Package com.linkedin.venice.acl.handler

Class AbstractStoreAclHandler<REQUEST_TYPE>

java.lang.Object
io.netty.channel.ChannelHandlerAdapter
io.netty.channel.ChannelInboundHandlerAdapter
io.netty.channel.SimpleChannelInboundHandler<io.netty.handler.codec.http.HttpRequest>
com.linkedin.venice.acl.handler.AbstractStoreAclHandler<REQUEST_TYPE>
All Implemented Interfaces:
io.netty.channel.ChannelHandler, io.netty.channel.ChannelInboundHandler
Direct Known Subclasses:
RouterStoreAclHandler, ServerStoreAclHandler
@Sharable public abstract class AbstractStoreAclHandler<REQUEST_TYPE> extends io.netty.channel.SimpleChannelInboundHandler<io.netty.handler.codec.http.HttpRequest>
Store-level access control handler, which is being used by both Router and Server.

  • Nested Class Summary

    Nested classes/interfaces inherited from interface io.netty.channel.ChannelHandler

    io.netty.channel.ChannelHandler.Sharable

  • Constructor Summary

    Constructors
    Constructor
    Description
    AbstractStoreAclHandler(IdentityParser identityParser, DynamicAccessController accessController, ReadOnlyStoreRepository metadataRepository)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    channelRead0(io.netty.channel.ChannelHandlerContext ctx, io.netty.handler.codec.http.HttpRequest req)
    Verify if client has permission to access.
    protected AccessResult
    checkAccess(String uri, X509Certificate clientCert, String storeName, String method)
     
    protected abstract String
    extractStoreName(REQUEST_TYPE requestType, String[] requestParts)
     
    protected boolean
    isAccessAlreadyApproved(io.netty.channel.ChannelHandlerContext ctx)
     
    protected abstract boolean
    needsAclValidation(REQUEST_TYPE requestType)
     
    protected abstract REQUEST_TYPE
    validateRequest(String[] requestParts)
    Validate the request and return the request type.

    Methods inherited from class io.netty.channel.SimpleChannelInboundHandler

    acceptInboundMessage, channelRead

    Methods inherited from class io.netty.channel.ChannelInboundHandlerAdapter

    channelActive, channelInactive, channelReadComplete, channelRegistered, channelUnregistered, channelWritabilityChanged, exceptionCaught, userEventTriggered

    Methods inherited from class io.netty.channel.ChannelHandlerAdapter

    ensureNotSharable, handlerAdded, handlerRemoved, isSharable

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface io.netty.channel.ChannelHandler

    handlerAdded, handlerRemoved

  • Constructor Details

  • Method Details

    • channelRead0

      public void channelRead0(io.netty.channel.ChannelHandlerContext ctx, io.netty.handler.codec.http.HttpRequest req) throws SSLPeerUnverifiedException
      Verify if client has permission to access.
      Specified by:
      channelRead0 in class io.netty.channel.SimpleChannelInboundHandler<io.netty.handler.codec.http.HttpRequest>
      Parameters:
      ctx -
      req -
      Throws:
      SSLPeerUnverifiedException

    • isAccessAlreadyApproved

      protected boolean isAccessAlreadyApproved(io.netty.channel.ChannelHandlerContext ctx)

    • needsAclValidation

      protected abstract boolean needsAclValidation(REQUEST_TYPE requestType)

    • extractStoreName

      protected abstract String extractStoreName(REQUEST_TYPE requestType, String[] requestParts)

    • validateRequest

      protected abstract REQUEST_TYPE validateRequest(String[] requestParts)
      Validate the request and return the request type. If the request is invalid, return null
      Parameters:
      requestParts - the parts of the request URI
      Returns:
      the request type; null if the request is invalid

    • checkAccess

      protected AccessResult checkAccess(String uri, X509Certificate clientCert, String storeName, String method)