Package io.deephaven.server.session

Interface TicketResolver.Authorization

All Known Implementing Classes:
NoopTicketResolverAuthorization
Enclosing interface:
TicketResolver
public static interface TicketResolver.Authorization

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    authorizePublishRequest(TicketResolver ticketResolver, ByteBuffer ticket)
    Implementations must validate that the provided ticket is authorized for the current user.
    void
    authorizePublishRequest(TicketResolver ticketResolver, org.apache.arrow.flight.impl.Flight.FlightDescriptor descriptor)
    Implementations must validate that the provided ticket is authorized for the current user.
    default boolean
    isDeniedAccess(Object source)
    Check if the caller is denied access to source; semantically equivalent to transform(source) == null.
    <T> T
    transform(T source)
    Implementations must type check the provided source as any type of object can be stored in an export.

  • Method Details

    • isDeniedAccess

      default boolean isDeniedAccess(Object source)
      Check if the caller is denied access to source; semantically equivalent to transform(source) == null. A false result does not mean that the caller may use source untransformed; they must still call transform(Object) as needed.

      The default implementation is equivalent to transform(source) == null. Implementations that perform expensive transformations may want to override this method to provide a more efficient check.

      Parameters:
      source - the source object
      Returns:
      if the transform of source will result in null.

    • transform

      <T> T transform(T source)
      Implementations must type check the provided source as any type of object can be stored in an export.

      Parameters:
      source - the object to transform (such as by applying ACLs)
      Returns:
      an object that has been sanitized to be used by the current user; may return null if user does not have access to the resource
      ApiNote:
      Types typically encountered are Table and PartitionedTable. Perform an identity mapping for any types that you do not wish to transform. This method should not error. Implementations may wish to query ExecutionContext.getAuthContext() to apply user-specific transformations to requested resources.

    • authorizePublishRequest

      void authorizePublishRequest(TicketResolver ticketResolver, ByteBuffer ticket)
      Implementations must validate that the provided ticket is authorized for the current user.

      Parameters:
      ticketResolver - the ticket resolver
      ticket - the ticket to publish to as a byte buffer; note that the first byte is the route
      Throws:
      io.grpc.StatusRuntimeException - if the user is not authorized
      ApiNote:
      Implementations may wish to query ExecutionContext.getAuthContext() to apply user-specific transformations to requested resources.

    • authorizePublishRequest

      void authorizePublishRequest(TicketResolver ticketResolver, org.apache.arrow.flight.impl.Flight.FlightDescriptor descriptor)
      Implementations must validate that the provided ticket is authorized for the current user.

      Parameters:
      ticketResolver - the ticket resolver
      descriptor - the flight descriptor to publish to; note that the first path element is the route
      Throws:
      io.grpc.StatusRuntimeException - if the user is not authorized
      ApiNote:
      Implementations may wish to query ExecutionContext.getAuthContext() to apply user-specific transformations to requested resources.