org.apache.pulsar.broker.web

Class PulsarWebResource

java.lang.Object

org.apache.pulsar.broker.web.PulsarWebResource

Direct Known Subclasses:

AdminResource, TopicLookupBase

public abstract class PulsarWebResource
extends Object

Base class for Web resources in Pulsar. It provides basic authorization functions.

Field Summary

Fields

Modifier and Type	Field and Description
protected javax.servlet.http.HttpServletRequest	httpRequest
protected static int	NOT_IMPLEMENTED
protected javax.servlet.ServletContext	servletContext
protected javax.ws.rs.core.UriInfo	uri

Constructor Summary

Constructors

Constructor and Description
PulsarWebResource()

Method Summary

Modifier and Type	Method and Description
protected static void	checkAuthorization(PulsarService pulsarService, org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData)
protected void	checkConnect(org.apache.pulsar.common.naming.TopicName topicName)
static CompletableFuture<org.apache.pulsar.common.policies.data.ClusterData>	checkLocalOrGetPeerReplicationCluster(PulsarService pulsarService, org.apache.pulsar.common.naming.NamespaceName namespace)
String	clientAppId() Gets a caller id (IP + role)
AuthenticationDataHttps	clientAuthData()
protected ServiceConfiguration	config()
protected static CompletableFuture<org.apache.pulsar.common.policies.data.ClusterData>	getClusterDataIfDifferentCluster(PulsarService pulsar, String cluster, String clientAppId)
protected boolean	hasSuperUserAccess()
protected CompletableFuture<Boolean>	isBundleOwnedByAnyBroker(org.apache.pulsar.common.naming.NamespaceName fqnn, org.apache.pulsar.common.policies.data.BundlesData bundles, String bundleRange) Checks whether a given bundle is currently loaded by any broker
static boolean	isClientAuthenticated(String appId)
protected boolean	isLeaderBroker()
protected static boolean	isLeaderBroker(PulsarService pulsar)
boolean	isRequestHttps()
static String	joinPath(String... parts)
String	originalPrincipal()
static String	path(String... parts)
protected PulsarService	pulsar()
void	setPulsar(PulsarService pulsar)
static String	splitPath(String source, int slice)
protected static void	validateAdminAccessForTenant(PulsarService pulsar, String clientAppId, String originalPrincipal, String tenant, AuthenticationDataSource authenticationData)
protected void	validateAdminAccessForTenant(String tenant) Checks that the http client role has admin access to the specified tenant.
void	validateBundleOwnership(NamespaceBundle bundle, boolean authoritative, boolean readOnly)
protected void	validateBundleOwnership(String tenant, String cluster, String namespace, boolean authoritative, boolean readOnly, NamespaceBundle bundle)
protected void	validateClusterForTenant(String tenant, String cluster)
protected void	validateClusterOwnership(String cluster) Check if the cluster exists and redirect the call to the owning cluster
protected void	validateGlobalNamespaceOwnership(org.apache.pulsar.common.naming.NamespaceName namespace) If the namespace is global, validate the following - 1.
protected NamespaceBundle	validateNamespaceBundleOwnership(org.apache.pulsar.common.naming.NamespaceName fqnn, org.apache.pulsar.common.policies.data.BundlesData bundles, String bundleRange, boolean authoritative, boolean readOnly)
protected NamespaceBundle	validateNamespaceBundleRange(org.apache.pulsar.common.naming.NamespaceName fqnn, org.apache.pulsar.common.policies.data.BundlesData bundles, String bundleRange)
void	validateNamespaceOperation(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.NamespaceOperation operation)
protected void	validateNamespaceOwnershipWithBundles(String tenant, String cluster, String namespace, boolean authoritative, boolean readOnly, org.apache.pulsar.common.policies.data.BundlesData bundleData) Checks whether the broker is the owner of all the namespace bundles.
void	validateNamespacePolicyOperation(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation)
protected void	validateSuperUserAccess() Checks whether the user has Pulsar Super-User access to the system.
void	validateTenantOperation(String tenant, org.apache.pulsar.common.policies.data.TenantOperation operation)
protected void	validateTopicOwnership(org.apache.pulsar.common.naming.TopicName topicName, boolean authoritative) Checks whether the broker is the owner of the namespace.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

servletContext

@Context
protected javax.servlet.ServletContext servletContext

httpRequest

@Context
protected javax.servlet.http.HttpServletRequest httpRequest

uri

@Context
protected javax.ws.rs.core.UriInfo uri

NOT_IMPLEMENTED

protected static final int NOT_IMPLEMENTED

See Also:

Constant Field Values

Constructor Detail

PulsarWebResource

public PulsarWebResource()

Method Detail

pulsar

protected PulsarService pulsar()

config

protected ServiceConfiguration config()

path

public static String path(String... parts)

joinPath

public static String joinPath(String... parts)

splitPath

public static String splitPath(String source,
                               int slice)

clientAppId

public String clientAppId()

Gets a caller id (IP + role)

Returns:

the web service caller identification

originalPrincipal

public String originalPrincipal()

clientAuthData

public AuthenticationDataHttps clientAuthData()

isRequestHttps

public boolean isRequestHttps()

isClientAuthenticated

public static boolean isClientAuthenticated(String appId)

hasSuperUserAccess

protected boolean hasSuperUserAccess()

validateSuperUserAccess

protected void validateSuperUserAccess()

Checks whether the user has Pulsar Super-User access to the system.

Throws:

javax.ws.rs.WebApplicationException - if not authorized

validateAdminAccessForTenant

protected void validateAdminAccessForTenant(String tenant)

Checks that the http client role has admin access to the specified tenant.

Parameters:

tenant - the tenant id

Throws:

javax.ws.rs.WebApplicationException - if not authorized

validateAdminAccessForTenant

protected static void validateAdminAccessForTenant(PulsarService pulsar,
                                                   String clientAppId,
                                                   String originalPrincipal,
                                                   String tenant,
                                                   AuthenticationDataSource authenticationData)
                                            throws RestException,
                                                   Exception

Throws:

RestException

Exception

validateClusterForTenant

protected void validateClusterForTenant(String tenant,
                                        String cluster)

validateClusterOwnership

protected void validateClusterOwnership(String cluster)
                                 throws javax.ws.rs.WebApplicationException

Check if the cluster exists and redirect the call to the owning cluster

Parameters:

cluster - Cluster name

Throws:

Exception - In case the redirect happens

javax.ws.rs.WebApplicationException

getClusterDataIfDifferentCluster

protected static CompletableFuture<org.apache.pulsar.common.policies.data.ClusterData> getClusterDataIfDifferentCluster(PulsarService pulsar,
                                                                                                                        String cluster,
                                                                                                                        String clientAppId)

validateNamespaceOwnershipWithBundles

protected void validateNamespaceOwnershipWithBundles(String tenant,
                                                     String cluster,
                                                     String namespace,
                                                     boolean authoritative,
                                                     boolean readOnly,
                                                     org.apache.pulsar.common.policies.data.BundlesData bundleData)

Checks whether the broker is the owner of all the namespace bundles. Otherwise, if authoritative is false, it will throw an exception to redirect to assigned owner or leader; if authoritative is true then it will try to acquire all the namespace bundles.

Parameters:

tenant - tenant name

cluster - cluster name

namespace - namespace name

authoritative - if it is an authoritative request

readOnly - if the request is read-only

bundleData - bundle data

validateBundleOwnership

protected void validateBundleOwnership(String tenant,
                                       String cluster,
                                       String namespace,
                                       boolean authoritative,
                                       boolean readOnly,
                                       NamespaceBundle bundle)

validateNamespaceBundleRange

protected NamespaceBundle validateNamespaceBundleRange(org.apache.pulsar.common.naming.NamespaceName fqnn,
                                                       org.apache.pulsar.common.policies.data.BundlesData bundles,
                                                       String bundleRange)

isBundleOwnedByAnyBroker

protected CompletableFuture<Boolean> isBundleOwnedByAnyBroker(org.apache.pulsar.common.naming.NamespaceName fqnn,
                                                              org.apache.pulsar.common.policies.data.BundlesData bundles,
                                                              String bundleRange)

Checks whether a given bundle is currently loaded by any broker

validateNamespaceBundleOwnership

protected NamespaceBundle validateNamespaceBundleOwnership(org.apache.pulsar.common.naming.NamespaceName fqnn,
                                                           org.apache.pulsar.common.policies.data.BundlesData bundles,
                                                           String bundleRange,
                                                           boolean authoritative,
                                                           boolean readOnly)

validateBundleOwnership

public void validateBundleOwnership(NamespaceBundle bundle,
                                    boolean authoritative,
                                    boolean readOnly)
                             throws Exception

Throws:

Exception

validateTopicOwnership

protected void validateTopicOwnership(org.apache.pulsar.common.naming.TopicName topicName,
                                      boolean authoritative)

Checks whether the broker is the owner of the namespace. Otherwise it will raise an exception to redirect the client to the appropriate broker. If no broker owns the namespace yet, this function will try to acquire the ownership by default.

Parameters:

topicName - topic name

authoritative -

validateGlobalNamespaceOwnership

protected void validateGlobalNamespaceOwnership(org.apache.pulsar.common.naming.NamespaceName namespace)

If the namespace is global, validate the following - 1. If replicated clusters are configured for this global namespace 2. If local cluster belonging to this namespace is replicated 3. If replication is enabled for this namespace
It validates if local cluster is part of replication-cluster. If local cluster is not part of the replication cluster then it redirects request to peer-cluster if any of the peer-cluster is part of replication-cluster of this namespace. If none of the cluster is part of the replication cluster then it fails the validation.

Parameters:

namespace -

Throws:

Exception

checkLocalOrGetPeerReplicationCluster

public static CompletableFuture<org.apache.pulsar.common.policies.data.ClusterData> checkLocalOrGetPeerReplicationCluster(PulsarService pulsarService,
                                                                                                                          org.apache.pulsar.common.naming.NamespaceName namespace)

checkConnect

protected void checkConnect(org.apache.pulsar.common.naming.TopicName topicName)
                     throws RestException,
                            Exception

Throws:

RestException

Exception

checkAuthorization

protected static void checkAuthorization(PulsarService pulsarService,
                                         org.apache.pulsar.common.naming.TopicName topicName,
                                         String role,
                                         AuthenticationDataSource authenticationData)
                                  throws RestException,
                                         Exception

Throws:

RestException

Exception

setPulsar

public void setPulsar(PulsarService pulsar)

isLeaderBroker

protected boolean isLeaderBroker()

isLeaderBroker

protected static boolean isLeaderBroker(PulsarService pulsar)

validateTenantOperation

public void validateTenantOperation(String tenant,
                                    org.apache.pulsar.common.policies.data.TenantOperation operation)

validateNamespaceOperation

public void validateNamespaceOperation(org.apache.pulsar.common.naming.NamespaceName namespaceName,
                                       org.apache.pulsar.common.policies.data.NamespaceOperation operation)

validateNamespacePolicyOperation

public void validateNamespacePolicyOperation(org.apache.pulsar.common.naming.NamespaceName namespaceName,
                                             org.apache.pulsar.common.policies.data.PolicyName policy,
                                             org.apache.pulsar.common.policies.data.PolicyOperation operation)