Package io.deephaven.server.session

Interface TicketResolver.Authorization

All Known Implementing Classes:
NoopTicketResolverAuthorization
Enclosing interface:
TicketResolver
public static interface TicketResolver.Authorization

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    authorizePublishRequest(TicketResolver ticketResolver, ByteBuffer ticket)
    Implementations must validate that the provided ticket is authorized for the current user.
    void
    authorizePublishRequest(TicketResolver ticketResolver, org.apache.arrow.flight.impl.Flight.FlightDescriptor descriptor)
    Implementations must validate that the provided ticket is authorized for the current user.
    <T> T
    transform(T source)
    Implementations must type check the provided source as any type of object can be stored in an export.

  • Method Details

    • transform

      <T> T transform(T source)
      Implementations must type check the provided source as any type of object can be stored in an export.

      Parameters:
      source - the object to transform (such as by applying ACLs)
      Returns:
      an object that has been sanitized to be used by the current user; may return null if user does not have access to the resource
      ApiNote:
      Types typically encountered are Table and PartitionedTable. Perform an identity mapping for any types that you do not wish to transform. This method should not error. Implementations may wish to query ExecutionContext.getAuthContext() to apply user-specific transformations to requested resources.

    • authorizePublishRequest

      void authorizePublishRequest(TicketResolver ticketResolver, ByteBuffer ticket)
      Implementations must validate that the provided ticket is authorized for the current user.

      Parameters:
      ticketResolver - the ticket resolver
      ticket - the ticket to publish to as a byte buffer; note that the first byte is the route
      Throws:
      io.grpc.StatusRuntimeException - if the user is not authorized
      ApiNote:
      Implementations may wish to query ExecutionContext.getAuthContext() to apply user-specific transformations to requested resources.

    • authorizePublishRequest

      void authorizePublishRequest(TicketResolver ticketResolver, org.apache.arrow.flight.impl.Flight.FlightDescriptor descriptor)
      Implementations must validate that the provided ticket is authorized for the current user.

      Parameters:
      ticketResolver - the ticket resolver
      descriptor - the flight descriptor to publish to; note that the first path element is the route
      Throws:
      io.grpc.StatusRuntimeException - if the user is not authorized
      ApiNote:
      Implementations may wish to query ExecutionContext.getAuthContext() to apply user-specific transformations to requested resources.