Package com.linkedin.venice.listener
Class ServerStoreAclHandler
- java.lang.Object
-
- io.netty.channel.ChannelHandlerAdapter
-
- io.netty.channel.ChannelInboundHandlerAdapter
-
- io.netty.channel.SimpleChannelInboundHandler<io.netty.handler.codec.http.HttpRequest>
-
- com.linkedin.venice.acl.handler.AbstractStoreAclHandler<QueryAction>
-
- com.linkedin.venice.listener.ServerStoreAclHandler
-
- All Implemented Interfaces:
io.grpc.ServerInterceptor,io.netty.channel.ChannelHandler,io.netty.channel.ChannelInboundHandler
public class ServerStoreAclHandler extends AbstractStoreAclHandler<QueryAction> implements io.grpc.ServerInterceptor
Together withServerAclHandler, Server will allow two kinds of access pattern: 1. Access from Router, and Router request will be validated inServerAclHandler, andServerStoreAclHandlerwill be a quick pass-through. 2. Access from Client directly, andServerAclHandlerwill deny the request, andServerStoreAclHandlerwill validate the request in store-level, which is exactly same as the access control behavior in Router. If both of them fail, the request will be rejected.
-
-
Constructor Summary
Constructors Constructor Description ServerStoreAclHandler(IdentityParser identityParser, DynamicAccessController accessController, ReadOnlyStoreRepository metadataRepository)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected java.lang.StringextractStoreName(QueryAction queryAction, java.lang.String[] requestParts)<ReqT,RespT>
io.grpc.ServerCall.Listener<ReqT>interceptCall(io.grpc.ServerCall<ReqT,RespT> call, io.grpc.Metadata headers, io.grpc.ServerCallHandler<ReqT,RespT> next)protected booleanisAccessAlreadyApproved(io.netty.channel.ChannelHandlerContext ctx)protected booleanneedsAclValidation(QueryAction queryAction)protected QueryActionvalidateRequest(java.lang.String[] requestParts)Validate the request and return the request type.-
Methods inherited from class com.linkedin.venice.acl.handler.AbstractStoreAclHandler
channelRead0, checkAccess
-
Methods inherited from class io.netty.channel.SimpleChannelInboundHandler
acceptInboundMessage, channelRead
-
Methods inherited from class io.netty.channel.ChannelInboundHandlerAdapter
channelActive, channelInactive, channelReadComplete, channelRegistered, channelUnregistered, channelWritabilityChanged, exceptionCaught, userEventTriggered
-
Methods inherited from class io.netty.channel.ChannelHandlerAdapter
ensureNotSharable, handlerAdded, handlerRemoved, isSharable
-
-
-
-
Constructor Detail
-
ServerStoreAclHandler
public ServerStoreAclHandler(IdentityParser identityParser, DynamicAccessController accessController, ReadOnlyStoreRepository metadataRepository)
-
-
Method Detail
-
needsAclValidation
protected boolean needsAclValidation(QueryAction queryAction)
- Specified by:
needsAclValidationin classAbstractStoreAclHandler<QueryAction>
-
interceptCall
public <ReqT,RespT> io.grpc.ServerCall.Listener<ReqT> interceptCall(io.grpc.ServerCall<ReqT,RespT> call, io.grpc.Metadata headers, io.grpc.ServerCallHandler<ReqT,RespT> next)- Specified by:
interceptCallin interfaceio.grpc.ServerInterceptor
-
extractStoreName
protected java.lang.String extractStoreName(QueryAction queryAction, java.lang.String[] requestParts)
- Specified by:
extractStoreNamein classAbstractStoreAclHandler<QueryAction>
-
validateRequest
protected QueryAction validateRequest(java.lang.String[] requestParts)
Description copied from class:AbstractStoreAclHandlerValidate the request and return the request type. If the request is invalid, returnnull- Specified by:
validateRequestin classAbstractStoreAclHandler<QueryAction>- Parameters:
requestParts- the parts of the request URI- Returns:
- the request type; null if the request is invalid
-
isAccessAlreadyApproved
protected boolean isAccessAlreadyApproved(io.netty.channel.ChannelHandlerContext ctx)
- Overrides:
isAccessAlreadyApprovedin classAbstractStoreAclHandler<QueryAction>
-
-