Package com.linkedin.venice.listener

Class ServerStoreAclHandler

  • All Implemented Interfaces:
    io.grpc.ServerInterceptor, io.netty.channel.ChannelHandler, io.netty.channel.ChannelInboundHandler
    public class ServerStoreAclHandler
extends StoreAclHandler
    Together with ServerAclHandler, Server will allow two kinds of access pattern: 1. Access from Router, and Router request will be validated in ServerAclHandler, and ServerStoreAclHandler will be a quick pass-through. 2. Access from Client directly, and ServerAclHandler will deny the request, and ServerStoreAclHandler will validate the request in store-level, which is exactly same as the access control behavior in Router. If both of them fail, the request will be rejected.

    • Nested Class Summary

      • Nested classes/interfaces inherited from interface io.netty.channel.ChannelHandler

        io.netty.channel.ChannelHandler.Sharable

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void channelRead0​(io.netty.channel.ChannelHandlerContext ctx, io.netty.handler.codec.http.HttpRequest req)
      Verify if client has permission to access.
      protected static boolean checkWhetherAccessHasAlreadyApproved​(io.grpc.Metadata headers)  
      protected static boolean checkWhetherAccessHasAlreadyApproved​(io.netty.channel.ChannelHandlerContext ctx)  
      protected java.security.cert.X509Certificate extractClientCert​(io.netty.channel.ChannelHandlerContext ctx)  
      protected java.lang.String extractStoreName​(java.lang.String resourceName)
      In Venice Server, the resource name is actually a Kafka topic name.
      <ReqT,​RespT>
      io.grpc.ServerCall.Listener<ReqT>      		 interceptCall​(io.grpc.ServerCall<ReqT,​RespT> call, io.grpc.Metadata headers, io.grpc.ServerCallHandler<ReqT,​RespT> next)  

      • Methods inherited from class io.netty.channel.SimpleChannelInboundHandler

        acceptInboundMessage, channelRead

      • Methods inherited from class io.netty.channel.ChannelInboundHandlerAdapter

        channelActive, channelInactive, channelReadComplete, channelRegistered, channelUnregistered, channelWritabilityChanged, exceptionCaught, userEventTriggered

      • Methods inherited from class io.netty.channel.ChannelHandlerAdapter

        ensureNotSharable, handlerAdded, handlerRemoved, isSharable

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

      • Methods inherited from interface io.netty.channel.ChannelHandler

        handlerAdded, handlerRemoved

    • Method Detail

      • extractStoreName

        protected java.lang.String extractStoreName​(java.lang.String resourceName)
        In Venice Server, the resource name is actually a Kafka topic name.
        Overrides:
        extractStoreName in class StoreAclHandler

      • channelRead0

        public void channelRead0​(io.netty.channel.ChannelHandlerContext ctx,
                         io.netty.handler.codec.http.HttpRequest req)
                  throws javax.net.ssl.SSLPeerUnverifiedException
        Description copied from class: StoreAclHandler
        Verify if client has permission to access.
        Overrides:
        channelRead0 in class StoreAclHandler
        Throws:
        javax.net.ssl.SSLPeerUnverifiedException

      • extractClientCert

        protected java.security.cert.X509Certificate extractClientCert​(io.netty.channel.ChannelHandlerContext ctx)
                                                        throws javax.net.ssl.SSLPeerUnverifiedException
        Overrides:
        extractClientCert in class StoreAclHandler
        Throws:
        javax.net.ssl.SSLPeerUnverifiedException

      • checkWhetherAccessHasAlreadyApproved

        protected static boolean checkWhetherAccessHasAlreadyApproved​(io.netty.channel.ChannelHandlerContext ctx)

      • checkWhetherAccessHasAlreadyApproved

        protected static boolean checkWhetherAccessHasAlreadyApproved​(io.grpc.Metadata headers)

      • interceptCall

        public <ReqT,​RespT> io.grpc.ServerCall.Listener<ReqT> interceptCall​(io.grpc.ServerCall<ReqT,​RespT> call,
                                                                          io.grpc.Metadata headers,
                                                                          io.grpc.ServerCallHandler<ReqT,​RespT> next)
        Specified by:
        interceptCall in interface io.grpc.ServerInterceptor
        Overrides:
        interceptCall in class StoreAclHandler