic to the given client.

Parameters:

topicName -

operation -

role -

authData - additional authdata in json for targeted authorization provider

Returns:

IllegalArgumentException when namespace not found

Throws:

IllegalStateException - when failed to grant permission

allowTopicOperationAsync

public CompletableFuture<Boolean> allowTopicOperationAsync(org.apache.pulsar.common.naming.TopicName topicName,
 org.apache.pulsar.common.policies.data.TopicOperation operation,
 AuthenticationParameters authParams)

allowTopicOperationAsync

public CompletableFuture<Boolean> allowTopicOperationAsync(org.apache.pulsar.common.naming.TopicName topicName,
 org.apache.pulsar.common.policies.data.TopicOperation operation,
 String originalRole,
 String role,
 AuthenticationDataSource authData)

allowTopicOperation

@Deprecated
public Boolean allowTopicOperation(org.apache.pulsar.common.naming.TopicName topicName,
 org.apache.pulsar.common.policies.data.TopicOperation operation,
 String originalRole,
 String role,
 AuthenticationDataSource authData)
                            throws Exception

Deprecated.

- will be removed after 2.12. Use async variant.

Throws:

Exception

removePermissionsAsync

public CompletableFuture<Void> removePermissionsAsync(org.apache.pulsar.common.naming.TopicName topicName)

getPermissionsAsync

public CompletableFuture<Map<String,Set<org.apache.pulsar.common.policies.data.AuthAction>>> getPermissionsAsync(org.apache.pulsar.common.naming.TopicName topicName)

getPermissionsAsync

public CompletableFuture<Map<String,Set<org.apache.pulsar.common.policies.data.AuthAction>>> getPermissionsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName)

getSubscriptionPermissionsAsync

public CompletableFuture<Map<String,Set<String>>> getSubscriptionPermissionsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName)