Package com.linkedin.venice.listener

Class ServerAclHandler

java.lang.Object
io.netty.channel.ChannelHandlerAdapter
io.netty.channel.ChannelInboundHandlerAdapter
io.netty.channel.SimpleChannelInboundHandler<io.netty.handler.codec.http.HttpRequest>
com.linkedin.venice.listener.ServerAclHandler
All Implemented Interfaces:
io.grpc.ServerInterceptor, io.netty.channel.ChannelHandler, io.netty.channel.ChannelInboundHandler
@Sharable public class ServerAclHandler extends io.netty.channel.SimpleChannelInboundHandler<io.netty.handler.codec.http.HttpRequest> implements io.grpc.ServerInterceptor
Together with ServerStoreAclHandler, Server will allow two kinds of access pattern: 1. Access from Router, and Router request will be validated in ServerAclHandler, and ServerStoreAclHandler will be a quick pass-through. 2. Access from Client directly, and ServerAclHandler will deny the request, and ServerStoreAclHandler will validate the request in store-level, which is exactly same as the access control behavior in Router. If both of them fail, the request will be rejected.

  • Nested Class Summary

    Nested classes/interfaces inherited from interface io.netty.channel.ChannelHandler

    io.netty.channel.ChannelHandler.Sharable

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    SERVER_ACL_APPROVED
     
    static final io.netty.util.AttributeKey<Boolean>
    SERVER_ACL_APPROVED_ATTRIBUTE_KEY
     

  • Constructor Summary

    Constructors
    Constructor
    Description
    ServerAclHandler(StaticAccessController accessController)
     
    ServerAclHandler(StaticAccessController accessController, boolean failOnAccessRejection)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    channelRead0(io.netty.channel.ChannelHandlerContext ctx, io.netty.handler.codec.http.HttpRequest req)
    Verify if client has permission to access one particular resource.
    <ReqT, RespT>
    io.grpc.ServerCall.Listener<ReqT>
    interceptCall(io.grpc.ServerCall<ReqT,RespT> call, io.grpc.Metadata headers, io.grpc.ServerCallHandler<ReqT,RespT> next)
     

    Methods inherited from class io.netty.channel.SimpleChannelInboundHandler

    acceptInboundMessage, channelRead

    Methods inherited from class io.netty.channel.ChannelInboundHandlerAdapter

    channelActive, channelInactive, channelReadComplete, channelRegistered, channelUnregistered, channelWritabilityChanged, exceptionCaught, userEventTriggered

    Methods inherited from class io.netty.channel.ChannelHandlerAdapter

    ensureNotSharable, handlerAdded, handlerRemoved, isSharable

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface io.netty.channel.ChannelHandler

    handlerAdded, handlerRemoved

  • Field Details

    • SERVER_ACL_APPROVED

      public static final String SERVER_ACL_APPROVED
      See Also:

    • SERVER_ACL_APPROVED_ATTRIBUTE_KEY

      public static final io.netty.util.AttributeKey<Boolean> SERVER_ACL_APPROVED_ATTRIBUTE_KEY

  • Constructor Details

  • Method Details

    • channelRead0

      public void channelRead0(io.netty.channel.ChannelHandlerContext ctx, io.netty.handler.codec.http.HttpRequest req) throws SSLPeerUnverifiedException
      Verify if client has permission to access one particular resource.
      Specified by:
      channelRead0 in class io.netty.channel.SimpleChannelInboundHandler<io.netty.handler.codec.http.HttpRequest>
      Parameters:
      ctx -
      req -
      Throws:
      SSLPeerUnverifiedException

    • interceptCall

      public <ReqT, RespT> io.grpc.ServerCall.Listener<ReqT> interceptCall(io.grpc.ServerCall<ReqT,RespT> call, io.grpc.Metadata headers, io.grpc.ServerCallHandler<ReqT,RespT> next)
      Specified by:
      interceptCall in interface io.grpc.ServerInterceptor