diff --git a/service/common/src/main/java/org/apache/polaris/service/catalog/common/CatalogAdapter.java b/service/common/src/main/java/org/apache/polaris/service/catalog/common/CatalogAdapter.java index 56be4d9255..c2b60fbff2 100644 --- a/service/common/src/main/java/org/apache/polaris/service/catalog/common/CatalogAdapter.java +++ b/service/common/src/main/java/org/apache/polaris/service/catalog/common/CatalogAdapter.java @@ -18,10 +18,13 @@ */ package org.apache.polaris.service.catalog.common; +import jakarta.ws.rs.core.SecurityContext; import java.net.URLEncoder; import java.nio.charset.Charset; import org.apache.iceberg.catalog.Namespace; +import org.apache.iceberg.exceptions.NotAuthorizedException; import org.apache.iceberg.rest.RESTUtil; +import org.apache.polaris.core.auth.AuthenticatedPolarisPrincipal; /** * A common interface for adapters between the REST interface and {@link CatalogHandler} @@ -31,4 +34,11 @@ public interface CatalogAdapter { default Namespace decodeNamespace(String namespace) { return RESTUtil.decodeNamespace(URLEncoder.encode(namespace, Charset.defaultCharset())); } + + default void validatePrincipal(SecurityContext securityContext) { + var authenticatedPrincipal = (AuthenticatedPolarisPrincipal) securityContext.getUserPrincipal(); + if (authenticatedPrincipal == null) { + throw new NotAuthorizedException("Failed to find authenticatedPrincipal in SecurityContext"); + } + } } diff --git a/service/common/src/main/java/org/apache/polaris/service/catalog/generic/GenericTableCatalogAdapter.java b/service/common/src/main/java/org/apache/polaris/service/catalog/generic/GenericTableCatalogAdapter.java index bfd296904d..f7e325b070 100644 --- a/service/common/src/main/java/org/apache/polaris/service/catalog/generic/GenericTableCatalogAdapter.java +++ b/service/common/src/main/java/org/apache/polaris/service/catalog/generic/GenericTableCatalogAdapter.java @@ -23,13 +23,13 @@ import jakarta.ws.rs.core.Response; import jakarta.ws.rs.core.SecurityContext; import org.apache.iceberg.catalog.TableIdentifier; -import org.apache.iceberg.exceptions.NotAuthorizedException; -import org.apache.polaris.core.auth.AuthenticatedPolarisPrincipal; import org.apache.polaris.core.auth.PolarisAuthorizer; +import org.apache.polaris.core.config.FeatureConfiguration; import org.apache.polaris.core.context.CallContext; import org.apache.polaris.core.context.RealmContext; import org.apache.polaris.core.persistence.PolarisEntityManager; import org.apache.polaris.core.persistence.PolarisMetaStoreManager; +import org.apache.polaris.service.catalog.CatalogPrefixParser; import org.apache.polaris.service.catalog.api.PolarisCatalogGenericTableApiService; import org.apache.polaris.service.catalog.common.CatalogAdapter; import org.apache.polaris.service.types.CreateGenericTableRequest; @@ -44,36 +44,41 @@ public class GenericTableCatalogAdapter private static final Logger LOGGER = LoggerFactory.getLogger(GenericTableCatalogAdapter.class); + private final RealmContext realmContext; private final CallContext callContext; private final PolarisEntityManager entityManager; private final PolarisMetaStoreManager metaStoreManager; private final PolarisAuthorizer polarisAuthorizer; + private final CatalogPrefixParser prefixParser; @Inject public GenericTableCatalogAdapter( + RealmContext realmContext, CallContext callContext, PolarisEntityManager entityManager, PolarisMetaStoreManager metaStoreManager, - PolarisAuthorizer polarisAuthorizer) { + PolarisAuthorizer polarisAuthorizer, + CatalogPrefixParser prefixParser) { + this.realmContext = realmContext; this.callContext = callContext; this.entityManager = entityManager; this.metaStoreManager = metaStoreManager; this.polarisAuthorizer = polarisAuthorizer; + this.prefixParser = prefixParser; } private GenericTableCatalogHandler newHandlerWrapper( - SecurityContext securityContext, String catalogName) { - var authenticatedPrincipal = (AuthenticatedPolarisPrincipal) securityContext.getUserPrincipal(); - if (authenticatedPrincipal == null) { - throw new NotAuthorizedException("Failed to find authenticatedPrincipal in SecurityContext"); - } + SecurityContext securityContext, String prefix) { + FeatureConfiguration.enforceFeatureEnabledOrThrow( + callContext, FeatureConfiguration.ENABLE_GENERIC_TABLES); + validatePrincipal(securityContext); return new GenericTableCatalogHandler( callContext, entityManager, metaStoreManager, securityContext, - catalogName, + prefixParser.prefixToCatalogName(realmContext, prefix), polarisAuthorizer); } diff --git a/service/common/src/main/java/org/apache/polaris/service/catalog/generic/GenericTableCatalogHandler.java b/service/common/src/main/java/org/apache/polaris/service/catalog/generic/GenericTableCatalogHandler.java index b1f2648f13..7f6d48cc69 100644 --- a/service/common/src/main/java/org/apache/polaris/service/catalog/generic/GenericTableCatalogHandler.java +++ b/service/common/src/main/java/org/apache/polaris/service/catalog/generic/GenericTableCatalogHandler.java @@ -25,7 +25,6 @@ import org.apache.iceberg.catalog.TableIdentifier; import org.apache.polaris.core.auth.PolarisAuthorizableOperation; import org.apache.polaris.core.auth.PolarisAuthorizer; -import org.apache.polaris.core.config.FeatureConfiguration; import org.apache.polaris.core.context.CallContext; import org.apache.polaris.core.entity.PolarisEntitySubType; import org.apache.polaris.core.entity.table.GenericTableEntity; @@ -53,21 +52,8 @@ public GenericTableCatalogHandler( this.metaStoreManager = metaStoreManager; } - public void enforceGenericTablesEnabledOrThrow() { - boolean enabled = - callContext - .getPolarisCallContext() - .getConfigurationStore() - .getConfiguration( - callContext.getPolarisCallContext(), FeatureConfiguration.ENABLE_GENERIC_TABLES); - if (!enabled) { - throw new UnsupportedOperationException("Generic table support is not enabled"); - } - } - @Override protected void initializeCatalog() { - enforceGenericTablesEnabledOrThrow(); this.genericTableCatalog = new GenericTableCatalog(metaStoreManager, callContext, this.resolutionManifest); } diff --git a/service/common/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogAdapter.java b/service/common/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogAdapter.java index e2dcefc0bc..d1c930bf40 100644 --- a/service/common/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogAdapter.java +++ b/service/common/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogAdapter.java @@ -182,11 +182,7 @@ private Response withCatalog( private IcebergCatalogHandler newHandlerWrapper( SecurityContext securityContext, String catalogName) { - AuthenticatedPolarisPrincipal authenticatedPrincipal = - (AuthenticatedPolarisPrincipal) securityContext.getUserPrincipal(); - if (authenticatedPrincipal == null) { - throw new NotAuthorizedException("Failed to find authenticatedPrincipal in SecurityContext"); - } + validatePrincipal(securityContext); return new IcebergCatalogHandler( callContext, diff --git a/service/common/src/main/java/org/apache/polaris/service/catalog/policy/PolicyCatalogAdapter.java b/service/common/src/main/java/org/apache/polaris/service/catalog/policy/PolicyCatalogAdapter.java index fe70d00a80..ef000add56 100644 --- a/service/common/src/main/java/org/apache/polaris/service/catalog/policy/PolicyCatalogAdapter.java +++ b/service/common/src/main/java/org/apache/polaris/service/catalog/policy/PolicyCatalogAdapter.java @@ -23,10 +23,9 @@ import jakarta.ws.rs.core.Response; import jakarta.ws.rs.core.SecurityContext; import org.apache.iceberg.catalog.Namespace; -import org.apache.iceberg.exceptions.NotAuthorizedException; import org.apache.iceberg.rest.RESTUtil; -import org.apache.polaris.core.auth.AuthenticatedPolarisPrincipal; import org.apache.polaris.core.auth.PolarisAuthorizer; +import org.apache.polaris.core.config.FeatureConfiguration; import org.apache.polaris.core.context.CallContext; import org.apache.polaris.core.context.RealmContext; import org.apache.polaris.core.persistence.PolarisEntityManager; @@ -74,10 +73,9 @@ public PolicyCatalogAdapter( } private PolicyCatalogHandler newHandlerWrapper(SecurityContext securityContext, String prefix) { - var authenticatedPrincipal = (AuthenticatedPolarisPrincipal) securityContext.getUserPrincipal(); - if (authenticatedPrincipal == null) { - throw new NotAuthorizedException("Failed to find authenticatedPrincipal in SecurityContext"); - } + FeatureConfiguration.enforceFeatureEnabledOrThrow( + callContext, FeatureConfiguration.ENABLE_POLICY_STORE); + validatePrincipal(securityContext); return new PolicyCatalogHandler( callContext, diff --git a/service/common/src/main/java/org/apache/polaris/service/catalog/policy/PolicyCatalogHandler.java b/service/common/src/main/java/org/apache/polaris/service/catalog/policy/PolicyCatalogHandler.java index 8273256ba9..f4dea27b43 100644 --- a/service/common/src/main/java/org/apache/polaris/service/catalog/policy/PolicyCatalogHandler.java +++ b/service/common/src/main/java/org/apache/polaris/service/catalog/policy/PolicyCatalogHandler.java @@ -32,7 +32,6 @@ import org.apache.polaris.core.auth.PolarisAuthorizableOperation; import org.apache.polaris.core.auth.PolarisAuthorizer; import org.apache.polaris.core.catalog.PolarisCatalogHelpers; -import org.apache.polaris.core.config.FeatureConfiguration; import org.apache.polaris.core.context.CallContext; import org.apache.polaris.core.entity.PolarisEntitySubType; import org.apache.polaris.core.entity.PolarisEntityType; @@ -73,8 +72,6 @@ public PolicyCatalogHandler( @Override protected void initializeCatalog() { - FeatureConfiguration.enforceFeatureEnabledOrThrow( - callContext, FeatureConfiguration.ENABLE_POLICY_STORE); this.policyCatalog = new PolicyCatalog(metaStoreManager, callContext, this.resolutionManifest); }