diff --git a/server/src/main/java/io/druid/server/http/MetadataResource.java b/server/src/main/java/io/druid/server/http/MetadataResource.java index e480121b8b9f..2cb3eca2df3d 100644 --- a/server/src/main/java/io/druid/server/http/MetadataResource.java +++ b/server/src/main/java/io/druid/server/http/MetadataResource.java @@ -20,6 +20,8 @@ package io.druid.server.http; import com.google.common.base.Function; +import com.google.common.base.Optional; +import com.google.common.base.Preconditions; import com.google.common.base.Predicate; import com.google.common.collect.Collections2; import com.google.common.collect.Iterables; @@ -89,74 +91,69 @@ public Response getDatabaseDataSources( { Response.ResponseBuilder builder = Response.status(Response.Status.OK); - final Collection druidDataSources; - if (authConfig.isEnabled()) { - // This is an experimental feature, see - https://github.com/druid-io/druid/pull/2424 - final Map, Access> resourceAccessMap = new HashMap<>(); - final AuthorizationInfo authorizationInfo = (AuthorizationInfo) req.getAttribute(AuthConfig.DRUID_AUTH_TOKEN); - if (includeDisabled != null) { - return builder.entity( - Collections2.filter( - metadataSegmentManager.getAllDatasourceNames(), - new Predicate() - { - @Override - public boolean apply(String input) - { - Resource resource = new Resource(input, ResourceType.DATASOURCE); - Action action = Action.READ; - Pair key = new Pair<>(resource, action); - if (resourceAccessMap.containsKey(key)) { - return resourceAccessMap.get(key).isAllowed(); - } else { - Access access = authorizationInfo.isAuthorized(key.lhs, key.rhs); - resourceAccessMap.put(key, access); - return access.isAllowed(); - } - } - } - )).build(); - } else { - druidDataSources = - Collections2.filter( - metadataSegmentManager.getInventory(), - new Predicate() - { - @Override - public boolean apply(DruidDataSource input) - { - Resource resource = new Resource(input.getName(), ResourceType.DATASOURCE); - Action action = Action.READ; - Pair key = new Pair<>(resource, action); - if (resourceAccessMap.containsKey(key)) { - return resourceAccessMap.get(key).isAllowed(); - } else { - Access access = authorizationInfo.isAuthorized(key.lhs, key.rhs); - resourceAccessMap.put(key, access); - return access.isAllowed(); - } - } - } - ); - } - } else { - druidDataSources = metadataSegmentManager.getInventory(); - } + // This is an experimental feature, see - https://github.com/druid-io/druid/pull/2424 + final Optional authorizationInfoOptional = + authConfig.isEnabled() ? Optional.of( + Preconditions.checkNotNull( + (AuthorizationInfo) req.getAttribute(AuthConfig.DRUID_AUTH_TOKEN), + "Security is enabled but no authorization info found in the request" + )) : + Optional.absent(); if (includeDisabled != null) { - return builder.entity( - Collections2.transform( - druidDataSources, - new Function() + final Collection allDatasourceNames; + if (authorizationInfoOptional.isPresent()) { + final Map, Access> resourceAccessMap = new HashMap<>(); + allDatasourceNames = Collections2.filter( + metadataSegmentManager.getAllDatasourceNames(), + new Predicate() + { + @Override + public boolean apply(String input) { - @Override - public String apply(DruidDataSource input) - { - return input.getName(); + Resource resource = new Resource(input, ResourceType.DATASOURCE); + Action action = Action.READ; + Pair key = new Pair<>(resource, action); + if (resourceAccessMap.containsKey(key)) { + return resourceAccessMap.get(key).isAllowed(); + } else { + Access access = authorizationInfoOptional.get().isAuthorized(key.lhs, key.rhs); + resourceAccessMap.put(key, access); + return access.isAllowed(); } } - ) - ).build(); + } + ); + } else { + allDatasourceNames = metadataSegmentManager.getAllDatasourceNames(); + } + return builder.entity(allDatasourceNames).build(); + } + final Collection druidDataSources; + if (authorizationInfoOptional.isPresent()) { + final Map, Access> resourceAccessMap = new HashMap<>(); + druidDataSources = Collections2.filter( + metadataSegmentManager.getInventory(), + new Predicate() + { + @Override + public boolean apply(DruidDataSource input) + { + Resource resource = new Resource(input.getName(), ResourceType.DATASOURCE); + Action action = Action.READ; + Pair key = new Pair<>(resource, action); + if (resourceAccessMap.containsKey(key)) { + return resourceAccessMap.get(key).isAllowed(); + } else { + Access access = authorizationInfoOptional.get().isAuthorized(key.lhs, key.rhs); + resourceAccessMap.put(key, access); + return access.isAllowed(); + } + } + } + ); + } else { + druidDataSources = metadataSegmentManager.getInventory(); } if (full != null) { return builder.entity(druidDataSources).build();