You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by st...@apache.org on 2016/03/24 13:08:54 UTC
[22/51] [abbrv] ambari git commit: Change message of auditlog login
event
Change message of auditlog login event
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/b6448074
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/b6448074
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/b6448074
Branch: refs/heads/audit_logging
Commit: b64480740bf7450ba859c17e33e3715e1e372c44
Parents: 56efb57
Author: Daniel Gergely <dg...@hortonworks.com>
Authored: Mon Feb 29 16:25:11 2016 +0100
Committer: Toader, Sebastian <st...@hortonworks.com>
Committed: Thu Mar 24 13:06:48 2016 +0100
----------------------------------------------------------------------
.../server/audit/LoginSucceededAuditEvent.java | 19 ++++++---
.../ambari/server/controller/AmbariServer.java | 2 +
.../authorization/AuthorizationHelper.java | 42 ++++++++++++++++++--
.../audit/LoginSucceededAuditEventTest.java | 14 +++++--
.../AmbariAuthenticationFilterTest.java | 9 ++++-
5 files changed, 73 insertions(+), 13 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/b6448074/ambari-server/src/main/java/org/apache/ambari/server/audit/LoginSucceededAuditEvent.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/LoginSucceededAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/LoginSucceededAuditEvent.java
index a57fc5d..08c272e 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/audit/LoginSucceededAuditEvent.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/LoginSucceededAuditEvent.java
@@ -18,7 +18,10 @@
package org.apache.ambari.server.audit;
+import java.util.LinkedList;
import java.util.List;
+import java.util.Map;
+
import javax.annotation.concurrent.Immutable;
import org.apache.commons.lang.StringUtils;
@@ -33,7 +36,7 @@ public class LoginSucceededAuditEvent extends AbstractLoginAuditEvent {
private LoginSucceededAuditEventBuilder() { }
- private List<String> roles;
+ private Map<String, List<String>> roles;
/**
@@ -43,10 +46,14 @@ public class LoginSucceededAuditEvent extends AbstractLoginAuditEvent {
protected void buildAuditMessage(StringBuilder builder) {
super.buildAuditMessage(builder);
- builder
- .append(", Roles(")
- .append(StringUtils.join(roles, ","))
- .append("), Status(Login succeeded !)");
+ builder.append(", Roles(").append(System.lineSeparator());
+
+ List<String> lines = new LinkedList<>();
+ for( Map.Entry<String, List<String>> entry : roles.entrySet()) {
+ lines.add(" " + entry.getKey() + ": " + StringUtils.join(entry.getValue(), ", "));
+ }
+ builder.append(StringUtils.join(lines, System.lineSeparator()));
+ builder.append(System.lineSeparator()).append("), Status(Login succeeded !)");
}
/**
@@ -54,7 +61,7 @@ public class LoginSucceededAuditEvent extends AbstractLoginAuditEvent {
* @param roles
* @return this builder
*/
- public LoginSucceededAuditEventBuilder withRoles(List<String> roles) {
+ public LoginSucceededAuditEventBuilder withRoles(Map<String, List<String>> roles) {
this.roles = roles;
return this;
http://git-wip-us.apache.org/repos/asf/ambari/blob/b6448074/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
index 9436e5d..1a972ab 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
@@ -97,6 +97,7 @@ import org.apache.ambari.server.security.SecurityFilter;
import org.apache.ambari.server.security.authorization.AmbariAuthorizationFilter;
import org.apache.ambari.server.security.authorization.AmbariLdapAuthenticationProvider;
import org.apache.ambari.server.security.authorization.AmbariLocalUserDetailsService;
+import org.apache.ambari.server.security.authorization.AuthorizationHelper;
import org.apache.ambari.server.security.authorization.Users;
import org.apache.ambari.server.security.authorization.internal.AmbariInternalAuthenticationProvider;
import org.apache.ambari.server.security.authorization.jwt.JwtAuthenticationFilter;
@@ -887,6 +888,7 @@ public class AmbariServer {
RetryHelper.init(configs.getOperationsRetryAttempts());
AbstractServerAction.init(injector);
+ AuthorizationHelper.init(injector.getInstance(Clusters.class), injector.getInstance(ViewInstanceDAO.class));
}
/**
http://git-wip-us.apache.org/repos/asf/ambari/blob/b6448074/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java
index f1b6f1a..7e06519 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java
@@ -19,10 +19,14 @@ package org.apache.ambari.server.security.authorization;
import com.google.common.collect.Lists;
import com.google.inject.Singleton;
+
+import org.apache.ambari.server.AmbariException;
+import org.apache.ambari.server.orm.dao.ViewInstanceDAO;
import org.apache.ambari.server.orm.entities.PermissionEntity;
import org.apache.ambari.server.orm.entities.PrivilegeEntity;
import org.apache.ambari.server.orm.entities.ResourceEntity;
import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity;
+import org.apache.ambari.server.state.Clusters;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
@@ -39,6 +43,15 @@ import java.util.*;
public class AuthorizationHelper {
private final static Logger LOG = LoggerFactory.getLogger(AuthorizationHelper.class);
+ private static Clusters clusters;
+
+ private static ViewInstanceDAO viewInstanceDAO;
+
+ public static void init(Clusters clusters, ViewInstanceDAO viewInstanceDAO) {
+ AuthorizationHelper.clusters = clusters;
+ AuthorizationHelper.viewInstanceDAO = viewInstanceDAO;
+ }
+
/**
* Converts collection of RoleEntities to collection of GrantedAuthorities
*/
@@ -257,14 +270,37 @@ public class AuthorizationHelper {
* @param authentication the authenticated user and associated access privileges
* @return human-readable permissions
*/
- public static List<String> getPermissionLabels(Authentication authentication) {
- List<String> permissionLabels = Lists.newArrayList();
+ public static Map<String,List<String>> getPermissionLabels(Authentication authentication) {
+ Map<String,List<String>> permissionLabels = new HashMap<>();
if (authentication.getAuthorities() != null) {
for (GrantedAuthority grantedAuthority : authentication.getAuthorities()) {
AmbariGrantedAuthority ambariGrantedAuthority = (AmbariGrantedAuthority) grantedAuthority;
PrivilegeEntity privilegeEntity = ambariGrantedAuthority.getPrivilegeEntity();
- permissionLabels.add(privilegeEntity.getPermission().getPermissionLabel());
+
+ String key = null;
+ try {
+ switch(privilegeEntity.getResource().getResourceType().getName()) {
+ case "CLUSTER":
+ key = clusters.getClusterById(privilegeEntity.getResource().getResourceType().getId()).getClusterName();
+ break;
+ case "AMBARI":
+ key = "Ambari";
+ break;
+ default:
+ key = viewInstanceDAO.findByResourceId(privilegeEntity.getResource().getId()).getLabel();
+ break;
+ }
+ } catch (Throwable ignored) {
+
+ }
+
+ if(key != null) {
+ if(!permissionLabels.containsKey(key)) {
+ permissionLabels.put(key, new LinkedList<String>());
+ }
+ permissionLabels.get(key).add(privilegeEntity.getPermission().getPermissionLabel());
+ }
}
}
return permissionLabels;
http://git-wip-us.apache.org/repos/asf/ambari/blob/b6448074/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginSucceededAuditEventTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginSucceededAuditEventTest.java b/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginSucceededAuditEventTest.java
index 4454596..31e7eef 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginSucceededAuditEventTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginSucceededAuditEventTest.java
@@ -20,7 +20,11 @@ package org.apache.ambari.server.audit;
import java.util.Arrays;
+import java.util.HashMap;
+import java.util.LinkedList;
import java.util.List;
+import java.util.Map;
+
import org.apache.commons.lang.StringUtils;
import org.joda.time.DateTime;
import org.junit.Test;
@@ -37,21 +41,25 @@ public class LoginSucceededAuditEventTest {
// Given
String testUserName = "USER1";
String testRemoteIp = "127.0.0.1";
- String testRole = "Administrator";
+
+ Map<String, List<String>> roles = new HashMap<>();
+ roles.put("a", Arrays.asList("r1", "r2", "r3"));
LoginSucceededAuditEvent evnt = LoginSucceededAuditEvent.builder()
.withTimestamp(DateTime.now())
.withRemoteIp(testRemoteIp)
.withUserName(testUserName)
- .withRoles(Arrays.asList(testRole))
+ .withRoles(roles)
.build();
// When
String actualAuditMessage = evnt.getAuditMessage();
+ String roleMessage = System.lineSeparator() + " a: r1, r2, r3" + System.lineSeparator();
+
// Then
String expectedAuditMessage = String.format("User(%s), RemoteIp(%s), Roles(%s), Status(Login succeeded !)",
- testUserName, testRemoteIp, testRole);
+ testUserName, testRemoteIp, roleMessage);
assertThat(actualAuditMessage, equalTo(expectedAuditMessage));
http://git-wip-us.apache.org/repos/asf/ambari/blob/b6448074/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationFilterTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationFilterTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationFilterTest.java
index 5b1bbf6..8430326 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationFilterTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationFilterTest.java
@@ -19,6 +19,10 @@ package org.apache.ambari.server.security.authentication;
import java.io.IOException;
import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
@@ -83,8 +87,11 @@ public class AmbariAuthenticationFilterTest {
HttpServletResponse response = createMock(HttpServletResponse.class);
Authentication authentication = createMock(Authentication.class);
PowerMock.mockStatic(AuthorizationHelper.class);
+
+ Map<String, List<String>> roles = new HashMap<>();
+ roles.put("a", Arrays.asList("r1", "r2", "r3"));
expect(AuthorizationHelper.getPermissionLabels(authentication))
- .andReturn(Arrays.asList("role1", "role2"));
+ .andReturn(roles);
expect(AuthorizationHelper.getAuthorizationNames(authentication))
.andReturn(Arrays.asList("perm1", "perm2"));
expect(request.getHeader("X-Forwarded-For")).andReturn("1.2.3.4");