java source code of TrustedProxyAuthorizationService

Project: cruise-control (GitHub Link)

cruise-control-master
- .circleci
  - config.yml
- kafka-cruise-control-start.sh
- cruise-control-metrics-reporter
  - src
    - main
      - java
        com
        linkedin
        kafka
        cruisecontrol
        metricsreporter
        exception
        UnknownVersionException.java
        CruiseControlMetricsReporterException.java
        CruiseControlMetricsReporter.java
        metric
        TopicMetric.java
        CruiseControlMetric.java
        YammerMetricProcessor.java
        PartitionMetric.java
        RawMetricType.java
        BrokerMetric.java
        MetricSerde.java
        MetricsUtils.java
        CruiseControlMetricsUtils.java
        CruiseControlMetricsReporterConfig.java
    - test
      - resources
        log4j.properties
      - java
        com
        linkedin
        kafka
        cruisecontrol
        metricsreporter
        utils
        CCEmbeddedBrokerBuilder.java
        CCKafkaIntegrationTestHarness.java
        CCEmbeddedZookeeper.java
        CCKafkaClientsIntegrationTestHarness.java
        CCKafkaTestUtils.java
        CCAbstractZookeeperTestHarness.java
        CCEmbeddedBroker.java
        CruiseControlMetricsReporterTest.java
        CruiseControlMetricsReporterSslTest.java
        metric
        MetricSerdeTest.java
        CruiseControlMetricsReporterAutoCreateTopicTest.java
- build_api_wiki.sh
- gradle.properties
- gradle
  - wrapper
    - gradle-wrapper.properties
  - findbugs-exclude.xml
- gradlew.bat
- LICENSE
- gradlew
- semantic-build-versioning.gradle
- CONTRIBUTING.md
- config
  - capacityJBOD.json
  - log4j.properties
  - cruise_control_jaas.conf_template
  - capacity.json
  - cruisecontrol.properties
  - clusterConfigs.json
  - capacityCores.json
- build.gradle
- buildSrc
  - src
    - main
      - groovy
        com
        linkedin
        gradle
        build
        DistributeTask.groovy
  - build.gradle
- checkstyle
  - checkstyle.xml
  - suppressions.xml
- README.md
- cruise-control-core
  - src
    - main
      - java
        com
        linkedin
        cruisecontrol
        metricdef
        MetricInfo.java
        ValueComputingStrategy.java
        AggregationFunction.java
        MetricDef.java
        common
        utils
        Utils.java
        Generationed.java
        WindowIndexedArrays.java
        config
        AbstractConfig.java
        ConfigValue.java
        ConfigException.java
        Config.java
        types
        Password.java
        ConfigDef.java
        LongGenerationed.java
        CruiseControlConfigurable.java
        detector
        Anomaly.java
        metricanomaly
        MetricAnomalyFinder.java
        PercentileMetricAnomalyFinder.java
        MetricAnomaly.java
        PercentileMetricAnomalyFinderConfig.java
        PercentileMetricAnomalyFinderUtils.java
        AnomalyType.java
        config
        CruiseControlConfig.java
        exception
        NotEnoughValidWindowsException.java
        CruiseControlException.java
        monitor
        sampling
        aggregator
        MetricSampleCompleteness.java
        MetricValues.java
        Extrapolation.java
        AggregatedMetricValues.java
        WindowState.java
        MetricSampleAggregatorState.java
        AggregationOptions.java
        RawMetricValues.java
        MetricSampleAggregator.java
        MetricSampleAggregationResult.java
        ValuesAndExtrapolations.java
        MetricSample.java
        model
        Entity.java
        servlet
        parameters
        CruiseControlParameters.java
        response
        CruiseControlResponse.java
        EndPoint.java
        handler
        Request.java
        EndpointType.java
        CruiseControlUtils.java
    - test
      - resources
        log4j.properties
      - java
        com
        linkedin
        cruisecontrol
        CruiseControlUnitTestUtils.java
        monitor
        sampling
        aggregator
        AggregatedMetricValuesTest.java
        MetricSampleAggregatorTest.java
        RawMetricValuesTest.java
        IntegerEntity.java
- settings.gradle
- NOTICE
- cruise-control
  - src
    - main
      - scala
        com
        linkedin
        kafka
        cruisecontrol
        executor
        ExecutorUtils.scala
      - java
        com
        linkedin
        kafka
        cruisecontrol
        KafkaCruiseControlUtils.java
        executor
        ExecutorNotifier.java
        ExecutionTaskTracker.java
        ReplicationThrottleHelper.java
        ExecutorState.java
        ExecutionTaskManager.java
        ExecutionTask.java
        ExecutorAdminUtils.java
        ExecutionTaskPlanner.java
        Executor.java
        ExecutorNoopNotifier.java
        ExecutionProposal.java
        strategy
        PrioritizeSmallReplicaMovementStrategy.java
        ReplicaMovementStrategy.java
        PrioritizeLargeReplicaMovementStrategy.java
        AbstractReplicaMovementStrategy.java
        PostponeUrpReplicaMovementStrategy.java
        BaseReplicaMovementStrategy.java
        common
        Resource.java
        MetadataClient.java
        Statistic.java
        KafkaCruiseControlThreadFactory.java
        NetworkClientProvider.java
        KafkaNetworkClientProvider.java
        KafkaCruiseControlApp.java
        detector
        MeanTimeBetweenAnomaliesMs.java
        AnomalyDetector.java
        MetricAnomalyDetector.java
        AnomalyMetrics.java
        AnomalyState.java
        AnomalyUtils.java
        AnomalyDetectionStatus.java
        TopicAnomalyDetector.java
        KafkaMetricAnomalyFinder.java
        TopicReplicationFactorAnomaly.java
        AnomalyDetails.java
        TopicAnomalyFinder.java
        SlowBrokerFinder.java
        TopicPartitionSizeAnomaly.java
        notifier
        SlackMessage.java
        KafkaAnomalyType.java
        NoopNotifier.java
        AnomalyNotificationResult.java
        AnomalyNotifier.java
        SelfHealingNotifier.java
        SlackSelfHealingNotifier.java
        KafkaAnomaly.java
        GoalViolations.java
        AnomalyDetectorState.java
        SelfHealingEnabledRatio.java
        GoalViolationDetector.java
        KafkaMetricAnomaly.java
        AnomalyDetectorUtils.java
        BrokerFailureDetector.java
        TopicReplicationFactorAnomalyFinder.java
        SlowBrokers.java
        BrokerFailures.java
        DiskFailureDetector.java
        NoopTopicAnomalyFinder.java
        PartitionSizeAnomalyFinder.java
        TopicAnomaly.java
        NoopMetricAnomalyFinder.java
        DiskFailures.java
        config
        KafkaCruiseControlConfig.java
        EnvConfigProvider.java
        RequestParameterWrapper.java
        constants
        CruiseControlRequestConfig.java
        CruiseControlParametersConfig.java
        ExecutorConfig.java
        AnomalyDetectorConfig.java
        WebServerConfig.java
        UserTaskManagerConfig.java
        AnalyzerConfig.java
        MonitorConfig.java
        BrokerCapacityInfo.java
        KafkaCruiseControlConfigUtils.java
        BrokerCapacityConfigResolver.java
        BrokerCapacityConfigFileResolver.java
        KafkaTopicConfigProvider.java
        TopicConfigProvider.java
        exception
        MetricSamplingException.java
        OngoingExecutionException.java
        BrokerCapacityResolutionException.java
        KafkaCruiseControlException.java
        OptimizationFailureException.java
        monitor
        LoadMonitorState.java
        task
        TrainingTask.java
        BootstrapTask.java
        SamplingTask.java
        LoadMonitorTaskRunner.java
        SampleLoadingTask.java
        metricdefinition
        KafkaMetricDef.java
        sampling
        CruiseControlMetricsProcessor.java
        holder
        BrokerEntity.java
        HolderUtils.java
        BrokerMetricSample.java
        RawMetricsHolder.java
        PartitionEntity.java
        BrokerLoad.java
        ValueAndCount.java
        ValueHolder.java
        ValueAndTime.java
        ValueMax.java
        PartitionMetricSample.java
        SampleStore.java
        CruiseControlMetricsReporterSampler.java
        TrainingFetcher.java
        ReadOnlyKafkaSampleStore.java
        MetricSampler.java
        aggregator
        SampleExtrapolation.java
        KafkaBrokerMetricSampleAggregator.java
        KafkaPartitionMetricSampleAggregator.java
        SamplingUtils.java
        NoopSampleStore.java
        MetricFetcherManager.java
        SamplingFetcher.java
        KafkaSampleStore.java
        NoopSampler.java
        DefaultMetricSamplerPartitionAssignor.java
        MetricFetcher.java
        MetricSamplerPartitionAssignor.java
        ModelGeneration.java
        LoadMonitor.java
        MonitorUtils.java
        ModelCompletenessRequirements.java
        KafkaCruiseControl.java
        KafkaCruiseControlMain.java
        model
        Rack.java
        ClusterModelStats.java
        ReplicaPlacementInfo.java
        ReplicaSortFunctionFactory.java
        Broker.java
        Replica.java
        Load.java
        SortedReplicasHelper.java
        Partition.java
        DiskStats.java
        ClusterModelStatsMetaData.java
        RawAndDerivedResource.java
        LinearRegressionModelParameters.java
        ClusterModel.java
        ModelUtils.java
        SortedReplicas.java
        ClusterModelStatsValueHolder.java
        ModelParameters.java
        Host.java
        Disk.java
        ClusterModelStatsValue.java
        servlet
        security
        BasicSecurityProvider.java
        CruiseControlSecurityHandler.java
        jwt
        JwtLoginService.java
        JwtUserIdentity.java
        JwtSecurityProvider.java
        JwtAuthenticator.java
        JwtUserPrincipal.java
        trustedproxy
        TrustedProxyAuthorizationService.java
        TrustedProxyPrincipal.java
        TrustedProxyLoginService.java
        TrustedProxySecurityProvider.java
        SecurityUtils.java
        SecurityProvider.java
        DefaultRoleSecurityProvider.java
        UserStoreAuthorizationService.java
        spnego
        SpnegoLoginServiceWithAuthServiceLifecycle.java
        SpnegoSecurityProvider.java
        SpnegoUserStoreAuthorizationService.java
        parameters
        AdminParameters.java
        ReviewBoardParameters.java
        TopicConfigurationParameters.java
        GoalsAndRequirements.java
        RemoveBrokerParameters.java
        KafkaOptimizationParameters.java
        ReviewParameters.java
        CruiseControlStateParameters.java
        DropRecentBrokersParameters.java
        TopicReplicationFactorChangeParameters.java
        GoalBasedOptimizationParameters.java
        ParameterUtils.java
        TrainParameters.java
        AbstractParameters.java
        DemoteBrokerParameters.java
        StopProposalParameters.java
        FixOfflineReplicasParameters.java
        AddBrokerParameters.java
        ClusterLoadParameters.java
        PartitionLoadParameters.java
        RebalanceParameters.java
        UpdateSelfHealingParameters.java
        ChangeExecutionConcurrencyParameters.java
        BootstrapParameters.java
        AddedOrRemovedBrokerParameters.java
        ProposalsParameters.java
        KafkaClusterStateParameters.java
        UserTasksParameters.java
        PauseResumeParameters.java
        KafkaCruiseControlServletUtils.java
        response
        JsonResponseClass.java
        TrainResult.java
        KafkaClusterState.java
        BootstrapResult.java
        ReviewResult.java
        PartitionState.java
        ProgressResult.java
        ResponseUtils.java
        CruiseControlState.java
        PauseSamplingResult.java
        JsonResponseExternalFields.java
        AdminResult.java
        AbstractCruiseControlResponse.java
        OptimizationResult.java
        ClusterPartitionState.java
        UserTaskState.java
        JsonResponseField.java
        ClusterBrokerState.java
        stats
        SingleHostStats.java
        SingleBrokerStats.java
        BasicStats.java
        BrokerStats.java
        ResumeSamplingResult.java
        PartitionLoadState.java
        StopProposalResult.java
        SessionManager.java
        CruiseControlEndpointType.java
        UserTaskManager.java
        CruiseControlEndPoint.java
        UserRequestException.java
        handler
        AbstractRequest.java
        sync
        ReviewRequest.java
        StopProposalRequest.java
        AdminRequest.java
        PauseRequest.java
        TrainRequest.java
        KafkaClusterStateRequest.java
        BootstrapRequest.java
        ResumeRequest.java
        UserTasksRequest.java
        ReviewBoardRequest.java
        AbstractSyncRequest.java
        async
        RemoveBrokerRequest.java
        runnable
        FixOfflineReplicasRunnable.java
        PartitionLoadRunnable.java
        DemoteBrokerRunnable.java
        RebalanceRunnable.java
        OperationRunnable.java
        GetStateRunnable.java
        LoadRunnable.java
        AddBrokersRunnable.java
        ProposalsRunnable.java
        UpdateTopicConfigurationRunnable.java
        RemoveBrokersRunnable.java
        RunnableUtils.java
        GoalBasedOperationRunnable.java
        OperationFuture.java
        FixOfflineReplicasRequest.java
        TopicConfigurationRequest.java
        ProposalsRequest.java
        DemoteRequest.java
        RebalanceRequest.java
        AddBrokerRequest.java
        PartitionLoadRequest.java
        AbstractAsyncRequest.java
        CruiseControlStateRequest.java
        ClusterLoadRequest.java
        purgatory
        RequestInfo.java
        Purgatory.java
        ReviewStatus.java
        KafkaCruiseControlServlet.java
        async
        progress
        Pending.java
        RetrievingMetrics.java
        OptimizationForGoal.java
        StepProgress.java
        WaitingForOngoingExecutionToStop.java
        GeneratingClusterModel.java
        OperationStep.java
        WaitingForClusterModel.java
        OperationProgress.java
        AsyncKafkaCruiseControl.java
        analyzer
        DefaultOptimizationOptionsGenerator.java
        OptimizationOptions.java
        kafkaassigner
        KafkaAssignerEvenRackAwareGoal.java
        KafkaAssignerUtils.java
        KafkaAssignerDiskUsageDistributionGoal.java
        ActionType.java
        ActionAcceptance.java
        goals
        ReplicaDistributionAbstractGoal.java
        TopicReplicaDistributionGoal.java
        PreferredLeaderElectionGoal.java
        internals
        BrokerAndSortedReplicas.java
        PotentialNwOutGoal.java
        ResourceDistributionGoal.java
        RackAwareGoal.java
        NetworkOutboundCapacityGoal.java
        CpuCapacityGoal.java
        DiskCapacityGoal.java
        Goal.java
        DiskUsageDistributionGoal.java
        LeaderReplicaDistributionGoal.java
        IntraBrokerDiskCapacityGoal.java
        ReplicaCapacityGoal.java
        LeaderBytesInDistributionGoal.java
        IntraBrokerDiskUsageDistributionGoal.java
        ReplicaDistributionGoal.java
        CpuUsageDistributionGoal.java
        GoalUtils.java
        CapacityGoal.java
        NetworkInboundCapacityGoal.java
        NetworkInboundUsageDistributionGoal.java
        AbstractGoal.java
        NetworkOutboundUsageDistributionGoal.java
        BalancingAction.java
        OptimizerResult.java
        BalancingConstraint.java
        GoalOptimizer.java
        OptimizationOptionsGenerator.java
        AnalyzerState.java
        GoalReadinessRecord.java
        AnalyzerUtils.java
    - yaml
      - base.yaml
      - responses
        errorResponse.yaml
        executionProposal.yaml
        adminResult.yaml
        pauseSamplingResult.yaml
        brokerStats.yaml
        cruiseControlState.yaml
        analyzerState.yaml
        optimizationResult.yaml
        anomalyDetectorState.yaml
        executorState.yaml
        goalStatus.yaml
        userTaskState.yaml
        trainResult.yaml
        clusterModelStats.yaml
        stopProposalResult.yaml
        resumeSamplingResult.yaml
        partitionLoadState.yaml
        loadMonitorState.yaml
        statistic.yaml
        kafkaClusterState.yaml
        bootstrapResult.yaml
        reviewResult.yaml
        progressResult.yaml
      - endpoints
        stopProposalExecution.yaml
        demoteBroker.yaml
        train.yaml
        userTasks.yaml
        state.yaml
        partitionLoad.yaml
        fixOfflineReplicas.yaml
        load.yaml
        resumeSampling.yaml
        addBroker.yaml
        pauseSampling.yaml
        topicConfiguration.yaml
        bootstrap.yaml
        proposals.yaml
        review.yaml
        kafkaClusterState.yaml
        rebalance.yaml
        reviewBoard.yaml
        removeBroker.yaml
        admin.yaml
      - README.md
    - test
      - resources
        ssl_integration_test.keystore
        log4j.properties
        testCapacityConfigJBOD.json
        basic-auth.credentials
        auth.credentials
        testCapacityConfig.json
        DefaultCapacityConfig.json
        testCapacityConfigCores.json
        envConfigProviderTest.properties
        DefaultClusterConfigs.json
      - java
        com
        linkedin
        kafka
        cruisecontrol
        KafkaCruiseControlUnitTestUtils.java
        executor
        ExecutionProposalTest.java
        ExecutionTaskPlannerTest.java
        ReplicationThrottleHelperTest.java
        ExecutionTaskManagerTest.java
        ExecutorTest.java
        common
        DeterministicCluster.java
        TestConstants.java
        ClusterProperty.java
        KafkaCruiseControlTest.java
        detector
        SlowBrokerFinderTest.java
        AnomalyDetectorTest.java
        AnomalyDetectorTestUtils.java
        KafkaMetricAnomalyFinderTest.java
        notifier
        SelfHealingNotifierTest.java
        SlackSelfHealingNotifierTest.java
        SlackMessageTest.java
        BrokerFailureDetectorTest.java
        AnomalyUtilsTest.java
        TopicReplicationFactorAnomalyFinderTest.java
        config
        BrokerCapacityConfigFileResolverTest.java
        SecurityAndSslConfigTest.java
        EnvConfigProviderTest.java
        CaseInsensitiveGoalConfigTest.java
        monitor
        ModelCompletenessRequirementsTest.java
        task
        LoadMonitorTaskRunnerTest.java
        sampling
        holder
        BrokerMetricSampleTest.java
        PartitionMetricSampleTest.java
        aggregator
        KafkaPartitionMetricSampleAggregatorTest.java
        DefaultMetricSamplerPartitionAssignorTest.java
        SamplingUtilsTest.java
        CruiseControlMetricsProcessorTest.java
        MonitorUnitTestUtils.java
        MonitorUtilsTest.java
        LoadMonitorTest.java
        CruiseControlIntegrationTestHarness.java
        model
        LoadConsistencyTest.java
        LoadTest.java
        SortedReplicasTest.java
        RandomCluster.java
        servlet
        security
        jwt
        JwtLoginServiceTest.java
        JwtAuthenticatorTest.java
        JwtSecurityProviderIntegrationTest.java
        TokenGenerator.java
        AuthenticationIntegrationTest.java
        BasicAuthenticationIntegrationTest.java
        trustedproxy
        TrustedProxyLoginServiceTest.java
        TrustedProxyAuthorizationServiceTest.java
        TrustedProxySecurityProviderIntegrationTest.java
        SslConnectionIntegrationTest.java
        MiniKdc.java
        SecurityTestUtils.java
        spnego
        SpnegoSecurityProviderIntegrationTest.java
        SpnegoUserStoreAuthorizationServiceTest.java
        parameters
        RequestParameterTest.java
        SessionManagerTest.java
        UserTaskManagerTest.java
        response
        ResponseTest.java
        KafkaCruiseControlServletEndpointTest.java
        handler
        async
        runnable
        OperationFutureTest.java
        RunnableUtilsTest.java
        async
        progress
        OperationProgressTest.java
        analyzer
        kafkaassigner
        KafkaAssignerDiskUsageDistributionGoalTest.java
        OptimizationVerifier.java
        SelfHealingWithOptimizedGoalTest.java
        DeterministicClusterTest.java
        IntraBrokerRebalanceTest.java
        ExcludedTopicsTest.java
        AnalyzerUnitTestUtils.java
        RandomClusterLinearDistNewBrokerTest.java
        RandomClusterUniformDistNewBrokerTest.java
        ExcludedBrokersForReplicaMoveTest.java
        ReplicationFactorChangeTest.java
        RandomGoalTest.java
        PreferredLeaderElectionGoalTest.java
        RandomClusterExpDistNewBrokerTest.java
        ExcludedBrokersForLeadershipTest.java
        GoalOptimizerTest.java
        FixOfflineReplicaTest.java
        RandomClusterTest.java
        OfflineProposalGenerator.java
        RandomSelfHealingTest.java
- .gitignore
- docs
  - images
    - cc-logo.svg
  - pull_request_template.md
  - wiki
    - Python Client
      - cruise-control-client-Usage-in-Python-Applications.md
      - cccli-Command-Line-Usage.md
      - Getting-Started.md
    - User Guide
      - Change-topic-replication-factor-through-Cruise-Control.md
      - Pluggable-Components.md
      - Security.md
      - Configurations.md
      - REST-APIs.md
      - Sensors.md
      - Configure-Slack-notifications.md
      - 2-step-verification-for-POST-requests.md
      - Secure-zookeeper-configuration.md
    - Overview.md
    - Home.md
    - Developer Guide
      - Write-your-own-goals.md
- cruise-control-client
  - cruisecontrolclient
    - client
      - Query.py
      - Endpoint.py
      - cccli.py
      - Responder.py
      - __init__.py
      - CCParameter
        RegularExpressionParameter.py
        CommaSeparatedParameter.py
        BooleanParameter.py
        PositiveIntegerParameter.py
        NonNegativeIntegerParameter.py
        Parameter.py
        __init__.py
        TimeStampParameter.py
        SetOfChoicesParameter.py
      - ExecutionContext.py
    - util
      - print.py
      - __init__.py
    - __init__.py
  - setup.py
  - __init__.py
  - requirements.txt
- kafka-cruise-control-stop.sh

/*
 * Copyright 2020 LinkedIn Corp. Licensed under the BSD 2-Clause License (the "License"). See License in the project root for license information.
 */

package com.linkedin.kafka.cruisecontrol.servlet.security.trustedproxy;

import com.linkedin.kafka.cruisecontrol.servlet.security.DefaultRoleSecurityProvider;
import com.linkedin.kafka.cruisecontrol.servlet.security.SecurityUtils;
import org.eclipse.jetty.security.UserStore;
import org.eclipse.jetty.security.authentication.AuthorizationService;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.component.AbstractLifeCycle;

import javax.servlet.http.HttpServletRequest;
import java.util.List;
import java.util.regex.Pattern;

/**
 * This authorization service simply checks the incoming user against a list of configured service names maintained in
 * a {@link UserStore} and if specified, the remote IP address against a configured pattern.
 */
public class TrustedProxyAuthorizationService extends AbstractLifeCycle implements AuthorizationService {

  private final UserStore _adminUserStore;
  private final Pattern _trustedProxyIpPattern;

  TrustedProxyAuthorizationService(List<String> userNames, String trustedProxyIpPattern) {
    _adminUserStore = new UserStore();
    userNames.forEach(u -> _adminUserStore.addUser(u, SecurityUtils.NO_CREDENTIAL, new String[] { DefaultRoleSecurityProvider.ADMIN }));
    if (trustedProxyIpPattern != null) {
      _trustedProxyIpPattern = Pattern.compile(trustedProxyIpPattern);
    } else {
      _trustedProxyIpPattern = null;
    }
  }

  @Override
  public UserIdentity getUserIdentity(HttpServletRequest request, String name) {
    // ConfigurableSpnegoAuthenticator may pass names in servicename/host format but we only store the servicename
    int nameHostSeparatorIndex = name.indexOf('/');
    String serviceName = nameHostSeparatorIndex > 0 ? name.substring(0, nameHostSeparatorIndex) : name;
    UserIdentity serviceIdentity = _adminUserStore.getUserIdentity(serviceName);
    if (_trustedProxyIpPattern != null) {
      return _trustedProxyIpPattern.matcher(request.getRemoteAddr()).matches() ? serviceIdentity : null;
    } else {
      return serviceIdentity;
    }
  }

  @Override
  protected void doStart() throws Exception {
    _adminUserStore.start();
    super.doStart();
  }

  @Override
  protected void doStop() throws Exception {
    super.doStop();
    _adminUserStore.stop();
  }
}