From bb80ff8be6073bc970501825e2e7f304b3b9d643 Mon Sep 17 00:00:00 2001 From: "Mateusz \"Serafin\" Gajewski" Date: Thu, 19 Dec 2024 13:13:51 +0100 Subject: [PATCH] Use class-level @ResourceSecurity annotations --- .../src/main/java/io/trino/server/NodeResource.java | 3 +-- .../src/main/java/io/trino/server/QueryResource.java | 6 +----- .../java/io/trino/server/QueryStateInfoResource.java | 3 +-- .../trino/server/ResourceGroupStateInfoResource.java | 2 +- .../main/java/io/trino/server/StatusResource.java | 3 +-- .../java/io/trino/server/TaskExecutorResource.java | 2 +- .../src/main/java/io/trino/server/TaskResource.java | 12 +----------- .../main/java/io/trino/server/ThreadResource.java | 2 +- .../server/protocol/ExecutingStatementResource.java | 4 +--- .../spooling/CoordinatorSegmentResource.java | 2 -- .../protocol/spooling/WorkerSegmentResource.java | 1 - .../security/oauth2/OAuth2CallbackResource.java | 2 +- .../security/oauth2/OAuth2TokenExchangeResource.java | 4 +--- .../java/io/trino/server/ui/ClusterResource.java | 2 +- .../io/trino/server/ui/ClusterStatsResource.java | 2 +- .../main/java/io/trino/server/ui/LoginResource.java | 4 +--- .../java/io/trino/server/ui/UiQueryResource.java | 5 +---- .../trino/server/ui/WebUiPreviewStaticResource.java | 3 +-- .../java/io/trino/server/ui/WebUiStaticResource.java | 2 +- .../main/java/io/trino/server/ui/WorkerResource.java | 5 +---- 20 files changed, 18 insertions(+), 51 deletions(-) diff --git a/core/trino-main/src/main/java/io/trino/server/NodeResource.java b/core/trino-main/src/main/java/io/trino/server/NodeResource.java index 06244e74b208..b92b127573b6 100644 --- a/core/trino-main/src/main/java/io/trino/server/NodeResource.java +++ b/core/trino-main/src/main/java/io/trino/server/NodeResource.java @@ -26,6 +26,7 @@ import static io.trino.server.security.ResourceSecurity.AccessType.MANAGEMENT_READ; @Path("/v1/node") +@ResourceSecurity(MANAGEMENT_READ) public class NodeResource { private final HeartbeatFailureDetector failureDetector; @@ -36,14 +37,12 @@ public NodeResource(HeartbeatFailureDetector failureDetector) this.failureDetector = failureDetector; } - @ResourceSecurity(MANAGEMENT_READ) @GET public Collection getNodeStats() { return failureDetector.getStats().values(); } - @ResourceSecurity(MANAGEMENT_READ) @GET @Path("failed") public Collection getFailed() diff --git a/core/trino-main/src/main/java/io/trino/server/QueryResource.java b/core/trino-main/src/main/java/io/trino/server/QueryResource.java index 1aef011787d4..fa9e4f9c4987 100644 --- a/core/trino-main/src/main/java/io/trino/server/QueryResource.java +++ b/core/trino-main/src/main/java/io/trino/server/QueryResource.java @@ -55,6 +55,7 @@ * Manage queries scheduled on this node */ @Path("/v1/query") +@ResourceSecurity(AUTHENTICATED_USER) public class QueryResource { private final DispatchManager dispatchManager; @@ -69,7 +70,6 @@ public QueryResource(DispatchManager dispatchManager, AccessControl accessContro this.sessionContextFactory = requireNonNull(sessionContextFactory, "sessionContextFactory is null"); } - @ResourceSecurity(AUTHENTICATED_USER) @GET public List getAllQueryInfo(@QueryParam("state") String stateFilter, @Context HttpServletRequest servletRequest, @Context HttpHeaders httpHeaders) { @@ -87,7 +87,6 @@ public List getAllQueryInfo(@QueryParam("state") String stateFil return builder.build(); } - @ResourceSecurity(AUTHENTICATED_USER) @GET @Path("{queryId}") public Response getQueryInfo(@PathParam("queryId") QueryId queryId, @QueryParam("pruned") @DefaultValue("false") boolean pruned, @Context HttpServletRequest servletRequest, @Context HttpHeaders httpHeaders) @@ -108,7 +107,6 @@ public Response getQueryInfo(@PathParam("queryId") QueryId queryId, @QueryParam( } } - @ResourceSecurity(AUTHENTICATED_USER) @DELETE @Path("{queryId}") public void cancelQuery(@PathParam("queryId") QueryId queryId, @Context HttpServletRequest servletRequest, @Context HttpHeaders httpHeaders) @@ -127,7 +125,6 @@ public void cancelQuery(@PathParam("queryId") QueryId queryId, @Context HttpServ } } - @ResourceSecurity(AUTHENTICATED_USER) @PUT @Path("{queryId}/killed") public Response killQuery(@PathParam("queryId") QueryId queryId, String message, @Context HttpServletRequest servletRequest, @Context HttpHeaders httpHeaders) @@ -135,7 +132,6 @@ public Response killQuery(@PathParam("queryId") QueryId queryId, String message, return failQuery(queryId, createKillQueryException(message), servletRequest, httpHeaders); } - @ResourceSecurity(AUTHENTICATED_USER) @PUT @Path("{queryId}/preempted") public Response preemptQuery(@PathParam("queryId") QueryId queryId, String message, @Context HttpServletRequest servletRequest, @Context HttpHeaders httpHeaders) diff --git a/core/trino-main/src/main/java/io/trino/server/QueryStateInfoResource.java b/core/trino-main/src/main/java/io/trino/server/QueryStateInfoResource.java index bbf16bcede64..dfc00faba788 100644 --- a/core/trino-main/src/main/java/io/trino/server/QueryStateInfoResource.java +++ b/core/trino-main/src/main/java/io/trino/server/QueryStateInfoResource.java @@ -49,6 +49,7 @@ import static java.util.Objects.requireNonNull; @Path("/v1/queryState") +@ResourceSecurity(AUTHENTICATED_USER) public class QueryStateInfoResource { private final DispatchManager dispatchManager; @@ -69,7 +70,6 @@ public QueryStateInfoResource( this.sessionContextFactory = requireNonNull(sessionContextFactory, "sessionContextFactory is null"); } - @ResourceSecurity(AUTHENTICATED_USER) @GET @Produces(MediaType.APPLICATION_JSON) public List getQueryStateInfos(@QueryParam("user") String user, @Context HttpServletRequest servletRequest, @Context HttpHeaders httpHeaders) @@ -102,7 +102,6 @@ private QueryStateInfo getQueryStateInfo(BasicQueryInfo queryInfo) return createQueryStateInfo(queryInfo, groupId); } - @ResourceSecurity(AUTHENTICATED_USER) @GET @Path("{queryId}") @Produces(MediaType.APPLICATION_JSON) diff --git a/core/trino-main/src/main/java/io/trino/server/ResourceGroupStateInfoResource.java b/core/trino-main/src/main/java/io/trino/server/ResourceGroupStateInfoResource.java index b3f743283467..33f2c722b72b 100644 --- a/core/trino-main/src/main/java/io/trino/server/ResourceGroupStateInfoResource.java +++ b/core/trino-main/src/main/java/io/trino/server/ResourceGroupStateInfoResource.java @@ -35,6 +35,7 @@ import static java.util.Objects.requireNonNull; @Path("/v1/resourceGroupState") +@ResourceSecurity(MANAGEMENT_READ) public class ResourceGroupStateInfoResource { private final ResourceGroupInfoProvider resourceGroupInfoProvider; @@ -45,7 +46,6 @@ public ResourceGroupStateInfoResource(ResourceGroupInfoProvider resourceGroupInf this.resourceGroupInfoProvider = requireNonNull(resourceGroupInfoProvider, "resourceGroupInfoProvider is null"); } - @ResourceSecurity(MANAGEMENT_READ) @GET @Produces(MediaType.APPLICATION_JSON) @Encoded diff --git a/core/trino-main/src/main/java/io/trino/server/StatusResource.java b/core/trino-main/src/main/java/io/trino/server/StatusResource.java index 25a640f8b4ae..f9f227887fb4 100644 --- a/core/trino-main/src/main/java/io/trino/server/StatusResource.java +++ b/core/trino-main/src/main/java/io/trino/server/StatusResource.java @@ -34,6 +34,7 @@ import static java.util.Objects.requireNonNull; @Path("/v1/status") +@ResourceSecurity(PUBLIC) public class StatusResource { private final NodeInfo nodeInfo; @@ -64,7 +65,6 @@ public StatusResource(NodeVersion nodeVersion, NodeInfo nodeInfo, ServerConfig s } } - @ResourceSecurity(PUBLIC) @HEAD @Produces(APPLICATION_JSON) // to match the GET route public Response statusPing() @@ -72,7 +72,6 @@ public Response statusPing() return Response.ok().build(); } - @ResourceSecurity(PUBLIC) @GET @Produces(APPLICATION_JSON) public NodeStatus getStatus() diff --git a/core/trino-main/src/main/java/io/trino/server/TaskExecutorResource.java b/core/trino-main/src/main/java/io/trino/server/TaskExecutorResource.java index 0f8d19d52fba..e8d0abc6a06e 100644 --- a/core/trino-main/src/main/java/io/trino/server/TaskExecutorResource.java +++ b/core/trino-main/src/main/java/io/trino/server/TaskExecutorResource.java @@ -25,6 +25,7 @@ import static java.util.Objects.requireNonNull; @Path("/v1/maxActiveSplits") +@ResourceSecurity(MANAGEMENT_READ) public class TaskExecutorResource { private final TimeSharingTaskExecutor taskExecutor; @@ -36,7 +37,6 @@ public TaskExecutorResource( this.taskExecutor = requireNonNull(taskExecutor, "taskExecutor is null"); } - @ResourceSecurity(MANAGEMENT_READ) @GET @Produces(MediaType.TEXT_PLAIN) public String getMaxActiveSplit() diff --git a/core/trino-main/src/main/java/io/trino/server/TaskResource.java b/core/trino-main/src/main/java/io/trino/server/TaskResource.java index ed2057e93b1a..97ac4d980aa8 100644 --- a/core/trino-main/src/main/java/io/trino/server/TaskResource.java +++ b/core/trino-main/src/main/java/io/trino/server/TaskResource.java @@ -91,6 +91,7 @@ * Manages tasks on this worker node */ @Path("/v1/task") +@ResourceSecurity(INTERNAL_ONLY) public class TaskResource { private static final Logger log = Logger.get(TaskResource.class); @@ -127,7 +128,6 @@ public TaskResource( this.failureInjector = requireNonNull(failureInjector, "failureInjector is null"); } - @ResourceSecurity(INTERNAL_ONLY) @GET @Produces(MediaType.APPLICATION_JSON) public List getAllTaskInfo(@Context UriInfo uriInfo) @@ -139,7 +139,6 @@ public List getAllTaskInfo(@Context UriInfo uriInfo) return allTaskInfo; } - @ResourceSecurity(INTERNAL_ONLY) @POST @Path("{taskId}") @Consumes(MediaType.APPLICATION_JSON) @@ -178,7 +177,6 @@ public void createOrUpdateTask( asyncResponse.resume(Response.ok().entity(taskInfo).build()); } - @ResourceSecurity(INTERNAL_ONLY) @GET @Path("{taskId}") @Produces(MediaType.APPLICATION_JSON) @@ -228,7 +226,6 @@ public void getTaskInfo( bindAsyncResponse(asyncResponse, withFallbackAfterTimeout(response, timeout, () -> serviceUnavailable(timeout), timeoutExecutor), responseExecutor); } - @ResourceSecurity(INTERNAL_ONLY) @GET @Path("{taskId}/status") @Produces(MediaType.APPLICATION_JSON) @@ -273,7 +270,6 @@ public void getTaskStatus( bindAsyncResponse(asyncResponse, withFallbackAfterTimeout(response, timeout, () -> serviceUnavailable(timeout), timeoutExecutor), responseExecutor); } - @ResourceSecurity(INTERNAL_ONLY) @GET @Path("{taskId}/dynamicfilters") @Produces(MediaType.APPLICATION_JSON) @@ -295,7 +291,6 @@ public void acknowledgeAndGetNewDynamicFilterDomains( asyncResponse.resume(taskManager.acknowledgeAndGetNewDynamicFilterDomains(taskId, currentDynamicFiltersVersion)); } - @ResourceSecurity(INTERNAL_ONLY) @DELETE @Path("{taskId}") @Produces(MediaType.APPLICATION_JSON) @@ -320,7 +315,6 @@ public TaskInfo deleteTask( return taskInfo; } - @ResourceSecurity(INTERNAL_ONLY) @POST @Path("{taskId}/fail") @Consumes(MediaType.APPLICATION_JSON) @@ -334,7 +328,6 @@ public TaskInfo failTask( return taskManager.failTask(taskId, failTaskRequest.getFailureInfo().toException()); } - @ResourceSecurity(INTERNAL_ONLY) @GET @Path("{taskId}/results/{bufferId}/{token}") @Produces(TRINO_PAGES) @@ -375,7 +368,6 @@ public void getResults( responseFuture.addListener(() -> readFromOutputBufferTime.add(Duration.nanosSince(start)), directExecutor()); } - @ResourceSecurity(INTERNAL_ONLY) @GET @Path("{taskId}/results/{bufferId}/{token}/acknowledge") public Response acknowledgeResults( @@ -390,7 +382,6 @@ public Response acknowledgeResults( return Response.ok().build(); } - @ResourceSecurity(INTERNAL_ONLY) @DELETE @Path("{taskId}/results/{bufferId}") public void destroyTaskResults( @@ -409,7 +400,6 @@ public void destroyTaskResults( asyncResponse.resume(Response.noContent().build()); } - @ResourceSecurity(INTERNAL_ONLY) @POST @Path("pruneCatalogs") @Consumes(MediaType.APPLICATION_JSON) diff --git a/core/trino-main/src/main/java/io/trino/server/ThreadResource.java b/core/trino-main/src/main/java/io/trino/server/ThreadResource.java index 9a540e9f2bef..47a5ad2b74b4 100644 --- a/core/trino-main/src/main/java/io/trino/server/ThreadResource.java +++ b/core/trino-main/src/main/java/io/trino/server/ThreadResource.java @@ -37,9 +37,9 @@ import static java.util.Comparator.comparing; @Path("/v1/thread") +@ResourceSecurity(MANAGEMENT_READ) public class ThreadResource { - @ResourceSecurity(MANAGEMENT_READ) @GET @Produces(MediaType.APPLICATION_JSON) public List getThreadInfo() diff --git a/core/trino-main/src/main/java/io/trino/server/protocol/ExecutingStatementResource.java b/core/trino-main/src/main/java/io/trino/server/protocol/ExecutingStatementResource.java index eef5b7185c8e..41bb19f64fa1 100644 --- a/core/trino-main/src/main/java/io/trino/server/protocol/ExecutingStatementResource.java +++ b/core/trino-main/src/main/java/io/trino/server/protocol/ExecutingStatementResource.java @@ -72,6 +72,7 @@ import static java.util.concurrent.TimeUnit.SECONDS; @Path("/v1/statement/executing") +@ResourceSecurity(PUBLIC) public class ExecutingStatementResource { private static final Logger log = Logger.get(ExecutingStatementResource.class); @@ -156,7 +157,6 @@ public void stop() queryPurger.shutdownNow(); } - @ResourceSecurity(PUBLIC) @GET @Path("{queryId}/{slug}/{token}") @Produces(MediaType.APPLICATION_JSON) @@ -295,7 +295,6 @@ private Response toResponse(QueryResultsResponse resultsResponse, Optionalfalse "; @@ -61,7 +62,6 @@ public LoginResource(FormWebUiAuthenticationFilter formWebUiAuthenticationManage verify(loginHtml.contains(REPLACEMENT_TEXT), "login.html does not contain the replacement text"); } - @ResourceSecurity(WEB_UI) @GET @Path(LOGIN_FORM) public Response getFile(@Context SecurityContext securityContext) @@ -72,7 +72,6 @@ public Response getFile(@Context SecurityContext securityContext) .build(); } - @ResourceSecurity(WEB_UI) @POST @Path(UI_LOGIN) public Response login( @@ -101,7 +100,6 @@ public Response login( .build(); } - @ResourceSecurity(WEB_UI) @GET @Path(UI_LOGOUT) public Response logout(@Context HttpHeaders httpHeaders, @Context SecurityContext securityContext, @BeanParam ExternalUriInfo externalUriInfo) diff --git a/core/trino-main/src/main/java/io/trino/server/ui/UiQueryResource.java b/core/trino-main/src/main/java/io/trino/server/ui/UiQueryResource.java index f0205bb0d0d1..c600efb4dc1f 100644 --- a/core/trino-main/src/main/java/io/trino/server/ui/UiQueryResource.java +++ b/core/trino-main/src/main/java/io/trino/server/ui/UiQueryResource.java @@ -53,6 +53,7 @@ import static java.util.Objects.requireNonNull; @Path("/ui/api/query") +@ResourceSecurity(WEB_UI) @DisableHttpCache public class UiQueryResource { @@ -68,7 +69,6 @@ public UiQueryResource(DispatchManager dispatchManager, AccessControl accessCont this.sessionContextFactory = requireNonNull(sessionContextFactory, "sessionContextFactory is null"); } - @ResourceSecurity(WEB_UI) @GET public List getAllQueryInfo(@QueryParam("state") String stateFilter, @Context HttpServletRequest servletRequest, @Context HttpHeaders httpHeaders) { @@ -86,7 +86,6 @@ public List getAllQueryInfo(@QueryParam("state") String s return builder.build(); } - @ResourceSecurity(WEB_UI) @GET @Path("{queryId}") public Response getQueryInfo(@PathParam("queryId") QueryId queryId, @Context HttpServletRequest servletRequest, @Context HttpHeaders httpHeaders) @@ -106,7 +105,6 @@ public Response getQueryInfo(@PathParam("queryId") QueryId queryId, @Context Htt throw new GoneException(); } - @ResourceSecurity(WEB_UI) @PUT @Path("{queryId}/killed") public Response killQuery(@PathParam("queryId") QueryId queryId, String message, @Context HttpServletRequest servletRequest, @Context HttpHeaders httpHeaders) @@ -114,7 +112,6 @@ public Response killQuery(@PathParam("queryId") QueryId queryId, String message, return failQuery(queryId, createKillQueryException(message), servletRequest, httpHeaders); } - @ResourceSecurity(WEB_UI) @PUT @Path("{queryId}/preempted") public Response preemptQuery(@PathParam("queryId") QueryId queryId, String message, @Context HttpServletRequest servletRequest, @Context HttpHeaders httpHeaders) diff --git a/core/trino-main/src/main/java/io/trino/server/ui/WebUiPreviewStaticResource.java b/core/trino-main/src/main/java/io/trino/server/ui/WebUiPreviewStaticResource.java index a8487c3738c5..c1b5217cee51 100644 --- a/core/trino-main/src/main/java/io/trino/server/ui/WebUiPreviewStaticResource.java +++ b/core/trino-main/src/main/java/io/trino/server/ui/WebUiPreviewStaticResource.java @@ -27,16 +27,15 @@ import static io.trino.web.ui.WebUiResources.webUiResource; @Path("/ui/preview") +@ResourceSecurity(WEB_UI) public class WebUiPreviewStaticResource { - @ResourceSecurity(WEB_UI) @GET public Response getUiPreview(@BeanParam ExternalUriInfo externalUriInfo) { return Response.seeOther(externalUriInfo.absolutePath("/ui/preview/index.html")).build(); } - @ResourceSecurity(WEB_UI) @GET @Path("{path: .*}") public Response getFile(@PathParam("path") String path) diff --git a/core/trino-main/src/main/java/io/trino/server/ui/WebUiStaticResource.java b/core/trino-main/src/main/java/io/trino/server/ui/WebUiStaticResource.java index db286b6745cc..801bef0bdffb 100644 --- a/core/trino-main/src/main/java/io/trino/server/ui/WebUiStaticResource.java +++ b/core/trino-main/src/main/java/io/trino/server/ui/WebUiStaticResource.java @@ -30,6 +30,7 @@ import static io.trino.web.ui.WebUiResources.webUiResource; @Path("") +@ResourceSecurity(PUBLIC) public class WebUiStaticResource { @ResourceSecurity(PUBLIC) @@ -39,7 +40,6 @@ public Response getRoot(@BeanParam ExternalUriInfo externalUriInfo) return Response.seeOther(externalUriInfo.absolutePath("/ui/")).build(); } - @ResourceSecurity(PUBLIC) @GET @Path("/ui") public Response getUi(@BeanParam ExternalUriInfo externalUriInfo) diff --git a/core/trino-main/src/main/java/io/trino/server/ui/WorkerResource.java b/core/trino-main/src/main/java/io/trino/server/ui/WorkerResource.java index 5fb017148de1..cee38f624f43 100644 --- a/core/trino-main/src/main/java/io/trino/server/ui/WorkerResource.java +++ b/core/trino-main/src/main/java/io/trino/server/ui/WorkerResource.java @@ -62,6 +62,7 @@ import static java.util.Objects.requireNonNull; @Path("/ui/api/worker") +@ResourceSecurity(WEB_UI) public class WorkerResource { private final DispatchManager dispatchManager; @@ -85,7 +86,6 @@ public WorkerResource( this.sessionContextFactory = requireNonNull(sessionContextFactory, "sessionContextFactory is null"); } - @ResourceSecurity(WEB_UI) @GET @Path("{nodeId}/status") public Response getStatus(@PathParam("nodeId") String nodeId) @@ -93,7 +93,6 @@ public Response getStatus(@PathParam("nodeId") String nodeId) return proxyJsonResponse(nodeId, "v1/status"); } - @ResourceSecurity(WEB_UI) @GET @Path("{nodeId}/thread") public Response getThreads(@PathParam("nodeId") String nodeId) @@ -101,7 +100,6 @@ public Response getThreads(@PathParam("nodeId") String nodeId) return proxyJsonResponse(nodeId, "v1/thread"); } - @ResourceSecurity(WEB_UI) @GET @Path("{nodeId}/task/{taskId}") public Response getThreads( @@ -124,7 +122,6 @@ public Response getThreads( throw new GoneException(); } - @ResourceSecurity(WEB_UI) @GET public Response getWorkerList() {