You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@uima.apache.org by de...@apache.org on 2013/11/10 12:26:29 UTC
svn commit: r1540463 - in
/uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common:
authentication/ utils/
Author: degenaro
Date: Sun Nov 10 11:26:29 2013
New Revision: 1540463
URL: http://svn.apache.org/r1540463
Log:
UIMA-3421 DUCC webserver (WS) native Linux-based authentication mechanism, as plug-in via ducc.properties
Added:
uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/LinuxAuthenticationManager.java
Modified:
uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/AuthenticationResult.java
uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/IAuthenticationResult.java
uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/utils/DuccPropertiesResolver.java
Modified: uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/AuthenticationResult.java
URL: http://svn.apache.org/viewvc/uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/AuthenticationResult.java?rev=1540463&r1=1540462&r2=1540463&view=diff
==============================================================================
--- uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/AuthenticationResult.java (original)
+++ uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/AuthenticationResult.java Sun Nov 10 11:26:29 2013
@@ -24,10 +24,14 @@ public class AuthenticationResult implem
private int code = -1;
private String reason = null;
private Exception exception = null;
-
+
public AuthenticationResult() {
}
+ public AuthenticationResult(boolean value) {
+ this.result = value;
+ }
+
public AuthenticationResult(String reason, Exception exception) {
setFailure();
setReason(reason);
Modified: uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/IAuthenticationResult.java
URL: http://svn.apache.org/viewvc/uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/IAuthenticationResult.java?rev=1540463&r1=1540462&r2=1540463&view=diff
==============================================================================
--- uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/IAuthenticationResult.java (original)
+++ uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/IAuthenticationResult.java Sun Nov 10 11:26:29 2013
@@ -19,6 +19,10 @@
package org.apache.uima.ducc.common.authentication;
public interface IAuthenticationResult {
+
+ public static boolean SUCCESS = true;
+ public static boolean FAILURE = false;
+
public void setSuccess();
public void setFailure();
public boolean isSuccess();
Added: uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/LinuxAuthenticationManager.java
URL: http://svn.apache.org/viewvc/uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/LinuxAuthenticationManager.java?rev=1540463&view=auto
==============================================================================
--- uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/LinuxAuthenticationManager.java (added)
+++ uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/LinuxAuthenticationManager.java Sun Nov 10 11:26:29 2013
@@ -0,0 +1,230 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+*/
+package org.apache.uima.ducc.common.authentication;
+
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+
+import org.apache.uima.ducc.common.utils.DuccPropertiesResolver;
+import org.jvnet.libpam.PAM;
+import org.jvnet.libpam.UnixUser;
+
+public class LinuxAuthenticationManager implements IAuthenticationManager {
+
+ private static IAuthenticationManager instance = new LinuxAuthenticationManager();
+
+ private String version = "ducc linux 1.0";
+
+ private DuccPropertiesResolver duccPropertiesResolver = DuccPropertiesResolver.getInstance();
+
+ private ConcurrentHashMap<String,Set<String>> userGroupsCache = new ConcurrentHashMap<String,Set<String>>();
+
+ public static IAuthenticationManager getInstance() {
+ return instance;
+ }
+
+ @Override
+ public String getVersion() {
+ return version;
+ }
+
+ @Override
+ public boolean isPasswordChecked() {
+ return true;
+ }
+
+ private String getFileProperty(String key) {
+ String retVal = duccPropertiesResolver.getFileProperty(key);
+ return retVal;
+ }
+
+ private String getProperty(String key) {
+ return getFileProperty(key);
+ }
+
+ private String removeDelimiters(String string) {
+ String retVal = string;
+ if(retVal == null) {
+ retVal = "";
+ }
+ else {
+ retVal = retVal.replace(',', ' ');
+ retVal = retVal.replace(';', ' ');
+ retVal = retVal.replace(':', ' ');
+ }
+ return retVal.trim();
+ }
+
+ private String transform(String string) {
+ String retVal = removeDelimiters(string);
+ return(retVal);
+ }
+
+ private boolean finder(String rawNeedle, String rawHaystack) {
+ boolean retVal = false;
+ if(rawNeedle != null) {
+ if(rawHaystack != null) {
+ String needle = " "+rawNeedle+" ";
+ String haystack = " "+rawHaystack+" ";
+ if(haystack.contains(needle)) {
+ retVal = true;
+ }
+ }
+ }
+ return retVal;
+ }
+
+ private IAuthenticationResult checkUserExcluded(String userid) {
+ IAuthenticationResult retVal = new AuthenticationResult(IAuthenticationResult.SUCCESS);
+ if(userid == null) {
+ retVal.setFailure();
+ retVal.setReason("userid missing");
+ }
+ else {
+ String uid = transform(userid);
+ String excludeString = transform(getProperty(DuccPropertiesResolver.ducc_authentication_users_exclude));
+ if(excludeString.trim().length() > 0) {
+ if(finder(uid,excludeString)) {
+ retVal.setFailure();
+ retVal.setReason("userid excluded");
+ }
+ }
+ }
+ return retVal;
+ }
+
+ private IAuthenticationResult checkUserNotIncluded(String userid) {
+ IAuthenticationResult retVal = new AuthenticationResult(IAuthenticationResult.SUCCESS);
+ if(userid == null) {
+ retVal.setFailure();
+ retVal.setReason("userid missing");
+ }
+ else {
+ String uid = transform(userid);
+ String includeString = transform(getProperty(DuccPropertiesResolver.ducc_authentication_users_include));
+ if(includeString.trim().length() > 0) {
+ if(!finder(uid,includeString)) {
+ retVal.setFailure();
+ retVal.setReason("userid not included");
+ }
+ }
+ }
+ return retVal;
+ }
+
+ @Override
+ public IAuthenticationResult isAuthenticate(String userid, String domain, String password) {
+ IAuthenticationResult ar = new AuthenticationResult(IAuthenticationResult.SUCCESS);
+ try {
+ ar = checkUserExcluded(userid);
+ if(ar.isSuccess()) {
+ ar = checkUserNotIncluded(userid);
+ if(ar.isSuccess()) {
+ UnixUser u = new PAM("sshd").authenticate(userid, password);
+ Set<String> groups = u.getGroups();
+ if(groups != null) {
+ userGroupsCache.put(userid, groups);
+ }
+ else {
+ userGroupsCache.remove(userid);
+ }
+ }
+ }
+ }
+ catch(Exception e) {
+ ar.setFailure();
+ ar.setException(e);
+ }
+ return ar;
+ }
+
+ private IAuthenticationResult checkUserGroupExcluded(String userid) {
+ IAuthenticationResult retVal = new AuthenticationResult(IAuthenticationResult.SUCCESS);
+ if(userid == null) {
+ retVal.setFailure();
+ retVal.setReason("userid missing");
+ }
+ else {
+ String excludeString = transform(getProperty(DuccPropertiesResolver.ducc_authentication_groups_exclude));
+ if(excludeString.trim().length() > 0) {
+ Set<String> userGroups = userGroupsCache.get(userid);
+ if(userGroups == null) {
+ retVal.setFailure();
+ retVal.setReason("userid has no groups?");
+ }
+ else {
+ for(String userGroup : userGroups) {
+ if(finder(userGroup,excludeString)) {
+ retVal.setFailure();
+ retVal.setReason("userid group "+userGroup+" excluded");
+ break;
+ }
+ }
+ }
+ }
+ }
+ return retVal;
+ }
+
+ private IAuthenticationResult checkUserGroupNotIncluded(String userid) {
+ IAuthenticationResult retVal = new AuthenticationResult(IAuthenticationResult.SUCCESS);
+ if(userid == null) {
+ retVal.setFailure();
+ retVal.setReason("userid missing");
+ }
+ else {
+ String includeString = transform(getProperty(DuccPropertiesResolver.ducc_authentication_groups_include));
+ if(includeString.trim().length() > 0) {
+ Set<String> userGroups = userGroupsCache.get(userid);
+ if(userGroups == null) {
+ retVal.setFailure();
+ retVal.setReason("userid has no groups?");
+ }
+ else {
+ retVal.setFailure();
+ retVal.setReason("userid has no group included");
+ for(String userGroup : userGroups) {
+ if(finder(userGroup,includeString)) {
+ retVal = new AuthenticationResult(IAuthenticationResult.SUCCESS);
+ break;
+ }
+ }
+ }
+ }
+ }
+ return retVal;
+ }
+
+ @Override
+ public IAuthenticationResult isGroupMember(String userid, String domain, Role role) {
+ IAuthenticationResult ar = new AuthenticationResult(IAuthenticationResult.SUCCESS);
+ try {
+ ar = checkUserGroupExcluded(userid);
+ if(ar.isSuccess()) {
+ ar = checkUserGroupNotIncluded(userid);
+ }
+ }
+ catch(Exception e) {
+ ar.setFailure();
+ ar.setException(e);
+ }
+ return ar;
+ }
+
+}
Modified: uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/utils/DuccPropertiesResolver.java
URL: http://svn.apache.org/viewvc/uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/utils/DuccPropertiesResolver.java?rev=1540463&r1=1540462&r2=1540463&view=diff
==============================================================================
--- uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/utils/DuccPropertiesResolver.java (original)
+++ uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/utils/DuccPropertiesResolver.java Sun Nov 10 11:26:29 2013
@@ -49,8 +49,14 @@ public class DuccPropertiesResolver {
private Properties defaultProperties = new DuccProperties();
public DuccPropertiesResolver() {
- init(initialProperties);
- initDefaultProperties();
+ try {
+ init(initialProperties);
+ initDefaultProperties();
+ }
+ catch(Throwable t) {
+ t.printStackTrace();
+ }
+
}
public static final String ducc_submit_beta = "ducc.submit.beta";
@@ -97,11 +103,17 @@ public class DuccPropertiesResolver {
public static final String ducc_rm_share_quantum = "ducc.rm.share.quantum";
public static final String ducc_jd_share_quantum = "ducc.jd.share.quantum";
+ public static final String ducc_authentication_implementer = "ducc.authentication.implementer";
+ public static final String ducc_authentication_users_include = "ducc.authentication.users.include";
+ public static final String ducc_authentication_users_exclude = "ducc.authentication.users.exclude";
+ public static final String ducc_authentication_groups_include = "ducc.authentication.groups.include";
+ public static final String ducc_authentication_groups_exclude = "ducc.authentication.groups.exclude";
+
public static final String ducc_ws_host = "ducc.ws.node";
public static final String ducc_ws_port = "ducc.ws.port";
public static final String ducc_ws_max_history_entries = "ducc.ws.max.history.entries";
public static final String ducc_ws_login_enabled = "ducc.ws.login.enabled";
-
+
public static final String ducc_agent_node_inventory_publish_rate ="ducc.agent.node.inventory.publish.rate";
public static final String ducc_agent_node_inventory_publish_rate_skip ="ducc.agent.node.inventory.publish.rate.skip";
@@ -121,6 +133,7 @@ public class DuccPropertiesResolver {
defaultProperties.put(ducc_orchestrator_unmanaged_reservations_accepted,"true");
defaultProperties.put(ducc_orchestrator_use_lock_file,"false");
defaultProperties.put(ducc_ws_login_enabled,"true");
+ defaultProperties.put(ducc_authentication_implementer,"org.apache.uima.ducc.common.authentication.LinuxAuthenticationManager");
defaultProperties.put(ducc_jd_queue_timeout_minutes,"5");
defaultProperties.put(ducc_jd_queue_prefix,"ducc.jd.queue.");
defaultProperties.put(ducc_jd_host_class,"JobDriver");