Package com.linkedin.venice.acl.handler
Class StoreAclHandler
- java.lang.Object
-
- io.netty.channel.ChannelHandlerAdapter
-
- io.netty.channel.ChannelInboundHandlerAdapter
-
- io.netty.channel.SimpleChannelInboundHandler<io.netty.handler.codec.http.HttpRequest>
-
- com.linkedin.venice.acl.handler.StoreAclHandler
-
- All Implemented Interfaces:
io.grpc.ServerInterceptor
,io.netty.channel.ChannelHandler
,io.netty.channel.ChannelInboundHandler
- Direct Known Subclasses:
ServerStoreAclHandler
@Sharable public class StoreAclHandler extends io.netty.channel.SimpleChannelInboundHandler<io.netty.handler.codec.http.HttpRequest> implements io.grpc.ServerInterceptor
Store-level access control handler, which is being used by both Router and Server.
-
-
Constructor Summary
Constructors Constructor Description StoreAclHandler(DynamicAccessController accessController, ReadOnlyStoreRepository metadataRepository)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
channelRead0(io.netty.channel.ChannelHandlerContext ctx, io.netty.handler.codec.http.HttpRequest req)
Verify if client has permission to access.protected java.security.cert.X509Certificate
extractClientCert(io.grpc.ServerCall<?,?> call)
protected java.security.cert.X509Certificate
extractClientCert(io.netty.channel.ChannelHandlerContext ctx)
protected java.lang.String
extractStoreName(java.lang.String resourceName)
Extract the store name from the incoming resource name.<ReqT,RespT>
io.grpc.ServerCall.Listener<ReqT>interceptCall(io.grpc.ServerCall<ReqT,RespT> call, io.grpc.Metadata headers, io.grpc.ServerCallHandler<ReqT,RespT> next)
-
Methods inherited from class io.netty.channel.SimpleChannelInboundHandler
acceptInboundMessage, channelRead
-
Methods inherited from class io.netty.channel.ChannelInboundHandlerAdapter
channelActive, channelInactive, channelReadComplete, channelRegistered, channelUnregistered, channelWritabilityChanged, exceptionCaught, userEventTriggered
-
Methods inherited from class io.netty.channel.ChannelHandlerAdapter
ensureNotSharable, handlerAdded, handlerRemoved, isSharable
-
-
-
-
Constructor Detail
-
StoreAclHandler
public StoreAclHandler(DynamicAccessController accessController, ReadOnlyStoreRepository metadataRepository)
-
-
Method Detail
-
extractStoreName
protected java.lang.String extractStoreName(java.lang.String resourceName)
Extract the store name from the incoming resource name.
-
extractClientCert
protected java.security.cert.X509Certificate extractClientCert(io.netty.channel.ChannelHandlerContext ctx) throws javax.net.ssl.SSLPeerUnverifiedException
- Throws:
javax.net.ssl.SSLPeerUnverifiedException
-
extractClientCert
protected java.security.cert.X509Certificate extractClientCert(io.grpc.ServerCall<?,?> call) throws javax.net.ssl.SSLPeerUnverifiedException
- Throws:
javax.net.ssl.SSLPeerUnverifiedException
-
channelRead0
public void channelRead0(io.netty.channel.ChannelHandlerContext ctx, io.netty.handler.codec.http.HttpRequest req) throws javax.net.ssl.SSLPeerUnverifiedException
Verify if client has permission to access.- Specified by:
channelRead0
in classio.netty.channel.SimpleChannelInboundHandler<io.netty.handler.codec.http.HttpRequest>
- Parameters:
ctx
-req
-- Throws:
javax.net.ssl.SSLPeerUnverifiedException
-
interceptCall
public <ReqT,RespT> io.grpc.ServerCall.Listener<ReqT> interceptCall(io.grpc.ServerCall<ReqT,RespT> call, io.grpc.Metadata headers, io.grpc.ServerCallHandler<ReqT,RespT> next)
- Specified by:
interceptCall
in interfaceio.grpc.ServerInterceptor
-
-