From 5dc42d1ce5d9be74cfa0683bbef57ddcc3e8f1bb Mon Sep 17 00:00:00 2001 From: Hao Chen Date: Mon, 20 Feb 2017 19:27:38 +0800 Subject: [PATCH 01/13] Add User.Role --- .../common/authentication/UserPrincipal.java | 77 +++++++++ .../eagle/common/service/HadoopUser.java | 2 +- .../entity/meta/EntityDefinitionManager.java | 2 +- .../history/crawl/JHFSparkEventReader.java | 2 +- .../app/apps/jpm/partials/queue/overview.html | 2 +- .../entity/HdfsUserCommandPatternEntity.java | 2 +- .../eagle/security/hive/ql/TestParser.java | 2 +- .../eagle/server/ServerApplication.java | 3 +- .../org/apache/eagle/server/ServerConfig.java | 8 +- .../BasicAuthProviderBuilder.java | 31 ++-- .../BasicAuthenticationFilter.java | 83 +++++----- .../authenticator/LdapBasicAuthenticator.java | 14 +- .../SimpleBasicAuthenticator.java | 40 +++-- ...ettings.java => AuthenticationConfig.java} | 26 +-- .../{LdapSettings.java => LdapConfig.java} | 14 +- ...{SimpleSettings.java => SimpleConfig.java} | 49 ++++-- .../authentication/config/UserAccount.java | 61 +++++++ .../resource/AuthenticationResource.java | 40 +++++ .../src/main/resources/configuration.yml | 154 +++++++++--------- .../LdapBasicAuthenticatorTest.java | 10 +- .../SimpleBasicAuthenticatorTest.java | 22 ++- .../TestBasicAuthenticationResource.java | 6 +- .../src/test/resources/configuration.yml | 12 +- 23 files changed, 435 insertions(+), 227 deletions(-) create mode 100644 eagle-core/eagle-common/src/main/java/org/apache/eagle/common/authentication/UserPrincipal.java rename eagle-core/eagle-common/src/main/java/org/apache/eagle/common/authentication/User.java => eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthenticationFilter.java (53%) rename eagle-server/src/main/java/org/apache/eagle/server/authentication/config/{AuthenticationSettings.java => AuthenticationConfig.java} (75%) rename eagle-server/src/main/java/org/apache/eagle/server/authentication/config/{LdapSettings.java => LdapConfig.java} (84%) rename eagle-server/src/main/java/org/apache/eagle/server/authentication/config/{SimpleSettings.java => SimpleConfig.java} (54%) create mode 100644 eagle-server/src/main/java/org/apache/eagle/server/authentication/config/UserAccount.java create mode 100644 eagle-server/src/main/java/org/apache/eagle/server/resource/AuthenticationResource.java diff --git a/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/authentication/UserPrincipal.java b/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/authentication/UserPrincipal.java new file mode 100644 index 0000000000..489db585d9 --- /dev/null +++ b/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/authentication/UserPrincipal.java @@ -0,0 +1,77 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.eagle.common.authentication; + +import java.io.Serializable; +import java.security.Principal; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Set; + +public class UserPrincipal implements Principal, Serializable { + private String username; + private List roles; + + public UserPrincipal() { + + } + + public UserPrincipal(String username) { + this.username = username; + } + + public UserPrincipal(String username, List roles) { + this.username = username; + this.roles = roles; + } + + public List getRoles() { + return roles; + } + + public String getName() { + return username; + } + + public enum Role { + ADMIN_ROLE("ADMIN"), + USER_ROLE("USER"); + + private static Map nameRoleMap = new HashMap() { + { + put(ADMIN_ROLE.roleName, ADMIN_ROLE); + put(USER_ROLE.roleName, USER_ROLE); + } + }; + + Role(String roleName) { + this.roleName = roleName; + } + + @Override + public String toString() { + return roleName; + } + + public static Role locate(String roleName) { + return nameRoleMap.get(roleName); + } + + private final String roleName; + } +} \ No newline at end of file diff --git a/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/service/HadoopUser.java b/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/service/HadoopUser.java index 5c9cf8051d..094b8087a8 100644 --- a/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/service/HadoopUser.java +++ b/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/service/HadoopUser.java @@ -19,7 +19,7 @@ import java.util.List; /** - * Hadoop User. + * Hadoop UserPrincipal. * @since : 7/11/14,2014 */ public class HadoopUser { diff --git a/eagle-core/eagle-query/eagle-entity-base/src/main/java/org/apache/eagle/log/entity/meta/EntityDefinitionManager.java b/eagle-core/eagle-query/eagle-entity-base/src/main/java/org/apache/eagle/log/entity/meta/EntityDefinitionManager.java index 7b1010dff0..8795ba033a 100755 --- a/eagle-core/eagle-query/eagle-entity-base/src/main/java/org/apache/eagle/log/entity/meta/EntityDefinitionManager.java +++ b/eagle-core/eagle-query/eagle-entity-base/src/main/java/org/apache/eagle/log/entity/meta/EntityDefinitionManager.java @@ -278,7 +278,7 @@ public static void load() throws IllegalAccessException, InstantiationException } /** - * User can register their own field SerDeser + * UserPrincipal can register their own field SerDeser * @param clazz class of the the SerDeser * @param entitySerDeser entity or field SerDeser * @throws IllegalArgumentException diff --git a/eagle-jpm/eagle-jpm-spark-history/src/main/java/org/apache/eagle/jpm/spark/history/crawl/JHFSparkEventReader.java b/eagle-jpm/eagle-jpm-spark-history/src/main/java/org/apache/eagle/jpm/spark/history/crawl/JHFSparkEventReader.java index 2ef1bd9618..d245f49ea0 100644 --- a/eagle-jpm/eagle-jpm-spark-history/src/main/java/org/apache/eagle/jpm/spark/history/crawl/JHFSparkEventReader.java +++ b/eagle-jpm/eagle-jpm-spark-history/src/main/java/org/apache/eagle/jpm/spark/history/crawl/JHFSparkEventReader.java @@ -169,7 +169,7 @@ private void handleAppStarted(JSONObject event) { // the second argument of getNormalizeName() is changed to null because the original code contains sensitive text // original second argument looks like: this.app.getConfig().getConfig().get("xxx"), "xxx" is the sensitive text entity.getTags().put(SparkJobTagName.SPARK_APP_NORM_NAME.toString(), this.getNormalizedName(JSONUtils.getString(event, "App Name"), null)); - entity.getTags().put(SparkJobTagName.SPARK_USER.toString(), JSONUtils.getString(event, "User")); + entity.getTags().put(SparkJobTagName.SPARK_USER.toString(), JSONUtils.getString(event, "UserPrincipal")); entity.setTimestamp(appStartTime); } diff --git a/eagle-jpm/eagle-jpm-web/src/main/webapp/app/apps/jpm/partials/queue/overview.html b/eagle-jpm/eagle-jpm-web/src/main/webapp/app/apps/jpm/partials/queue/overview.html index 732fbb2175..dfcf41c5e5 100644 --- a/eagle-jpm/eagle-jpm-web/src/main/webapp/app/apps/jpm/partials/queue/overview.html +++ b/eagle-jpm/eagle-jpm-web/src/main/webapp/app/apps/jpm/partials/queue/overview.html @@ -42,7 +42,7 @@

    -
  • User
    • +
  • UserPrincipal
  • Job
  • diff --git a/eagle-security/eagle-security-common/src/main/java/org/apache/eagle/security/entity/HdfsUserCommandPatternEntity.java b/eagle-security/eagle-security-common/src/main/java/org/apache/eagle/security/entity/HdfsUserCommandPatternEntity.java index e8c7b72d11..713057b71e 100644 --- a/eagle-security/eagle-security-common/src/main/java/org/apache/eagle/security/entity/HdfsUserCommandPatternEntity.java +++ b/eagle-security/eagle-security-common/src/main/java/org/apache/eagle/security/entity/HdfsUserCommandPatternEntity.java @@ -25,7 +25,7 @@ import java.util.Map; /** - * User command pattern entity to specify Siddhi pattern, field selector and field modifier + * UserPrincipal command pattern entity to specify Siddhi pattern, field selector and field modifier */ @Table("hdfsusercommandpattern") @ColumnFamily("f") diff --git a/eagle-security/eagle-security-hive/src/test/java/org/apache/eagle/security/hive/ql/TestParser.java b/eagle-security/eagle-security-hive/src/test/java/org/apache/eagle/security/hive/ql/TestParser.java index a5f5f82930..599a4c82a7 100644 --- a/eagle-security/eagle-security-hive/src/test/java/org/apache/eagle/security/hive/ql/TestParser.java +++ b/eagle-security/eagle-security-hive/src/test/java/org/apache/eagle/security/hive/ql/TestParser.java @@ -212,7 +212,7 @@ public void testFromStatement2() throws Exception { public void testCreateTable() throws Exception { String query = "CREATE TABLE page_view(viewTime INT, userid BIGINT,\n" + " page_url STRING, referrer_url STRING,\n" + - " ip STRING COMMENT 'IP Address of the User')\n" + + " ip STRING COMMENT 'IP Address of the UserPrincipal')\n" + "COMMENT 'This is the page view table'\n" + "PARTITIONED BY(dt STRING, country STRING)\n" + "STORED AS SEQUENCEFILE"; diff --git a/eagle-server/src/main/java/org/apache/eagle/server/ServerApplication.java b/eagle-server/src/main/java/org/apache/eagle/server/ServerApplication.java index c779201dba..d5dcd28766 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/ServerApplication.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/ServerApplication.java @@ -34,7 +34,6 @@ import org.apache.eagle.app.service.ApplicationProviderService; import org.apache.eagle.app.spi.ApplicationProvider; import org.apache.eagle.common.Version; -import org.apache.eagle.common.utils.ReflectionsHelper; import org.apache.eagle.log.base.taggedlog.EntityJsonModule; import org.apache.eagle.log.base.taggedlog.TaggedLogAPIEntity; import org.apache.eagle.log.entity.repo.EntityRepositoryScanner; @@ -116,7 +115,7 @@ public void run(ServerConfig configuration, Environment environment) throws Exce .addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST), true, "/*"); // Register authentication provider - environment.jersey().register(new BasicAuthProviderBuilder(configuration.getAuth(), environment).build()); + environment.jersey().register(new BasicAuthProviderBuilder(configuration.getAuthConfig(), environment).build()); // Context listener environment.servlets().addServletListeners(new CoordinatorListener()); diff --git a/eagle-server/src/main/java/org/apache/eagle/server/ServerConfig.java b/eagle-server/src/main/java/org/apache/eagle/server/ServerConfig.java index 3def198982..00391df6f8 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/ServerConfig.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/ServerConfig.java @@ -18,7 +18,7 @@ import io.dropwizard.Configuration; import org.apache.eagle.common.Version; -import org.apache.eagle.server.authentication.config.AuthenticationSettings; +import org.apache.eagle.server.authentication.config.AuthenticationConfig; import com.fasterxml.jackson.annotation.JsonProperty; public class ServerConfig extends Configuration { @@ -29,15 +29,15 @@ public class ServerConfig extends Configuration { private static final String LICENSE = "Apache License (Version 2.0)"; private static final String LICENSE_URL = "http://www.apache.org/licenses/LICENSE-2.0"; - private AuthenticationSettings auth = new AuthenticationSettings(); + private AuthenticationConfig auth = new AuthenticationConfig(); @JsonProperty("auth") - public AuthenticationSettings getAuth() { + public AuthenticationConfig getAuthConfig() { return auth; } @JsonProperty("auth") - public void setAuth(AuthenticationSettings auth) { + public void setAuthConfig(AuthenticationConfig auth) { this.auth = auth; } diff --git a/eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthProviderBuilder.java b/eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthProviderBuilder.java index 855134ba88..06c3111ddb 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthProviderBuilder.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthProviderBuilder.java @@ -28,10 +28,10 @@ import io.dropwizard.auth.basic.BasicAuthProvider; import io.dropwizard.auth.basic.BasicCredentials; import io.dropwizard.setup.Environment; -import org.apache.eagle.common.authentication.User; +import org.apache.eagle.common.authentication.UserPrincipal; import org.apache.eagle.server.authentication.authenticator.LdapBasicAuthenticator; import org.apache.eagle.server.authentication.authenticator.SimpleBasicAuthenticator; -import org.apache.eagle.server.authentication.config.AuthenticationSettings; +import org.apache.eagle.server.authentication.config.AuthenticationConfig; import java.util.HashMap; import java.util.Map; @@ -39,16 +39,19 @@ public class BasicAuthProviderBuilder { private static final String SIMPLE_MODE_REALM = "SIMPLE_AUTHENTICATION"; private static final String LDAP_MODE_REALM = "LDAP_AUTHENTICATION"; - private static final Map> MAPPING = new HashMap<>(); - private AuthenticationSettings authSettings; + private static final Map> MAPPING = new HashMap<>(); + private AuthenticationConfig authSettings; private Environment environment; - public BasicAuthProviderBuilder(AuthenticationSettings authSettings, Environment environment) { - this.authSettings = authSettings; + public BasicAuthProviderBuilder(AuthenticationConfig authConfig, Environment environment) { + this.authSettings = authConfig; this.environment = environment; - Authenticator simpleAuthenticator = new SimpleBasicAuthenticator(authSettings.getSimple()); - Authenticator ldapAuthenticator = new LdapBasicAuthenticator(authSettings.getLdap()); - boolean needsCaching = authSettings.needsCaching(); + Authenticator simpleAuthenticator = new SimpleBasicAuthenticator(authConfig.getSimple()); + Authenticator ldapAuthenticator = new LdapBasicAuthenticator(authConfig.getLdap()); + boolean needsCaching = authConfig.needsCaching(); + + // TODO: Decouple the initiate Authenticator code to different BasicAuthProvider implementation + MAPPING.put("simple", new BasicAuthProvider<>(needsCaching ? cache(simpleAuthenticator) : simpleAuthenticator, SIMPLE_MODE_REALM)); MAPPING.put("ldap", @@ -64,11 +67,11 @@ public BasicAuthProvider build() { throw new RuntimeException(String.format("No matching mode found: %s", mode)); } } else { - return new BasicAuthProvider(null, "") { + return new BasicAuthProvider(null, "") { public Injectable getInjectable(ComponentContext ic, Auth a, Parameter c) { - return new AbstractHttpContextInjectable() { - public User getValue(HttpContext c) { - return new User("non-auth"); + return new AbstractHttpContextInjectable() { + public UserPrincipal getValue(HttpContext c) { + return new UserPrincipal("non-auth"); } }; } @@ -76,7 +79,7 @@ public User getValue(HttpContext c) { } } - private Authenticator cache(Authenticator authenticator) { + private Authenticator cache(Authenticator authenticator) { return new CachingAuthenticator<>(environment.metrics(), authenticator, CacheBuilderSpec.parse(authSettings.getCachePolicy())); } } diff --git a/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/authentication/User.java b/eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthenticationFilter.java similarity index 53% rename from eagle-core/eagle-common/src/main/java/org/apache/eagle/common/authentication/User.java rename to eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthenticationFilter.java index e967624873..484fa21559 100644 --- a/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/authentication/User.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthenticationFilter.java @@ -1,46 +1,37 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.eagle.common.authentication; - -import java.io.Serializable; -import java.security.Principal; -import java.util.Set; - -public class User implements Principal, Serializable { - private String username = "Unauthenticated"; - private Set roles = null; - - public User() { - } - - public User(String username) { - this.username = username; - } - - public User(String username, Set roles) { - this.username = username; - this.roles = roles; - } - - public Set getRoles() { - return roles; - } - - public String getName() { - return username; - } -} +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + *

    + * http://www.apache.org/licenses/LICENSE-2.0 + *

    + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.eagle.server.authentication; + +import javax.servlet.*; +import java.io.IOException; + +public class BasicAuthenticationFilter implements Filter { + @Override + public void init(FilterConfig filterConfig) throws ServletException { + + } + + @Override + public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { + + } + + @Override + public void destroy() { + + } +} diff --git a/eagle-server/src/main/java/org/apache/eagle/server/authentication/authenticator/LdapBasicAuthenticator.java b/eagle-server/src/main/java/org/apache/eagle/server/authentication/authenticator/LdapBasicAuthenticator.java index c67dea8d34..4796e859e7 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/authentication/authenticator/LdapBasicAuthenticator.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/authentication/authenticator/LdapBasicAuthenticator.java @@ -20,8 +20,8 @@ import io.dropwizard.auth.AuthenticationException; import io.dropwizard.auth.Authenticator; import io.dropwizard.auth.basic.BasicCredentials; -import org.apache.eagle.common.authentication.User; -import org.apache.eagle.server.authentication.config.LdapSettings; +import org.apache.eagle.common.authentication.UserPrincipal; +import org.apache.eagle.server.authentication.config.LdapConfig; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -30,7 +30,7 @@ import java.io.File; import java.util.Hashtable; -public class LdapBasicAuthenticator implements Authenticator { +public class LdapBasicAuthenticator implements Authenticator { private static final Logger LOGGER = LoggerFactory.getLogger(LdapBasicAuthenticator.class); private static final String LDAP_LDAP_CTX_FACTORY_NAME = "com.sun.jndi.ldap.LdapCtxFactory"; private static final String LDAP_CONNECT_TIMEOUT_KEY = "com.sun.jndi.ldap.connect.timeout"; @@ -39,17 +39,17 @@ public class LdapBasicAuthenticator implements Authenticator authenticate(BasicCredentials credentials) throws AuthenticationException { + public Optional authenticate(BasicCredentials credentials) throws AuthenticationException { String sanitizedUsername = sanitizeUsername(credentials.getUsername()); try { new InitialDirContext(getContextEnvironment(sanitizedUsername, credentials.getPassword())); - return Optional.of(new User(sanitizedUsername)); + return Optional.of(new UserPrincipal(sanitizedUsername)); } catch (javax.naming.AuthenticationException ae) { LOGGER.warn(String.format("Authentication failed for user[%s]: wrong username or password", sanitizedUsername)); return Optional.absent(); diff --git a/eagle-server/src/main/java/org/apache/eagle/server/authentication/authenticator/SimpleBasicAuthenticator.java b/eagle-server/src/main/java/org/apache/eagle/server/authentication/authenticator/SimpleBasicAuthenticator.java index ede3b06235..7b5d8486cf 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/authentication/authenticator/SimpleBasicAuthenticator.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/authentication/authenticator/SimpleBasicAuthenticator.java @@ -17,27 +17,41 @@ package org.apache.eagle.server.authentication.authenticator; import com.google.common.base.Optional; +import com.google.common.base.Preconditions; import io.dropwizard.auth.AuthenticationException; import io.dropwizard.auth.Authenticator; import io.dropwizard.auth.basic.BasicCredentials; -import org.apache.eagle.common.authentication.User; -import org.apache.eagle.server.authentication.config.SimpleSettings; +import org.apache.eagle.common.authentication.UserPrincipal; +import org.apache.eagle.server.authentication.config.SimpleConfig; +import org.apache.eagle.server.authentication.config.UserAccount; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; -public class SimpleBasicAuthenticator implements Authenticator { - private String acceptedUsername = null; - private String acceptedPassword = null; +import java.util.*; - public SimpleBasicAuthenticator(SimpleSettings settings) { - acceptedUsername = settings.getUsername(); - acceptedPassword = settings.getPassword(); +public class SimpleBasicAuthenticator implements Authenticator { + private static final Logger LOGGER = LoggerFactory.getLogger(SimpleBasicAuthenticator.class); + private final Map userAccountRepository; + + public SimpleBasicAuthenticator(SimpleConfig config) { + userAccountRepository = new HashMap<>(); + for (UserAccount userAccount : config.getUsers()) { + Preconditions.checkNotNull(userAccount.getUsername()," Username is null " + userAccount); + Preconditions.checkArgument(!userAccountRepository.containsKey(userAccount.getUsername()), "Duplicated user name: " + userAccount.getUsername()); + if (userAccount.getRoles() == null) { + LOGGER.warn("UserPrincipal {} has no roles, set as {} by default", userAccount.getUsername(), UserPrincipal.Role.USER_ROLE); + userAccount.setRoles(Collections.singletonList(UserPrincipal.Role.USER_ROLE)); + } + userAccountRepository.put(userAccount.getUsername(), userAccount); + } } - public Optional authenticate(BasicCredentials credentials) throws AuthenticationException { - String username = credentials.getUsername(); - if (acceptedUsername.equals(username) && acceptedPassword.equals(credentials.getPassword())) { - return Optional.of(new User(username)); + public Optional authenticate(BasicCredentials credentials) throws AuthenticationException { + if (userAccountRepository.containsKey(credentials.getUsername()) + && Objects.equals(userAccountRepository.get(credentials.getUsername()).getPassword(), credentials.getPassword())) { + UserAccount userAccount = userAccountRepository.get(credentials.getUsername()); + return Optional.of(new UserPrincipal(userAccount.getUsername(), userAccount.getRoles())); } return Optional.absent(); } - } diff --git a/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/AuthenticationSettings.java b/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/AuthenticationConfig.java similarity index 75% rename from eagle-server/src/main/java/org/apache/eagle/server/authentication/config/AuthenticationSettings.java rename to eagle-server/src/main/java/org/apache/eagle/server/authentication/config/AuthenticationConfig.java index 501ca1314f..33b39c5a56 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/AuthenticationSettings.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/AuthenticationConfig.java @@ -19,15 +19,15 @@ import io.dropwizard.Configuration; import com.fasterxml.jackson.annotation.JsonProperty; -public class AuthenticationSettings extends Configuration { +public class AuthenticationConfig extends Configuration { private boolean enabled = false; private String mode = null; private boolean caching = false; private String cachePolicy = null; private boolean authorization = false; private boolean annotated = true; - private SimpleSettings simple = new SimpleSettings(); - private LdapSettings ldap = new LdapSettings(); + private SimpleConfig simple = new SimpleConfig(); + private LdapConfig ldap = new LdapConfig(); @JsonProperty public boolean isEnabled() { @@ -35,7 +35,7 @@ public boolean isEnabled() { } @JsonProperty - public AuthenticationSettings setEnabled(boolean enabled) { + public AuthenticationConfig setEnabled(boolean enabled) { this.enabled = enabled; return this; } @@ -46,7 +46,7 @@ public String getMode() { } @JsonProperty - public AuthenticationSettings setMode(String mode) { + public AuthenticationConfig setMode(String mode) { this.mode = mode; return this; } @@ -57,7 +57,7 @@ public boolean needsCaching() { } @JsonProperty - public AuthenticationSettings setCaching(boolean caching) { + public AuthenticationConfig setCaching(boolean caching) { this.caching = caching; return this; } @@ -68,7 +68,7 @@ public String getCachePolicy() { } @JsonProperty - public AuthenticationSettings setCachePolicy(String cachePolicy) { + public AuthenticationConfig setCachePolicy(String cachePolicy) { this.cachePolicy = cachePolicy; return this; } @@ -79,7 +79,7 @@ public boolean needsAuthorization() { } @JsonProperty - public AuthenticationSettings setAuthorization(boolean authorization) { + public AuthenticationConfig setAuthorization(boolean authorization) { this.authorization = authorization; return this; } @@ -90,29 +90,29 @@ public boolean byAnnotated() { } @JsonProperty - public AuthenticationSettings setAnnotated(boolean annotated) { + public AuthenticationConfig setAnnotated(boolean annotated) { this.annotated = annotated; return this; } @JsonProperty("ldap") - public LdapSettings getLdap() { + public LdapConfig getLdap() { return ldap; } @JsonProperty("ldap") - public AuthenticationSettings setLdap(LdapSettings ldap) { + public AuthenticationConfig setLdap(LdapConfig ldap) { this.ldap = ldap; return this; } @JsonProperty("simple") - public SimpleSettings getSimple() { + public SimpleConfig getSimple() { return simple; } @JsonProperty("simple") - public AuthenticationSettings setSimple(SimpleSettings simple) { + public AuthenticationConfig setSimple(SimpleConfig simple) { this.simple = simple; return this; } diff --git a/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/LdapSettings.java b/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/LdapConfig.java similarity index 84% rename from eagle-server/src/main/java/org/apache/eagle/server/authentication/config/LdapSettings.java rename to eagle-server/src/main/java/org/apache/eagle/server/authentication/config/LdapConfig.java index ea2d89672b..406031a524 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/LdapSettings.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/LdapConfig.java @@ -19,7 +19,7 @@ import io.dropwizard.util.Duration; import com.fasterxml.jackson.annotation.JsonProperty; -public class LdapSettings { +public class LdapConfig { private String providerUrl = ""; private String strategy = ""; @@ -34,7 +34,7 @@ public String getProviderUrl() { } @JsonProperty - public LdapSettings setProviderUrl(String providerUrl) { + public LdapConfig setProviderUrl(String providerUrl) { this.providerUrl = providerUrl; return this; } @@ -45,7 +45,7 @@ public String getPrincipalTemplate() { } @JsonProperty - public LdapSettings setPrincipalTemplate(String principalTemplate) { + public LdapConfig setPrincipalTemplate(String principalTemplate) { this.principalTemplate = principalTemplate; return this; } @@ -56,7 +56,7 @@ public String getStrategy() { } @JsonProperty - public LdapSettings setStrategy(String strategy) { + public LdapConfig setStrategy(String strategy) { this.strategy = strategy; return this; } @@ -67,7 +67,7 @@ public Duration getConnectingTimeout() { } @JsonProperty - public LdapSettings setConnectingTimeout(Duration connectingTimeout) { + public LdapConfig setConnectingTimeout(Duration connectingTimeout) { this.connectingTimeout = connectingTimeout; return this; } @@ -78,7 +78,7 @@ public Duration getReadingTimeout() { } @JsonProperty - public LdapSettings setReadingTimeout(Duration readingTimeout) { + public LdapConfig setReadingTimeout(Duration readingTimeout) { this.readingTimeout = readingTimeout; return this; } @@ -89,7 +89,7 @@ public String getCertificateAbsolutePath() { } @JsonProperty - public LdapSettings setCertificateAbsolutePath(String certificateAbsolutePath) { + public LdapConfig setCertificateAbsolutePath(String certificateAbsolutePath) { this.certificateAbsolutePath = certificateAbsolutePath; return this; } diff --git a/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/SimpleSettings.java b/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/SimpleConfig.java similarity index 54% rename from eagle-server/src/main/java/org/apache/eagle/server/authentication/config/SimpleSettings.java rename to eagle-server/src/main/java/org/apache/eagle/server/authentication/config/SimpleConfig.java index 35cfd70b1f..2f3eb413a1 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/SimpleSettings.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/SimpleConfig.java @@ -18,29 +18,42 @@ import com.fasterxml.jackson.annotation.JsonProperty; -public class SimpleSettings { - private String username = null; - private String password = null; +import java.util.List; - @JsonProperty - public String getUsername() { - return username; - } +public class SimpleConfig { + private List users; - @JsonProperty - public SimpleSettings setUsername(String username) { - this.username = username; - return this; + public List getUsers() { + return users; } @JsonProperty - public String getPassword() { - return password; + public void setUsers(List users) { + this.users = users; } - @JsonProperty - public SimpleSettings setPassword(String password) { - this.password = password; - return this; - } +// private String username = null; +// private String password = null; +// +// @JsonProperty +// public String getUsername() { +// return username; +// } +// +// @JsonProperty +// public SimpleConfig setUsername(String username) { +// this.username = username; +// return this; +// } +// +// @JsonProperty +// public String getPassword() { +// return password; +// } +// +// @JsonProperty +// public SimpleConfig setPassword(String password) { +// this.password = password; +// return this; +// } } diff --git a/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/UserAccount.java b/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/UserAccount.java new file mode 100644 index 0000000000..2892d3144c --- /dev/null +++ b/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/UserAccount.java @@ -0,0 +1,61 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + *

    + * http://www.apache.org/licenses/LICENSE-2.0 + *

    + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.eagle.server.authentication.config; + +import org.apache.eagle.common.authentication.UserPrincipal; + +import java.util.List; + +public class UserAccount { + private String username; + private String password; + private List roles; + + public UserAccount(String username, String password) { + this.username = username; + this.password = password; + } + + public String getUsername() { + return username; + } + + public void setUsername(String username) { + this.username = username; + } + + public String getPassword() { + return password; + } + + public void setPassword(String password) { + this.password = password; + } + + @Override + public String toString() { + return String.format("username: %s, roles: %s", this.username, this.roles); + } + + public void setRoles(List roles) { + this.roles = roles; + } + + public List getRoles() { + return this.roles; + } +} diff --git a/eagle-server/src/main/java/org/apache/eagle/server/resource/AuthenticationResource.java b/eagle-server/src/main/java/org/apache/eagle/server/resource/AuthenticationResource.java new file mode 100644 index 0000000000..760aadf959 --- /dev/null +++ b/eagle-server/src/main/java/org/apache/eagle/server/resource/AuthenticationResource.java @@ -0,0 +1,40 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + *

    + * http://www.apache.org/licenses/LICENSE-2.0 + *

    + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.eagle.server.resource; + +import io.dropwizard.auth.Auth; +import org.apache.eagle.common.authentication.UserPrincipal; + +import javax.ws.rs.*; +import javax.ws.rs.core.MediaType; + +@Path("/authentication") +public class AuthenticationResource { + @GET + @Path("/principal") + @Produces(MediaType.APPLICATION_JSON) + public UserPrincipal getCurrentPrincipal(@Auth UserPrincipal user) { + return user; + } + + @POST + @Path("/login") + @Produces(MediaType.APPLICATION_JSON) + public UserPrincipal login(@Auth UserPrincipal user) { + return user; + } +} diff --git a/eagle-server/src/main/resources/configuration.yml b/eagle-server/src/main/resources/configuration.yml index eabb8a1c68..b017c774ec 100644 --- a/eagle-server/src/main/resources/configuration.yml +++ b/eagle-server/src/main/resources/configuration.yml @@ -1,77 +1,77 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -server: - applicationConnectors: - - type: http - port: 9090 - adminConnectors: - - type: http - port: 9091 - -# --------------------------------------------- -# Eagle Authentication Configuration -# --------------------------------------------- -auth: - # indicating if authentication is enabled, true for enabled, false for disabled - enabled: false - - # indicating authentication mode, "simple" or "ldap" - mode: simple - - # indicating whether to use cache: cache is usually used for authentications that may - # not handle high throughput (an RDBMS or LDAP server, for example) - caching: false - - # indicating the cache policy, containing maximumSize and expireAfterWrite, e.g. maximumSize=10000, expireAfterWrite=10m - cachePolicy: maximumSize=10000, expireAfterWrite=1m - - # indicating whether authorization is needed - authorization: false - - # indicating whether @Auth annotation on parameters is needed - annotated: true - - # for basic authentication, effective only when auth.mode=simple - simple: - # username for basic authentication, effective only when auth.mode=simple - username: admin - # password for basic authentication, effective only when auth.mode=simple - password: secret - - # for ldap authentication, effective only when auth.mode=ldap - ldap: - # url providing ldap service. By convention, the port for typical ldap service is 389, and ldap service over ssl - # uses port 636 with protocol "ldaps", which requires certificates pre-installed. - providerUrl: ldap://server.address.or.domain:port - - # template string containing ${USERNAME} placeholder. This is designed for some orgs who don't use plain usernames - # to authenticate, e.g. they may use its members' email address as the username: ${USERNAME}@some.org. When username - # is supposed to be recognized originally, just configure this parameter as ${USERNAME} - principalTemplate: ${USERNAME}@maybe.email.suffix - - # string of strategy used by ldap service. "simple" is usually supported in most circumstances, we can use it by - # default or leave it a blank string. - strategy: simple - - # the absolute path of ssl certificate file. This attribute is required conditional only when the auth -> mode is set - # as "ldap" and providerUrl starting with "ldaps://". - certificateAbsolutePath: /certificate/absolute/path - - # timeout expression for connecting to ldap service endpoint - connectingTimeout: 500ms - - # timeout expression for reading from ldap service - readingTimeout: 500ms +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +server: + applicationConnectors: + - type: http + port: 9090 + adminConnectors: + - type: http + port: 9091 + +# --------------------------------------------- +# Eagle Authentication Configuration +# --------------------------------------------- +auth: + # indicating if authentication is enabled, true for enabled, false for disabled + enabled: false + + # indicating authentication mode, "simple" or "ldap" + mode: simple + + # indicating whether to use cache: cache is usually used for authentications that may + # not handle high throughput (an RDBMS or LDAP server, for example) + caching: false + + # indicating the cache policy, containing maximumSize and expireAfterWrite, e.g. maximumSize=10000, expireAfterWrite=10m + cachePolicy: maximumSize=10000, expireAfterWrite=1m + + # indicating whether authorization is needed + authorization: false + + # indicating whether @Auth annotation on parameters is needed + annotated: true + + # for basic authentication, effective only when auth.mode=simple + simple: + # username for basic authentication, effective only when auth.mode=simple + username: admin + # password for basic authentication, effective only when auth.mode=simple + password: secret + + # for ldap authentication, effective only when auth.mode=ldap + ldap: + # url providing ldap service. By convention, the port for typical ldap service is 389, and ldap service over ssl + # uses port 636 with protocol "ldaps", which requires certificates pre-installed. + providerUrl: ldap://server.address.or.domain:port + + # template string containing ${USERNAME} placeholder. This is designed for some orgs who don't use plain usernames + # to authenticate, e.g. they may use its members' email address as the username: ${USERNAME}@some.org. When username + # is supposed to be recognized originally, just configure this parameter as ${USERNAME} + principalTemplate: ${USERNAME}@maybe.email.suffix + + # string of strategy used by ldap service. "simple" is usually supported in most circumstances, we can use it by + # default or leave it a blank string. + strategy: simple + + # the absolute path of ssl certificate file. This attribute is required conditional only when the auth -> mode is set + # as "ldap" and providerUrl starting with "ldaps://". + certificateAbsolutePath: /certificate/absolute/path + + # timeout expression for connecting to ldap service endpoint + connectingTimeout: 500ms + + # timeout expression for reading from ldap service + readingTimeout: 500ms diff --git a/eagle-server/src/test/java/org/apache/eagle/server/authentication/authenticator/LdapBasicAuthenticatorTest.java b/eagle-server/src/test/java/org/apache/eagle/server/authentication/authenticator/LdapBasicAuthenticatorTest.java index 8700a75be1..fb3f8921f9 100644 --- a/eagle-server/src/test/java/org/apache/eagle/server/authentication/authenticator/LdapBasicAuthenticatorTest.java +++ b/eagle-server/src/test/java/org/apache/eagle/server/authentication/authenticator/LdapBasicAuthenticatorTest.java @@ -18,7 +18,7 @@ package org.apache.eagle.server.authentication.authenticator; import io.dropwizard.util.Duration; -import org.apache.eagle.server.authentication.config.LdapSettings; +import org.apache.eagle.server.authentication.config.LdapConfig; import org.junit.Assert; import org.junit.Test; @@ -158,11 +158,11 @@ public void testGetContextEnvironmentUnexistingCA_SSL() { } } - private static LdapSettings getNonSSLPreSettings() { - return new LdapSettings().setProviderUrl(LDAP_SERVICE_PROVIDER_URL); + private static LdapConfig getNonSSLPreSettings() { + return new LdapConfig().setProviderUrl(LDAP_SERVICE_PROVIDER_URL); } - private static LdapSettings getSSLPreSettings() { - return new LdapSettings().setProviderUrl(LDAP_SERVICE_PROVIDER_SSL_URL); + private static LdapConfig getSSLPreSettings() { + return new LdapConfig().setProviderUrl(LDAP_SERVICE_PROVIDER_SSL_URL); } } diff --git a/eagle-server/src/test/java/org/apache/eagle/server/authentication/authenticator/SimpleBasicAuthenticatorTest.java b/eagle-server/src/test/java/org/apache/eagle/server/authentication/authenticator/SimpleBasicAuthenticatorTest.java index e896a7c5c7..5a3e678607 100644 --- a/eagle-server/src/test/java/org/apache/eagle/server/authentication/authenticator/SimpleBasicAuthenticatorTest.java +++ b/eagle-server/src/test/java/org/apache/eagle/server/authentication/authenticator/SimpleBasicAuthenticatorTest.java @@ -20,26 +20,34 @@ import com.google.common.base.Optional; import io.dropwizard.auth.AuthenticationException; import io.dropwizard.auth.basic.BasicCredentials; -import org.apache.eagle.common.authentication.User; -import org.apache.eagle.server.authentication.config.SimpleSettings; +import org.apache.eagle.common.authentication.UserPrincipal; +import org.apache.eagle.server.authentication.config.SimpleConfig; +import org.apache.eagle.server.authentication.config.UserAccount; import org.junit.Assert; import org.junit.Test; +import java.util.Collections; + public class SimpleBasicAuthenticatorTest { private static final String TEST_USERNAME = "normal-username"; private static final String TEST_SECRET_PHRASE = "secret-phrase"; private static final String TEST_UNEXISTING_USERNAME = "unexisting-username"; private static final String TEST_WRONG_SECRET_PHRASE = "wrong-secret-phrase"; - private static SimpleBasicAuthenticator authenticator = new SimpleBasicAuthenticator(new SimpleSettings().setUsername(TEST_USERNAME).setPassword(TEST_SECRET_PHRASE)); + + private static SimpleConfig config = new SimpleConfig(); + static { + config.setUsers(Collections.singletonList(new UserAccount(TEST_USERNAME, TEST_SECRET_PHRASE))); + } + private static SimpleBasicAuthenticator authenticator = new SimpleBasicAuthenticator(config); @Test public void testNormal() { try { BasicCredentials credentials = new BasicCredentials(TEST_USERNAME, TEST_SECRET_PHRASE); - Optional result = authenticator.authenticate(credentials); + Optional result = authenticator.authenticate(credentials); Assert.assertTrue("result isn't present when passed correct credentials", result.isPresent()); - User user = result.get(); + UserPrincipal user = result.get(); Assert.assertEquals("authenticated user is not expected", TEST_USERNAME, user.getName()); } catch (AuthenticationException e) { @@ -50,7 +58,7 @@ public void testNormal() { @Test public void testUnexistingUsername() { try { - Optional result = authenticator.authenticate(new BasicCredentials(TEST_UNEXISTING_USERNAME, TEST_SECRET_PHRASE)); + Optional result = authenticator.authenticate(new BasicCredentials(TEST_UNEXISTING_USERNAME, TEST_SECRET_PHRASE)); Assert.assertFalse("result is present when passed unexisting username", result.isPresent()); } catch (AuthenticationException e) { @@ -61,7 +69,7 @@ public void testUnexistingUsername() { @Test public void testWrongPassword() { try { - Optional result = authenticator.authenticate(new BasicCredentials(TEST_USERNAME, TEST_WRONG_SECRET_PHRASE)); + Optional result = authenticator.authenticate(new BasicCredentials(TEST_USERNAME, TEST_WRONG_SECRET_PHRASE)); Assert.assertFalse("result is present when passed wrong password", result.isPresent()); } catch (AuthenticationException e) { diff --git a/eagle-server/src/test/java/org/apache/eagle/server/authentication/resource/TestBasicAuthenticationResource.java b/eagle-server/src/test/java/org/apache/eagle/server/authentication/resource/TestBasicAuthenticationResource.java index 0ea66662ac..f4b4e6f5a2 100644 --- a/eagle-server/src/test/java/org/apache/eagle/server/authentication/resource/TestBasicAuthenticationResource.java +++ b/eagle-server/src/test/java/org/apache/eagle/server/authentication/resource/TestBasicAuthenticationResource.java @@ -17,7 +17,7 @@ package org.apache.eagle.server.authentication.resource; import io.dropwizard.auth.Auth; -import org.apache.eagle.common.authentication.User; +import org.apache.eagle.common.authentication.UserPrincipal; import org.apache.eagle.metadata.resource.RESTResponse; import org.junit.Ignore; @@ -33,7 +33,7 @@ public class TestBasicAuthenticationResource { @GET @Path("/ba/simple") @Produces(MediaType.APPLICATION_JSON) - public RESTResponse getIt(@Auth User user) { - return RESTResponse.builder().data(user).success(true).status(Response.Status.OK).get(); + public RESTResponse getIt(@Auth UserPrincipal user) { + return RESTResponse.builder().data(user).success(true).status(Response.Status.OK).get(); } } diff --git a/eagle-server/src/test/resources/configuration.yml b/eagle-server/src/test/resources/configuration.yml index eabb8a1c68..72e69336bc 100644 --- a/eagle-server/src/test/resources/configuration.yml +++ b/eagle-server/src/test/resources/configuration.yml @@ -26,7 +26,7 @@ server: # --------------------------------------------- auth: # indicating if authentication is enabled, true for enabled, false for disabled - enabled: false + enabled: true # indicating authentication mode, "simple" or "ldap" mode: simple @@ -46,10 +46,12 @@ auth: # for basic authentication, effective only when auth.mode=simple simple: - # username for basic authentication, effective only when auth.mode=simple - username: admin - # password for basic authentication, effective only when auth.mode=simple - password: secret + users: + username: admin + password: secret + roles: + - USER + - ADMIN # for ldap authentication, effective only when auth.mode=ldap ldap: From 753d4bf87f52056ffc1717498bf829bb52517671 Mon Sep 17 00:00:00 2001 From: Hao Chen Date: Tue, 21 Feb 2017 17:49:01 +0800 Subject: [PATCH 02/13] Support @RolesAllowed @DenyAll @PermitAll security annoations --- .../app/resource/ApplicationResource.java | 2 +- .../common/authentication/UserPrincipal.java | 77 -------- .../eagle/common/rest}/RESTResponse.java | 13 +- .../apache/eagle/common/security/DenyAll.java | 27 +++ .../eagle/common/security/PermitAll.java | 66 +++---- .../eagle/common/security/RolesAllowed.java | 18 +- .../apache/eagle/common/security/User.java | 181 ++++++++++++++++++ .../eagle-metadata-base/pom.xml | 4 + .../eagle/metadata/resource/SiteResource.java | 1 + .../analyzer/resource/AnalyzerResource.java | 2 +- .../apache/eagle/jpm/analyzer/util/Utils.java | 2 +- eagle-server/pom.xml | 5 + .../eagle/server/RESTExceptionMapper.java | 2 +- .../eagle/server/ServerApplication.java | 28 ++- .../authentication/BasicAuthBuilder.java | 99 ++++++++++ .../BasicAuthProviderBuilder.java | 85 -------- .../BasicAuthRequestFilter.java | 161 ++++++++++++++++ .../BasicAuthResourceFilterFactory.java | 53 +++++ .../authenticator/LdapBasicAuthenticator.java | 8 +- .../SimpleBasicAuthenticator.java | 28 +-- .../config/AuthenticationConfig.java | 24 --- .../authentication/config/SimpleConfig.java | 12 +- .../authentication/config/UserAccount.java | 51 ++--- .../resource/AuthenticationResource.java | 41 +++- .../src/main/resources/configuration.yml | 19 +- .../org/apache/eagle/server/ServerDebug.java | 2 + .../SimpleBasicAuthenticatorTest.java | 35 ++-- .../resource/BasicAuthenticationTestCase.java | 103 ++++++++++ .../TestBasicAuthenticationResource.java | 58 +++++- .../src/test/resources/configuration.yml | 33 ++-- 30 files changed, 887 insertions(+), 353 deletions(-) delete mode 100644 eagle-core/eagle-common/src/main/java/org/apache/eagle/common/authentication/UserPrincipal.java rename eagle-core/{eagle-metadata/eagle-metadata-base/src/main/java/org/apache/eagle/metadata/resource => eagle-common/src/main/java/org/apache/eagle/common/rest}/RESTResponse.java (96%) create mode 100644 eagle-core/eagle-common/src/main/java/org/apache/eagle/common/security/DenyAll.java rename eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthenticationFilter.java => eagle-core/eagle-common/src/main/java/org/apache/eagle/common/security/PermitAll.java (61%) rename eagle-server/src/test/java/org/apache/eagle/server/ServerApplicationTest.java => eagle-core/eagle-common/src/main/java/org/apache/eagle/common/security/RolesAllowed.java (74%) create mode 100644 eagle-core/eagle-common/src/main/java/org/apache/eagle/common/security/User.java create mode 100644 eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthBuilder.java delete mode 100644 eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthProviderBuilder.java create mode 100644 eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthRequestFilter.java create mode 100644 eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthResourceFilterFactory.java create mode 100644 eagle-server/src/test/java/org/apache/eagle/server/authentication/resource/BasicAuthenticationTestCase.java diff --git a/eagle-core/eagle-app/eagle-app-base/src/main/java/org/apache/eagle/app/resource/ApplicationResource.java b/eagle-core/eagle-app/eagle-app-base/src/main/java/org/apache/eagle/app/resource/ApplicationResource.java index f304768586..3c62367a20 100644 --- a/eagle-core/eagle-app/eagle-app-base/src/main/java/org/apache/eagle/app/resource/ApplicationResource.java +++ b/eagle-core/eagle-app/eagle-app-base/src/main/java/org/apache/eagle/app/resource/ApplicationResource.java @@ -19,9 +19,9 @@ import org.apache.eagle.app.service.ApplicationManagementService; import org.apache.eagle.app.service.ApplicationOperations; import org.apache.eagle.app.service.ApplicationProviderService; +import org.apache.eagle.common.rest.RESTResponse; import org.apache.eagle.metadata.model.ApplicationDesc; import org.apache.eagle.metadata.model.ApplicationEntity; -import org.apache.eagle.metadata.resource.RESTResponse; import org.apache.eagle.metadata.service.ApplicationEntityService; import com.google.inject.Inject; diff --git a/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/authentication/UserPrincipal.java b/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/authentication/UserPrincipal.java deleted file mode 100644 index 489db585d9..0000000000 --- a/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/authentication/UserPrincipal.java +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.eagle.common.authentication; - -import java.io.Serializable; -import java.security.Principal; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Set; - -public class UserPrincipal implements Principal, Serializable { - private String username; - private List roles; - - public UserPrincipal() { - - } - - public UserPrincipal(String username) { - this.username = username; - } - - public UserPrincipal(String username, List roles) { - this.username = username; - this.roles = roles; - } - - public List getRoles() { - return roles; - } - - public String getName() { - return username; - } - - public enum Role { - ADMIN_ROLE("ADMIN"), - USER_ROLE("USER"); - - private static Map nameRoleMap = new HashMap() { - { - put(ADMIN_ROLE.roleName, ADMIN_ROLE); - put(USER_ROLE.roleName, USER_ROLE); - } - }; - - Role(String roleName) { - this.roleName = roleName; - } - - @Override - public String toString() { - return roleName; - } - - public static Role locate(String roleName) { - return nameRoleMap.get(roleName); - } - - private final String roleName; - } -} \ No newline at end of file diff --git a/eagle-core/eagle-metadata/eagle-metadata-base/src/main/java/org/apache/eagle/metadata/resource/RESTResponse.java b/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/rest/RESTResponse.java similarity index 96% rename from eagle-core/eagle-metadata/eagle-metadata-base/src/main/java/org/apache/eagle/metadata/resource/RESTResponse.java rename to eagle-core/eagle-common/src/main/java/org/apache/eagle/common/rest/RESTResponse.java index 5647458a4e..7aaade37e0 100644 --- a/eagle-core/eagle-metadata/eagle-metadata-base/src/main/java/org/apache/eagle/metadata/resource/RESTResponse.java +++ b/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/rest/RESTResponse.java @@ -14,8 +14,9 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.eagle.metadata.resource; +package org.apache.eagle.common.rest; +import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.databind.annotation.JsonSerialize; import org.apache.commons.lang3.exception.ExceptionUtils; import org.apache.eagle.common.function.ThrowableConsumer; @@ -24,6 +25,7 @@ import org.slf4j.LoggerFactory; import javax.ws.rs.WebApplicationException; +import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import java.util.concurrent.CompletableFuture; import java.util.concurrent.ExecutionException; @@ -33,9 +35,14 @@ @JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL) public class RESTResponse { private static final Logger LOGGER = LoggerFactory.getLogger(RESTResponse.class); + + @JsonProperty private boolean success = false; + @JsonProperty private String message; + @JsonProperty private String exception; + @JsonProperty private T data; public RESTResponse() { @@ -110,7 +117,6 @@ public void setException(String exception) { this.exception = exception; } - public static class RestResponseBuilder { private RESTResponse current = new RESTResponse(); private Response.Status status = Response.Status.OK; @@ -242,5 +248,8 @@ public RESTResponse get() { return current; } + public Response build() { + return Response.status(status).entity(current).type(MediaType.APPLICATION_JSON).build(); + } } } \ No newline at end of file diff --git a/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/security/DenyAll.java b/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/security/DenyAll.java new file mode 100644 index 0000000000..db5cc99c8f --- /dev/null +++ b/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/security/DenyAll.java @@ -0,0 +1,27 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + *

    + * http://www.apache.org/licenses/LICENSE-2.0 + *

    + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.eagle.common.security; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +@Target({ElementType.METHOD, ElementType.TYPE}) +@Retention(RetentionPolicy.RUNTIME) +public @interface DenyAll { +} \ No newline at end of file diff --git a/eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthenticationFilter.java b/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/security/PermitAll.java similarity index 61% rename from eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthenticationFilter.java rename to eagle-core/eagle-common/src/main/java/org/apache/eagle/common/security/PermitAll.java index 484fa21559..7975f6761b 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthenticationFilter.java +++ b/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/security/PermitAll.java @@ -1,37 +1,29 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - *

    - * http://www.apache.org/licenses/LICENSE-2.0 - *

    - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.eagle.server.authentication; - -import javax.servlet.*; -import java.io.IOException; - -public class BasicAuthenticationFilter implements Filter { - @Override - public void init(FilterConfig filterConfig) throws ServletException { - - } - - @Override - public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { - - } - - @Override - public void destroy() { - - } -} +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + *

    + * http://www.apache.org/licenses/LICENSE-2.0 + *

    + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.eagle.common.security; + + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +@Target({ElementType.METHOD, ElementType.TYPE}) +@Retention(RetentionPolicy.RUNTIME) +public @interface PermitAll { + +} diff --git a/eagle-server/src/test/java/org/apache/eagle/server/ServerApplicationTest.java b/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/security/RolesAllowed.java similarity index 74% rename from eagle-server/src/test/java/org/apache/eagle/server/ServerApplicationTest.java rename to eagle-core/eagle-common/src/main/java/org/apache/eagle/common/security/RolesAllowed.java index 6b299e5c67..b3aae5844a 100644 --- a/eagle-server/src/test/java/org/apache/eagle/server/ServerApplicationTest.java +++ b/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/security/RolesAllowed.java @@ -5,22 +5,22 @@ * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at - *

    + *

    * http://www.apache.org/licenses/LICENSE-2.0 - *

    + *

    * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.eagle.server; +package org.apache.eagle.common.security; -import org.junit.Test; +import java.lang.annotation.*; -public class ServerApplicationTest { - @Test - public void testServerMain() throws Exception { - ServerMain.main(new String[] {"server", "src/test/resources/configuration.yml"}); - } +@Inherited +@Target({ElementType.TYPE, ElementType.METHOD}) +@Retention(RetentionPolicy.RUNTIME) +public @interface RolesAllowed { + User.Role[] value(); } diff --git a/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/security/User.java b/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/security/User.java new file mode 100644 index 0000000000..1445d1eda2 --- /dev/null +++ b/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/security/User.java @@ -0,0 +1,181 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.eagle.common.security; + +import com.fasterxml.jackson.annotation.JsonGetter; +import com.fasterxml.jackson.annotation.JsonIgnore; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonSetter; +import com.fasterxml.jackson.databind.annotation.JsonSerialize; +import com.google.common.base.Preconditions; + +import java.io.Serializable; +import java.security.Principal; +import java.util.Collection; +import java.util.HashMap; +import java.util.Map; + +@JsonSerialize +public class User implements Principal, Serializable { + private String username; + private String firstName; + private String lastName; + private String email; + private String fullName; + + private Collection roles; + + public User() { + + } + + public User(User user) { + this.setName(user.getName()); + this.setFirstName(user.getFirstName()); + this.setLastName(user.getLastName()); + this.setEmail(user.getEmail()); + this.setRoles(user.getRoles()); + } + + public User(String username) { + this.username = username; + } + + public User(String username, Collection roles) { + this.username = username; + this.roles = roles; + } + + public Collection getRoles() { + return roles; + } + + public void setRoles(Collection roles) { + this.roles = roles; + } + + public String getFullName() { + if (this.fullName !=null ) { + return this.fullName; + } + if (this.firstName == null && this.lastName == null) { + return this.username; + } else if (this.firstName != null && this.lastName == null ) { + return this.firstName; + } else if (this.firstName == null) { + return this.lastName; + } else { + return String.format("%s, %s", this.lastName, this.firstName); + } + } + + @Override + public String getName() { + return this.username; + } + + public void setName(String username) { + this.username = username; + } + + public String getFirstName() { + return firstName; + } + + public void setFirstName(String firstName) { + this.firstName = firstName; + } + + public String getLastName() { + return lastName; + } + + public void setLastName(String lastName) { + this.lastName = lastName; + } + + public String getEmail() { + return email; + } + + public void setEmail(String email) { + this.email = email; + } + + public void setFullName(String fullName) { + this.fullName = fullName; + } + + @Override + public String toString() { + return "User{" + + "name='" + username + '\'' + + ", firstName='" + firstName + '\'' + + ", lastName='" + lastName + '\'' + + ", email='" + email + '\'' + + ", fullName='" + fullName + '\'' + + ", roles=" + roles + + '}'; + } + + public enum Role implements Serializable { + VISITOR("VISITOR"), // VISITOR role with user-level permissions + USER("USER"), // USER role with user-level permissions + APPLICATION("APPLICATION"), // APPLICATION role with application-level permissions + ADMINISTRATOR("ADMINISTRATOR"); // ADMINISTRATOR role with admin-level permissions + + public static final Role[] ALL_ROLES = new Role[] { + USER,APPLICATION, ADMINISTRATOR + }; + + private static Map nameRoleMap = new HashMap() { + { + put(ADMINISTRATOR.roleName.toUpperCase(), ADMINISTRATOR); + put(APPLICATION.roleName.toUpperCase(), APPLICATION); + put(USER.roleName.toUpperCase(), USER); + } + }; + + Role(String roleName) { + this.roleName = roleName; + } + + @Override + public String toString() { + return roleName; + } + + public static Role locateCaseInsensitive(String roleName) { + Preconditions.checkArgument(nameRoleMap.containsKey(roleName.toUpperCase()), "Illegal role " + roleName); + return nameRoleMap.get(roleName.toUpperCase()); + } + + private final String roleName; + } + + public boolean isInRole(Role ... allowedRoles) { + Preconditions.checkNotNull(allowedRoles); + if (this.roles != null ) { + for (Role allowRole: allowedRoles) { + if (this.roles.contains(allowRole)) { + return true; + } + } + } + return false; + } +} \ No newline at end of file diff --git a/eagle-core/eagle-metadata/eagle-metadata-base/pom.xml b/eagle-core/eagle-metadata/eagle-metadata-base/pom.xml index ff3db1861c..88274c28fe 100644 --- a/eagle-core/eagle-metadata/eagle-metadata-base/pom.xml +++ b/eagle-core/eagle-metadata/eagle-metadata-base/pom.xml @@ -67,5 +67,9 @@ org.mockito mockito-all + + io.dropwizard + dropwizard-auth + \ No newline at end of file diff --git a/eagle-core/eagle-metadata/eagle-metadata-base/src/main/java/org/apache/eagle/metadata/resource/SiteResource.java b/eagle-core/eagle-metadata/eagle-metadata-base/src/main/java/org/apache/eagle/metadata/resource/SiteResource.java index a5461b379e..22a693a307 100644 --- a/eagle-core/eagle-metadata/eagle-metadata-base/src/main/java/org/apache/eagle/metadata/resource/SiteResource.java +++ b/eagle-core/eagle-metadata/eagle-metadata-base/src/main/java/org/apache/eagle/metadata/resource/SiteResource.java @@ -16,6 +16,7 @@ */ package org.apache.eagle.metadata.resource; +import org.apache.eagle.common.rest.RESTResponse; import org.apache.eagle.metadata.exceptions.SiteDeleteException; import org.apache.eagle.metadata.model.SiteEntity; import org.apache.eagle.metadata.service.ApplicationEntityService; diff --git a/eagle-jpm/eagle-jpm-analyzer/src/main/java/org/apache/eagle/jpm/analyzer/resource/AnalyzerResource.java b/eagle-jpm/eagle-jpm-analyzer/src/main/java/org/apache/eagle/jpm/analyzer/resource/AnalyzerResource.java index dc092024fd..80d9fb7678 100644 --- a/eagle-jpm/eagle-jpm-analyzer/src/main/java/org/apache/eagle/jpm/analyzer/resource/AnalyzerResource.java +++ b/eagle-jpm/eagle-jpm-analyzer/src/main/java/org/apache/eagle/jpm/analyzer/resource/AnalyzerResource.java @@ -18,10 +18,10 @@ package org.apache.eagle.jpm.analyzer.resource; import com.google.inject.Inject; +import org.apache.eagle.common.rest.RESTResponse; import org.apache.eagle.jpm.analyzer.meta.MetaManagementService; import org.apache.eagle.jpm.analyzer.meta.model.JobMetaEntity; import org.apache.eagle.jpm.analyzer.meta.model.PublisherEntity; -import org.apache.eagle.metadata.resource.RESTResponse; import javax.ws.rs.*; import javax.ws.rs.core.MediaType; diff --git a/eagle-jpm/eagle-jpm-analyzer/src/main/java/org/apache/eagle/jpm/analyzer/util/Utils.java b/eagle-jpm/eagle-jpm-analyzer/src/main/java/org/apache/eagle/jpm/analyzer/util/Utils.java index 66f7622f45..a987bd8bac 100644 --- a/eagle-jpm/eagle-jpm-analyzer/src/main/java/org/apache/eagle/jpm/analyzer/util/Utils.java +++ b/eagle-jpm/eagle-jpm-analyzer/src/main/java/org/apache/eagle/jpm/analyzer/util/Utils.java @@ -19,9 +19,9 @@ package org.apache.eagle.jpm.analyzer.util; import com.typesafe.config.Config; +import org.apache.eagle.common.rest.RESTResponse; import org.apache.eagle.jpm.analyzer.meta.model.JobMetaEntity; import org.apache.eagle.jpm.util.resourcefetch.connection.InputStreamUtils; -import org.apache.eagle.metadata.resource.RESTResponse; import org.codehaus.jackson.JsonParser; import org.codehaus.jackson.map.ObjectMapper; import org.slf4j.Logger; diff --git a/eagle-server/pom.xml b/eagle-server/pom.xml index 6bb9fbd38e..0fb3a492d3 100644 --- a/eagle-server/pom.xml +++ b/eagle-server/pom.xml @@ -181,6 +181,11 @@ 1.6 test + + io.dropwizard + dropwizard-testing + test + diff --git a/eagle-server/src/main/java/org/apache/eagle/server/RESTExceptionMapper.java b/eagle-server/src/main/java/org/apache/eagle/server/RESTExceptionMapper.java index 1799effaa5..9a5ab4990b 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/RESTExceptionMapper.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/RESTExceptionMapper.java @@ -16,8 +16,8 @@ */ package org.apache.eagle.server; -import org.apache.eagle.metadata.resource.RESTResponse; import io.dropwizard.jersey.errors.LoggingExceptionMapper; +import org.apache.eagle.common.rest.RESTResponse; import java.util.concurrent.ThreadLocalRandom; import javax.ws.rs.WebApplicationException; diff --git a/eagle-server/src/main/java/org/apache/eagle/server/ServerApplication.java b/eagle-server/src/main/java/org/apache/eagle/server/ServerApplication.java index d5dcd28766..0c35d21465 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/ServerApplication.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/ServerApplication.java @@ -28,6 +28,7 @@ import io.dropwizard.setup.Environment; import io.swagger.jaxrs.config.BeanConfig; import io.swagger.jaxrs.listing.ApiListingResource; +import org.apache.eagle.alert.coordinator.Coordinator; import org.apache.eagle.alert.coordinator.CoordinatorListener; import org.apache.eagle.alert.resource.SimpleCORSFiler; import org.apache.eagle.app.service.ApplicationHealthCheckService; @@ -38,7 +39,9 @@ import org.apache.eagle.log.base.taggedlog.TaggedLogAPIEntity; import org.apache.eagle.log.entity.repo.EntityRepositoryScanner; import org.apache.eagle.metadata.service.ApplicationStatusUpdateService; -import org.apache.eagle.server.authentication.BasicAuthProviderBuilder; +import org.apache.eagle.server.authentication.BasicAuthBuilder; +import org.apache.eagle.server.authentication.BasicAuthRequestFilter; +import org.apache.eagle.server.authentication.BasicAuthResourceFilterFactory; import org.apache.eagle.server.task.ManagedService; import org.apache.eagle.server.module.GuiceBundleLoader; import org.slf4j.Logger; @@ -49,7 +52,7 @@ import static org.apache.eagle.app.service.impl.ApplicationHealthCheckServiceImpl.HEALTH_CHECK_PATH; -class ServerApplication extends Application { +public class ServerApplication extends Application { private static final Logger LOG = LoggerFactory.getLogger(ServerApplication.class); @Inject private ApplicationStatusUpdateService applicationStatusUpdateService; @@ -115,15 +118,28 @@ public void run(ServerConfig configuration, Environment environment) throws Exce .addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST), true, "/*"); // Register authentication provider - environment.jersey().register(new BasicAuthProviderBuilder(configuration.getAuthConfig(), environment).build()); - - // Context listener - environment.servlets().addServletListeners(new CoordinatorListener()); + BasicAuthBuilder authBuilder = new BasicAuthBuilder(configuration.getAuthConfig(), environment); + environment.jersey().register(authBuilder.getBasicAuthProvider()); + environment.jersey().getResourceConfig().getResourceFilterFactories() + .add(new BasicAuthResourceFilterFactory(authBuilder.getBasicAuthenticator())); registerAppServices(environment); } private void registerAppServices(Environment environment) { + LOG.debug("Registering CoordinatorService"); + environment.lifecycle().manage(new Managed() { + @Override + public void start() throws Exception { + Coordinator.startSchedule(); + } + + @Override + public void stop() throws Exception { + + } + }); + // Run application status service in background LOG.debug("Registering ApplicationStatusUpdateService"); Managed updateAppStatusTask = new ManagedService(applicationStatusUpdateService); diff --git a/eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthBuilder.java b/eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthBuilder.java new file mode 100644 index 0000000000..e9238be02a --- /dev/null +++ b/eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthBuilder.java @@ -0,0 +1,99 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.eagle.server.authentication; + +import com.google.common.cache.CacheBuilderSpec; +import com.sun.jersey.api.core.HttpContext; +import com.sun.jersey.api.model.Parameter; +import com.sun.jersey.core.spi.component.ComponentContext; +import com.sun.jersey.server.impl.inject.AbstractHttpContextInjectable; +import com.sun.jersey.spi.inject.Injectable; +import io.dropwizard.auth.Auth; +import io.dropwizard.auth.Authenticator; +import io.dropwizard.auth.CachingAuthenticator; +import io.dropwizard.auth.basic.BasicAuthProvider; +import io.dropwizard.auth.basic.BasicCredentials; +import io.dropwizard.setup.Environment; +import org.apache.eagle.common.security.User; +import org.apache.eagle.server.authentication.authenticator.LdapBasicAuthenticator; +import org.apache.eagle.server.authentication.authenticator.SimpleBasicAuthenticator; +import org.apache.eagle.server.authentication.config.AuthenticationConfig; + +import java.util.Arrays; + +public class BasicAuthBuilder { + private static final String SIMPLE_MODE_REALM = "SIMPLE_BASIC_AUTHENTICATION"; + private static final String LDAP_MODE_REALM = "LDAP_BASIC_AUTHENTICATION"; + private final Authenticator authenticator; + private final BasicAuthProvider basicAuthProvider; + private AuthenticationConfig authConfig; + private Environment environment; + + public BasicAuthBuilder(AuthenticationConfig authConfig, Environment environment) { + this.authConfig = authConfig; + this.environment = environment; + boolean needsCaching = authConfig.needsCaching(); + Authenticator authenticator; + String realm; + if (authConfig.isEnabled()) { + switch (authConfig.getMode()) { + case "simple": + authenticator = new SimpleBasicAuthenticator(authConfig.getSimple()); + realm = SIMPLE_MODE_REALM; + break; + case "ldap": + authenticator = new LdapBasicAuthenticator(authConfig.getLdap()); + realm = LDAP_MODE_REALM; + break; + default: + throw new IllegalArgumentException("Invalid auth mode " + authConfig.getMode()); + } + if (needsCaching) { + authenticator = cache(authenticator); + } + this.authenticator = authenticator; + this.basicAuthProvider = new BasicAuthProvider<>(this.authenticator, realm); + } else { + this.authenticator = null; + this.basicAuthProvider = new BasicAuthProvider(null, "") { + public Injectable getInjectable(ComponentContext ic, Auth a, Parameter c) { + return new AbstractHttpContextInjectable() { + public User getValue(HttpContext c) { + User user = new User(); + user.setName("anonymous"); + user.setFirstName("Anonymous User (auth: false)"); + user.setRoles(Arrays.asList(User.Role.ALL_ROLES)); + return user; + } + }; + } + }; + } + } + + public BasicAuthProvider getBasicAuthProvider() { + return this.basicAuthProvider; + } + + public Authenticator getBasicAuthenticator() { + return this.authenticator; + } + + private Authenticator cache(Authenticator authenticator) { + return new CachingAuthenticator<>(environment.metrics(), authenticator, CacheBuilderSpec.parse(authConfig.getCachePolicy())); + } +} diff --git a/eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthProviderBuilder.java b/eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthProviderBuilder.java deleted file mode 100644 index 06c3111ddb..0000000000 --- a/eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthProviderBuilder.java +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.eagle.server.authentication; - -import com.google.common.cache.CacheBuilderSpec; -import com.sun.jersey.api.core.HttpContext; -import com.sun.jersey.api.model.Parameter; -import com.sun.jersey.core.spi.component.ComponentContext; -import com.sun.jersey.server.impl.inject.AbstractHttpContextInjectable; -import com.sun.jersey.spi.inject.Injectable; -import io.dropwizard.auth.Auth; -import io.dropwizard.auth.Authenticator; -import io.dropwizard.auth.CachingAuthenticator; -import io.dropwizard.auth.basic.BasicAuthProvider; -import io.dropwizard.auth.basic.BasicCredentials; -import io.dropwizard.setup.Environment; -import org.apache.eagle.common.authentication.UserPrincipal; -import org.apache.eagle.server.authentication.authenticator.LdapBasicAuthenticator; -import org.apache.eagle.server.authentication.authenticator.SimpleBasicAuthenticator; -import org.apache.eagle.server.authentication.config.AuthenticationConfig; - -import java.util.HashMap; -import java.util.Map; - -public class BasicAuthProviderBuilder { - private static final String SIMPLE_MODE_REALM = "SIMPLE_AUTHENTICATION"; - private static final String LDAP_MODE_REALM = "LDAP_AUTHENTICATION"; - private static final Map> MAPPING = new HashMap<>(); - private AuthenticationConfig authSettings; - private Environment environment; - - public BasicAuthProviderBuilder(AuthenticationConfig authConfig, Environment environment) { - this.authSettings = authConfig; - this.environment = environment; - Authenticator simpleAuthenticator = new SimpleBasicAuthenticator(authConfig.getSimple()); - Authenticator ldapAuthenticator = new LdapBasicAuthenticator(authConfig.getLdap()); - boolean needsCaching = authConfig.needsCaching(); - - // TODO: Decouple the initiate Authenticator code to different BasicAuthProvider implementation - - MAPPING.put("simple", - new BasicAuthProvider<>(needsCaching ? cache(simpleAuthenticator) : simpleAuthenticator, SIMPLE_MODE_REALM)); - MAPPING.put("ldap", - new BasicAuthProvider<>(needsCaching ? cache(ldapAuthenticator) : ldapAuthenticator, LDAP_MODE_REALM)); - } - - public BasicAuthProvider build() { - if (authSettings.isEnabled()) { - String mode = authSettings.getMode(); - if (MAPPING.containsKey(mode)) { - return MAPPING.get(mode); - } else { - throw new RuntimeException(String.format("No matching mode found: %s", mode)); - } - } else { - return new BasicAuthProvider(null, "") { - public Injectable getInjectable(ComponentContext ic, Auth a, Parameter c) { - return new AbstractHttpContextInjectable() { - public UserPrincipal getValue(HttpContext c) { - return new UserPrincipal("non-auth"); - } - }; - } - }; - } - } - - private Authenticator cache(Authenticator authenticator) { - return new CachingAuthenticator<>(environment.metrics(), authenticator, CacheBuilderSpec.parse(authSettings.getCachePolicy())); - } -} diff --git a/eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthRequestFilter.java b/eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthRequestFilter.java new file mode 100644 index 0000000000..aba235d6db --- /dev/null +++ b/eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthRequestFilter.java @@ -0,0 +1,161 @@ +package org.apache.eagle.server.authentication; + +import com.google.common.base.Optional; +import com.google.common.base.Preconditions; +import com.sun.jersey.api.model.AbstractMethod; +import com.sun.jersey.core.util.Base64; +import com.sun.jersey.core.util.Priority; +import com.sun.jersey.spi.container.ContainerRequest; +import com.sun.jersey.spi.container.ContainerRequestFilter; +import io.dropwizard.auth.Auth; +import io.dropwizard.auth.AuthenticationException; +import io.dropwizard.auth.Authenticator; +import io.dropwizard.auth.basic.BasicCredentials; +import org.apache.eagle.common.rest.RESTResponse; +import org.apache.eagle.common.security.DenyAll; +import org.apache.eagle.common.security.PermitAll; +import org.apache.eagle.common.security.RolesAllowed; +import org.apache.eagle.common.security.User; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import javax.ws.rs.Priorities; +import javax.ws.rs.WebApplicationException; +import javax.ws.rs.core.MultivaluedMap; +import javax.ws.rs.core.Response; +import javax.ws.rs.core.SecurityContext; +import javax.ws.rs.ext.Provider; +import java.lang.reflect.Parameter; +import java.security.Principal; +import java.util.Arrays; +import java.util.List; +import java.util.StringTokenizer; + +@Provider +@Priority(Priorities.AUTHORIZATION) +public class BasicAuthRequestFilter implements ContainerRequestFilter { + private final Authenticator authenticator; + private final AbstractMethod method; + private Logger LOG = LoggerFactory.getLogger(BasicAuthRequestFilter.class); + private boolean isSecurityDefined = false; + private boolean isAuthRequired = false; + private boolean hasPermitAllAnnotation = false; + private boolean hasDenyAllAnnotation = false; + private boolean hasRolesAllowedAnnotation = false; + + public BasicAuthRequestFilter(Authenticator authenticator, AbstractMethod method) { + this.authenticator = authenticator; + this.method = method; + this.hasPermitAllAnnotation = method.isAnnotationPresent(PermitAll.class); + this.hasDenyAllAnnotation = method.isAnnotationPresent(DenyAll.class); + this.hasRolesAllowedAnnotation = method.isAnnotationPresent(RolesAllowed.class); + this.isSecurityDefined = this.hasPermitAllAnnotation || this.hasDenyAllAnnotation || this.hasRolesAllowedAnnotation; + for (Parameter parameter : method.getMethod().getParameters()) { + if (isSecurityDefined && isAuthRequired) { + break; + } + Auth[] authAnnotations = parameter.getAnnotationsByType(Auth.class); + this.isSecurityDefined = authAnnotations.length > 0 || this.isSecurityDefined; + for (Auth auth: authAnnotations) { + this.isAuthRequired = auth.required() || this.isAuthRequired; + } + } + Preconditions.checkArgument(!(this.hasDenyAllAnnotation && this.hasPermitAllAnnotation), "Conflict @DenyAll and @PermitAll on method " +this.method.toString()); + } + + + private static final String AUTHORIZATION_PROPERTY = "Authorization"; + private static final String AUTHENTICATION_SCHEME = "Basic"; + private static final Response UNAUTHORIZED_ACCESS_DENIED = RESTResponse.builder() + .message("Unauthorized access denied") + .status(false, Response.Status.UNAUTHORIZED) + .build(); + + private static final Response ALL_ACCESS_DENIED = RESTResponse.builder() + .message("Access denied") + .status(false, Response.Status.FORBIDDEN) + .build(); + + @Override + public ContainerRequest filter(ContainerRequest containerRequest) { + if (!isSecurityDefined) { + return containerRequest; + } + //Access denied for all + + if (hasDenyAllAnnotation) { + throw new WebApplicationException(ALL_ACCESS_DENIED); + } + + //Get request headers + final MultivaluedMap headers = containerRequest.getRequestHeaders(); + + //Fetch authorization header + final List authorization = headers.get(AUTHORIZATION_PROPERTY); + + //If no authorization information present; block access + if ((authorization == null || authorization.isEmpty()) && isAuthRequired ) { + throw new WebApplicationException(UNAUTHORIZED_ACCESS_DENIED); + } + + if (authorization != null) { + //Get encoded username and password + final String encodedUserPassword = authorization.get(0).replaceFirst(AUTHENTICATION_SCHEME + " ", ""); + + //Decode username and password + String usernameAndPassword = new String(Base64.decode(encodedUserPassword.getBytes())); + + //Split username and password tokens + final StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":"); + final String username = tokenizer.nextToken(); + final String password = tokenizer.nextToken(); + + try { + Optional userOptional = this.authenticator.authenticate(new BasicCredentials(username, password)); + if (userOptional.isPresent()) { + User user = userOptional.get(); + containerRequest.setSecurityContext(new SecurityContext() { + @Override + public Principal getUserPrincipal() { + return user; + } + + @Override + public boolean isUserInRole(String role) { + return user.isInRole(User.Role.locateCaseInsensitive(role)); + } + + @Override + public boolean isSecure() { + return "https".equals(containerRequest.getRequestUri().getScheme()); + } + + @Override + public String getAuthenticationScheme() { + return "Basic Auth"; + } + }); + + //Verify user access + if (hasRolesAllowedAnnotation && !hasPermitAllAnnotation) { + RolesAllowed rolesAnnotation = method.getAnnotation(RolesAllowed.class); + if (!user.isInRole(rolesAnnotation.value())) { + throw new WebApplicationException( + RESTResponse.builder() + .status(false, Response.Status.FORBIDDEN) + .message("Access forbidden, required roles: " + Arrays.toString(rolesAnnotation.value())) + .build()); + } + } + } else { + throw new WebApplicationException(UNAUTHORIZED_ACCESS_DENIED); + } + } catch (AuthenticationException e) { + LOG.error("Server authentication error: " + e.getMessage(), e); + throw new WebApplicationException(Response.status(Response.Status.INTERNAL_SERVER_ERROR) + .entity("Server authentication error: " + e.getMessage()).build()); + } + } + return containerRequest; + } +} \ No newline at end of file diff --git a/eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthResourceFilterFactory.java b/eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthResourceFilterFactory.java new file mode 100644 index 0000000000..9bde4518b8 --- /dev/null +++ b/eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthResourceFilterFactory.java @@ -0,0 +1,53 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + *

    + * http://www.apache.org/licenses/LICENSE-2.0 + *

    + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.eagle.server.authentication; + + +import com.sun.jersey.api.model.AbstractMethod; +import com.sun.jersey.spi.container.ContainerRequestFilter; +import com.sun.jersey.spi.container.ContainerResponseFilter; +import com.sun.jersey.spi.container.ResourceFilter; +import com.sun.jersey.spi.container.ResourceFilterFactory; +import io.dropwizard.auth.Authenticator; +import io.dropwizard.auth.basic.BasicCredentials; +import org.apache.eagle.common.security.User; + +import java.util.Arrays; +import java.util.List; + +public class BasicAuthResourceFilterFactory implements ResourceFilterFactory { + private final Authenticator authenticator; + + public BasicAuthResourceFilterFactory(Authenticator authenticator) { + this.authenticator = authenticator; + } + + @Override + public List create(AbstractMethod abstractMethod) { + return Arrays.asList(new ResourceFilter() { + @Override + public ContainerRequestFilter getRequestFilter() { + return new BasicAuthRequestFilter(authenticator, abstractMethod); + } + + @Override + public ContainerResponseFilter getResponseFilter() { + return null; + } + }); + } +} diff --git a/eagle-server/src/main/java/org/apache/eagle/server/authentication/authenticator/LdapBasicAuthenticator.java b/eagle-server/src/main/java/org/apache/eagle/server/authentication/authenticator/LdapBasicAuthenticator.java index 4796e859e7..5545db09c9 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/authentication/authenticator/LdapBasicAuthenticator.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/authentication/authenticator/LdapBasicAuthenticator.java @@ -20,7 +20,7 @@ import io.dropwizard.auth.AuthenticationException; import io.dropwizard.auth.Authenticator; import io.dropwizard.auth.basic.BasicCredentials; -import org.apache.eagle.common.authentication.UserPrincipal; +import org.apache.eagle.common.security.User; import org.apache.eagle.server.authentication.config.LdapConfig; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -30,7 +30,7 @@ import java.io.File; import java.util.Hashtable; -public class LdapBasicAuthenticator implements Authenticator { +public class LdapBasicAuthenticator implements Authenticator { private static final Logger LOGGER = LoggerFactory.getLogger(LdapBasicAuthenticator.class); private static final String LDAP_LDAP_CTX_FACTORY_NAME = "com.sun.jndi.ldap.LdapCtxFactory"; private static final String LDAP_CONNECT_TIMEOUT_KEY = "com.sun.jndi.ldap.connect.timeout"; @@ -45,11 +45,11 @@ public LdapBasicAuthenticator(LdapConfig settings) { this.settings = settings; } - public Optional authenticate(BasicCredentials credentials) throws AuthenticationException { + public Optional authenticate(BasicCredentials credentials) throws AuthenticationException { String sanitizedUsername = sanitizeUsername(credentials.getUsername()); try { new InitialDirContext(getContextEnvironment(sanitizedUsername, credentials.getPassword())); - return Optional.of(new UserPrincipal(sanitizedUsername)); + return Optional.of(new User(sanitizedUsername)); } catch (javax.naming.AuthenticationException ae) { LOGGER.warn(String.format("Authentication failed for user[%s]: wrong username or password", sanitizedUsername)); return Optional.absent(); diff --git a/eagle-server/src/main/java/org/apache/eagle/server/authentication/authenticator/SimpleBasicAuthenticator.java b/eagle-server/src/main/java/org/apache/eagle/server/authentication/authenticator/SimpleBasicAuthenticator.java index 7b5d8486cf..013bbfc48d 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/authentication/authenticator/SimpleBasicAuthenticator.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/authentication/authenticator/SimpleBasicAuthenticator.java @@ -21,37 +21,41 @@ import io.dropwizard.auth.AuthenticationException; import io.dropwizard.auth.Authenticator; import io.dropwizard.auth.basic.BasicCredentials; -import org.apache.eagle.common.authentication.UserPrincipal; +import org.apache.eagle.common.rest.RESTResponse; +import org.apache.eagle.common.security.User; import org.apache.eagle.server.authentication.config.SimpleConfig; import org.apache.eagle.server.authentication.config.UserAccount; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import javax.ws.rs.WebApplicationException; +import javax.ws.rs.core.Response; import java.util.*; -public class SimpleBasicAuthenticator implements Authenticator { +public class SimpleBasicAuthenticator implements Authenticator { private static final Logger LOGGER = LoggerFactory.getLogger(SimpleBasicAuthenticator.class); private final Map userAccountRepository; public SimpleBasicAuthenticator(SimpleConfig config) { userAccountRepository = new HashMap<>(); - for (UserAccount userAccount : config.getUsers()) { - Preconditions.checkNotNull(userAccount.getUsername()," Username is null " + userAccount); - Preconditions.checkArgument(!userAccountRepository.containsKey(userAccount.getUsername()), "Duplicated user name: " + userAccount.getUsername()); + for (UserAccount userAccount : config.getAccounts()) { + Preconditions.checkNotNull(userAccount.getName()," Username is null " + userAccount); + Preconditions.checkArgument(!userAccountRepository.containsKey(userAccount.getName()), "Duplicated user name: " + userAccount.getName()); if (userAccount.getRoles() == null) { - LOGGER.warn("UserPrincipal {} has no roles, set as {} by default", userAccount.getUsername(), UserPrincipal.Role.USER_ROLE); - userAccount.setRoles(Collections.singletonList(UserPrincipal.Role.USER_ROLE)); + LOGGER.warn("UserPrincipal {} has no roles, set as {} by default", userAccount.getName(), User.Role.USER); + userAccount.setRoles(User.Role.USER.toString()); } - userAccountRepository.put(userAccount.getUsername(), userAccount); + userAccountRepository.put(userAccount.getName(), userAccount); } } - public Optional authenticate(BasicCredentials credentials) throws AuthenticationException { + public Optional authenticate(BasicCredentials credentials) throws AuthenticationException { if (userAccountRepository.containsKey(credentials.getUsername()) && Objects.equals(userAccountRepository.get(credentials.getUsername()).getPassword(), credentials.getPassword())) { UserAccount userAccount = userAccountRepository.get(credentials.getUsername()); - return Optional.of(new UserPrincipal(userAccount.getUsername(), userAccount.getRoles())); + return Optional.of(new User(userAccount)); + } else { + return Optional.absent(); } - return Optional.absent(); } -} +} \ No newline at end of file diff --git a/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/AuthenticationConfig.java b/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/AuthenticationConfig.java index 33b39c5a56..a2e780aa3e 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/AuthenticationConfig.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/AuthenticationConfig.java @@ -24,8 +24,6 @@ public class AuthenticationConfig extends Configuration { private String mode = null; private boolean caching = false; private String cachePolicy = null; - private boolean authorization = false; - private boolean annotated = true; private SimpleConfig simple = new SimpleConfig(); private LdapConfig ldap = new LdapConfig(); @@ -73,28 +71,6 @@ public AuthenticationConfig setCachePolicy(String cachePolicy) { return this; } - @JsonProperty - public boolean needsAuthorization() { - return authorization; - } - - @JsonProperty - public AuthenticationConfig setAuthorization(boolean authorization) { - this.authorization = authorization; - return this; - } - - @JsonProperty - public boolean byAnnotated() { - return annotated; - } - - @JsonProperty - public AuthenticationConfig setAnnotated(boolean annotated) { - this.annotated = annotated; - return this; - } - @JsonProperty("ldap") public LdapConfig getLdap() { return ldap; diff --git a/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/SimpleConfig.java b/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/SimpleConfig.java index 2f3eb413a1..3c2201b174 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/SimpleConfig.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/SimpleConfig.java @@ -21,15 +21,15 @@ import java.util.List; public class SimpleConfig { - private List users; + private List accounts; - public List getUsers() { - return users; + @JsonProperty("accounts") + public List getAccounts() { + return accounts; } - @JsonProperty - public void setUsers(List users) { - this.users = users; + public void setAccounts(List accounts) { + this.accounts = accounts; } // private String username = null; diff --git a/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/UserAccount.java b/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/UserAccount.java index 2892d3144c..2f0bbe5902 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/UserAccount.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/UserAccount.java @@ -16,46 +16,37 @@ */ package org.apache.eagle.server.authentication.config; -import org.apache.eagle.common.authentication.UserPrincipal; +import com.google.common.base.Preconditions; +import org.apache.eagle.common.security.User; -import java.util.List; - -public class UserAccount { - private String username; - private String password; - private List roles; - - public UserAccount(String username, String password) { - this.username = username; - this.password = password; - } - - public String getUsername() { - return username; - } - - public void setUsername(String username) { - this.username = username; - } +import java.util.*; +public class UserAccount extends User { public String getPassword() { return password; } - public void setPassword(String password) { - this.password = password; - } + private String password; + + public UserAccount() { - @Override - public String toString() { - return String.format("username: %s, roles: %s", this.username, this.roles); } - public void setRoles(List roles) { - this.roles = roles; + public UserAccount(String username, String password) { + this.setName(username); + this.password = password; } - public List getRoles() { - return this.roles; + public void setRoles(String roles) { + if (roles != null) { + String[] roleStrArray = roles.split(","); + Set rolesSet = new HashSet<>(); + for (String roleStr:roleStrArray) { + User.Role role = User.Role.locateCaseInsensitive(roleStr.trim()); + Preconditions.checkNotNull(role, "Invalid role " + roleStr); + rolesSet.add(role); + } + super.setRoles(rolesSet); + } } } diff --git a/eagle-server/src/main/java/org/apache/eagle/server/resource/AuthenticationResource.java b/eagle-server/src/main/java/org/apache/eagle/server/resource/AuthenticationResource.java index 760aadf959..f14cb71efa 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/resource/AuthenticationResource.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/resource/AuthenticationResource.java @@ -17,24 +17,49 @@ package org.apache.eagle.server.resource; import io.dropwizard.auth.Auth; -import org.apache.eagle.common.authentication.UserPrincipal; +import org.apache.eagle.common.security.User; +import org.apache.eagle.common.rest.RESTResponse; -import javax.ws.rs.*; +import javax.ws.rs.GET; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; -@Path("/authentication") +@Path("/auth") public class AuthenticationResource { @GET @Path("/principal") @Produces(MediaType.APPLICATION_JSON) - public UserPrincipal getCurrentPrincipal(@Auth UserPrincipal user) { - return user; + public Response getCurrentPrincipal(@Auth(required = false) User user) { + if (user != null) { + return RESTResponse.of(user) + .status(true, Response.Status.OK) + .build(); + } else { + return RESTResponse.builder() + .message("No authorized principal found") + .status(false, Response.Status.OK) + .build(); + } + } + + @GET + @Path("/validate") + @Produces(MediaType.APPLICATION_JSON) + public Response validate(@Auth User user) { + return RESTResponse.of(user) + .message("Validated successfully as " + user.getName()) + .status(true, Response.Status.OK).build(); } @POST @Path("/login") @Produces(MediaType.APPLICATION_JSON) - public UserPrincipal login(@Auth UserPrincipal user) { - return user; + public Response login(@Auth User user) { + return RESTResponse.of(user) + .message("Login successfully as " + user.getName()) + .status(true, Response.Status.OK).build(); } -} +} \ No newline at end of file diff --git a/eagle-server/src/main/resources/configuration.yml b/eagle-server/src/main/resources/configuration.yml index b017c774ec..170dd40c9b 100644 --- a/eagle-server/src/main/resources/configuration.yml +++ b/eagle-server/src/main/resources/configuration.yml @@ -38,18 +38,15 @@ auth: # indicating the cache policy, containing maximumSize and expireAfterWrite, e.g. maximumSize=10000, expireAfterWrite=10m cachePolicy: maximumSize=10000, expireAfterWrite=1m - # indicating whether authorization is needed - authorization: false - - # indicating whether @Auth annotation on parameters is needed - annotated: true - # for basic authentication, effective only when auth.mode=simple simple: - # username for basic authentication, effective only when auth.mode=simple - username: admin - # password for basic authentication, effective only when auth.mode=simple - password: secret + accounts: + - name: admin + password: secret + roles: ADMINISTRATOR + firstName: Admin + lastName: Admin + email: unknown-admin@eagle.apache.org # for ldap authentication, effective only when auth.mode=ldap ldap: @@ -58,7 +55,7 @@ auth: providerUrl: ldap://server.address.or.domain:port # template string containing ${USERNAME} placeholder. This is designed for some orgs who don't use plain usernames - # to authenticate, e.g. they may use its members' email address as the username: ${USERNAME}@some.org. When username + # to authenticate, e.g. they may use its members' email address as the name: ${USERNAME}@some.org. When name # is supposed to be recognized originally, just configure this parameter as ${USERNAME} principalTemplate: ${USERNAME}@maybe.email.suffix diff --git a/eagle-server/src/test/java/org/apache/eagle/server/ServerDebug.java b/eagle-server/src/test/java/org/apache/eagle/server/ServerDebug.java index f47f2bf94d..3225435692 100644 --- a/eagle-server/src/test/java/org/apache/eagle/server/ServerDebug.java +++ b/eagle-server/src/test/java/org/apache/eagle/server/ServerDebug.java @@ -16,9 +16,11 @@ */ package org.apache.eagle.server; +import org.junit.Ignore; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +@Ignore public class ServerDebug { private static final Logger LOGGER = LoggerFactory.getLogger(ServerDebug.class); private static String serverConf = null; diff --git a/eagle-server/src/test/java/org/apache/eagle/server/authentication/authenticator/SimpleBasicAuthenticatorTest.java b/eagle-server/src/test/java/org/apache/eagle/server/authentication/authenticator/SimpleBasicAuthenticatorTest.java index 5a3e678607..66a79560bb 100644 --- a/eagle-server/src/test/java/org/apache/eagle/server/authentication/authenticator/SimpleBasicAuthenticatorTest.java +++ b/eagle-server/src/test/java/org/apache/eagle/server/authentication/authenticator/SimpleBasicAuthenticatorTest.java @@ -20,12 +20,13 @@ import com.google.common.base.Optional; import io.dropwizard.auth.AuthenticationException; import io.dropwizard.auth.basic.BasicCredentials; -import org.apache.eagle.common.authentication.UserPrincipal; +import org.apache.eagle.common.security.User; import org.apache.eagle.server.authentication.config.SimpleConfig; import org.apache.eagle.server.authentication.config.UserAccount; import org.junit.Assert; import org.junit.Test; +import javax.ws.rs.WebApplicationException; import java.util.Collections; public class SimpleBasicAuthenticatorTest { @@ -36,44 +37,44 @@ public class SimpleBasicAuthenticatorTest { private static final String TEST_WRONG_SECRET_PHRASE = "wrong-secret-phrase"; private static SimpleConfig config = new SimpleConfig(); + static { - config.setUsers(Collections.singletonList(new UserAccount(TEST_USERNAME, TEST_SECRET_PHRASE))); + config.setAccounts(Collections.singletonList(new UserAccount(TEST_USERNAME, TEST_SECRET_PHRASE))); } + private static SimpleBasicAuthenticator authenticator = new SimpleBasicAuthenticator(config); @Test public void testNormal() { try { BasicCredentials credentials = new BasicCredentials(TEST_USERNAME, TEST_SECRET_PHRASE); - Optional result = authenticator.authenticate(credentials); + Optional result = authenticator.authenticate(credentials); Assert.assertTrue("result isn't present when passed correct credentials", result.isPresent()); - UserPrincipal user = result.get(); + User user = result.get(); Assert.assertEquals("authenticated user is not expected", TEST_USERNAME, user.getName()); - } - catch (AuthenticationException e) { - Assert.fail("unexpected error occurs: "+e.getMessage()); + } catch (AuthenticationException e) { + Assert.fail("unexpected error occurs: " + e.getMessage()); } } - @Test + @Test (expected = WebApplicationException.class) public void testUnexistingUsername() { try { - Optional result = authenticator.authenticate(new BasicCredentials(TEST_UNEXISTING_USERNAME, TEST_SECRET_PHRASE)); + Optional result = authenticator.authenticate(new BasicCredentials(TEST_UNEXISTING_USERNAME, TEST_SECRET_PHRASE)); Assert.assertFalse("result is present when passed unexisting username", result.isPresent()); - } - catch (AuthenticationException e) { - Assert.fail("unexpected error occurs: "+e.getMessage()); + } catch (AuthenticationException e) { + Assert.fail("unexpected error occurs: " + e.getMessage()); } } - @Test + + @Test (expected = WebApplicationException.class) public void testWrongPassword() { try { - Optional result = authenticator.authenticate(new BasicCredentials(TEST_USERNAME, TEST_WRONG_SECRET_PHRASE)); + Optional result = authenticator.authenticate(new BasicCredentials(TEST_USERNAME, TEST_WRONG_SECRET_PHRASE)); Assert.assertFalse("result is present when passed wrong password", result.isPresent()); - } - catch (AuthenticationException e) { - Assert.fail("unexpected error occurs: "+e.getMessage()); + } catch (AuthenticationException e) { + Assert.fail("unexpected error occurs: " + e.getMessage()); } } } diff --git a/eagle-server/src/test/java/org/apache/eagle/server/authentication/resource/BasicAuthenticationTestCase.java b/eagle-server/src/test/java/org/apache/eagle/server/authentication/resource/BasicAuthenticationTestCase.java new file mode 100644 index 0000000000..d5b49fb207 --- /dev/null +++ b/eagle-server/src/test/java/org/apache/eagle/server/authentication/resource/BasicAuthenticationTestCase.java @@ -0,0 +1,103 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + *

    + * http://www.apache.org/licenses/LICENSE-2.0 + *

    + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.eagle.server.authentication.resource; + +import com.sun.jersey.api.client.Client; +import com.sun.jersey.api.client.UniformInterfaceException; +import io.dropwizard.testing.junit.DropwizardAppRule; +import org.apache.eagle.common.Base64; +import org.apache.eagle.common.security.User; +import org.apache.eagle.server.ServerApplication; +import org.apache.eagle.server.ServerConfig; +import org.junit.Assert; +import org.junit.ClassRule; +import org.junit.Test; + +public class BasicAuthenticationTestCase { + + @ClassRule + public static final DropwizardAppRule RULE = + new DropwizardAppRule<>(ServerApplication.class, + BasicAuthenticationTestCase.class.getResource("/configuration.yml").getPath()); + + private static final String USER_AUTH_KEY = "Basic " + Base64.encode("user:secret"); + private static final String ADMIN_AUTH_KEY = "Basic " + Base64.encode("admin:secret"); + private static final String BAD_AUTH_KEY = "Basic " + Base64.encode("bad:bad"); + + @Test + public void testAuthUserOnly() { + Client client = new Client(); + client.resource(String.format("http://localhost:%d/rest/testAuth/userOnly", RULE.getLocalPort())) + .header("Authorization", USER_AUTH_KEY) + .get(User.class); + } + + @Test (expected = UniformInterfaceException.class) + public void testAuthUserOnlyWitBadKey() { + Client client = new Client(); + client.resource(String.format("http://localhost:%d/rest/testAuth/userOnly", RULE.getLocalPort())) + .header("Authorization", BAD_AUTH_KEY) + .get(User.class); + } + + @Test + public void testAuthAdminOnly() { + Client client = new Client(); + client.resource(String.format("http://localhost:%d/rest/testAuth/adminOnly", RULE.getLocalPort())) + .header("Authorization", ADMIN_AUTH_KEY) + .get(User.class); + } + + @Test + public void testAuthPermitAll() { + Client client = new Client(); + client.resource(String.format("http://localhost:%d/rest/testAuth/permitAll", RULE.getLocalPort())) + .header("Authorization", USER_AUTH_KEY) + .get(User.class); + } + + @Test + public void testAuthPermitAllWithoutKeyShouldPass() { + Client client = new Client(); + try { + client.resource(String.format("http://localhost:%d/rest/testAuth/permitAll", RULE.getLocalPort())) + .get(User.class); + } catch (UniformInterfaceException e) { + Assert.assertEquals(204, e.getResponse().getStatus()); + } + } + + @Test + public void testAuthPermitAllWithBadKeyShouldAccept401() { + Client client = new Client(); + try { + client.resource(String.format("http://localhost:%d/rest/testAuth/permitAll", RULE.getLocalPort())) + .header("Authorization", BAD_AUTH_KEY) + .get(User.class); + } catch (UniformInterfaceException e) { + Assert.assertEquals(401, e.getResponse().getStatus()); + } + } + + @Test(expected = UniformInterfaceException.class) + public void testAuthDenyAll() { + Client client = new Client(); + client.resource(String.format("http://localhost:%d/rest/testAuth/denyAll", RULE.getLocalPort())) + .header("Authorization", USER_AUTH_KEY) + .get(User.class); + } +} diff --git a/eagle-server/src/test/java/org/apache/eagle/server/authentication/resource/TestBasicAuthenticationResource.java b/eagle-server/src/test/java/org/apache/eagle/server/authentication/resource/TestBasicAuthenticationResource.java index f4b4e6f5a2..9cb2984bed 100644 --- a/eagle-server/src/test/java/org/apache/eagle/server/authentication/resource/TestBasicAuthenticationResource.java +++ b/eagle-server/src/test/java/org/apache/eagle/server/authentication/resource/TestBasicAuthenticationResource.java @@ -17,23 +17,65 @@ package org.apache.eagle.server.authentication.resource; import io.dropwizard.auth.Auth; -import org.apache.eagle.common.authentication.UserPrincipal; -import org.apache.eagle.metadata.resource.RESTResponse; +import org.apache.eagle.common.security.DenyAll; +import org.apache.eagle.common.security.PermitAll; +import org.apache.eagle.common.security.RolesAllowed; +import org.apache.eagle.common.security.User; import org.junit.Ignore; import javax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.Produces; +import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.Response; +import javax.ws.rs.core.SecurityContext; @Ignore -@Path("/test") +@Path("/testAuth") public class TestBasicAuthenticationResource { @GET - @Path("/ba/simple") + @Path("/userOnly") @Produces(MediaType.APPLICATION_JSON) - public RESTResponse getIt(@Auth UserPrincipal user) { - return RESTResponse.builder().data(user).success(true).status(Response.Status.OK).get(); + public User getUser(@Auth User user) { + return user; } -} + + @GET + @Path("/adminOnly") + @Produces(MediaType.APPLICATION_JSON) + @RolesAllowed({User.Role.ADMINISTRATOR}) + public User getAdminUser(@Auth User user) { + return user; + } + + @GET + @Path("/userOrAdmin") + @Produces(MediaType.APPLICATION_JSON) + @RolesAllowed({User.Role.ADMINISTRATOR, User.Role.USER}) + public User getUserOrAdmin(@Auth User user) { + return user; + } + + @GET + @Path("/securityContext") + @Produces(MediaType.APPLICATION_JSON) + public SecurityContext getSecurityContext(@Context SecurityContext securityContext) { + return securityContext; + } + + @GET + @Path("/permitAll") + @Produces(MediaType.APPLICATION_JSON) + @PermitAll + public User getPermitAllUser(@Auth(required = false) User user) { + return user; + } + + @GET + @Path("/denyAll") + @Produces(MediaType.APPLICATION_JSON) + @DenyAll + public User getDenyAllUser(@Auth User user) { + return user; + } +} \ No newline at end of file diff --git a/eagle-server/src/test/resources/configuration.yml b/eagle-server/src/test/resources/configuration.yml index 72e69336bc..3d215dba43 100644 --- a/eagle-server/src/test/resources/configuration.yml +++ b/eagle-server/src/test/resources/configuration.yml @@ -38,20 +38,27 @@ auth: # indicating the cache policy, containing maximumSize and expireAfterWrite, e.g. maximumSize=10000, expireAfterWrite=10m cachePolicy: maximumSize=10000, expireAfterWrite=1m - # indicating whether authorization is needed - authorization: false - - # indicating whether @Auth annotation on parameters is needed - annotated: true - # for basic authentication, effective only when auth.mode=simple simple: - users: - username: admin - password: secret - roles: - - USER - - ADMIN + accounts: + - name: admin + password: secret + roles: ADMINISTRATOR + firstName: Admin + lastName: Test + email: mock-admin@eagle.apache.org + - name: user + password: secret + roles: USER + firstName: User + lastName: Test + email: mock-user@eagle.apache.org + - name: app + password: secret + firstName: Application + lastName: Test + roles: APPLICATION + email: mock-support@eagle.apache.org # for ldap authentication, effective only when auth.mode=ldap ldap: @@ -60,7 +67,7 @@ auth: providerUrl: ldap://server.address.or.domain:port # template string containing ${USERNAME} placeholder. This is designed for some orgs who don't use plain usernames - # to authenticate, e.g. they may use its members' email address as the username: ${USERNAME}@some.org. When username + # to authenticate, e.g. they may use its members' email address as the name: ${USERNAME}@some.org. When name # is supposed to be recognized originally, just configure this parameter as ${USERNAME} principalTemplate: ${USERNAME}@maybe.email.suffix From 3e16a20199d9c6af670d30b00dd065835e76a542 Mon Sep 17 00:00:00 2001 From: Hao Chen Date: Tue, 21 Feb 2017 19:41:54 +0800 Subject: [PATCH 03/13] Remove VISITOR role --- .../src/main/java/org/apache/eagle/common/security/User.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/security/User.java b/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/security/User.java index 1445d1eda2..d15a261510 100644 --- a/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/security/User.java +++ b/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/security/User.java @@ -122,7 +122,7 @@ public void setFullName(String fullName) { @Override public String toString() { - return "User{" + return "User {" + "name='" + username + '\'' + ", firstName='" + firstName + '\'' + ", lastName='" + lastName + '\'' @@ -133,7 +133,6 @@ public String toString() { } public enum Role implements Serializable { - VISITOR("VISITOR"), // VISITOR role with user-level permissions USER("USER"), // USER role with user-level permissions APPLICATION("APPLICATION"), // APPLICATION role with application-level permissions ADMINISTRATOR("ADMINISTRATOR"); // ADMINISTRATOR role with admin-level permissions From 30c06cbc8381366e3c1847091f7ad52944b7a705 Mon Sep 17 00:00:00 2001 From: Hao Chen Date: Tue, 21 Feb 2017 19:42:23 +0800 Subject: [PATCH 04/13] Clean useless code --- .../src/main/java/org/apache/eagle/common/security/User.java | 4 ---- 1 file changed, 4 deletions(-) diff --git a/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/security/User.java b/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/security/User.java index d15a261510..58f5b2b0e5 100644 --- a/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/security/User.java +++ b/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/security/User.java @@ -16,10 +16,6 @@ */ package org.apache.eagle.common.security; -import com.fasterxml.jackson.annotation.JsonGetter; -import com.fasterxml.jackson.annotation.JsonIgnore; -import com.fasterxml.jackson.annotation.JsonProperty; -import com.fasterxml.jackson.annotation.JsonSetter; import com.fasterxml.jackson.databind.annotation.JsonSerialize; import com.google.common.base.Preconditions; From 844a05180deaff666472d74e50ba4cdd2269ebf0 Mon Sep 17 00:00:00 2001 From: Hao Chen Date: Tue, 21 Feb 2017 23:50:15 +0800 Subject: [PATCH 05/13] Improve Unit test coverage --- .../BasicAuthRequestFilter.java | 4 +- .../SimpleBasicAuthenticatorTest.java | 4 +- .../resource/BasicAuthenticationTestCase.java | 61 +++++++++++++++++++ .../TestBasicAuthenticationResource.java | 28 ++++++++- 4 files changed, 92 insertions(+), 5 deletions(-) diff --git a/eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthRequestFilter.java b/eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthRequestFilter.java index aba235d6db..f6dcd9ac49 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthRequestFilter.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthRequestFilter.java @@ -55,9 +55,9 @@ public BasicAuthRequestFilter(Authenticator authenticato break; } Auth[] authAnnotations = parameter.getAnnotationsByType(Auth.class); - this.isSecurityDefined = authAnnotations.length > 0 || this.isSecurityDefined; + this.isSecurityDefined = this.isSecurityDefined || authAnnotations.length > 0; for (Auth auth: authAnnotations) { - this.isAuthRequired = auth.required() || this.isAuthRequired; + this.isAuthRequired = this.isAuthRequired || auth.required(); } } Preconditions.checkArgument(!(this.hasDenyAllAnnotation && this.hasPermitAllAnnotation), "Conflict @DenyAll and @PermitAll on method " +this.method.toString()); diff --git a/eagle-server/src/test/java/org/apache/eagle/server/authentication/authenticator/SimpleBasicAuthenticatorTest.java b/eagle-server/src/test/java/org/apache/eagle/server/authentication/authenticator/SimpleBasicAuthenticatorTest.java index 66a79560bb..f10b6b7446 100644 --- a/eagle-server/src/test/java/org/apache/eagle/server/authentication/authenticator/SimpleBasicAuthenticatorTest.java +++ b/eagle-server/src/test/java/org/apache/eagle/server/authentication/authenticator/SimpleBasicAuthenticatorTest.java @@ -57,7 +57,7 @@ public void testNormal() { } } - @Test (expected = WebApplicationException.class) + @Test public void testUnexistingUsername() { try { Optional result = authenticator.authenticate(new BasicCredentials(TEST_UNEXISTING_USERNAME, TEST_SECRET_PHRASE)); @@ -68,7 +68,7 @@ public void testUnexistingUsername() { } - @Test (expected = WebApplicationException.class) + @Test public void testWrongPassword() { try { Optional result = authenticator.authenticate(new BasicCredentials(TEST_USERNAME, TEST_WRONG_SECRET_PHRASE)); diff --git a/eagle-server/src/test/java/org/apache/eagle/server/authentication/resource/BasicAuthenticationTestCase.java b/eagle-server/src/test/java/org/apache/eagle/server/authentication/resource/BasicAuthenticationTestCase.java index d5b49fb207..9ed05580d4 100644 --- a/eagle-server/src/test/java/org/apache/eagle/server/authentication/resource/BasicAuthenticationTestCase.java +++ b/eagle-server/src/test/java/org/apache/eagle/server/authentication/resource/BasicAuthenticationTestCase.java @@ -62,6 +62,65 @@ public void testAuthAdminOnly() { .get(User.class); } + @Test + public void testAdminOnlyWithoutAuth() { + Client client = new Client(); + client.resource(String.format("http://localhost:%d/rest/testAuth/adminOnlyWithoutAuth", RULE.getLocalPort())) + .header("Authorization", ADMIN_AUTH_KEY) + .get(String.class); + } + + + @Test + public void testUserWithoutRole() { + Client client = new Client(); + User user = client.resource(String.format("http://localhost:%d/rest/testAuth/userWithoutRole", RULE.getLocalPort())) + .header("Authorization", ADMIN_AUTH_KEY) + .get(User.class); + Assert.assertEquals("admin", user.getName()); + + user = client.resource(String.format("http://localhost:%d/rest/testAuth/userWithoutRole", RULE.getLocalPort())) + .header("Authorization", USER_AUTH_KEY) + .get(User.class); + Assert.assertEquals("user", user.getName()); + + try { + client.resource(String.format("http://localhost:%d/rest/testAuth/userWithoutRole", RULE.getLocalPort())) + .get(User.class); + Assert.fail(); + } catch (UniformInterfaceException e) { + Assert.assertEquals(401, e.getResponse().getStatus()); + } + } + + @Test + public void testUserWithoutRequiredAuth() { + Client client = new Client(); + String response = client.resource(String.format("http://localhost:%d/rest/testAuth/userWithNotRequiredAuth", RULE.getLocalPort())) + .header("Authorization", ADMIN_AUTH_KEY) + .get(String.class); + Assert.assertNotNull(response); + Assert.assertEquals("User found admin", response); + + response = client.resource(String.format("http://localhost:%d/rest/testAuth/userWithNotRequiredAuth", RULE.getLocalPort())) + .get(String.class); + Assert.assertEquals("User not found", response); + } + + + @Test + public void testAdminOnlyWithoutAuthByUser() { + try { + Client client = new Client(); + client.resource(String.format("http://localhost:%d/rest/testAuth/adminOnlyWithoutAuth", RULE.getLocalPort())) + .header("Authorization", USER_AUTH_KEY) + .get(String.class); + Assert.fail(); + } catch (UniformInterfaceException e) { + Assert.assertEquals(403, e.getResponse().getStatus()); + } + } + @Test public void testAuthPermitAll() { Client client = new Client(); @@ -76,6 +135,7 @@ public void testAuthPermitAllWithoutKeyShouldPass() { try { client.resource(String.format("http://localhost:%d/rest/testAuth/permitAll", RULE.getLocalPort())) .get(User.class); + Assert.fail(); } catch (UniformInterfaceException e) { Assert.assertEquals(204, e.getResponse().getStatus()); } @@ -88,6 +148,7 @@ public void testAuthPermitAllWithBadKeyShouldAccept401() { client.resource(String.format("http://localhost:%d/rest/testAuth/permitAll", RULE.getLocalPort())) .header("Authorization", BAD_AUTH_KEY) .get(User.class); + Assert.fail(); } catch (UniformInterfaceException e) { Assert.assertEquals(401, e.getResponse().getStatus()); } diff --git a/eagle-server/src/test/java/org/apache/eagle/server/authentication/resource/TestBasicAuthenticationResource.java b/eagle-server/src/test/java/org/apache/eagle/server/authentication/resource/TestBasicAuthenticationResource.java index 9cb2984bed..dc7fa8533d 100644 --- a/eagle-server/src/test/java/org/apache/eagle/server/authentication/resource/TestBasicAuthenticationResource.java +++ b/eagle-server/src/test/java/org/apache/eagle/server/authentication/resource/TestBasicAuthenticationResource.java @@ -36,6 +36,7 @@ public class TestBasicAuthenticationResource { @GET @Path("/userOnly") @Produces(MediaType.APPLICATION_JSON) + @RolesAllowed(User.Role.USER) public User getUser(@Auth User user) { return user; } @@ -43,11 +44,36 @@ public User getUser(@Auth User user) { @GET @Path("/adminOnly") @Produces(MediaType.APPLICATION_JSON) - @RolesAllowed({User.Role.ADMINISTRATOR}) + @RolesAllowed(User.Role.ADMINISTRATOR) public User getAdminUser(@Auth User user) { return user; } + @GET + @Path("/adminOnlyWithoutAuth") + @Produces(MediaType.APPLICATION_JSON) + @RolesAllowed(User.Role.ADMINISTRATOR) + public String getAdminUserWithoutAuth() { + return "Success"; + } + + @GET + @Path("/userWithoutRole") + @Produces(MediaType.APPLICATION_JSON) + public User getUserWithoutRole(@Auth User user) { + return user; + } + + @GET + @Path("/userWithNotRequiredAuth") + @Produces(MediaType.APPLICATION_JSON) + public String getUserWithNotRequiredAuth(@Auth(required = false) User user) { + if (user == null) { + return "User not found"; + } + return "User found " + user.getName(); + } + @GET @Path("/userOrAdmin") @Produces(MediaType.APPLICATION_JSON) From 78d39c58e0956cbebb7e7f20d4469a7c2bd9eb78 Mon Sep 17 00:00:00 2001 From: Hao Chen Date: Tue, 21 Feb 2017 23:53:13 +0800 Subject: [PATCH 06/13] Rename package authentication to security --- .../eagle/server/ServerApplication.java | 6 +- .../org/apache/eagle/server/ServerConfig.java | 2 +- .../BasicAuthBuilder.java | 8 +- .../BasicAuthRequestFilter.java | 2 +- .../BasicAuthResourceFilterFactory.java | 2 +- .../authenticator/LdapBasicAuthenticator.java | 4 +- .../SimpleBasicAuthenticator.java | 9 +- .../config/AuthenticationConfig.java | 2 +- .../config/LdapConfig.java | 2 +- .../config/SimpleConfig.java | 2 +- .../config/UserAccount.java | 104 +++++++++--------- .../LdapBasicAuthenticatorTest.java | 4 +- .../SimpleBasicAuthenticatorTest.java | 7 +- .../resource/BasicAuthenticationTestCase.java | 2 +- .../TestBasicAuthenticationResource.java | 2 +- 15 files changed, 76 insertions(+), 82 deletions(-) rename eagle-server/src/main/java/org/apache/eagle/server/{authentication => security}/BasicAuthBuilder.java (93%) rename eagle-server/src/main/java/org/apache/eagle/server/{authentication => security}/BasicAuthRequestFilter.java (99%) rename eagle-server/src/main/java/org/apache/eagle/server/{authentication => security}/BasicAuthResourceFilterFactory.java (97%) rename eagle-server/src/main/java/org/apache/eagle/server/{authentication => security}/authenticator/LdapBasicAuthenticator.java (97%) rename eagle-server/src/main/java/org/apache/eagle/server/{authentication => security}/authenticator/SimpleBasicAuthenticator.java (89%) rename eagle-server/src/main/java/org/apache/eagle/server/{authentication => security}/config/AuthenticationConfig.java (97%) rename eagle-server/src/main/java/org/apache/eagle/server/{authentication => security}/config/LdapConfig.java (98%) rename eagle-server/src/main/java/org/apache/eagle/server/{authentication => security}/config/SimpleConfig.java (96%) rename eagle-server/src/main/java/org/apache/eagle/server/{authentication => security}/config/UserAccount.java (94%) rename eagle-server/src/test/java/org/apache/eagle/server/{authentication => security}/authenticator/LdapBasicAuthenticatorTest.java (98%) rename eagle-server/src/test/java/org/apache/eagle/server/{authentication => security}/authenticator/SimpleBasicAuthenticatorTest.java (93%) rename eagle-server/src/test/java/org/apache/eagle/server/{authentication => security}/resource/BasicAuthenticationTestCase.java (99%) rename eagle-server/src/test/java/org/apache/eagle/server/{authentication => security}/resource/TestBasicAuthenticationResource.java (98%) diff --git a/eagle-server/src/main/java/org/apache/eagle/server/ServerApplication.java b/eagle-server/src/main/java/org/apache/eagle/server/ServerApplication.java index 0c35d21465..9f2a4ef869 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/ServerApplication.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/ServerApplication.java @@ -29,7 +29,6 @@ import io.swagger.jaxrs.config.BeanConfig; import io.swagger.jaxrs.listing.ApiListingResource; import org.apache.eagle.alert.coordinator.Coordinator; -import org.apache.eagle.alert.coordinator.CoordinatorListener; import org.apache.eagle.alert.resource.SimpleCORSFiler; import org.apache.eagle.app.service.ApplicationHealthCheckService; import org.apache.eagle.app.service.ApplicationProviderService; @@ -39,9 +38,8 @@ import org.apache.eagle.log.base.taggedlog.TaggedLogAPIEntity; import org.apache.eagle.log.entity.repo.EntityRepositoryScanner; import org.apache.eagle.metadata.service.ApplicationStatusUpdateService; -import org.apache.eagle.server.authentication.BasicAuthBuilder; -import org.apache.eagle.server.authentication.BasicAuthRequestFilter; -import org.apache.eagle.server.authentication.BasicAuthResourceFilterFactory; +import org.apache.eagle.server.security.BasicAuthBuilder; +import org.apache.eagle.server.security.BasicAuthResourceFilterFactory; import org.apache.eagle.server.task.ManagedService; import org.apache.eagle.server.module.GuiceBundleLoader; import org.slf4j.Logger; diff --git a/eagle-server/src/main/java/org/apache/eagle/server/ServerConfig.java b/eagle-server/src/main/java/org/apache/eagle/server/ServerConfig.java index 00391df6f8..68a874eb22 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/ServerConfig.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/ServerConfig.java @@ -18,7 +18,7 @@ import io.dropwizard.Configuration; import org.apache.eagle.common.Version; -import org.apache.eagle.server.authentication.config.AuthenticationConfig; +import org.apache.eagle.server.security.config.AuthenticationConfig; import com.fasterxml.jackson.annotation.JsonProperty; public class ServerConfig extends Configuration { diff --git a/eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthBuilder.java b/eagle-server/src/main/java/org/apache/eagle/server/security/BasicAuthBuilder.java similarity index 93% rename from eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthBuilder.java rename to eagle-server/src/main/java/org/apache/eagle/server/security/BasicAuthBuilder.java index e9238be02a..8d41a901f9 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthBuilder.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/security/BasicAuthBuilder.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.eagle.server.authentication; +package org.apache.eagle.server.security; import com.google.common.cache.CacheBuilderSpec; import com.sun.jersey.api.core.HttpContext; @@ -29,9 +29,9 @@ import io.dropwizard.auth.basic.BasicCredentials; import io.dropwizard.setup.Environment; import org.apache.eagle.common.security.User; -import org.apache.eagle.server.authentication.authenticator.LdapBasicAuthenticator; -import org.apache.eagle.server.authentication.authenticator.SimpleBasicAuthenticator; -import org.apache.eagle.server.authentication.config.AuthenticationConfig; +import org.apache.eagle.server.security.authenticator.LdapBasicAuthenticator; +import org.apache.eagle.server.security.authenticator.SimpleBasicAuthenticator; +import org.apache.eagle.server.security.config.AuthenticationConfig; import java.util.Arrays; diff --git a/eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthRequestFilter.java b/eagle-server/src/main/java/org/apache/eagle/server/security/BasicAuthRequestFilter.java similarity index 99% rename from eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthRequestFilter.java rename to eagle-server/src/main/java/org/apache/eagle/server/security/BasicAuthRequestFilter.java index f6dcd9ac49..a57191a2be 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthRequestFilter.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/security/BasicAuthRequestFilter.java @@ -1,4 +1,4 @@ -package org.apache.eagle.server.authentication; +package org.apache.eagle.server.security; import com.google.common.base.Optional; import com.google.common.base.Preconditions; diff --git a/eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthResourceFilterFactory.java b/eagle-server/src/main/java/org/apache/eagle/server/security/BasicAuthResourceFilterFactory.java similarity index 97% rename from eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthResourceFilterFactory.java rename to eagle-server/src/main/java/org/apache/eagle/server/security/BasicAuthResourceFilterFactory.java index 9bde4518b8..e6b8522b37 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/authentication/BasicAuthResourceFilterFactory.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/security/BasicAuthResourceFilterFactory.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.eagle.server.authentication; +package org.apache.eagle.server.security; import com.sun.jersey.api.model.AbstractMethod; diff --git a/eagle-server/src/main/java/org/apache/eagle/server/authentication/authenticator/LdapBasicAuthenticator.java b/eagle-server/src/main/java/org/apache/eagle/server/security/authenticator/LdapBasicAuthenticator.java similarity index 97% rename from eagle-server/src/main/java/org/apache/eagle/server/authentication/authenticator/LdapBasicAuthenticator.java rename to eagle-server/src/main/java/org/apache/eagle/server/security/authenticator/LdapBasicAuthenticator.java index 5545db09c9..bc50c82803 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/authentication/authenticator/LdapBasicAuthenticator.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/security/authenticator/LdapBasicAuthenticator.java @@ -14,14 +14,14 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.eagle.server.authentication.authenticator; +package org.apache.eagle.server.security.authenticator; import com.google.common.base.Optional; import io.dropwizard.auth.AuthenticationException; import io.dropwizard.auth.Authenticator; import io.dropwizard.auth.basic.BasicCredentials; import org.apache.eagle.common.security.User; -import org.apache.eagle.server.authentication.config.LdapConfig; +import org.apache.eagle.server.security.config.LdapConfig; import org.slf4j.Logger; import org.slf4j.LoggerFactory; diff --git a/eagle-server/src/main/java/org/apache/eagle/server/authentication/authenticator/SimpleBasicAuthenticator.java b/eagle-server/src/main/java/org/apache/eagle/server/security/authenticator/SimpleBasicAuthenticator.java similarity index 89% rename from eagle-server/src/main/java/org/apache/eagle/server/authentication/authenticator/SimpleBasicAuthenticator.java rename to eagle-server/src/main/java/org/apache/eagle/server/security/authenticator/SimpleBasicAuthenticator.java index 013bbfc48d..842fe8240c 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/authentication/authenticator/SimpleBasicAuthenticator.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/security/authenticator/SimpleBasicAuthenticator.java @@ -14,22 +14,19 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.eagle.server.authentication.authenticator; +package org.apache.eagle.server.security.authenticator; import com.google.common.base.Optional; import com.google.common.base.Preconditions; import io.dropwizard.auth.AuthenticationException; import io.dropwizard.auth.Authenticator; import io.dropwizard.auth.basic.BasicCredentials; -import org.apache.eagle.common.rest.RESTResponse; import org.apache.eagle.common.security.User; -import org.apache.eagle.server.authentication.config.SimpleConfig; -import org.apache.eagle.server.authentication.config.UserAccount; +import org.apache.eagle.server.security.config.SimpleConfig; +import org.apache.eagle.server.security.config.UserAccount; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import javax.ws.rs.WebApplicationException; -import javax.ws.rs.core.Response; import java.util.*; public class SimpleBasicAuthenticator implements Authenticator { diff --git a/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/AuthenticationConfig.java b/eagle-server/src/main/java/org/apache/eagle/server/security/config/AuthenticationConfig.java similarity index 97% rename from eagle-server/src/main/java/org/apache/eagle/server/authentication/config/AuthenticationConfig.java rename to eagle-server/src/main/java/org/apache/eagle/server/security/config/AuthenticationConfig.java index a2e780aa3e..dbbb13ba2b 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/AuthenticationConfig.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/security/config/AuthenticationConfig.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.eagle.server.authentication.config; +package org.apache.eagle.server.security.config; import io.dropwizard.Configuration; import com.fasterxml.jackson.annotation.JsonProperty; diff --git a/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/LdapConfig.java b/eagle-server/src/main/java/org/apache/eagle/server/security/config/LdapConfig.java similarity index 98% rename from eagle-server/src/main/java/org/apache/eagle/server/authentication/config/LdapConfig.java rename to eagle-server/src/main/java/org/apache/eagle/server/security/config/LdapConfig.java index 406031a524..c87553fbd7 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/LdapConfig.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/security/config/LdapConfig.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.eagle.server.authentication.config; +package org.apache.eagle.server.security.config; import io.dropwizard.util.Duration; import com.fasterxml.jackson.annotation.JsonProperty; diff --git a/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/SimpleConfig.java b/eagle-server/src/main/java/org/apache/eagle/server/security/config/SimpleConfig.java similarity index 96% rename from eagle-server/src/main/java/org/apache/eagle/server/authentication/config/SimpleConfig.java rename to eagle-server/src/main/java/org/apache/eagle/server/security/config/SimpleConfig.java index 3c2201b174..7ba1d0cf2a 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/SimpleConfig.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/security/config/SimpleConfig.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.eagle.server.authentication.config; +package org.apache.eagle.server.security.config; import com.fasterxml.jackson.annotation.JsonProperty; diff --git a/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/UserAccount.java b/eagle-server/src/main/java/org/apache/eagle/server/security/config/UserAccount.java similarity index 94% rename from eagle-server/src/main/java/org/apache/eagle/server/authentication/config/UserAccount.java rename to eagle-server/src/main/java/org/apache/eagle/server/security/config/UserAccount.java index 2f0bbe5902..57f7d804c3 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/authentication/config/UserAccount.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/security/config/UserAccount.java @@ -1,52 +1,52 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - *

    - * http://www.apache.org/licenses/LICENSE-2.0 - *

    - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.eagle.server.authentication.config; - -import com.google.common.base.Preconditions; -import org.apache.eagle.common.security.User; - -import java.util.*; - -public class UserAccount extends User { - public String getPassword() { - return password; - } - - private String password; - - public UserAccount() { - - } - - public UserAccount(String username, String password) { - this.setName(username); - this.password = password; - } - - public void setRoles(String roles) { - if (roles != null) { - String[] roleStrArray = roles.split(","); - Set rolesSet = new HashSet<>(); - for (String roleStr:roleStrArray) { - User.Role role = User.Role.locateCaseInsensitive(roleStr.trim()); - Preconditions.checkNotNull(role, "Invalid role " + roleStr); - rolesSet.add(role); - } - super.setRoles(rolesSet); - } - } -} +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + *

    + * http://www.apache.org/licenses/LICENSE-2.0 + *

    + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.eagle.server.security.config; + +import com.google.common.base.Preconditions; +import org.apache.eagle.common.security.User; + +import java.util.*; + +public class UserAccount extends User { + public String getPassword() { + return password; + } + + private String password; + + public UserAccount() { + + } + + public UserAccount(String username, String password) { + this.setName(username); + this.password = password; + } + + public void setRoles(String roles) { + if (roles != null) { + String[] roleStrArray = roles.split(","); + Set rolesSet = new HashSet<>(); + for (String roleStr:roleStrArray) { + User.Role role = User.Role.locateCaseInsensitive(roleStr.trim()); + Preconditions.checkNotNull(role, "Invalid role " + roleStr); + rolesSet.add(role); + } + super.setRoles(rolesSet); + } + } +} diff --git a/eagle-server/src/test/java/org/apache/eagle/server/authentication/authenticator/LdapBasicAuthenticatorTest.java b/eagle-server/src/test/java/org/apache/eagle/server/security/authenticator/LdapBasicAuthenticatorTest.java similarity index 98% rename from eagle-server/src/test/java/org/apache/eagle/server/authentication/authenticator/LdapBasicAuthenticatorTest.java rename to eagle-server/src/test/java/org/apache/eagle/server/security/authenticator/LdapBasicAuthenticatorTest.java index fb3f8921f9..8389da8b04 100644 --- a/eagle-server/src/test/java/org/apache/eagle/server/authentication/authenticator/LdapBasicAuthenticatorTest.java +++ b/eagle-server/src/test/java/org/apache/eagle/server/security/authenticator/LdapBasicAuthenticatorTest.java @@ -15,10 +15,10 @@ * limitations under the License. */ -package org.apache.eagle.server.authentication.authenticator; +package org.apache.eagle.server.security.authenticator; import io.dropwizard.util.Duration; -import org.apache.eagle.server.authentication.config.LdapConfig; +import org.apache.eagle.server.security.config.LdapConfig; import org.junit.Assert; import org.junit.Test; diff --git a/eagle-server/src/test/java/org/apache/eagle/server/authentication/authenticator/SimpleBasicAuthenticatorTest.java b/eagle-server/src/test/java/org/apache/eagle/server/security/authenticator/SimpleBasicAuthenticatorTest.java similarity index 93% rename from eagle-server/src/test/java/org/apache/eagle/server/authentication/authenticator/SimpleBasicAuthenticatorTest.java rename to eagle-server/src/test/java/org/apache/eagle/server/security/authenticator/SimpleBasicAuthenticatorTest.java index f10b6b7446..29efd32dc0 100644 --- a/eagle-server/src/test/java/org/apache/eagle/server/authentication/authenticator/SimpleBasicAuthenticatorTest.java +++ b/eagle-server/src/test/java/org/apache/eagle/server/security/authenticator/SimpleBasicAuthenticatorTest.java @@ -15,18 +15,17 @@ * limitations under the License. */ -package org.apache.eagle.server.authentication.authenticator; +package org.apache.eagle.server.security.authenticator; import com.google.common.base.Optional; import io.dropwizard.auth.AuthenticationException; import io.dropwizard.auth.basic.BasicCredentials; import org.apache.eagle.common.security.User; -import org.apache.eagle.server.authentication.config.SimpleConfig; -import org.apache.eagle.server.authentication.config.UserAccount; +import org.apache.eagle.server.security.config.SimpleConfig; +import org.apache.eagle.server.security.config.UserAccount; import org.junit.Assert; import org.junit.Test; -import javax.ws.rs.WebApplicationException; import java.util.Collections; public class SimpleBasicAuthenticatorTest { diff --git a/eagle-server/src/test/java/org/apache/eagle/server/authentication/resource/BasicAuthenticationTestCase.java b/eagle-server/src/test/java/org/apache/eagle/server/security/resource/BasicAuthenticationTestCase.java similarity index 99% rename from eagle-server/src/test/java/org/apache/eagle/server/authentication/resource/BasicAuthenticationTestCase.java rename to eagle-server/src/test/java/org/apache/eagle/server/security/resource/BasicAuthenticationTestCase.java index 9ed05580d4..c848d1987b 100644 --- a/eagle-server/src/test/java/org/apache/eagle/server/authentication/resource/BasicAuthenticationTestCase.java +++ b/eagle-server/src/test/java/org/apache/eagle/server/security/resource/BasicAuthenticationTestCase.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.eagle.server.authentication.resource; +package org.apache.eagle.server.security.resource; import com.sun.jersey.api.client.Client; import com.sun.jersey.api.client.UniformInterfaceException; diff --git a/eagle-server/src/test/java/org/apache/eagle/server/authentication/resource/TestBasicAuthenticationResource.java b/eagle-server/src/test/java/org/apache/eagle/server/security/resource/TestBasicAuthenticationResource.java similarity index 98% rename from eagle-server/src/test/java/org/apache/eagle/server/authentication/resource/TestBasicAuthenticationResource.java rename to eagle-server/src/test/java/org/apache/eagle/server/security/resource/TestBasicAuthenticationResource.java index dc7fa8533d..9e4ebf9406 100644 --- a/eagle-server/src/test/java/org/apache/eagle/server/authentication/resource/TestBasicAuthenticationResource.java +++ b/eagle-server/src/test/java/org/apache/eagle/server/security/resource/TestBasicAuthenticationResource.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.eagle.server.authentication.resource; +package org.apache.eagle.server.security.resource; import io.dropwizard.auth.Auth; import org.apache.eagle.common.security.DenyAll; From 9ca5c445af21eca583efa848606821923e3d2297 Mon Sep 17 00:00:00 2001 From: Hao Chen Date: Wed, 22 Feb 2017 00:04:05 +0800 Subject: [PATCH 07/13] Fix check style on User --- .../src/main/java/org/apache/eagle/common/security/User.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/security/User.java b/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/security/User.java index 58f5b2b0e5..a99ba95bcf 100644 --- a/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/security/User.java +++ b/eagle-core/eagle-common/src/main/java/org/apache/eagle/common/security/User.java @@ -65,7 +65,7 @@ public void setRoles(Collection roles) { } public String getFullName() { - if (this.fullName !=null ) { + if (this.fullName != null ) { return this.fullName; } if (this.firstName == null && this.lastName == null) { From e5d2032c7b8f8d484e5c45fbee6a34553a64c03d Mon Sep 17 00:00:00 2001 From: Hao Chen Date: Wed, 22 Feb 2017 00:26:26 +0800 Subject: [PATCH 08/13] Fix checkstyle --- .../security/BasicAuthRequestFilter.java | 10 ++++---- .../SimpleBasicAuthenticator.java | 4 +-- .../server/security/config/SimpleConfig.java | 25 ------------------- 3 files changed, 7 insertions(+), 32 deletions(-) diff --git a/eagle-server/src/main/java/org/apache/eagle/server/security/BasicAuthRequestFilter.java b/eagle-server/src/main/java/org/apache/eagle/server/security/BasicAuthRequestFilter.java index a57191a2be..1542505c26 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/security/BasicAuthRequestFilter.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/security/BasicAuthRequestFilter.java @@ -36,7 +36,7 @@ public class BasicAuthRequestFilter implements ContainerRequestFilter { private final Authenticator authenticator; private final AbstractMethod method; - private Logger LOG = LoggerFactory.getLogger(BasicAuthRequestFilter.class); + private static final Logger LOG = LoggerFactory.getLogger(BasicAuthRequestFilter.class); private boolean isSecurityDefined = false; private boolean isAuthRequired = false; private boolean hasPermitAllAnnotation = false; @@ -56,11 +56,11 @@ public BasicAuthRequestFilter(Authenticator authenticato } Auth[] authAnnotations = parameter.getAnnotationsByType(Auth.class); this.isSecurityDefined = this.isSecurityDefined || authAnnotations.length > 0; - for (Auth auth: authAnnotations) { + for (Auth auth : authAnnotations) { this.isAuthRequired = this.isAuthRequired || auth.required(); } } - Preconditions.checkArgument(!(this.hasDenyAllAnnotation && this.hasPermitAllAnnotation), "Conflict @DenyAll and @PermitAll on method " +this.method.toString()); + Preconditions.checkArgument(!(this.hasDenyAllAnnotation && this.hasPermitAllAnnotation), "Conflict @DenyAll and @PermitAll on method " + this.method.toString()); } @@ -94,7 +94,7 @@ public ContainerRequest filter(ContainerRequest containerRequest) { final List authorization = headers.get(AUTHORIZATION_PROPERTY); //If no authorization information present; block access - if ((authorization == null || authorization.isEmpty()) && isAuthRequired ) { + if ((authorization == null || authorization.isEmpty()) && isAuthRequired) { throw new WebApplicationException(UNAUTHORIZED_ACCESS_DENIED); } @@ -147,7 +147,7 @@ public String getAuthenticationScheme() { .build()); } } - } else { + } else { throw new WebApplicationException(UNAUTHORIZED_ACCESS_DENIED); } } catch (AuthenticationException e) { diff --git a/eagle-server/src/main/java/org/apache/eagle/server/security/authenticator/SimpleBasicAuthenticator.java b/eagle-server/src/main/java/org/apache/eagle/server/security/authenticator/SimpleBasicAuthenticator.java index 842fe8240c..312b9c93c7 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/security/authenticator/SimpleBasicAuthenticator.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/security/authenticator/SimpleBasicAuthenticator.java @@ -36,7 +36,7 @@ public class SimpleBasicAuthenticator implements Authenticator(); for (UserAccount userAccount : config.getAccounts()) { - Preconditions.checkNotNull(userAccount.getName()," Username is null " + userAccount); + Preconditions.checkNotNull(userAccount.getName(), " Username is null " + userAccount); Preconditions.checkArgument(!userAccountRepository.containsKey(userAccount.getName()), "Duplicated user name: " + userAccount.getName()); if (userAccount.getRoles() == null) { LOGGER.warn("UserPrincipal {} has no roles, set as {} by default", userAccount.getName(), User.Role.USER); @@ -49,7 +49,7 @@ public SimpleBasicAuthenticator(SimpleConfig config) { public Optional authenticate(BasicCredentials credentials) throws AuthenticationException { if (userAccountRepository.containsKey(credentials.getUsername()) && Objects.equals(userAccountRepository.get(credentials.getUsername()).getPassword(), credentials.getPassword())) { - UserAccount userAccount = userAccountRepository.get(credentials.getUsername()); + UserAccount userAccount = userAccountRepository.get(credentials.getUsername()); return Optional.of(new User(userAccount)); } else { return Optional.absent(); diff --git a/eagle-server/src/main/java/org/apache/eagle/server/security/config/SimpleConfig.java b/eagle-server/src/main/java/org/apache/eagle/server/security/config/SimpleConfig.java index 7ba1d0cf2a..65ae10ff21 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/security/config/SimpleConfig.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/security/config/SimpleConfig.java @@ -31,29 +31,4 @@ public List getAccounts() { public void setAccounts(List accounts) { this.accounts = accounts; } - -// private String username = null; -// private String password = null; -// -// @JsonProperty -// public String getUsername() { -// return username; -// } -// -// @JsonProperty -// public SimpleConfig setUsername(String username) { -// this.username = username; -// return this; -// } -// -// @JsonProperty -// public String getPassword() { -// return password; -// } -// -// @JsonProperty -// public SimpleConfig setPassword(String password) { -// this.password = password; -// return this; -// } } From a566d6a328fb306a1a5159bbcea05e9c6f00605e Mon Sep 17 00:00:00 2001 From: Hao Chen Date: Wed, 22 Feb 2017 14:04:22 +0800 Subject: [PATCH 09/13] Add jasypt dependency --- eagle-server/pom.xml | 4 ++++ .../eagle/server/security/config/UserAccount.java | 13 ++++++++----- pom.xml | 11 +++++++++++ 3 files changed, 23 insertions(+), 5 deletions(-) diff --git a/eagle-server/pom.xml b/eagle-server/pom.xml index 0fb3a492d3..931b455875 100644 --- a/eagle-server/pom.xml +++ b/eagle-server/pom.xml @@ -186,6 +186,10 @@ dropwizard-testing test + + org.jasypt + jasypt + diff --git a/eagle-server/src/main/java/org/apache/eagle/server/security/config/UserAccount.java b/eagle-server/src/main/java/org/apache/eagle/server/security/config/UserAccount.java index 57f7d804c3..882e797e70 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/security/config/UserAccount.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/security/config/UserAccount.java @@ -16,25 +16,28 @@ */ package org.apache.eagle.server.security.config; +import com.fasterxml.jackson.annotation.JsonProperty; import com.google.common.base.Preconditions; import org.apache.eagle.common.security.User; import java.util.*; public class UserAccount extends User { - public String getPassword() { - return password; + + @JsonProperty("password") + public String getEncryptedPassword() { + return encryptedPassword; } - private String password; + private String encryptedPassword; public UserAccount() { } - public UserAccount(String username, String password) { + public UserAccount(String username, String encryptedPassword) { this.setName(username); - this.password = password; + this.encryptedPassword = encryptedPassword; } public void setRoles(String roles) { diff --git a/pom.xml b/pom.xml index a47309f56a..15fa4a2eb4 100755 --- a/pom.xml +++ b/pom.xml @@ -234,6 +234,7 @@ 3.1.0 3.0.0-M6 5.0 + 1.9.2 @@ -486,6 +487,11 @@ reflections ${reflections.version} + + org.jasypt + jasypt + ${jasypt.version} + @@ -1317,6 +1323,11 @@ + + maven.central + Maven Central Repository + http://central.maven.org/maven2 + maven.repo1 Maven Repo1 Repository From 13592539b596c9ab6d54d5a20d3c4e887747fcad Mon Sep 17 00:00:00 2001 From: Hao Chen Date: Wed, 22 Feb 2017 15:08:18 +0800 Subject: [PATCH 10/13] Encrypt password in configure file --- .../org/apache/eagle/server/ServerMain.java | 46 +++++++++++++++---- .../SimpleBasicAuthenticator.java | 3 +- .../security/encrypt/EncryptorFactory.java | 23 ++++++++++ .../security/encrypt/PasswordEncryptor.java | 22 +++++++++ .../encrypt/PasswordEncryptorImpl.java | 37 +++++++++++++++ .../apache/eagle/server/tool/EncryptTool.java | 42 +++++++++++++++++ .../org/apache/eagle/server/tool/Tool.java | 21 +++++++++ .../SimpleBasicAuthenticatorTest.java | 4 +- .../src/test/resources/configuration.yml | 7 +-- 9 files changed, 190 insertions(+), 15 deletions(-) create mode 100644 eagle-server/src/main/java/org/apache/eagle/server/security/encrypt/EncryptorFactory.java create mode 100644 eagle-server/src/main/java/org/apache/eagle/server/security/encrypt/PasswordEncryptor.java create mode 100644 eagle-server/src/main/java/org/apache/eagle/server/security/encrypt/PasswordEncryptorImpl.java create mode 100644 eagle-server/src/main/java/org/apache/eagle/server/tool/EncryptTool.java create mode 100644 eagle-server/src/main/java/org/apache/eagle/server/tool/Tool.java diff --git a/eagle-server/src/main/java/org/apache/eagle/server/ServerMain.java b/eagle-server/src/main/java/org/apache/eagle/server/ServerMain.java index 318a74e2b8..412dc2e579 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/ServerMain.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/ServerMain.java @@ -17,21 +17,47 @@ package org.apache.eagle.server; import org.apache.eagle.common.Version; +import org.apache.eagle.server.tool.EncryptTool; import java.util.Date; public class ServerMain { + private static final String USAGE = + "Usage: java " + ServerMain.class.getName() + " command [options] \n" + + "where options include: \n" + + "\tserver\t[path to configuration]\n" + + "\tencrypt\t[text to encrypt]\n"; + public static void main(String[] args) { - System.out.println( - "\nApache Eagle™ v" + Version.version + ": " - + "built with git revision " + Version.gitRevision + " by " + Version.userName + " on " + new Date(Long.parseLong(Version.timestamp)) - ); - System.out.println("\nStarting Eagle Server ...\n"); - try { - new ServerApplication().run(args); - } catch (Exception e) { - System.err.println("Oops, got error to start eagle server: " + e.getMessage()); - e.printStackTrace(); + if (args.length > 1) { + String cmd = args[0]; + + switch (cmd) { + case "server": + System.out.println( + "\nApache Eagle™ v" + Version.version + ": " + + "built with git revision " + Version.gitRevision + " by " + Version.userName + " on " + new Date(Long.parseLong(Version.timestamp)) + ); + + System.out.println("\nStarting Eagle Server ...\n"); + try { + new ServerApplication().run(args); + } catch (Exception e) { + System.err.println("Oops, got error to start eagle server: " + e.getMessage()); + e.printStackTrace(); + System.exit(1); + } + break; + case "encrypt": + new EncryptTool().execute(args); + break; + default: + System.err.println("Invalid command " + cmd); + System.err.print(USAGE); + System.exit(2); + } + } else { + System.err.print(USAGE); System.exit(1); } } diff --git a/eagle-server/src/main/java/org/apache/eagle/server/security/authenticator/SimpleBasicAuthenticator.java b/eagle-server/src/main/java/org/apache/eagle/server/security/authenticator/SimpleBasicAuthenticator.java index 312b9c93c7..63dfd3b2ca 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/security/authenticator/SimpleBasicAuthenticator.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/security/authenticator/SimpleBasicAuthenticator.java @@ -24,6 +24,7 @@ import org.apache.eagle.common.security.User; import org.apache.eagle.server.security.config.SimpleConfig; import org.apache.eagle.server.security.config.UserAccount; +import org.apache.eagle.server.security.encrypt.EncryptorFactory; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -48,7 +49,7 @@ public SimpleBasicAuthenticator(SimpleConfig config) { public Optional authenticate(BasicCredentials credentials) throws AuthenticationException { if (userAccountRepository.containsKey(credentials.getUsername()) - && Objects.equals(userAccountRepository.get(credentials.getUsername()).getPassword(), credentials.getPassword())) { + && EncryptorFactory.getPasswordEncryptor().checkPassword(credentials.getPassword(), userAccountRepository.get(credentials.getUsername()).getEncryptedPassword())) { UserAccount userAccount = userAccountRepository.get(credentials.getUsername()); return Optional.of(new User(userAccount)); } else { diff --git a/eagle-server/src/main/java/org/apache/eagle/server/security/encrypt/EncryptorFactory.java b/eagle-server/src/main/java/org/apache/eagle/server/security/encrypt/EncryptorFactory.java new file mode 100644 index 0000000000..ff90213040 --- /dev/null +++ b/eagle-server/src/main/java/org/apache/eagle/server/security/encrypt/EncryptorFactory.java @@ -0,0 +1,23 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + *

    + * http://www.apache.org/licenses/LICENSE-2.0 + *

    + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.eagle.server.security.encrypt; + +public class EncryptorFactory { + public static PasswordEncryptor getPasswordEncryptor() { + return new PasswordEncryptorImpl(); + } +} diff --git a/eagle-server/src/main/java/org/apache/eagle/server/security/encrypt/PasswordEncryptor.java b/eagle-server/src/main/java/org/apache/eagle/server/security/encrypt/PasswordEncryptor.java new file mode 100644 index 0000000000..8cb4bce5b0 --- /dev/null +++ b/eagle-server/src/main/java/org/apache/eagle/server/security/encrypt/PasswordEncryptor.java @@ -0,0 +1,22 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + *

    + * http://www.apache.org/licenses/LICENSE-2.0 + *

    + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.eagle.server.security.encrypt; + +public interface PasswordEncryptor { + String encryptPassword(String password); + boolean checkPassword(String password, String encryptedPassword); +} diff --git a/eagle-server/src/main/java/org/apache/eagle/server/security/encrypt/PasswordEncryptorImpl.java b/eagle-server/src/main/java/org/apache/eagle/server/security/encrypt/PasswordEncryptorImpl.java new file mode 100644 index 0000000000..2c93c3c0c6 --- /dev/null +++ b/eagle-server/src/main/java/org/apache/eagle/server/security/encrypt/PasswordEncryptorImpl.java @@ -0,0 +1,37 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + *

    + * http://www.apache.org/licenses/LICENSE-2.0 + *

    + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.eagle.server.security.encrypt; + +import org.jasypt.util.password.StrongPasswordEncryptor; + +class PasswordEncryptorImpl implements PasswordEncryptor { + private final StrongPasswordEncryptor encryptor; + + PasswordEncryptorImpl() { + this.encryptor = new StrongPasswordEncryptor(); + } + + @Override + public String encryptPassword(String password) { + return this.encryptor.encryptPassword(password); + } + + @Override + public boolean checkPassword(String password, String encryptedPassword) { + return this.encryptor.checkPassword(password, encryptedPassword); + } +} diff --git a/eagle-server/src/main/java/org/apache/eagle/server/tool/EncryptTool.java b/eagle-server/src/main/java/org/apache/eagle/server/tool/EncryptTool.java new file mode 100644 index 0000000000..f77d90d399 --- /dev/null +++ b/eagle-server/src/main/java/org/apache/eagle/server/tool/EncryptTool.java @@ -0,0 +1,42 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + *

    + * http://www.apache.org/licenses/LICENSE-2.0 + *

    + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.eagle.server.tool; + +import org.apache.eagle.server.ServerMain; +import org.apache.eagle.server.security.encrypt.EncryptorFactory; +import org.apache.eagle.server.security.encrypt.PasswordEncryptor; + +public class EncryptTool implements Tool { + + private static final String MISSING_TEXT = + "Error: require text to encrypt\n" + + "Usage: java " + ServerMain.class.getName() + " encrypt [text to encrypt]"; + + @Override + public void execute(String[] args) { + if (args.length < 2) { + System.err.println(MISSING_TEXT); + } else { + String textToEncrypt = args[1]; + PasswordEncryptor encryptor = EncryptorFactory.getPasswordEncryptor(); + String encryptedText = encryptor.encryptPassword(textToEncrypt); + System.out.println("Original: " + textToEncrypt); + System.out.println("Encrypted: " + encryptedText); + System.exit(0); + } + } +} diff --git a/eagle-server/src/main/java/org/apache/eagle/server/tool/Tool.java b/eagle-server/src/main/java/org/apache/eagle/server/tool/Tool.java new file mode 100644 index 0000000000..bb5632a112 --- /dev/null +++ b/eagle-server/src/main/java/org/apache/eagle/server/tool/Tool.java @@ -0,0 +1,21 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + *

    + * http://www.apache.org/licenses/LICENSE-2.0 + *

    + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.eagle.server.tool; + +public interface Tool { + public void execute(String[] args); +} diff --git a/eagle-server/src/test/java/org/apache/eagle/server/security/authenticator/SimpleBasicAuthenticatorTest.java b/eagle-server/src/test/java/org/apache/eagle/server/security/authenticator/SimpleBasicAuthenticatorTest.java index 29efd32dc0..8c638c51c2 100644 --- a/eagle-server/src/test/java/org/apache/eagle/server/security/authenticator/SimpleBasicAuthenticatorTest.java +++ b/eagle-server/src/test/java/org/apache/eagle/server/security/authenticator/SimpleBasicAuthenticatorTest.java @@ -23,6 +23,7 @@ import org.apache.eagle.common.security.User; import org.apache.eagle.server.security.config.SimpleConfig; import org.apache.eagle.server.security.config.UserAccount; +import org.apache.eagle.server.security.encrypt.EncryptorFactory; import org.junit.Assert; import org.junit.Test; @@ -38,7 +39,8 @@ public class SimpleBasicAuthenticatorTest { private static SimpleConfig config = new SimpleConfig(); static { - config.setAccounts(Collections.singletonList(new UserAccount(TEST_USERNAME, TEST_SECRET_PHRASE))); + config.setAccounts(Collections.singletonList(new UserAccount(TEST_USERNAME, + EncryptorFactory.getPasswordEncryptor().encryptPassword(TEST_SECRET_PHRASE)))); } private static SimpleBasicAuthenticator authenticator = new SimpleBasicAuthenticator(config); diff --git a/eagle-server/src/test/resources/configuration.yml b/eagle-server/src/test/resources/configuration.yml index 3d215dba43..b49da04ea8 100644 --- a/eagle-server/src/test/resources/configuration.yml +++ b/eagle-server/src/test/resources/configuration.yml @@ -39,22 +39,23 @@ auth: cachePolicy: maximumSize=10000, expireAfterWrite=1m # for basic authentication, effective only when auth.mode=simple + # default password is "secret" simple: accounts: - name: admin - password: secret + password: rWV/cdTCr01wTLBQ/rUilkExd2TJKrifXuCCTEwig1o08K8Mi0b1qQAgVXpPqflb roles: ADMINISTRATOR firstName: Admin lastName: Test email: mock-admin@eagle.apache.org - name: user - password: secret + password: rWV/cdTCr01wTLBQ/rUilkExd2TJKrifXuCCTEwig1o08K8Mi0b1qQAgVXpPqflb roles: USER firstName: User lastName: Test email: mock-user@eagle.apache.org - name: app - password: secret + password: rWV/cdTCr01wTLBQ/rUilkExd2TJKrifXuCCTEwig1o08K8Mi0b1qQAgVXpPqflb firstName: Application lastName: Test roles: APPLICATION From 1b321d9ea42dfde14e6f090a17b3c9bff0134004 Mon Sep 17 00:00:00 2001 From: Hao Chen Date: Wed, 22 Feb 2017 15:09:15 +0800 Subject: [PATCH 11/13] Fix configuration.yml encrypted password --- eagle-server/src/main/resources/configuration.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eagle-server/src/main/resources/configuration.yml b/eagle-server/src/main/resources/configuration.yml index 170dd40c9b..a208f577cd 100644 --- a/eagle-server/src/main/resources/configuration.yml +++ b/eagle-server/src/main/resources/configuration.yml @@ -42,7 +42,7 @@ auth: simple: accounts: - name: admin - password: secret + password: rWV/cdTCr01wTLBQ/rUilkExd2TJKrifXuCCTEwig1o08K8Mi0b1qQAgVXpPqflb roles: ADMINISTRATOR firstName: Admin lastName: Admin From 6f74d5d1162044d2aa9599c929cd120f62c0276b Mon Sep 17 00:00:00 2001 From: Hao Chen Date: Wed, 22 Feb 2017 15:22:05 +0800 Subject: [PATCH 12/13] Retry to start mini cluster if failed in 3 attempts --- .../hbase/TestWithHBaseCoprocessor.java | 24 +++++++++++++++---- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/eagle-core/eagle-query/eagle-storage-hbase/src/test/java/org/apache/eagle/storage/hbase/TestWithHBaseCoprocessor.java b/eagle-core/eagle-query/eagle-storage-hbase/src/test/java/org/apache/eagle/storage/hbase/TestWithHBaseCoprocessor.java index b3d3cfa550..b6471736c5 100644 --- a/eagle-core/eagle-query/eagle-storage-hbase/src/test/java/org/apache/eagle/storage/hbase/TestWithHBaseCoprocessor.java +++ b/eagle-core/eagle-query/eagle-storage-hbase/src/test/java/org/apache/eagle/storage/hbase/TestWithHBaseCoprocessor.java @@ -25,6 +25,7 @@ import org.apache.hadoop.hbase.client.HTable; import org.apache.hadoop.hbase.coprocessor.CoprocessorHost; import org.junit.AfterClass; +import org.junit.Assert; import org.junit.BeforeClass; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -46,14 +47,27 @@ public static void setUpHBase() throws IOException { conf.setStrings(CoprocessorHost.REGION_COPROCESSOR_CONF_KEY, AggregateProtocolEndPoint.class.getName()); conf.setInt("hbase.master.info.port", -1);//avoid port clobbering conf.setInt("hbase.regionserver.info.port", -1);//avoid port clobbering + + int attempts = 0; hbase = new HBaseTestingUtility(); - try { - hbase.startMiniCluster(); - } catch (Exception e) { - LOG.error("Error to start mini cluster: " + e.getMessage(), e); - throw new IllegalStateException(e); + boolean successToStart = false; + while (attempts < 3) { + try { + attempts ++; + hbase.startMiniCluster(); + successToStart = true; + } catch (Exception e) { + LOG.error("Error to start mini cluster (tried {} times): {}", attempts, e.getMessage(), e); + try { + hbase.shutdownMiniCluster(); + } catch (Exception e1) { + LOG.warn(e.getMessage(), e); + } + } } + Assert.assertTrue("Failed to start mini cluster in " + attempts + " attempts", successToStart); + HTable table = hbase.createTable(String.valueOf("unittest"),"f"); HTableDescriptor descriptor = new HTableDescriptor(table.getTableDescriptor()); descriptor.addCoprocessor(AggregateProtocolEndPoint.class.getName()); From 43827444eb0e8fcd46ce6983bf456b920eb5b8b1 Mon Sep 17 00:00:00 2001 From: Hao Chen Date: Wed, 22 Feb 2017 15:47:58 +0800 Subject: [PATCH 13/13] Reformat to fix checkstyle in PasswordEncryptor --- .../apache/eagle/server/security/encrypt/PasswordEncryptor.java | 1 + 1 file changed, 1 insertion(+) diff --git a/eagle-server/src/main/java/org/apache/eagle/server/security/encrypt/PasswordEncryptor.java b/eagle-server/src/main/java/org/apache/eagle/server/security/encrypt/PasswordEncryptor.java index 8cb4bce5b0..acf679e07d 100644 --- a/eagle-server/src/main/java/org/apache/eagle/server/security/encrypt/PasswordEncryptor.java +++ b/eagle-server/src/main/java/org/apache/eagle/server/security/encrypt/PasswordEncryptor.java @@ -18,5 +18,6 @@ public interface PasswordEncryptor { String encryptPassword(String password); + boolean checkPassword(String password, String encryptedPassword); }