You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicecomb.apache.org by GitBox <gi...@apache.org> on 2018/08/02 02:09:49 UTC
[GitHub] weichao666 closed pull request #846: [SCB-788] public key black/white add feature: choose server by version

weichao666 closed pull request #846: [SCB-788] public key black/white add feature: choose server by version
URL: https://github.com/apache/incubator-servicecomb-java-chassis/pull/846
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/common/common-rest/src/main/java/org/apache/servicecomb/common/rest/codec/RestObjectMapper.java b/common/common-rest/src/main/java/org/apache/servicecomb/common/rest/codec/RestObjectMapper.java
index 617e86be7..f94ec2c15 100644
--- a/common/common-rest/src/main/java/org/apache/servicecomb/common/rest/codec/RestObjectMapper.java
+++ b/common/common-rest/src/main/java/org/apache/servicecomb/common/rest/codec/RestObjectMapper.java
@@ -26,7 +26,6 @@
 import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.JavaType;
 import com.fasterxml.jackson.databind.JsonSerializer;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.SerializationFeature;
 import com.fasterxml.jackson.databind.SerializerProvider;
 import com.fasterxml.jackson.databind.module.SimpleModule;
diff --git a/core/src/test/java/org/apache/servicecomb/core/TestExecutors.java b/core/src/test/java/org/apache/servicecomb/core/TestExecutors.java
index 8d64571c1..4de37b59f 100644
--- a/core/src/test/java/org/apache/servicecomb/core/TestExecutors.java
+++ b/core/src/test/java/org/apache/servicecomb/core/TestExecutors.java
@@ -56,6 +56,7 @@ public void run() {
         strThreadTest = "thread Ran";
       }
     });
+    oReactiveExecutor.close();
     Assert.assertEquals("thread Ran", strThreadTest);
   }
 }
diff --git a/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/provider/AccessController.java b/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/provider/AccessController.java
index 9d8ff1b51..82145ae95 100644
--- a/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/provider/AccessController.java
+++ b/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/provider/AccessController.java
@@ -16,9 +16,12 @@
  */
 package org.apache.servicecomb.authentication.provider;
 
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.Map;
+import java.util.Map.Entry;
 
 import org.apache.commons.lang3.StringUtils;
 import org.apache.servicecomb.serviceregistry.api.registry.Microservice;
@@ -54,6 +57,8 @@
 
   private static final String KEY_RULE_POSTFIX = ".rule";
 
+  private static final String TYPE_STRING_NAME = "java.lang.String";
+
   private Map<String, ConfigurationItem> whiteList = new HashMap<>();
 
   private Map<String, ConfigurationItem> blackList = new HashMap<>();
@@ -84,15 +89,40 @@ private boolean blackDenied(Microservice microservice) {
   private boolean matchFound(Microservice microservice, Map<String, ConfigurationItem> ruleList) {
     boolean matched = false;
     for (ConfigurationItem item : ruleList.values()) {
-      // TODO: Currently we only support property, not support tags. And we will support tags later.
       if (ConfigurationItem.CATEGORY_PROPERTY.equals(item.category)) {
-        // TODO: Currently we only support to configure serviceName. And we will support others later.
-        if ("serviceName".equals(item.propertyName)) {
-          if (isPatternMatch(microservice.getServiceName(), item.rule)) {
-            matched = true;
-            break;
+        // we support to configure properties, e.g. serviceName, appId, environment, alias, version and so on, also support key in properties.
+        Class<? extends Microservice> service = microservice.getClass();
+        for (Method method : service.getDeclaredMethods()) {
+          String methodName = method.getName();
+          if (!methodName.startsWith("get"))
+            continue;
+          if (!method.getGenericReturnType().getTypeName().equals(TYPE_STRING_NAME))
+            continue;
+          char[] charArray = methodName.toCharArray();
+          charArray[3] += 32;
+          String fieldName = String.valueOf(charArray, 3, charArray.length - 3);
+          if (fieldName.equals(item.propertyName)) {
+            Field field;
+            String fieldValue = null;
+            try {
+              field = service.getDeclaredField(fieldName);
+              field.setAccessible(true);
+              fieldValue = (String) field.get(microservice);
+            } catch (Exception e) {
+              LOG.error("get field by reflection failed, error message: {}", e.getMessage());
+              fieldValue = "";
+            }
+            if (isPatternMatch(fieldValue, item.rule))
+              return true;
           }
         }
+        Map<String, String> properties = microservice.getProperties();
+        for (Entry<String, String> entry : properties.entrySet()) {
+          if (!entry.getKey().equals(item.propertyName))
+            continue;
+          if (isPatternMatch(entry.getValue(), item.rule))
+            return true;
+        }
       }
     }
     return matched;
diff --git a/handlers/handler-publickey-auth/src/test/java/org/apache/servicecomb/authentication/TestAccessController.java b/handlers/handler-publickey-auth/src/test/java/org/apache/servicecomb/authentication/TestAccessController.java
index c5774490c..e493e7703 100644
--- a/handlers/handler-publickey-auth/src/test/java/org/apache/servicecomb/authentication/TestAccessController.java
+++ b/handlers/handler-publickey-auth/src/test/java/org/apache/servicecomb/authentication/TestAccessController.java
@@ -16,6 +16,9 @@
  */
 package org.apache.servicecomb.authentication;
 
+import java.util.HashMap;
+import java.util.Map;
+
 import org.apache.servicecomb.authentication.provider.AccessController;
 import org.apache.servicecomb.foundation.common.utils.Log4jUtils;
 import org.apache.servicecomb.foundation.test.scaffolding.config.ArchaiusUtils;
@@ -24,7 +27,6 @@
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
-import org.mockito.Mockito;
 
 public class TestAccessController {
   @Before
@@ -38,65 +40,65 @@ public void tearDown() {
   }
 
   @Test
-  public void testIsValidOfWhite() {
+  public void testIsValidOfWhiteByServiceName() {
     ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.propertyName", "serviceName");
     ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.category", "property");
     ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.rule", "trust*");
     AccessController controller = new AccessController();
-    Microservice service = Mockito.mock(Microservice.class);
+    Microservice service = new Microservice();
 
-    Mockito.when(service.getServiceName()).thenReturn("trustCustomer");
+    service.setServiceName("trustCustomer");
     Assert.assertTrue(controller.isAllowed(service));
 
-    Mockito.when(service.getServiceName()).thenReturn("nottrustCustomer");
+    service.setServiceName("nottrustCustomer");
     Assert.assertTrue(!controller.isAllowed(service));
 
     ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.rule", "*trust");
-    Mockito.when(service.getServiceName()).thenReturn("Customer_trust");
+    service.setServiceName("Customer_trust");
     Assert.assertTrue(controller.isAllowed(service));
 
-    Mockito.when(service.getServiceName()).thenReturn("Customer_trust_not");
+    service.setServiceName("Customer_trust_not");
     Assert.assertTrue(!controller.isAllowed(service));
 
     ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.rule", "trust");
-    Mockito.when(service.getServiceName()).thenReturn("trust");
+    service.setServiceName("trust");
     Assert.assertTrue(controller.isAllowed(service));
 
-    Mockito.when(service.getServiceName()).thenReturn("Customer_trust");
+    service.setServiceName("Customer_trust");
     Assert.assertTrue(!controller.isAllowed(service));
   }
 
   @Test
-  public void testIsValidOfBlack() {
+  public void testIsValidOfBlackByServiceName() {
     ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.propertyName", "serviceName");
     ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.category", "property");
     ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.rule", "trust*");
     AccessController controller = new AccessController();
-    Microservice service = Mockito.mock(Microservice.class);
+    Microservice service = new Microservice();
 
-    Mockito.when(service.getServiceName()).thenReturn("trustCustomer");
+    service.setServiceName("trustCustomer");
     Assert.assertTrue(!controller.isAllowed(service));
 
-    Mockito.when(service.getServiceName()).thenReturn("nottrustCustomer");
+    service.setServiceName("nottrustCustomer");
     Assert.assertTrue(controller.isAllowed(service));
 
     ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.rule", "*trust");
-    Mockito.when(service.getServiceName()).thenReturn("Customer_trust");
+    service.setServiceName("Customer_trust");
     Assert.assertTrue(!controller.isAllowed(service));
 
-    Mockito.when(service.getServiceName()).thenReturn("Customer_trust_not");
+    service.setServiceName("Customer_trust_not");
     Assert.assertTrue(controller.isAllowed(service));
 
     ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.rule", "trust");
-    Mockito.when(service.getServiceName()).thenReturn("trust");
+    service.setServiceName("trust");
     Assert.assertTrue(!controller.isAllowed(service));
 
-    Mockito.when(service.getServiceName()).thenReturn("Customer_trust");
+    service.setServiceName("Customer_trust");
     Assert.assertTrue(controller.isAllowed(service));
   }
 
   @Test
-  public void testIsValidOfBlackAndWhite() {
+  public void testIsValidOfBlackAndWhiteByServiceName() {
     ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.propertyName", "serviceName");
     ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.category", "property");
     ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.rule", "trust*");
@@ -105,12 +107,65 @@ public void testIsValidOfBlackAndWhite() {
     ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.rule", "*hacker");
 
     AccessController controller = new AccessController();
-    Microservice service = Mockito.mock(Microservice.class);
+    Microservice service = new Microservice();
+
+    service.setServiceName("trustCustomer");
+    Assert.assertTrue(controller.isAllowed(service));
+
+    service.setServiceName("trustCustomerhacker");
+    Assert.assertTrue(!controller.isAllowed(service));
+  }
+
+  @Test
+  public void testIsValidOfBlackByProperties() {
+    ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.propertyName", "tag");
+    ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.category", "property");
+    ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.rule", "test");
+    AccessController controller = new AccessController();
+    Microservice service = new Microservice();
+    Map<String, String> map = new HashMap<>();
+    map.put("tag", "test");
+
+    service.setProperties(map);
+    Assert.assertTrue(!controller.isAllowed(service));
+
+    map.put("tag", "testa");
+    service.setProperties(map);
+    Assert.assertTrue(controller.isAllowed(service));
+  }
+
+  @Test
+  public void testIsValidOfWhiteByProperties() {
+    ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.propertyName", "tag");
+    ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.category", "property");
+    ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.rule", "test");
+    AccessController controller = new AccessController();
+    Microservice service = new Microservice();
+    Map<String, String> map = new HashMap<>();
+    map.put("tag", "test");
 
-    Mockito.when(service.getServiceName()).thenReturn("trustCustomer");
+    service.setProperties(map);
     Assert.assertTrue(controller.isAllowed(service));
 
-    Mockito.when(service.getServiceName()).thenReturn("trustCustomerhacker");
+    map.put("tag", "testa");
+    service.setProperties(map);
+    Assert.assertTrue(!controller.isAllowed(service));
+  }
+
+  @Test
+  public void testIsValidOfBlackAndWhiteByServiceNameAndVersion() {
+    ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.propertyName", "serviceName");
+    ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.category", "property");
+    ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.rule", "trust*");
+    ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.propertyName", "version");
+    ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.category", "property");
+    ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.rule", "0.0.1");
+
+    AccessController controller = new AccessController();
+    Microservice service = new Microservice();
+    service.setServiceName("trustCustomer");
+    service.setVersion("0.0.1");
+
     Assert.assertTrue(!controller.isAllowed(service));
   }
 }
diff --git a/samples/trust-sample/store/src/main/resources/microservice.yaml b/samples/trust-sample/store/src/main/resources/microservice.yaml
index 88bf72b22..4358d42b1 100644
--- a/samples/trust-sample/store/src/main/resources/microservice.yaml
+++ b/samples/trust-sample/store/src/main/resources/microservice.yaml
@@ -38,8 +38,9 @@ servicecomb:
       black:
         list01:
           category: property ## property, fixed value
-          propertyName: serviceName ## property name
-          rule: hacker ## property value match expression. only supports prefix match and postfix match and exactly match. e.g. hacker*, *hacker, hacker
+          propertyName: serviceName ## property name, e.g. serviceName, appId, environment, alias, version and so on, also support key in properties.
+          rule: hacker ## property value match expression. 
+##if propertyName is serviceName, only supports prefix match and postfix match and exactly match. e.g. hacker*, *hacker, hacker
       white:
         list02:
           category: property


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services