io.netty.channel.ChannelHandlerAdapter

io.netty.channel.ChannelInboundHandlerAdapter

io.netty.channel.SimpleChannelInboundHandler<io.netty.handler.codec.http.HttpRequest>

com.linkedin.venice.acl.handler.AbstractStoreAclHandler<QueryAction>

com.linkedin.venice.listener.ServerStoreAclHandler

All Implemented Interfaces:: io.grpc.ServerInterceptor, io.netty.channel.ChannelHandler, io.netty.channel.ChannelInboundHandler

public class ServerStoreAclHandler extends AbstractStoreAclHandler<QueryAction> implements io.grpc.ServerInterceptor

Together with ServerAclHandler, Server will allow two kinds of access pattern: 1. Access from Router, and Router request will be validated in ServerAclHandler, and ServerStoreAclHandler will be a quick pass-through. 2. Access from Client directly, and ServerAclHandler will deny the request, and ServerStoreAclHandler will validate the request in store-level, which is exactly same as the access control behavior in Router. If both of them fail, the request will be rejected.

Nested Class Summary

Nested classes/interfaces inherited from interface io.netty.channel.ChannelHandler
io.netty.channel.ChannelHandler.Sharable
Field Summary

Fields inherited from class com.linkedin.venice.acl.handler.AbstractStoreAclHandler
STORE_ACL_CHECK_RESULT, STORE_ACL_CHECK_RESULT_ATTRIBUTE_KEY
Constructor Summary

Constructors

Constructor

Description

ServerStoreAclHandler(IdentityParser identityParser, DynamicAccessController accessController, ReadOnlyStoreRepository metadataRepository, int cacheTTLMs)

ServerStoreAclHandler(IdentityParser identityParser, DynamicAccessController accessController, ReadOnlyStoreRepository metadataRepository, int cacheTTLMs, Time time)
Method Summary

Modifier and Type

Method

Description

protected String

extractStoreName(QueryAction queryAction, String[] requestParts)

<ReqT, RespT> io.grpc.ServerCall.Listener<ReqT>

interceptCall(io.grpc.ServerCall<ReqT,RespT> call, io.grpc.Metadata headers, io.grpc.ServerCallHandler<ReqT,RespT> next)

protected boolean

isAccessAlreadyApproved(io.netty.channel.Channel originalChannel)

protected boolean

needsAclValidation(QueryAction queryAction)

protected QueryAction

validateRequest(String[] requestParts)

Validate the request and return the request type.

Methods inherited from class com.linkedin.venice.acl.handler.AbstractStoreAclHandler
channelRead0, checkAccess

Methods inherited from class io.netty.channel.SimpleChannelInboundHandler
acceptInboundMessage, channelRead

Methods inherited from class io.netty.channel.ChannelInboundHandlerAdapter
channelActive, channelInactive, channelReadComplete, channelRegistered, channelUnregistered, channelWritabilityChanged, exceptionCaught, userEventTriggered

Methods inherited from class io.netty.channel.ChannelHandlerAdapter
ensureNotSharable, handlerAdded, handlerRemoved, isSharable

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.netty.channel.ChannelHandler
handlerAdded, handlerRemoved

Constructor Details
- ServerStoreAclHandler
  
  public ServerStoreAclHandler(IdentityParser identityParser, DynamicAccessController accessController, ReadOnlyStoreRepository metadataRepository, int cacheTTLMs)
- ServerStoreAclHandler
  
  public ServerStoreAclHandler(IdentityParser identityParser, DynamicAccessController accessController, ReadOnlyStoreRepository metadataRepository, int cacheTTLMs, Time time)
Method Details
- needsAclValidation
  
  protected boolean needsAclValidation(QueryAction queryAction)
  
  Specified by:
  
  needsAclValidation in class AbstractStoreAclHandler<QueryAction>
- interceptCall
  
  public <ReqT, RespT> io.grpc.ServerCall.Listener<ReqT> interceptCall(io.grpc.ServerCall<ReqT,RespT> call, io.grpc.Metadata headers, io.grpc.ServerCallHandler<ReqT,RespT> next)
  
  Specified by:
  
  interceptCall in interface io.grpc.ServerInterceptor
- extractStoreName
  
  protected String extractStoreName(QueryAction queryAction, String[] requestParts)
  
  Specified by:
  
  extractStoreName in class AbstractStoreAclHandler<QueryAction>
- validateRequest
  
  protected QueryAction validateRequest(String[] requestParts)
  
  Description copied from class: AbstractStoreAclHandler
  
  Validate the request and return the request type. If the request is invalid, return null
  
  Specified by:
  
  validateRequest in class AbstractStoreAclHandler<QueryAction>
  
  Parameters:
  
  requestParts - the parts of the request URI
  
  Returns:
  
  the request type; null if the request is invalid
- isAccessAlreadyApproved
  
  protected boolean isAccessAlreadyApproved(io.netty.channel.Channel originalChannel)
  
  Overrides:
  
  isAccessAlreadyApproved in class AbstractStoreAclHandler<QueryAction>

Class ServerStoreAclHandler

Nested Class Summary

Nested classes/interfaces inherited from interface io.netty.channel.ChannelHandler

Field Summary

Fields inherited from class com.linkedin.venice.acl.handler.AbstractStoreAclHandler

Constructor Summary

Method Summary

Methods inherited from class com.linkedin.venice.acl.handler.AbstractStoreAclHandler

Methods inherited from class io.netty.channel.SimpleChannelInboundHandler

Methods inherited from class io.netty.channel.ChannelInboundHandlerAdapter

Methods inherited from class io.netty.channel.ChannelHandlerAdapter

Methods inherited from class java.lang.Object

Methods inherited from interface io.netty.channel.ChannelHandler

Constructor Details

ServerStoreAclHandler

ServerStoreAclHandler

Method Details

needsAclValidation

interceptCall

extractStoreName

validateRequest

isAccessAlreadyApproved