Package com.linkedin.venice.listener
Class ServerStoreAclHandler
java.lang.Object
io.netty.channel.ChannelHandlerAdapter
io.netty.channel.ChannelInboundHandlerAdapter
io.netty.channel.SimpleChannelInboundHandler<io.netty.handler.codec.http.HttpRequest>
com.linkedin.venice.acl.handler.AbstractStoreAclHandler<QueryAction>
com.linkedin.venice.listener.ServerStoreAclHandler
- All Implemented Interfaces:
io.grpc.ServerInterceptor,io.netty.channel.ChannelHandler,io.netty.channel.ChannelInboundHandler
public class ServerStoreAclHandler
extends AbstractStoreAclHandler<QueryAction>
implements io.grpc.ServerInterceptor
Together with
ServerAclHandler, Server will allow two kinds of access pattern:
1. Access from Router, and Router request will be validated in ServerAclHandler, and ServerStoreAclHandler will be a quick pass-through.
2. Access from Client directly, and ServerAclHandler will deny the request, and ServerStoreAclHandler will
validate the request in store-level, which is exactly same as the access control behavior in Router.
If both of them fail, the request will be rejected.-
Nested Class Summary
Nested classes/interfaces inherited from interface io.netty.channel.ChannelHandler
io.netty.channel.ChannelHandler.Sharable -
Constructor Summary
ConstructorsConstructorDescriptionServerStoreAclHandler(IdentityParser identityParser, DynamicAccessController accessController, ReadOnlyStoreRepository metadataRepository) -
Method Summary
Modifier and TypeMethodDescriptionprotected StringextractStoreName(QueryAction queryAction, String[] requestParts) <ReqT,RespT>
io.grpc.ServerCall.Listener<ReqT>interceptCall(io.grpc.ServerCall<ReqT, RespT> call, io.grpc.Metadata headers, io.grpc.ServerCallHandler<ReqT, RespT> next) protected booleanisAccessAlreadyApproved(io.netty.channel.ChannelHandlerContext ctx) protected booleanneedsAclValidation(QueryAction queryAction) protected QueryActionvalidateRequest(String[] requestParts) Validate the request and return the request type.Methods inherited from class com.linkedin.venice.acl.handler.AbstractStoreAclHandler
channelRead0, checkAccessMethods inherited from class io.netty.channel.SimpleChannelInboundHandler
acceptInboundMessage, channelReadMethods inherited from class io.netty.channel.ChannelInboundHandlerAdapter
channelActive, channelInactive, channelReadComplete, channelRegistered, channelUnregistered, channelWritabilityChanged, exceptionCaught, userEventTriggeredMethods inherited from class io.netty.channel.ChannelHandlerAdapter
ensureNotSharable, handlerAdded, handlerRemoved, isSharableMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface io.netty.channel.ChannelHandler
handlerAdded, handlerRemoved
-
Constructor Details
-
ServerStoreAclHandler
public ServerStoreAclHandler(IdentityParser identityParser, DynamicAccessController accessController, ReadOnlyStoreRepository metadataRepository)
-
-
Method Details
-
needsAclValidation
- Specified by:
needsAclValidationin classAbstractStoreAclHandler<QueryAction>
-
interceptCall
public <ReqT,RespT> io.grpc.ServerCall.Listener<ReqT> interceptCall(io.grpc.ServerCall<ReqT, RespT> call, io.grpc.Metadata headers, io.grpc.ServerCallHandler<ReqT, RespT> next) - Specified by:
interceptCallin interfaceio.grpc.ServerInterceptor
-
extractStoreName
- Specified by:
extractStoreNamein classAbstractStoreAclHandler<QueryAction>
-
validateRequest
Description copied from class:AbstractStoreAclHandlerValidate the request and return the request type. If the request is invalid, returnnull- Specified by:
validateRequestin classAbstractStoreAclHandler<QueryAction>- Parameters:
requestParts- the parts of the request URI- Returns:
- the request type; null if the request is invalid
-
isAccessAlreadyApproved
protected boolean isAccessAlreadyApproved(io.netty.channel.ChannelHandlerContext ctx) - Overrides:
isAccessAlreadyApprovedin classAbstractStoreAclHandler<QueryAction>
-