You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@metron.apache.org by rm...@apache.org on 2018/08/28 19:20:33 UTC
[1/3] metron git commit: METRON-1665 Move hosting of Alerts and
Config UIs from Nodejs to Spring Boot (simonellistonball via merrimanr)
closes apache/metron#1111
Repository: metron
Updated Branches:
refs/heads/feature/METRON-1663-knoxsso 28f4b5704 -> 54880ba8f
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-ui-security/src/main/java/org/apache/metron/ui/MetronAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/metron-interface/metron-ui-security/src/main/java/org/apache/metron/ui/MetronAuthenticationProvider.java b/metron-interface/metron-ui-security/src/main/java/org/apache/metron/ui/MetronAuthenticationProvider.java
new file mode 100644
index 0000000..42d8a2d
--- /dev/null
+++ b/metron-interface/metron-ui-security/src/main/java/org/apache/metron/ui/MetronAuthenticationProvider.java
@@ -0,0 +1,60 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.ui;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+
+public class MetronAuthenticationProvider implements AuthenticationProvider {
+
+ @Override
+ public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+ if (authentication != null) {
+ authentication = getSSOAuthentication(authentication);
+ if (authentication != null && authentication.isAuthenticated()) {
+ return authentication;
+ }
+ }
+ throw new MetronAuthenticationException("Authentication failed");
+ }
+
+ private Authentication getSSOAuthentication(Authentication authentication) {
+ return authentication;
+ }
+
+ @Override
+ public boolean supports(Class<?> authentication) {
+ return true;
+ }
+
+ public static List<GrantedAuthority> getAuthoritiesFromUGI(String userName) {
+ // TODO - if we have ldap, we can lookup groups for this user
+
+ // TODO - if we have a default mapper we can use that
+
+ List<GrantedAuthority> grantedAuths = new ArrayList<GrantedAuthority>();
+ grantedAuths.add(new SimpleGrantedAuthority("USER"));
+ return grantedAuths;
+ }
+}
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-ui-security/src/main/java/org/apache/metron/ui/MetronSecurityConfig.java
----------------------------------------------------------------------
diff --git a/metron-interface/metron-ui-security/src/main/java/org/apache/metron/ui/MetronSecurityConfig.java b/metron-interface/metron-ui-security/src/main/java/org/apache/metron/ui/MetronSecurityConfig.java
new file mode 100644
index 0000000..7d3ec3b
--- /dev/null
+++ b/metron-interface/metron-ui-security/src/main/java/org/apache/metron/ui/MetronSecurityConfig.java
@@ -0,0 +1,188 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.ui;
+
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.security.interfaces.RSAPublicKey;
+import java.util.List;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.crypto.password.NoOpPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+@SuppressWarnings("deprecation")
+@Configuration
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
+public class MetronSecurityConfig extends WebSecurityConfigurerAdapter {
+
+ private static final Logger LOG = LoggerFactory.getLogger(MetronSecurityConfig.class);
+
+ @Value("${ldap.provider.url}")
+ private String providerUrl;
+
+ @Value("${ldap.provider.userdn}")
+ private String providerUserDn;
+
+ @Value("${ldap.provider.password}")
+ private String providerPassword;
+
+ @Value("${ldap.user.dn.patterns}")
+ private String userDnPatterns;
+
+ @Value("${ldap.user.passwordAttribute}")
+ private String passwordAttribute;
+
+ @Value("${ldap.user.searchBase}")
+ private String userSearchBase;
+
+ @Value("${ldap.user.searchFilter}")
+ private String userSearchFilter;
+
+ @Value("${ldap.group.searchBase}")
+ private String groupSearchBase;
+
+ @Value("${ldap.group.roleAttribute}")
+ private String groupRoleAttribute;
+
+ @Value("${ldap.group.searchFilter}")
+ private String groupSearchFilter;
+
+ @Value("${knox.sso.pubkeyFile:}")
+ private Path knoxKeyFile;
+
+ @Value("${knox.sso.pubkey:}")
+ private String knoxKeyString;
+
+ @Value("${knox.sso.url}")
+ private String knoxUrl;
+
+ @Value("${knox.sso.cookie:hadoop-jwt}")
+ private String knoxCookie;
+
+ @Value("${knox.sso.originalUrl:originalUrl}")
+ private String knoxOriginalUrl;
+
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ // @formatter:off
+ http
+ .authorizeRequests().antMatchers(HttpMethod.OPTIONS,"/**").permitAll().and()
+ .authorizeRequests().anyRequest().fullyAuthenticated()
+ .and()
+ .httpBasic()
+ .and()
+ .logout().disable();
+ // @formatter:on
+
+ // allow form based login if knox sso not in use
+ if (knoxUrl == null || knoxUrl.isEmpty()) {
+ http.formLogin();
+ }
+
+ http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER).sessionFixation();
+ if (this.knoxUrl != null && !this.knoxUrl.isEmpty()) {
+ http.addFilterAt(ssoAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
+ }
+ http.headers().disable();
+ http.csrf().disable();
+ }
+
+ private KnoxSSOAuthenticationFilter ssoAuthenticationFilter() throws Exception {
+ String knoxKey;
+ if ((this.knoxKeyString == null || this.knoxKeyString.isEmpty()) && this.knoxKeyFile != null) {
+ List<String> keyLines = Files.readAllLines(knoxKeyFile, StandardCharsets.UTF_8);
+ if (keyLines != null) {
+ knoxKey = String.join("", keyLines);
+ } else {
+ knoxKey = "";
+ }
+ } else {
+ knoxKey = this.knoxKeyString;
+ }
+ try {
+ RSAPublicKey parseRSAPublicKey = KnoxSSOAuthenticationFilter.parseRSAPublicKey(knoxKey);
+ return new KnoxSSOAuthenticationFilter(authenticationProvider(), knoxUrl, knoxCookie, knoxOriginalUrl,
+ parseRSAPublicKey);
+ } catch (Exception e) {
+ LOG.error("Cannot parse public key for KnoxSSO, please include the PEM string without certificate headers",
+ e);
+ throw (e);
+ }
+ }
+
+ @Override
+ public void configure(AuthenticationManagerBuilder auth) throws Exception {
+ LOG.debug("Setting up LDAP authentication against %s", providerUrl);
+ // @formatter:off
+ if(this.providerUrl != null && !this.providerUrl.isEmpty()) {
+ auth.ldapAuthentication()
+ .userDnPatterns(userDnPatterns)
+ .userSearchBase(userSearchBase)
+ .userSearchFilter(userSearchFilter)
+ .groupRoleAttribute(groupRoleAttribute)
+ .groupSearchFilter(groupSearchFilter)
+ .groupSearchBase(groupSearchBase)
+ .contextSource()
+ .url(providerUrl)
+ .managerDn(providerUserDn)
+ .managerPassword(providerPassword)
+ .and()
+ .passwordCompare()
+ .passwordEncoder(passwordEncoder())
+ .passwordAttribute(passwordAttribute);
+ }
+ // @formatter:on
+ try {
+ auth
+ .authenticationProvider(authenticationProvider());
+ } catch (Exception e){
+ LOG.error("Cannot setup authentication", e);
+ }
+ auth.userDetailsService(userDetailsService());
+ }
+
+ @Bean
+ public MetronAuthenticationProvider authenticationProvider() {
+ return new MetronAuthenticationProvider();
+ }
+
+ @Bean
+ public PasswordEncoder passwordEncoder() {
+ // this currently uses plaintext passwords, which is not ideal
+ // TODO replace with a delegating encoder which runs through the good algos, or
+ // a config option based on the strength of passwords in the ldap store
+
+ return NoOpPasswordEncoder.getInstance();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-ui-security/src/test/java/org/apache/metron/ui/EmbeddedLdap.java
----------------------------------------------------------------------
diff --git a/metron-interface/metron-ui-security/src/test/java/org/apache/metron/ui/EmbeddedLdap.java b/metron-interface/metron-ui-security/src/test/java/org/apache/metron/ui/EmbeddedLdap.java
new file mode 100644
index 0000000..a41ea7e
--- /dev/null
+++ b/metron-interface/metron-ui-security/src/test/java/org/apache/metron/ui/EmbeddedLdap.java
@@ -0,0 +1,164 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.ui;
+
+import java.io.File;
+import java.util.HashSet;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.apache.directory.server.core.DefaultDirectoryService;
+import org.apache.directory.server.core.entry.ServerEntry;
+import org.apache.directory.server.core.partition.Partition;
+import org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmIndex;
+import org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmPartition;
+import org.apache.directory.server.ldap.LdapService;
+import org.apache.directory.server.protocol.shared.SocketAcceptor;
+import org.apache.directory.server.protocol.shared.store.LdifFileLoader;
+import org.apache.directory.server.xdbm.Index;
+import org.junit.Rule;
+import org.junit.rules.TemporaryFolder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.DisposableBean;
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+/**
+ * A Bean based wrapper for an Embedded Apache Directory Server used to back
+ * LDAP Authentication.
+ */
+@Component
+public class EmbeddedLdap implements InitializingBean, DisposableBean {
+
+ public static final String EMBEDDED_LDAP_PROFILE = "embedded-ldap";
+ private Logger LOG = LoggerFactory.getLogger(this.getClass());
+
+ @Value("${ldap.provider.url}")
+ private String providerUrl;
+
+ @Value("${ldap.provider.userdn}")
+ private String providerUserDn;
+
+ @Value("${ldap.provider.password}")
+ private String providerPassword;
+
+ @Value("${ldap.user.dn.patterns}")
+ private String userDnPatterns;
+
+ @Value("${ldap.user.passwordAttribute}")
+ private String passwordAttribute;
+
+ @Value("${ldap.user.searchBase}")
+ private String userSearchBase;
+
+ @Value("${ldap.user.searchFilter}")
+ private String userSearchFilter;
+
+ @Value("${ldap.group.searchBase}")
+ private String groupSearchBase;
+
+ @Value("${ldap.group.roleAttribute}")
+ private String groupRoleAttribute;
+
+ @Value("${ldap.group.searchFilter}")
+ private String groupSearchFilter;
+
+ @Rule
+ public TemporaryFolder workdir = new TemporaryFolder();
+
+ private LdapService ldapService;
+
+ private DefaultDirectoryService directoryService;
+
+ private Partition partition;
+
+ @Override
+ public void destroy() throws Exception {
+ LOG.info("Stopping embedded LDAP");
+
+ ldapService.stop();
+ directoryService.shutdown();
+
+ workdir.delete();
+ }
+
+ @Override
+ public void afterPropertiesSet() throws Exception {
+ workdir.create();
+
+ LOG.info("Starting embedded LDAP");
+ LOG.debug("Using temporary directory %s", workdir.toString());
+
+ directoryService = new DefaultDirectoryService();
+ directoryService.setWorkingDirectory(workdir.getRoot());
+ directoryService.getChangeLog().setEnabled(false);
+
+ partition = addPartition("testPartition", "dc=org");
+ addIndex("objectClass", "ou", "uid", "cn");
+
+ SocketAcceptor socketAcceptor = new SocketAcceptor(null);
+
+ Pattern p = Pattern.compile("ldaps?://([^:]*):(\\d*).*");
+ Matcher m = p.matcher(providerUrl);
+ int port;
+ if (m.matches()) {
+ port = Integer.parseInt(m.group(2));
+ } else {
+ port = 33389;
+ }
+
+ ldapService = new LdapService();
+ ldapService.setIpPort(port);
+ ldapService.setSearchBaseDn(userSearchBase);
+ ldapService.setDirectoryService(directoryService);
+ ldapService.setSocketAcceptor(socketAcceptor);
+
+ directoryService.startup();
+ ldapService.start();
+
+ // load default schema
+ applyLdif(new File("schema.ldif"));
+ LOG.debug("LDAP server started");
+ }
+
+ private Partition addPartition(String partitionId, String partitionDn) throws Exception {
+ Partition partition = new JdbmPartition();
+ partition.setId(partitionId);
+ partition.setSuffix(partitionDn);
+ directoryService.addPartition(partition);
+
+ return partition;
+ }
+
+ public void addIndex(String... attrs) {
+ HashSet<Index<?, ServerEntry>> indexedAttributes = new HashSet<Index<?, ServerEntry>>();
+
+ for (String attribute : attrs) {
+ indexedAttributes.add(new JdbmIndex<String, ServerEntry>(attribute));
+ }
+
+ ((JdbmPartition) partition).setIndexedAttributes(indexedAttributes);
+ }
+
+ public void applyLdif(File ldifFile) throws Exception {
+ new LdifFileLoader(directoryService.getAdminSession(), ldifFile, null, this.getClass().getClassLoader())
+ .execute();
+ }
+}
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-ui-security/src/test/java/org/apache/metron/ui/JWTTests.java
----------------------------------------------------------------------
diff --git a/metron-interface/metron-ui-security/src/test/java/org/apache/metron/ui/JWTTests.java b/metron-interface/metron-ui-security/src/test/java/org/apache/metron/ui/JWTTests.java
new file mode 100644
index 0000000..0b3015b
--- /dev/null
+++ b/metron-interface/metron-ui-security/src/test/java/org/apache/metron/ui/JWTTests.java
@@ -0,0 +1,170 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.ui;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import java.io.IOException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import java.util.Date;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.Cookie;
+
+import org.junit.Test;
+import org.springframework.mock.web.MockFilterChain;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.User;
+
+import com.nimbusds.jose.JOSEException;
+import com.nimbusds.jose.JWSAlgorithm;
+import com.nimbusds.jose.JWSHeader;
+import com.nimbusds.jose.JWSObject;
+import com.nimbusds.jose.Payload;
+import com.nimbusds.jose.crypto.RSASSASigner;
+
+import net.minidev.json.JSONObject;
+
+public class JWTTests {
+ private static final String COOKIE_NAME = "hadoop-jwt";
+ private static final String knoxUrl = "https://localhost:8443/gateway/default/knoxsso";
+
+ private static final Payload DEFAULT_PAYLOAD = new Payload("{ \"sub\": \"test\" }");
+
+ @Test
+ public void testValidJWT() throws Exception {
+ KeyPair key = createKey();
+ requestThatSucceeds(tokenWithKey((RSAPrivateKey) key.getPrivate(),DEFAULT_PAYLOAD), key);
+ }
+
+ @Test
+ public void testInvalidJWT() throws Exception {
+ KeyPair key = createKey();
+ KeyPair badKey = createKey();
+ assertFalse(key.equals(badKey));
+ requestThatFails(tokenWithKey((RSAPrivateKey) badKey.getPrivate(),DEFAULT_PAYLOAD), key);
+ }
+
+ @Test()
+ public void testExpiredJWT() throws Exception {
+ Date date = new Date();
+ KeyPair key = createKey();
+
+ JSONObject json = new JSONObject();
+ json.appendField("sub", "test");
+ json.appendField("exp", (date.getTime() - 60000) / 1000);
+
+ Payload payload = new Payload(json);
+ JWSObject token = tokenWithKey((RSAPrivateKey) key.getPrivate(), payload);
+
+ requestThatFails(token, key);
+ }
+
+ @Test()
+ public void testNotYetJWT() throws Exception {
+ Date date = new Date();
+ KeyPair key = createKey();
+
+ JSONObject json = new JSONObject();
+ json.appendField("sub", "test");
+ json.appendField("exp", (date.getTime() + 60000) / 1000);
+ json.appendField("nbf", (date.getTime() + 30000) / 1000);
+
+ Payload payload = new Payload(json);
+ JWSObject token = tokenWithKey((RSAPrivateKey) key.getPrivate(), payload);
+
+ requestThatFails(token, key);
+ }
+
+ @Test()
+ public void testCorrectTimeWindowJWT() throws Exception {
+ Date date = new Date();
+ KeyPair key = createKey();
+
+ JSONObject json = new JSONObject();
+ json.appendField("sub", "test");
+ json.appendField("exp", (date.getTime() + 60000) / 1000);
+ json.appendField("nbf", (date.getTime() - 30000) / 1000);
+
+ Payload payload = new Payload(json);
+ JWSObject token = tokenWithKey((RSAPrivateKey) key.getPrivate(), payload);
+
+ requestThatSucceeds(token, key);
+ }
+
+ private void requestThatSucceeds(JWSObject token, KeyPair key) throws IOException, ServletException {
+ MockHttpServletRequest request = requestWithJWT(token);
+ MockHttpServletResponse response = new MockHttpServletResponse();
+ MockFilterChain chain = new MockFilterChain();
+
+ MetronAuthenticationProvider authenticationProvider = new MetronAuthenticationProvider();
+ KnoxSSOAuthenticationFilter knoxSSOAuthenticationFilter = new KnoxSSOAuthenticationFilter(
+ authenticationProvider, knoxUrl, null, null, (RSAPublicKey) key.getPublic());
+
+ knoxSSOAuthenticationFilter.doFilter(request, response, chain);
+
+ // ensure that the filter has passed a successful authentication context
+ Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+ assertNotNull("Authentication object is set", authentication);
+ assertEquals("test", ((User) authentication.getPrincipal()).getUsername());
+ }
+
+ private void requestThatFails(JWSObject token, KeyPair key) throws IOException, ServletException {
+ MockHttpServletRequest request = requestWithJWT(token);
+ MockHttpServletResponse response = new MockHttpServletResponse();
+ MockFilterChain chain = new MockFilterChain();
+
+ MetronAuthenticationProvider authenticationProvider = new MetronAuthenticationProvider();
+ KnoxSSOAuthenticationFilter knoxSSOAuthenticationFilter = new KnoxSSOAuthenticationFilter(
+ authenticationProvider, knoxUrl, null, null, (RSAPublicKey) key.getPublic());
+
+ knoxSSOAuthenticationFilter.doFilter(request, response, chain);
+
+ assertRedirectedToKnox(response);
+ }
+
+ private KeyPair createKey() throws Exception {
+ return KeyPairGenerator.getInstance("RSA").generateKeyPair();
+ }
+
+ private JWSObject tokenWithKey(RSAPrivateKey key, Payload payload) throws JOSEException {
+ JWSObject jwsObject = new JWSObject(new JWSHeader(JWSAlgorithm.RS256), payload);
+ jwsObject.sign(new RSASSASigner(key));
+ return jwsObject;
+ }
+
+ private MockHttpServletRequest requestWithJWT(JWSObject jwt) {
+ MockHttpServletRequest request = new MockHttpServletRequest();
+ request.setCookies(new Cookie(COOKIE_NAME, jwt.serialize()));
+ return request;
+ }
+
+ private static void assertRedirectedToKnox(MockHttpServletResponse response) {
+ assertTrue("Reponse is redirect to SSO", response.getHeader("Location").startsWith(knoxUrl));
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-ui-security/src/test/java/org/apache/metron/ui/KnoxSSOAuthenticationFilterTests.java
----------------------------------------------------------------------
diff --git a/metron-interface/metron-ui-security/src/test/java/org/apache/metron/ui/KnoxSSOAuthenticationFilterTests.java b/metron-interface/metron-ui-security/src/test/java/org/apache/metron/ui/KnoxSSOAuthenticationFilterTests.java
new file mode 100644
index 0000000..efaa62c
--- /dev/null
+++ b/metron-interface/metron-ui-security/src/test/java/org/apache/metron/ui/KnoxSSOAuthenticationFilterTests.java
@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.ui;
+
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.fail;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.Charset;
+import java.security.cert.CertificateException;
+import java.security.interfaces.RSAPublicKey;
+import java.util.Date;
+
+import javax.servlet.ServletException;
+
+import org.junit.Test;
+import org.springframework.stereotype.Component;
+
+import com.nimbusds.jose.util.IOUtils;
+
+@Component
+public class KnoxSSOAuthenticationFilterTests {
+
+ @Test
+ public void testParsePemWithHeaders() throws CertificateException, ServletException, IOException {
+ RSAPublicKey parseRSAPublicKey = KnoxSSOAuthenticationFilter
+ .parseRSAPublicKey(readFile("org/apache/metron/ui/headers.pem"));
+ assertNotNull(parseRSAPublicKey);
+ }
+
+ @Test
+ public void testParsePemWithoutHeaders() throws CertificateException, ServletException, IOException {
+ RSAPublicKey parseRSAPublicKey = KnoxSSOAuthenticationFilter.parseRSAPublicKey(readFile("org/apache/metron/ui/noheaders.pem"));
+ assertNotNull(parseRSAPublicKey);
+ }
+
+ @Test(expected = ServletException.class)
+ public void testInvalidPem() throws CertificateException, ServletException, IOException {
+ @SuppressWarnings("unused")
+ RSAPublicKey parseRSAPublicKey = KnoxSSOAuthenticationFilter.parseRSAPublicKey(readFile("org/apache/metron/ui/invalid.pem"));
+ fail();
+ }
+
+ private String readFile(String file) throws IOException {
+ ClassLoader cl = this.getClass().getClassLoader();
+ try (InputStream resourceAsStream = cl.getResourceAsStream(file)) {
+ return IOUtils.readInputStreamToString(resourceAsStream, Charset.defaultCharset());
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-ui-security/src/test/java/org/apache/metron/ui/MetronAuthenticationProviderTests.java
----------------------------------------------------------------------
diff --git a/metron-interface/metron-ui-security/src/test/java/org/apache/metron/ui/MetronAuthenticationProviderTests.java b/metron-interface/metron-ui-security/src/test/java/org/apache/metron/ui/MetronAuthenticationProviderTests.java
new file mode 100644
index 0000000..eba5341
--- /dev/null
+++ b/metron-interface/metron-ui-security/src/test/java/org/apache/metron/ui/MetronAuthenticationProviderTests.java
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.ui;
+
+import org.junit.Before;
+
+public class MetronAuthenticationProviderTests {
+ private MetronAuthenticationProvider authenticationProvider;
+
+ @Before
+ public void setup() {
+ authenticationProvider = new MetronAuthenticationProvider();
+ }
+
+ public void testGroupsFromUGI() {
+
+ }
+}
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-ui-security/src/test/java/org/apache/metron/ui/config/TestSecurityConfig.java
----------------------------------------------------------------------
diff --git a/metron-interface/metron-ui-security/src/test/java/org/apache/metron/ui/config/TestSecurityConfig.java b/metron-interface/metron-ui-security/src/test/java/org/apache/metron/ui/config/TestSecurityConfig.java
new file mode 100644
index 0000000..a47c74a
--- /dev/null
+++ b/metron-interface/metron-ui-security/src/test/java/org/apache/metron/ui/config/TestSecurityConfig.java
@@ -0,0 +1,31 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.ui.config;
+
+import org.apache.metron.ui.EmbeddedLdap;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class TestSecurityConfig {
+
+ @Bean
+ public EmbeddedLdap embeddedLdap() {
+ return new EmbeddedLdap();
+ }
+}
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-ui-security/src/test/resources/application-embedded-ldap.yml
----------------------------------------------------------------------
diff --git a/metron-interface/metron-ui-security/src/test/resources/application-embedded-ldap.yml b/metron-interface/metron-ui-security/src/test/resources/application-embedded-ldap.yml
new file mode 100644
index 0000000..5c4d7e2
--- /dev/null
+++ b/metron-interface/metron-ui-security/src/test/resources/application-embedded-ldap.yml
@@ -0,0 +1,35 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+spring:
+ logging:
+ level:
+ root: debug
+
+ldap:
+ provider:
+ url: ldap://localhost:33389
+ userdn: uid=admin,ou=people,dc=metron,dc=apache,dc=org
+ password: password
+ user:
+ dn.patterns: uid={0},ou=people,dc=metron,dc=apache,dc=org
+ passwordAttribute: userPassword
+ searchBase: ou=people,dc=metron,dc=apache,dc=org
+ searchFilter: ""
+ group:
+ searchBase: ou=groups,dc=metron,dc=apache,dc=org
+ searchFilter: "member={0}"
+ roleAttribute: "cn"
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-ui-security/src/test/resources/org/apache/metron/ui/headers.pem
----------------------------------------------------------------------
diff --git a/metron-interface/metron-ui-security/src/test/resources/org/apache/metron/ui/headers.pem b/metron-interface/metron-ui-security/src/test/resources/org/apache/metron/ui/headers.pem
new file mode 100644
index 0000000..7153bb4
--- /dev/null
+++ b/metron-interface/metron-ui-security/src/test/resources/org/apache/metron/ui/headers.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEqTCCApGgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwRTELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgMAkNBMQ8wDQYDVQQKDAZBcGFjaGUxGDAWBgNVBAMMD0NBIGludGVy
+bWVkaWF0ZTAeFw0xODA3MTExOTA0NTRaFw0yODEwMTYxOTA0NTRaMDsxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIDAJDQTEPMA0GA1UECgwGQXBhY2hlMQ4wDAYDVQQDDAVu
+b2RlMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6j8MIkAi4hZXd8
+rD+lmcQ6SmmUX8DrWKOu3cywUTcUR6ZfJQ+Lt0kZH2yDOPhpmr5TIEx7aTzAmloz
+ZUVoArcoqjGan7Np5Hy2vC1rDeqMbueQ7m4LSpwFRzqb9ZnFycq+U1Jo5nrHwVdy
+xfvo5yOYOgyWQT/upEsStiR0ADjyLPzTVQlErdAAVxKbRHF3ikWSvHzu8yoKcWAG
+n7CbShuOF0bIMOR9e7GtlSQH6JMxH17oEU98KiVRvJV52RKHpHZpPfDb36YvsgTy
+7ZczDmCQPNpU9hfV+vcgZEXFyrpxLgG7pHJBXPXWv8cw9rQLLim0297LNRpGAAz2
+Gc2todECAwEAAaOBrDCBqTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAz
+BglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmlj
+YXRlMB0GA1UdDgQWBBQWMdyJLWA4vgE90pAuRa4/z4S4kDAOBgNVHQ8BAf8EBAMC
+BaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwEAYDVR0RBAkwB4IFbm9kZTEwDQYJKoZI
+hvcNAQELBQADggIBAMdFhC4xDxGs7i/gKhgBCv1JicNqk6Y2OQsS8ohk64ansx1r
+uU0Rbx/pOsuD+d3ZuYeBaOYnHSLhExCcSxFjUlBkjS7aEigMxlHf2D+tYOgdcwlc
+SjMaqyFDke+mR0rm8I15HviLjjZy1bDLnb8UsozLtdU040/MAtx9uF7SqvYUsTqy
+alyfPeYZGpHZiFAmTcZ33uF3EByaSLACMVje0O1C9Xi/1v5Smp64NF15EF2DlHIv
+TAj88oG7eEivVWie41mx8s/8WpR6XE3WFuZSc+j4qndtzwvmzlaO/e/v64ZzTPTL
+SnrV424gtfZahjCb7+rSLQnSZShPeQessa1uF00xkCwlXuA7WXP9dAtOycySRsI+
+qy7vwD9Y5ZkZwFK8+8UnvySwwCSEHmy4zM0irA/XIKIRw7ahU3rxbkHgVCGh6Pyu
+kGfv/+Wy9yW461w0aYUTMrUrS429CBDY0ek3T9eQ5bieJRjOYOl/uuPH+L4VSCOS
+p2WIuXqqDMXqmxMUFNuaLYEg4Y51aLD0lkB+SH+tnOP5CZdufIKZRQhYiC+xcs2E
+2/VvbqjAMe9vzF6d7a5EqbTkdS9k8CNnmxCfN+FlSl/iqUI3HKLVxNs+2Sux+Dhl
+Nkt9qMcG2Gj0TxlqU43HrGeruVIxgC6Lj/QcIrc3Ddb1u7dccuNtF5UoqnVD
+-----END CERTIFICATE-----
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-ui-security/src/test/resources/org/apache/metron/ui/invalid.pem
----------------------------------------------------------------------
diff --git a/metron-interface/metron-ui-security/src/test/resources/org/apache/metron/ui/invalid.pem b/metron-interface/metron-ui-security/src/test/resources/org/apache/metron/ui/invalid.pem
new file mode 100644
index 0000000..ffcd1bc
--- /dev/null
+++ b/metron-interface/metron-ui-security/src/test/resources/org/apache/metron/ui/invalid.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+XIIEqTCCApGgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwRTELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgMAkNBMQ8wDQYDVQQKDAZBcGFjaGUxGDAWBgNVBAMMD0NBIGludGVy
+bWVkaWF0ZTAeFw0xODA3MTExOTA0NTRaFw0yODEwMTYxOTA0NTRaMDsxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIDAJDQTEPMA0GA1UECgwGQXBhY2hlMQ4wDAYDVQQDDAVu
+b2RlMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6j8MIkAi4hZXd8
+rD+lmcQ6SmmUX8DrWKOu3cywUTcUR6ZfJQ+Lt0kZH2yDOPhpmr5TIEx7aTzAmloz
+ZUVoArcoqjGan7Np5Hy2vC1rDeqMbueQ7m4LSpwFRzqb9ZnFycq+U1Jo5nrHwVdy
+xfvo5yOYOgyWQT/upEsStiR0ADjyLPzTVQlErdAAVxKbRHF3ikWSvHzu8yoKcWAG
+n7CbShuOF0bIMOR9e7GtlSQH6JMxH17oEU98KiVRvJV52RKHpHZpPfDb36YvsgTy
+7ZczDmCQPNpU9hfV+vcgZEXFyrpxLgG7pHJBXPXWv8cw9rQLLim0297LNRpGAAz2
+Gc2todECAwEAAaOBrDCBqTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAz
+BglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmlj
+YXRlMB0GA1UdDgQWBBQWMdyJLWA4vgE90pAuRa4/z4S4kDAOBgNVHQ8BAf8EBAMC
+BaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwEAYDVR0RBAkwB4IFbm9kZTEwDQYJKoZI
+hvcNAQELBQADggIBAMdFhC4xDxGs7i/gKhgBCv1JicNqk6Y2OQsS8ohk64ansx1r
+uU0Rbx/pOsuD+d3ZuYeBaOYnHSLhExCcSxFjUlBkjS7aEigMxlHf2D+tYOgdcwlc
+SjMaqyFDke+mR0rm8I15HviLjjZy1bDLnb8UsozLtdU040/MAtx9uF7SqvYUsTqy
+alyfPeYZGpHZiFAmTcZ33uF3EByaSLACMVje0O1C9Xi/1v5Smp64NF15EF2DlHIv
+TAj88oG7eEivVWie41mx8s/8WpR6XE3WFuZSc+j4qndtzwvmzlaO/e/v64ZzTPTL
+SnrV424gtfZahjCb7+rSLQnSZShPeQessa1uF00xkCwlXuA7WXP9dAtOycySRsI+
+qy7vwD9Y5ZkZwFK8+8UnvySwwCSEHmy4zM0irA/XIKIRw7ahU3rxbkHgVCGh6Pyu
+kGfv/+Wy9yW461w0aYUTMrUrS429CBDY0ek3T9eQ5bieJRjOYOl/uuPH+L4VSCOS
+p2WIuXqqDMXqmxMUFNuaLYEg4Y51aLD0lkB+SH+tnOP5CZdufIKZRQhYiC+xcs2E
+2/VvbqjAMe9vzF6d7a5EqbTkdS9k8CNnmxCfN+FlSl/iqUI3HKLVxNs+2Sux+Dhl
+Nkt9qMcG2Gj0TxlqU43HrGeruVIxgC6Lj/QcIrc3Ddb1u7dccuNtF5UoqnVD
+-----END CERTIFICATE-----
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-ui-security/src/test/resources/org/apache/metron/ui/noheaders.pem
----------------------------------------------------------------------
diff --git a/metron-interface/metron-ui-security/src/test/resources/org/apache/metron/ui/noheaders.pem b/metron-interface/metron-ui-security/src/test/resources/org/apache/metron/ui/noheaders.pem
new file mode 100644
index 0000000..267decf
--- /dev/null
+++ b/metron-interface/metron-ui-security/src/test/resources/org/apache/metron/ui/noheaders.pem
@@ -0,0 +1,25 @@
+MIIEqTCCApGgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwRTELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgMAkNBMQ8wDQYDVQQKDAZBcGFjaGUxGDAWBgNVBAMMD0NBIGludGVy
+bWVkaWF0ZTAeFw0xODA3MTExOTA0NTRaFw0yODEwMTYxOTA0NTRaMDsxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIDAJDQTEPMA0GA1UECgwGQXBhY2hlMQ4wDAYDVQQDDAVu
+b2RlMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6j8MIkAi4hZXd8
+rD+lmcQ6SmmUX8DrWKOu3cywUTcUR6ZfJQ+Lt0kZH2yDOPhpmr5TIEx7aTzAmloz
+ZUVoArcoqjGan7Np5Hy2vC1rDeqMbueQ7m4LSpwFRzqb9ZnFycq+U1Jo5nrHwVdy
+xfvo5yOYOgyWQT/upEsStiR0ADjyLPzTVQlErdAAVxKbRHF3ikWSvHzu8yoKcWAG
+n7CbShuOF0bIMOR9e7GtlSQH6JMxH17oEU98KiVRvJV52RKHpHZpPfDb36YvsgTy
+7ZczDmCQPNpU9hfV+vcgZEXFyrpxLgG7pHJBXPXWv8cw9rQLLim0297LNRpGAAz2
+Gc2todECAwEAAaOBrDCBqTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAz
+BglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmlj
+YXRlMB0GA1UdDgQWBBQWMdyJLWA4vgE90pAuRa4/z4S4kDAOBgNVHQ8BAf8EBAMC
+BaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwEAYDVR0RBAkwB4IFbm9kZTEwDQYJKoZI
+hvcNAQELBQADggIBAMdFhC4xDxGs7i/gKhgBCv1JicNqk6Y2OQsS8ohk64ansx1r
+uU0Rbx/pOsuD+d3ZuYeBaOYnHSLhExCcSxFjUlBkjS7aEigMxlHf2D+tYOgdcwlc
+SjMaqyFDke+mR0rm8I15HviLjjZy1bDLnb8UsozLtdU040/MAtx9uF7SqvYUsTqy
+alyfPeYZGpHZiFAmTcZ33uF3EByaSLACMVje0O1C9Xi/1v5Smp64NF15EF2DlHIv
+TAj88oG7eEivVWie41mx8s/8WpR6XE3WFuZSc+j4qndtzwvmzlaO/e/v64ZzTPTL
+SnrV424gtfZahjCb7+rSLQnSZShPeQessa1uF00xkCwlXuA7WXP9dAtOycySRsI+
+qy7vwD9Y5ZkZwFK8+8UnvySwwCSEHmy4zM0irA/XIKIRw7ahU3rxbkHgVCGh6Pyu
+kGfv/+Wy9yW461w0aYUTMrUrS429CBDY0ek3T9eQ5bieJRjOYOl/uuPH+L4VSCOS
+p2WIuXqqDMXqmxMUFNuaLYEg4Y51aLD0lkB+SH+tnOP5CZdufIKZRQhYiC+xcs2E
+2/VvbqjAMe9vzF6d7a5EqbTkdS9k8CNnmxCfN+FlSl/iqUI3HKLVxNs+2Sux+Dhl
+Nkt9qMcG2Gj0TxlqU43HrGeruVIxgC6Lj/QcIrc3Ddb1u7dccuNtF5UoqnVD
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-ui-security/src/test/resources/schema.ldif
----------------------------------------------------------------------
diff --git a/metron-interface/metron-ui-security/src/test/resources/schema.ldif b/metron-interface/metron-ui-security/src/test/resources/schema.ldif
new file mode 100644
index 0000000..73d2dfd
--- /dev/null
+++ b/metron-interface/metron-ui-security/src/test/resources/schema.ldif
@@ -0,0 +1,77 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+version: 1
+
+dn: dc=org
+objectclass: domain
+objectclass: top
+dc: org
+
+dn: dc=apache,dc=org
+objectclass: domain
+objectclass: top
+dc: apache
+
+dn: dc=metron,dc=apache,dc=org
+objectclass: dcObject
+objectclass: domain
+objectclass: top
+dc: metron
+
+dn: ou=people,dc=metron,dc=apache,dc=org
+objectclass:top
+objectclass:organizationalUnit
+ou: people
+
+dn: ou=groups,dc=metron,dc=apache,dc=org
+objectclass:top
+objectclass:organizationalUnit
+ou: groups
+
+dn: uid=admin,ou=people,dc=metron,dc=apache,dc=org
+objectclass:top
+objectclass:person
+objectclass:organizationalPerson
+objectclass:inetOrgPerson
+cn: Admin
+sn: User
+uid: admin
+userPassword: password
+
+
+dn: uid=user,ou=people,dc=metron,dc=apache,dc=org
+objectclass:top
+objectclass:person
+objectclass:organizationalPerson
+objectclass:inetOrgPerson
+cn: Normal
+sn: User
+uid: user
+userPassword: password
+
+dn: cn=admin,ou=groups,dc=metron,dc=apache,dc=org
+objectClass: groupOfNames
+objectClass: top
+cn: admin
+member: uid=admin,ou=people,dc=metron,dc=apache,dc=org
+
+dn: cn=user,ou=groups,dc=metron,dc=apache,dc=org
+objectClass: groupOfNames
+objectClass: top
+cn: user
+member: uid=admin,ou=people,dc=metron,dc=apache,dc=org
+member: uid=user,ou=people,dc=metron,dc=apache,dc=org
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/pom.xml
----------------------------------------------------------------------
diff --git a/metron-interface/pom.xml b/metron-interface/pom.xml
index e6ccd2d..844f213 100644
--- a/metron-interface/pom.xml
+++ b/metron-interface/pom.xml
@@ -39,11 +39,24 @@
</license>
</licenses>
<modules>
+ <module>metron-ui-security</module>
+ <module>metron-ui-host</module>
<module>metron-config</module>
+ <module>metron-config-host</module>
<module>metron-alerts</module>
+ <module>metron-alerts-host</module>
<module>metron-rest</module>
<module>metron-rest-client</module>
</modules>
+
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+ <java.version>1.8</java.version>
+ <spring-cloud.version>Finchley.RELEASE</spring-cloud.version>
+ <spring.boot.version>2.0.1.RELEASE</spring.boot.version>
+ </properties>
+
<dependencies>
<dependency>
<groupId>junit</groupId>
[3/3] metron git commit: METRON-1665 Move hosting of Alerts and
Config UIs from Nodejs to Spring Boot (simonellistonball via merrimanr)
closes apache/metron#1111
Posted by rm...@apache.org.
METRON-1665 Move hosting of Alerts and Config UIs from Nodejs to Spring Boot (simonellistonball via merrimanr) closes apache/metron#1111
Project: http://git-wip-us.apache.org/repos/asf/metron/repo
Commit: http://git-wip-us.apache.org/repos/asf/metron/commit/54880ba8
Tree: http://git-wip-us.apache.org/repos/asf/metron/tree/54880ba8
Diff: http://git-wip-us.apache.org/repos/asf/metron/diff/54880ba8
Branch: refs/heads/feature/METRON-1663-knoxsso
Commit: 54880ba8f2467fefe56b9c377da003d08f0fe203
Parents: 28f4b57
Author: simonellistonball <si...@simonellistonball.com>
Authored: Tue Aug 28 14:20:10 2018 -0500
Committer: rmerriman <me...@gmail.com>
Committed: Tue Aug 28 14:20:10 2018 -0500
----------------------------------------------------------------------
.gitignore | 6 +
dependencies_with_url.csv | 48 +++
.../packaging/ambari/metron-mpack/README.md | 2 -
.../common-services/METRON/CURRENT/metainfo.xml | 3 -
.../packaging/docker/ansible-docker/Dockerfile | 3 -
.../packaging/docker/deb-docker/Dockerfile | 4 -
.../docker/deb-docker/prepackage/metron-config | 3 -
.../packaging/docker/rpm-docker/Dockerfile | 4 -
.../docker/rpm-docker/SPECS/metron.spec | 97 ++-----
.../packaging/docker/rpm-docker/pom.xml | 4 +-
metron-interface/metron-alerts-host/.gitignore | 24 ++
metron-interface/metron-alerts-host/pom.xml | 141 +++++++++
.../src/main/assembly/assembly.xml | 39 +++
.../org/apache/metron/ui/AlertsApplication.java | 29 ++
.../src/main/resources/application.yml | 61 ++++
.../src/main/scripts/metron-alerts.sh | 55 ++++
metron-interface/metron-alerts/.gitignore | 3 +
metron-interface/metron-alerts/assembly.xml | 55 ----
metron-interface/metron-alerts/pom.xml | 21 +-
.../metron-alerts/scripts/alerts-server.js | 76 -----
.../metron-alerts/scripts/metron-alerts-ui | 159 ----------
.../metron-alerts/scripts/package.json | 21 --
metron-interface/metron-config-host/pom.xml | 142 +++++++++
.../src/main/assembly/assembly.xml | 39 +++
.../org/apache/metron/ui/ConfigApplication.java | 31 ++
.../src/main/resources/application.yml | 34 +++
.../src/main/scripts/metron-config.sh | 55 ++++
metron-interface/metron-config/.gitignore | 3 +
metron-interface/metron-config/assembly.xml | 65 -----
metron-interface/metron-config/pom.xml | 236 ++++++++-------
.../metron-config/scripts/metron-management-ui | 159 ----------
.../metron-config/scripts/package.json | 22 --
.../metron-config/scripts/server.js | 76 -----
metron-interface/metron-rest/README.md | 95 ++----
metron-interface/metron-rest/pom.xml | 6 +-
.../metron/rest/MetronRestApplication.java | 16 +-
.../metron/rest/config/WebSecurityConfig.java | 108 -------
.../rest/controller/AlertsUIController.java | 6 +-
.../src/main/resources/application-test.yml | 19 ++
.../metron-rest/src/main/scripts/metron-rest.sh | 7 +-
.../metron/rest/config/TestSecurityConfig.java | 44 +++
.../AlertsUIControllerIntegrationTest.java | 18 +-
metron-interface/metron-ui-host/pom.xml | 138 +++++++++
.../metron/ui/AbstractHostApplication.java | 28 ++
.../org/apache/metron/ui/UserController.java | 71 +++++
.../metron/ui/ZuulAuthenticationFilter.java | 77 +++++
.../java/org/apache/metron/ui/ZuulError.java | 34 +++
.../org/apache/metron/ui/ZuulErrorFilter.java | 67 +++++
.../src/main/resources/application.yml | 59 ++++
.../apache/metron/ui/TestHostApplication.java | 25 ++
.../java/org/apache/metron/ui/WhoamiTest.java | 120 ++++++++
.../ui/ZuulAuthorizationHeaderProxyTest.java | 103 +++++++
.../src/test/resources/application-test.yml | 77 +++++
metron-interface/metron-ui-security/pom.xml | 135 +++++++++
.../metron/ui/KnoxSSOAuthenticationFilter.java | 289 +++++++++++++++++++
.../ui/MetronAuthenticationException.java | 29 ++
.../metron/ui/MetronAuthenticationProvider.java | 60 ++++
.../apache/metron/ui/MetronSecurityConfig.java | 188 ++++++++++++
.../java/org/apache/metron/ui/EmbeddedLdap.java | 164 +++++++++++
.../java/org/apache/metron/ui/JWTTests.java | 170 +++++++++++
.../ui/KnoxSSOAuthenticationFilterTests.java | 66 +++++
.../ui/MetronAuthenticationProviderTests.java | 33 +++
.../metron/ui/config/TestSecurityConfig.java | 31 ++
.../resources/application-embedded-ldap.yml | 35 +++
.../resources/org/apache/metron/ui/headers.pem | 27 ++
.../resources/org/apache/metron/ui/invalid.pem | 27 ++
.../org/apache/metron/ui/noheaders.pem | 25 ++
.../src/test/resources/schema.ldif | 77 +++++
metron-interface/pom.xml | 13 +
69 files changed, 3147 insertions(+), 1060 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/.gitignore
----------------------------------------------------------------------
diff --git a/.gitignore b/.gitignore
index 12fd7cd..5b0971e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -23,3 +23,9 @@ temp/**
temp/**/*
metron-interface/metron-alerts/node/
repodata/
+
+# Ignores for eclipse IDE
+.springBeans
+.factorypath
+.vscode
+.pydevproject
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/dependencies_with_url.csv
----------------------------------------------------------------------
diff --git a/dependencies_with_url.csv b/dependencies_with_url.csv
index 6ac1f23..5740ffe 100644
--- a/dependencies_with_url.csv
+++ b/dependencies_with_url.csv
@@ -421,3 +421,51 @@ com.google.code.gson:gson:jar:2.8.2:compile,ASLv2,https://github.com/google/gson
com.zaxxer:HikariCP:jar:2.7.8:compile,ASLv2,https://github.com/brettwooldridge/HikariCP
org.hibernate.validator:hibernate-validator:jar:6.0.9.Final:compile,ASLv2,https://github.com/hibernate/hibernate-validator
+com.github.stephenc.jcip:jcip-annotations:jar:1.0-1:compile,ASLv2,http://stephenc.github.io/jcip-annotations/
+com.google.guava:guava:jar:15.0:compile,ASLv2,
+com.netflix.archaius:archaius-core:jar:0.7.6:compile,ASLv2,https://github.com/Netflix/archaius
+com.netflix.hystrix:hystrix-core:jar:1.5.12:compile,ASLv2,https://github.com/Netflix/Hystrix
+com.netflix.hystrix:hystrix-javanica:jar:1.5.12:compile,ASLv2,https://github.com/Netflix/Hystrix
+com.netflix.hystrix:hystrix-metrics-event-stream:jar:1.5.12:compile,ASLv2,https://github.com/Netflix/Hystrix
+com.netflix.hystrix:hystrix-serialization:jar:1.5.12:compile,ASLv2,https://github.com/Netflix/Hystrix
+com.netflix.netflix-commons:netflix-commons-util:jar:0.3.0:compile
+com.netflix.ribbon:ribbon-core:jar:2.2.5:compile,ASLv2,https://github.com/Netflix/ribbon
+com.netflix.ribbon:ribbon-httpclient:jar:2.2.5:compile,ASLv2,https://github.com/Netflix/ribbon
+com.netflix.ribbon:ribbon-loadbalancer:jar:2.2.5:compile,ASLv2,https://github.com/Netflix/ribbon
+com.netflix.ribbon:ribbon:jar:2.2.5:compile,ASLv2,https://github.com/Netflix/ribbon
+com.netflix.zuul:zuul-core:jar:1.3.1:compile,ASLv2,https://github.com/Netflix/zuul
+com.nimbusds:nimbus-jose-jwt:jar:4.41.2:compile,ASLv2,https://connect2id.com/products/nimbus-jose-jwt
+commons-configuration:commons-configuration:jar:1.8:compile,ASLv2,http://commons.apache.org/
+commons-lang:commons-lang:jar:2.3:compile,ASLv2,http://commons.apache.org/
+io.micrometer:micrometer-core:jar:1.0.3:compile,ASLv2,http://micrometer.io/
+io.reactivex:rxjava-reactive-streams:jar:1.2.1:compile,ASLv2,http://reactivex.io/
+io.reactivex:rxjava:jar:1.2.0:compile,ASLv2,http://reactivex.io/
+io.undertow:undertow-core:jar:1.4.23.Final:compile,ASLv2,http://undertow.io/
+io.undertow:undertow-servlet:jar:1.4.23.Final:compile,ASLv2,http://undertow.io/
+io.undertow:undertow-websockets-jsr:jar:1.4.23.Final:compile,ASLv2,http://undertow.io/
+org.bouncycastle:bcpkix-jdk15on:jar:1.56:compile,MIT,https://www.bouncycastle.org/
+org.bouncycastle:bcprov-jdk15on:jar:1.56:compile,MIT,https://www.bouncycastle.org/
+org.glassfish:javax.el:jar:3.0.0:compile,Common Development and Distribution License (CDDL) v1.0
+org.hdrhistogram:HdrHistogram:jar:2.1.10:compile,BSD 2-clause,http://hdrhistogram.org/
+org.jboss.xnio:xnio-api:jar:3.3.8.Final:compile,ASLv2,http://xnio.jboss.org/
+org.latencyutils:LatencyUtils:jar:2.0.3:compile,BSD 2-clause,http://latencyutils.org/
+org.springframework.boot:spring-boot-actuator-autoconfigure:jar:2.0.1.RELEASE:compile,ASLv2,https://spring.io/projects/spring-boot
+org.springframework.boot:spring-boot-actuator:jar:2.0.1.RELEASE:compile,ASLv2,https://spring.io/projects/spring-boot
+org.springframework.boot:spring-boot-starter-actuator:jar:2.0.1.RELEASE:compile,ASLv2,https://spring.io/projects/spring-boot
+org.springframework.boot:spring-boot-starter-undertow:jar:2.0.1.RELEASE:compile,ASLv2,https://spring.io/projects/spring-boot
+org.springframework.cloud:spring-cloud-commons:jar:2.0.0.RELEASE:compile,ASLv2,http://projects.spring.io/spring-cloud/
+org.springframework.cloud:spring-cloud-context:jar:2.0.0.RELEASE:compile,ASLv2,http://projects.spring.io/spring-cloud/
+org.springframework.cloud:spring-cloud-netflix-archaius:jar:2.0.0.RELEASE:compile,ASLv2,http://projects.spring.io/spring-cloud/
+org.springframework.cloud:spring-cloud-netflix-core:jar:2.0.0.RELEASE:compile,ASLv2,http://projects.spring.io/spring-cloud/
+org.springframework.cloud:spring-cloud-netflix-ribbon:jar:2.0.0.RELEASE:compile,ASLv2,http://projects.spring.io/spring-cloud/
+org.springframework.cloud:spring-cloud-netflix-zuul:jar:2.0.0.RELEASE:compile,ASLv2,http://projects.spring.io/spring-cloud/
+org.springframework.cloud:spring-cloud-starter-netflix-archaius:jar:2.0.0.RELEASE:compile,ASLv2,http://projects.spring.io/spring-cloud/
+org.springframework.cloud:spring-cloud-starter-netflix-hystrix:jar:2.0.0.RELEASE:compile,ASLv2,http://projects.spring.io/spring-cloud/
+org.springframework.cloud:spring-cloud-starter-netflix-ribbon:jar:2.0.0.RELEASE:compile,ASLv2,http://projects.spring.io/spring-cloud/
+org.springframework.cloud:spring-cloud-starter-netflix-zuul:jar:2.0.0.RELEASE:compile,ASLv2,http://projects.spring.io/spring-cloud/
+org.springframework.cloud:spring-cloud-starter:jar:2.0.0.RELEASE:compile,ASLv2,http://projects.spring.io/spring-cloud/
+org.springframework.ldap:spring-ldap-core:jar:2.3.2.RELEASE:compile,ASLv2,https://spring.io/projects/spring-ldap
+org.springframework.security:spring-security-crypto:jar:5.0.4.RELEASE:compile,ASLv2,https://spring.io/projects/spring-security
+org.springframework.security:spring-security-ldap:jar:5.0.4.RELEASE:compile,ASLv2,https://spring.io/projects/spring-security
+org.springframework.security:spring-security-rsa:jar:1.0.5.RELEASE:compile,ASLv2,https://spring.io/projects/spring-security
+org.springframework.cloud:spring-cloud-commons:jar:2.0.0.RELEASE:compile,ASLv2,http://projects.spring.io/spring-cloud/
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-deployment/packaging/ambari/metron-mpack/README.md
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/ambari/metron-mpack/README.md b/metron-deployment/packaging/ambari/metron-mpack/README.md
index cd9399d..785d20e 100644
--- a/metron-deployment/packaging/ambari/metron-mpack/README.md
+++ b/metron-deployment/packaging/ambari/metron-mpack/README.md
@@ -26,8 +26,6 @@ This allows you to easily install Metron using a simple, guided process. This a
* Installable Metron packages (either RPMs or DEBs) located in a repository on each host at `/localrepo`.
-* A [Node.js](https://nodejs.org/en/download/package-manager/) repository installed on the host running the Management and Alarm UI.
-
### Quick Start
1. Build the Metron MPack. Execute the following command from the project's root directory.
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/metainfo.xml
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/metainfo.xml b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/metainfo.xml
index f83d93b..85302a9 100644
--- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/metainfo.xml
+++ b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/metainfo.xml
@@ -422,9 +422,6 @@
<name>metron-rest</name>
</package>
<package>
- <name>nodejs</name>
- </package>
- <package>
<name>metron-config</name>
</package>
<package>
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-deployment/packaging/docker/ansible-docker/Dockerfile
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/docker/ansible-docker/Dockerfile b/metron-deployment/packaging/docker/ansible-docker/Dockerfile
index ebf002a..d5f7d24 100644
--- a/metron-deployment/packaging/docker/ansible-docker/Dockerfile
+++ b/metron-deployment/packaging/docker/ansible-docker/Dockerfile
@@ -58,8 +58,5 @@ RUN yum -y install asciidoc rpm-build rpm2cpio tar unzip xmlto zip rpmlint make
# create a .bashrc for root, enabling the cpp 11 toolset
RUN touch /root/.bashrc \
&& cat '/opt/rh/devtoolset-4/enable' >> /root/.bashrc
-# install node so that the node dependencies can be packaged into the RPMs
-RUN curl --silent --location https://rpm.nodesource.com/setup_6.x | bash -
-RUN yum -y install nodejs
WORKDIR /root
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-deployment/packaging/docker/deb-docker/Dockerfile
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/docker/deb-docker/Dockerfile b/metron-deployment/packaging/docker/deb-docker/Dockerfile
index 44203c6..d4e1f91 100644
--- a/metron-deployment/packaging/docker/deb-docker/Dockerfile
+++ b/metron-deployment/packaging/docker/deb-docker/Dockerfile
@@ -26,8 +26,4 @@ RUN apt-get update && apt-get install -y \
dpkg-dev \
gettext
-# install nodejs so that the node dependencies can be packaged into the DEBs
-RUN curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -
-RUN apt-get install -y nodejs
-
WORKDIR /root
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-deployment/packaging/docker/deb-docker/prepackage/metron-config
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/docker/deb-docker/prepackage/metron-config b/metron-deployment/packaging/docker/deb-docker/prepackage/metron-config
index a5ac74f..90bf183 100644
--- a/metron-deployment/packaging/docker/deb-docker/prepackage/metron-config
+++ b/metron-deployment/packaging/docker/deb-docker/prepackage/metron-config
@@ -27,6 +27,3 @@
# the working directory containing all of the files to
# be packaged will be passed as the only argument to this script.
#
-
-# package the 'production' node dependencies
-npm install --prefix="${PACKAGE_WORKDIR}/${METRON_HOME}/web/expressjs" --only=production
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-deployment/packaging/docker/rpm-docker/Dockerfile
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/docker/rpm-docker/Dockerfile b/metron-deployment/packaging/docker/rpm-docker/Dockerfile
index a2dae8e..2fd2565 100644
--- a/metron-deployment/packaging/docker/rpm-docker/Dockerfile
+++ b/metron-deployment/packaging/docker/rpm-docker/Dockerfile
@@ -27,7 +27,3 @@ RUN mv apache-maven-3.2.5 /opt/maven
RUN ln -s /opt/maven/bin/mvn /usr/bin/mvn
RUN yum -y install asciidoc rpm-build rpm2cpio tar unzip xmlto zip rpmlint && yum clean all
WORKDIR /root
-
-# install node so that the node dependencies can be packaged into the RPMs
-RUN curl --silent --location https://rpm.nodesource.com/setup_6.x | bash -
-RUN yum -y install gcc-c++ make nodejs
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-deployment/packaging/docker/rpm-docker/SPECS/metron.spec
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/docker/rpm-docker/SPECS/metron.spec b/metron-deployment/packaging/docker/rpm-docker/SPECS/metron.spec
index 4b88fd0..df712ad 100644
--- a/metron-deployment/packaging/docker/rpm-docker/SPECS/metron.spec
+++ b/metron-deployment/packaging/docker/rpm-docker/SPECS/metron.spec
@@ -53,10 +53,10 @@ Source6: metron-indexing-%{full_version}-archive.tar.gz
Source7: metron-pcap-backend-%{full_version}-archive.tar.gz
Source8: metron-profiler-%{full_version}-archive.tar.gz
Source9: metron-rest-%{full_version}-archive.tar.gz
-Source10: metron-config-%{full_version}-archive.tar.gz
+Source10: metron-config-host-%{full_version}-archive.tar.gz
Source11: metron-management-%{full_version}-archive.tar.gz
Source12: metron-maas-service-%{full_version}-archive.tar.gz
-Source13: metron-alerts-%{full_version}-archive.tar.gz
+Source13: metron-alerts-host-%{full_version}-archive.tar.gz
Source14: metron-performance-%{full_version}-archive.tar.gz
%description
@@ -77,7 +77,11 @@ rm -rf %{_builddir}/*
%install
rm -rf %{buildroot}
mkdir -p %{buildroot}%{metron_home}
-mkdir -p %{buildroot}/etc/init.d
+
+# make PID locations for metron uis
+mkdir -p %{buildroot}/var/run/metron-alerts
+mkdir -p %{buildroot}/var/run/metron-config
+mkdir -p %{buildroot}/var/run/metron-rest
# copy source files and untar
tar -xzf %{SOURCE0} -C %{buildroot}%{metron_home}
@@ -96,12 +100,6 @@ tar -xzf %{SOURCE12} -C %{buildroot}%{metron_home}
tar -xzf %{SOURCE13} -C %{buildroot}%{metron_home}
tar -xzf %{SOURCE14} -C %{buildroot}%{metron_home}
-install %{buildroot}%{metron_home}/bin/metron-management-ui %{buildroot}/etc/init.d/
-install %{buildroot}%{metron_home}/bin/metron-alerts-ui %{buildroot}/etc/init.d/
-
-# allows node dependencies to be packaged in the RPMs
-npm install --prefix="%{buildroot}%{metron_home}/web/expressjs" --only=production
-
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
%package common
@@ -435,41 +433,12 @@ This package installs the Metron Management UI %{metron_home}
%defattr(-,root,root,755)
%dir %{metron_root}
%dir %{metron_home}
+%dir %{metron_home}/config
%dir %{metron_home}/bin
-%dir %{metron_home}/web
-%dir %{metron_home}/web/expressjs
-%dir %{metron_home}/web/expressjs/node_modules
-%dir %{metron_home}/web/expressjs/node_modules/.bin
-%dir %{metron_home}/web/management-ui
-%dir %{metron_home}/web/management-ui/assets
-%dir %{metron_home}/web/management-ui/assets/ace
-%dir %{metron_home}/web/management-ui/assets/ace/snippets
-%dir %{metron_home}/web/management-ui/assets/fonts
-%dir %{metron_home}/web/management-ui/assets/fonts/Roboto
-%dir %{metron_home}/web/management-ui/assets/images
-%dir %{metron_home}/web/management-ui/license
-%{metron_home}/bin/metron-management-ui
-/etc/init.d/metron-management-ui
-%attr(0755,root,root) %{metron_home}/web/expressjs/node_modules/*
-%attr(0755,root,root) %{metron_home}/web/expressjs/node_modules/.bin/*
-%attr(0755,root,root) %{metron_home}/web/expressjs/server.js
-%attr(0644,root,root) %{metron_home}/web/expressjs/package.json
-%attr(0644,root,root) %{metron_home}/web/management-ui/favicon.ico
-%attr(0644,root,root) %{metron_home}/web/management-ui/index.html
-%attr(0644,root,root) %{metron_home}/web/management-ui/*.js
-%attr(0644,root,root) %{metron_home}/web/management-ui/*.js.gz
-%attr(0644,root,root) %{metron_home}/web/management-ui/*.ttf
-%attr(0644,root,root) %{metron_home}/web/management-ui/*.svg
-%attr(0644,root,root) %{metron_home}/web/management-ui/*.eot
-%attr(0644,root,root) %{metron_home}/web/management-ui/*.woff
-%attr(0644,root,root) %{metron_home}/web/management-ui/*.woff2
-%attr(0644,root,root) %{metron_home}/web/management-ui/assets/ace/*.js
-%attr(0644,root,root) %{metron_home}/web/management-ui/assets/ace/LICENSE
-%attr(0644,root,root) %{metron_home}/web/management-ui/assets/ace/snippets/*.js
-%attr(0644,root,root) %{metron_home}/web/management-ui/assets/fonts/Roboto/LICENSE.txt
-%attr(0644,root,root) %{metron_home}/web/management-ui/assets/fonts/Roboto/*.ttf
-%attr(0644,root,root) %{metron_home}/web/management-ui/assets/images/*
-%attr(0644,root,root) %{metron_home}/web/management-ui/license/*
+%dir %{metron_home}/lib
+%attr(0755,root,root) %{metron_home}/lib/metron-config-host-%{full_version}.jar
+%attr(0755,root,root) %{metron_home}/bin/metron-config.sh
+
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -504,46 +473,18 @@ This package installs the Metron Alerts UI %{metron_home}
%defattr(-,root,root,755)
%dir %{metron_root}
%dir %{metron_home}
+%dir %{metron_home}/config
%dir %{metron_home}/bin
-%dir %{metron_home}/web
-%dir %{metron_home}/web/alerts-ui
-%dir %{metron_home}/web/alerts-ui/assets
-%dir %{metron_home}/web/alerts-ui/assets/ace
-%dir %{metron_home}/web/alerts-ui/assets/fonts
-%dir %{metron_home}/web/alerts-ui/assets/fonts/Roboto
-%dir %{metron_home}/web/alerts-ui/assets/images
-%{metron_home}/bin/metron-alerts-ui
-/etc/init.d/metron-alerts-ui
-%attr(0755,root,root) %{metron_home}/web/expressjs/alerts-server.js
-%attr(0644,root,root) %{metron_home}/web/alerts-ui/favicon.ico
-%attr(0644,root,root) %{metron_home}/web/alerts-ui/index.html
-%attr(0644,root,root) %{metron_home}/web/alerts-ui/*.bundle.css
-%attr(0644,root,root) %{metron_home}/web/alerts-ui/*.js
-%attr(0644,root,root) %{metron_home}/web/alerts-ui/*.ttf
-%attr(0644,root,root) %{metron_home}/web/alerts-ui/*.svg
-%attr(0644,root,root) %{metron_home}/web/alerts-ui/*.jpg
-%attr(0644,root,root) %{metron_home}/web/alerts-ui/*.eot
-%attr(0644,root,root) %{metron_home}/web/alerts-ui/*.woff
-%attr(0644,root,root) %{metron_home}/web/alerts-ui/*.woff2
-%attr(0644,root,root) %{metron_home}/web/alerts-ui/3rdpartylicenses.txt
-%attr(0644,root,root) %{metron_home}/web/alerts-ui/assets/ace/*.js
-%attr(0644,root,root) %{metron_home}/web/alerts-ui/assets/ace/LICENSE
-%attr(0644,root,root) %{metron_home}/web/alerts-ui/assets/fonts/font.css
-%attr(0644,root,root) %{metron_home}/web/alerts-ui/assets/fonts/Roboto/LICENSE.txt
-%attr(0644,root,root) %{metron_home}/web/alerts-ui/assets/fonts/Roboto/*.ttf
-%attr(0644,root,root) %{metron_home}/web/alerts-ui/assets/images/*
-
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+%dir %{metron_home}/lib
+%attr(0755,root,root) %{metron_home}/lib/metron-alerts-host-%{full_version}.jar
+%attr(0755,root,root) %{metron_home}/bin/metron-alerts.sh
-%post config
-chkconfig --add metron-management-ui
-chkconfig --add metron-alerts-ui
-%preun config
-chkconfig --del metron-management-ui
-chkconfig --del metron-alerts-ui
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
%changelog
+* Thu Jul 19 2018 Apache Metron <de...@metron.apache.org> - 0.5.1
+- Added new UI hosting methods
* Thu Feb 1 2018 Apache Metron <de...@metron.apache.org> - 0.4.3
- Add Solr install script to Solr RPM
* Tue Sep 25 2017 Apache Metron <de...@metron.apache.org> - 0.4.2
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-deployment/packaging/docker/rpm-docker/pom.xml
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/docker/rpm-docker/pom.xml b/metron-deployment/packaging/docker/rpm-docker/pom.xml
index ba57079..878f55a 100644
--- a/metron-deployment/packaging/docker/rpm-docker/pom.xml
+++ b/metron-deployment/packaging/docker/rpm-docker/pom.xml
@@ -174,7 +174,7 @@
</includes>
</resource>
<resource>
- <directory>${metron_dir}/metron-interface/metron-config/target/</directory>
+ <directory>${metron_dir}/metron-interface/metron-config-host/target/</directory>
<includes>
<include>*.tar.gz</include>
</includes>
@@ -186,7 +186,7 @@
</includes>
</resource>
<resource>
- <directory>${metron_dir}/metron-interface/metron-alerts/target/</directory>
+ <directory>${metron_dir}/metron-interface/metron-alerts-host/target/</directory>
<includes>
<include>*.tar.gz</include>
</includes>
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-alerts-host/.gitignore
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts-host/.gitignore b/metron-interface/metron-alerts-host/.gitignore
new file mode 100644
index 0000000..e0dea38
--- /dev/null
+++ b/metron-interface/metron-alerts-host/.gitignore
@@ -0,0 +1,24 @@
+/target/
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+
+### NetBeans ###
+/nbproject/private/
+/build/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-alerts-host/pom.xml
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts-host/pom.xml b/metron-interface/metron-alerts-host/pom.xml
new file mode 100644
index 0000000..aa2ba1b
--- /dev/null
+++ b/metron-interface/metron-alerts-host/pom.xml
@@ -0,0 +1,141 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software
+ Foundation (ASF) under one or more contributor license agreements. See the
+ NOTICE file distributed with this work for additional information regarding
+ copyright ownership. The ASF licenses this file to You under the Apache License,
+ Version 2.0 (the "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software distributed
+ under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
+ OR CONDITIONS OF ANY KIND, either express or implied. See the License for
+ the specific language governing permissions and limitations under the License.
+ -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <groupId>org.apache.metron.ui</groupId>
+ <artifactId>metron-alerts-host</artifactId>
+ <packaging>jar</packaging>
+
+ <name>Metron Alerts UI Host</name>
+ <description>Spring Server to run frontend</description>
+
+ <parent>
+ <groupId>org.apache.metron</groupId>
+ <artifactId>metron-interface</artifactId>
+ <version>0.5.1</version>
+ </parent>
+
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+ <java.version>1.8</java.version>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.metron</groupId>
+ <artifactId>metron-alerts</artifactId>
+ <version>${project.parent.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.metron</groupId>
+ <artifactId>metron-ui-host</artifactId>
+ <version>${project.parent.version}</version>
+ </dependency>
+
+ </dependencies>
+
+ <dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>org.springframework.cloud</groupId>
+ <artifactId>spring-cloud-dependencies</artifactId>
+ <version>${spring-cloud.version}</version>
+ <type>pom</type>
+ <scope>import</scope>
+ </dependency>
+ <dependency>
+ <!-- Import dependency management from Spring Boot -->
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-dependencies</artifactId>
+ <version>${spring.boot.version}</version>
+ <type>pom</type>
+ <scope>import</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-slf4j-impl</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-maven-plugin</artifactId>
+ <version>${spring.boot.version}</version>
+ <configuration>
+ <executable>true</executable>
+ <mainClass>org.apache.metron.ui.AlertsApplication</mainClass>
+ <embeddedLaunchScriptProperties>
+ <initInfoProvides>metron-alerts</initInfoProvides>
+ <initInfoDescription>Metron Alerts UI server</initInfoDescription>
+ <initInfoShortDescription>Metron Alerts</initInfoShortDescription>
+ </embeddedLaunchScriptProperties>
+ </configuration>
+ <executions>
+ <execution>
+ <goals>
+ <goal>repackage</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-dependency-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>unpack-shared-resources</id>
+ <goals>
+ <goal>unpack-dependencies</goal>
+ </goals>
+ <phase>generate-resources</phase>
+ <configuration>
+ <outputDirectory>${project.build.directory}/generated-resources</outputDirectory>
+ <includeArtifacIds>shared-resources</includeArtifacIds>
+ <includeGroupIds>${project.groupId}</includeGroupIds>
+ <excludeTransitive>true</excludeTransitive>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <configuration>
+ <descriptor>src/main/assembly/assembly.xml</descriptor>
+ </configuration>
+ <executions>
+ <execution>
+ <phase>package</phase>
+ <goals>
+ <goal>single</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+</project>
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-alerts-host/src/main/assembly/assembly.xml
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts-host/src/main/assembly/assembly.xml b/metron-interface/metron-alerts-host/src/main/assembly/assembly.xml
new file mode 100644
index 0000000..1377f60
--- /dev/null
+++ b/metron-interface/metron-alerts-host/src/main/assembly/assembly.xml
@@ -0,0 +1,39 @@
+<!--
+ Licensed to the Apache Software
+ Foundation (ASF) under one or more contributor license agreements. See the
+ NOTICE file distributed with this work for additional information regarding
+ copyright ownership. The ASF licenses this file to You under the Apache License,
+ Version 2.0 (the "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software distributed
+ under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
+ OR CONDITIONS OF ANY KIND, either express or implied. See the License for
+ the specific language governing permissions and limitations under the License.
+ -->
+
+<assembly>
+ <id>archive</id>
+ <formats>
+ <format>tar.gz</format>
+ </formats>
+ <includeBaseDirectory>false</includeBaseDirectory>
+ <fileSets>
+ <fileSet>
+ <directory>${project.basedir}/target</directory>
+ <includes>
+ <include>${project.artifactId}-${project.version}.jar</include>
+ </includes>
+ <outputDirectory>lib</outputDirectory>
+ <useDefaultExcludes>true</useDefaultExcludes>
+ </fileSet>
+ <fileSet>
+ <directory>${project.basedir}/src/main/scripts</directory>
+ <includes>
+ <include>metron-alerts.sh</include>
+ </includes>
+ <outputDirectory>bin</outputDirectory>
+ <useDefaultExcludes>true</useDefaultExcludes>
+ <filtered>true</filtered>
+ </fileSet>
+ </fileSets>
+</assembly>
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-alerts-host/src/main/java/org/apache/metron/ui/AlertsApplication.java
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts-host/src/main/java/org/apache/metron/ui/AlertsApplication.java b/metron-interface/metron-alerts-host/src/main/java/org/apache/metron/ui/AlertsApplication.java
new file mode 100644
index 0000000..8423dcc
--- /dev/null
+++ b/metron-interface/metron-alerts-host/src/main/java/org/apache/metron/ui/AlertsApplication.java
@@ -0,0 +1,29 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.metron.ui;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.ComponentScans;
+
+@SpringBootApplication
+@ComponentScans(
+ value = {@ComponentScan, @ComponentScan(basePackageClasses = MetronSecurityConfig.class)})
+public class AlertsApplication extends AbstractHostApplication {
+ public static void main(String[] args) {
+ SpringApplication.run(AlertsApplication.class, args);
+ }
+}
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-alerts-host/src/main/resources/application.yml
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts-host/src/main/resources/application.yml b/metron-interface/metron-alerts-host/src/main/resources/application.yml
new file mode 100644
index 0000000..3eb9045
--- /dev/null
+++ b/metron-interface/metron-alerts-host/src/main/resources/application.yml
@@ -0,0 +1,61 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+metron:
+ version: ${project.version}
+
+server:
+ session:
+ cookie:
+ secure: false
+ name: METRONUISESSION
+
+zuul:
+ routes:
+ rest:
+ path: /api/v1/**
+ url: http://localhost:8082/api/v1/
+ sensitiveHeaders: Cookie,Set-Cookie
+
+proxy:
+ auth:
+ routes:
+ rest: passthru
+
+ribbon:
+ ConnectTimeout: 3000
+ ReadTimeout: 60000
+
+
+ldap:
+ provider:
+ url: ldap://localhost:33389
+ userdn: uid=admin,ou=people,dc=hadoop,dc=apache,dc=org
+ password: admin-password
+ user:
+ dn.patterns: uid={0},ou=people,dc=hadoop,dc=apache,dc=org
+ passwordAttribute: userPassword
+ searchBase: ou=people,dc=hadoop,dc=apache,dc=org
+ searchFilter: ""
+ group:
+ searchBase: ou=groups,dc=hadoop,dc=apache,dc=org
+ searchFilter: "member={0}"
+ roleAttribute: "cn"
+
+knox:
+ sso:
+ url: ''
+ pubkey: ''
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-alerts-host/src/main/scripts/metron-alerts.sh
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts-host/src/main/scripts/metron-alerts.sh b/metron-interface/metron-alerts-host/src/main/scripts/metron-alerts.sh
new file mode 100644
index 0000000..a171cff
--- /dev/null
+++ b/metron-interface/metron-alerts-host/src/main/scripts/metron-alerts.sh
@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+if [ -z "${METRON_SSL_PASSWORD}" ]; then
+ echo "METRON_SSL_PASSWORD unset."
+fi
+
+METRON_VERSION=${project.version}
+METRON_HOME="${METRON_HOME:-/usr/metron/${METRON_VERSION}}"
+METRON_SYSCONFIG="${METRON_SYSCONFIG:-/etc/default/metron}"
+
+echo "METRON_VERSION=${METRON_VERSION}"
+echo "METRON_HOME=${METRON_HOME}"
+echo "METRON_SYSCONFIG=${METRON_SYSCONFIG}"
+
+if [ -f "$METRON_SYSCONFIG" ]; then
+ echo "METRON_SYSCONFIG=${METRON_SYSCONFIG}"
+ set -a
+ . "$METRON_SYSCONFIG"
+fi
+
+echo "METRON_SPRING_PROFILES_ACTIVE=${METRON_SPRING_PROFILES_ACTIVE}"
+
+METRON_CONFIG_LOCATION=" --spring.config.location=classpath:/application.yml,$METRON_HOME/config/alerts_ui.yml"
+echo "METRON_CONFIG_LOCATION=${METRON_CONFIG_LOCATION}"
+METRON_SPRING_OPTIONS+=${METRON_CONFIG_LOCATION}
+
+# Find the metron alerts jar
+files=( "${METRON_HOME}/lib/metron-alerts-host-*.jar" )
+echo "Default metron-alerts-host jar is: ${files[0]}"
+APP_JAR="${files[0]}"
+
+export CONF_FOLDER=$METHRON_HOME/config
+export LOG_FOLDER=/var/log/metron/
+export PID_FOLDER=/var/run/metron/
+export RUN_ARGS=$METRON_SPRING_OPTIONS
+export APP_NAME=metron-alerts
+export MODE=service
+${APP_JAR} $1
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-alerts/.gitignore
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/.gitignore b/metron-interface/metron-alerts/.gitignore
index 703c7a9..de23844 100644
--- a/metron-interface/metron-alerts/.gitignore
+++ b/metron-interface/metron-alerts/.gitignore
@@ -4,3 +4,6 @@ metron-alerts.iml
node_modules/
/dist/
coverage
+
+# Build Files
+bin/
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-alerts/assembly.xml
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/assembly.xml b/metron-interface/metron-alerts/assembly.xml
deleted file mode 100644
index f392a66..0000000
--- a/metron-interface/metron-alerts/assembly.xml
+++ /dev/null
@@ -1,55 +0,0 @@
-<!--
- Licensed to the Apache Software
- Foundation (ASF) under one or more contributor license agreements. See the
- NOTICE file distributed with this work for additional information regarding
- copyright ownership. The ASF licenses this file to You under the Apache License,
- Version 2.0 (the "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software distributed
- under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
- OR CONDITIONS OF ANY KIND, either express or implied. See the License for
- the specific language governing permissions and limitations under the License.
- -->
-
-<assembly>
- <id>archive</id>
- <formats>
- <format>tar.gz</format>
- </formats>
- <includeBaseDirectory>false</includeBaseDirectory>
- <fileSets>
- <fileSet>
- <directory>${project.basedir}/dist</directory>
- <outputDirectory>/web/alerts-ui</outputDirectory>
- <excludes>
- <exclude>**/.npmignore</exclude>
- </excludes>
- <fileMode>0644</fileMode>
- </fileSet>
- <fileSet>
- <directory>${project.basedir}/scripts</directory>
- <outputDirectory>web/expressjs</outputDirectory>
- <includes>
- <include>alerts-server.js</include>
- </includes>
- <fileMode>0644</fileMode>
- </fileSet>
- <fileSet>
- <directory>${project.basedir}/scripts</directory>
- <outputDirectory>bin</outputDirectory>
- <useDefaultExcludes>true</useDefaultExcludes>
- <includes>
- <include>metron-alerts-ui</include>
- </includes>
- <fileMode>0755</fileMode>
- <lineEnding>unix</lineEnding>
- <filtered>true</filtered>
- </fileSet>
- </fileSets>
- <files>
- <file>
- <source>src/favicon.ico</source>
- <outputDirectory>/web/alerts-ui</outputDirectory>
- </file>
- </files>
-</assembly>
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-alerts/pom.xml
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/pom.xml b/metron-interface/metron-alerts/pom.xml
index e7706b3..b47f241 100644
--- a/metron-interface/metron-alerts/pom.xml
+++ b/metron-interface/metron-alerts/pom.xml
@@ -31,6 +31,12 @@
<dependencies>
</dependencies>
<build>
+ <resources>
+ <resource>
+ <directory>dist</directory>
+ <targetPath>public</targetPath>
+ </resource>
+ </resources>
<plugins>
<plugin>
<groupId>com.github.eirslett</groupId>
@@ -97,21 +103,6 @@
</configuration>
</plugin>
<plugin>
- <artifactId>maven-assembly-plugin</artifactId>
- <configuration>
- <descriptor>assembly.xml</descriptor>
- </configuration>
- <executions>
- <execution>
- <id>make-assembly</id> <!-- this is used for inheritance merges -->
- <phase>package</phase> <!-- bind to the packaging phase -->
- <goals>
- <goal>single</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- <plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<version>1.5.0</version>
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-alerts/scripts/alerts-server.js
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/scripts/alerts-server.js b/metron-interface/metron-alerts/scripts/alerts-server.js
deleted file mode 100644
index 716f37b..0000000
--- a/metron-interface/metron-alerts/scripts/alerts-server.js
+++ /dev/null
@@ -1,76 +0,0 @@
-#!/usr/bin/env node
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-'use strict';
-
-var os = require('os');
-var app = require('express')();
-var path = require('path');
-var compression = require('compression');
-var serveStatic = require('serve-static');
-var favicon = require('serve-favicon');
-var proxy = require('http-proxy-middleware');
-var argv = require('optimist')
- .demand(['c'])
- .alias('c', 'config_file')
- .usage('Usage: alerts-server.js -c [config_file]')
- .describe('c', 'Path to alerts_ui.yml')
- .argv;
-var YAML = require('yamljs');
-
-var metronUIAddress = '';
-var ifaces = os.networkInterfaces();
-var uiConfig = YAML.load(argv.c);
-
-Object.keys(ifaces).forEach(function (dev) {
- ifaces[dev].forEach(function (details) {
- if (details.family === 'IPv4') {
- metronUIAddress += '\n';
- metronUIAddress += 'http://' + details.address + ':' + uiConfig.port;
- }
- });
-});
-
-function setCustomCacheControl (res, path) {
- if (serveStatic.mime.lookup(path) === 'text/html') {
- res.setHeader('Cache-Control', 'public, max-age=10')
- }
- res.setHeader("Expires", new Date(Date.now() + 2592000000).toUTCString());
-}
-
-app.use(compression());
-
-var restUrl = 'http://' + uiConfig.rest.host + ':' + uiConfig.rest.port;
-app.use('/api/v1', proxy(restUrl));
-app.use('/logout', proxy(restUrl));
-
-app.use(favicon(path.join(__dirname, '../alerts-ui/favicon.ico')));
-
-app.use(serveStatic(path.join(__dirname, '../alerts-ui'), {
- maxAge: '1d',
- setHeaders: setCustomCacheControl
-}));
-
-app.get('*', function(req, res){
- res.sendFile(path.join(__dirname, '../alerts-ui/index.html'));
-});
-
-app.listen(uiConfig.port, function(){
- console.log("Metron alerts ui is listening on " + metronUIAddress);
-});
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-alerts/scripts/metron-alerts-ui
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/scripts/metron-alerts-ui b/metron-interface/metron-alerts/scripts/metron-alerts-ui
deleted file mode 100644
index bb8e67c..0000000
--- a/metron-interface/metron-alerts/scripts/metron-alerts-ui
+++ /dev/null
@@ -1,159 +0,0 @@
-#!/usr/bin/env bash
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# metron alerts UI service
-# chkconfig: - 20 80
-# description: Alerts UI
-# processname: metron-alerts-ui
-#
-
-# all LSB compliant distributions provide the following
-# http://refspecs.linuxbase.org/LSB_3.0.0/LSB-PDA/LSB-PDA/iniscrptfunc.html
-if [ -f /lib/lsb/init-functions ]; then
- . /lib/lsb/init-functions
-fi
-
-NAME=metron-alerts-ui
-DESC="Metron Alerts UI"
-METRON_VERSION=${project.version}
-METRON_HOME=/usr/metron/$METRON_VERSION
-METRON_LOG_DIR="/var/log/metron"
-METRON_PID_DIR="/var/run/metron"
-METRON_USER="metron"
-METRON_GROUP="metron"
-METRON_SYSCONFIG="/etc/default/metron"
-if [ -f "$METRON_SYSCONFIG" ]; then
- set -a
- . "$METRON_SYSCONFIG"
-fi
-
-PIDFILE="$METRON_PID_DIR/$NAME.pid"
-
-DAEMON="node $METRON_HOME/web/expressjs/alerts-server.js -c $METRON_HOME/config/alerts_ui.yml"
-
-#
-# start the rest application
-#
-start() {
-
- # if pidfile exists, do not start another
- if [ -f $PIDFILE ]; then
- PID=`cat $PIDFILE`
- printf "OK [$PID]\n"
- return
- fi
-
- if [ ! -d "$METRON_LOG_DIR" ]; then
- mkdir -p "$METRON_LOG_DIR" && chown "$METRON_USER":"$METRON_GROUP" "$METRON_LOG_DIR"
- fi
-
- if [ ! -d "$METRON_PID_DIR" ]; then
- mkdir -p "$METRON_PID_DIR" && chown "$METRON_USER":"$METRON_GROUP" "$METRON_PID_DIR"
- fi
-
- # kick-off the daemon
- CMD="$DAEMON >> $METRON_LOG_DIR/$NAME.log 2>&1 & echo \$!"
- PID=`su -c "$CMD" $METRON_USER`
-
- if [ -z $PID ]; then
- printf "Fail\n"
- else
- echo $PID > $PIDFILE
- printf "Ok [$PID]\n"
- fi
-}
-
-#
-# stop the rest application
-#
-stop() {
- if [ -f $PIDFILE ]; then
- PID=`cat $PIDFILE`
- while sleep 1
- echo -n "."
- kill -0 $PID >/dev/null 2>&1
- do
- kill $PID
- done
- rm -f $PIDFILE
- printf "%s\n" "Ok"
- else
- printf "%s\n" "Not running"
- fi
-}
-
-#
-# status check of the rest application
-#
-status() {
- if [ -f $PIDFILE ]; then
- PID=`cat $PIDFILE`
- if [ -z "`ps axf | grep ${PID} | grep -v grep`" ]; then
- printf "%s\n" "Process dead but pidfile exists"
- else
- echo "Running"
- fi
- else
- printf "%s\n" "Service not running"
- fi
-}
-
-case "$1" in
-
- ##############################################################################
- # start
- #
- start)
- printf "%-50s \n" "Starting $NAME..."
- start
- ;;
-
- ##############################################################################
- # status
- #
- status)
- printf "%-50s \n" "Checking $NAME..."
- status
- ;;
-
- ##############################################################################
- # stop
- #
- stop)
- printf "%-50s \n" "Stopping $NAME..."
- stop
- ;;
-
- ##############################################################################
- # restart
- #
- restart)
- $0 stop
- $0 start
- ;;
-
- ##############################################################################
- # reload
- #
- reload)
- ;;
-
- *)
- echo "Usage: $0 {status|start|stop|restart}"
- exit 1
-esac
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-alerts/scripts/package.json
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/scripts/package.json b/metron-interface/metron-alerts/scripts/package.json
deleted file mode 100644
index d41da81..0000000
--- a/metron-interface/metron-alerts/scripts/package.json
+++ /dev/null
@@ -1,21 +0,0 @@
-{
- "name": "metron-alerts-ui-web-server",
- "version": "0.4.0",
- "description": "Metron alerts ui web server",
- "main": "server.js",
- "dependencies": {
- "compression": "1.6.2",
- "express": "4.15.2",
- "http-proxy-middleware": "0.17.4",
- "optimist": "0.6.1",
- "serve-favicon": "2.4.2",
- "serve-static": "1.12.1"
- },
- "devDependencies": {},
- "scripts": {
- "start": "node server.js"
- },
- "private": true,
- "author": "",
- "license": "Apache 2.0"
-}
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-config-host/pom.xml
----------------------------------------------------------------------
diff --git a/metron-interface/metron-config-host/pom.xml b/metron-interface/metron-config-host/pom.xml
new file mode 100644
index 0000000..f51692b
--- /dev/null
+++ b/metron-interface/metron-config-host/pom.xml
@@ -0,0 +1,142 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software
+ Foundation (ASF) under one or more contributor license agreements. See the
+ NOTICE file distributed with this work for additional information regarding
+ copyright ownership. The ASF licenses this file to You under the Apache License,
+ Version 2.0 (the "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software distributed
+ under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
+ OR CONDITIONS OF ANY KIND, either express or implied. See the License for
+ the specific language governing permissions and limitations under the License.
+ -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <groupId>org.apache.metron.ui</groupId>
+ <artifactId>metron-config-host</artifactId>
+ <packaging>jar</packaging>
+
+ <name>Metron Config UI Host</name>
+ <description>Spring Server to host config ui</description>
+
+ <parent>
+ <groupId>org.apache.metron</groupId>
+ <artifactId>metron-interface</artifactId>
+ <version>0.5.1</version>
+ </parent>
+
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+ <java.version>1.8</java.version>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.metron</groupId>
+ <artifactId>metron-config</artifactId>
+ <version>${project.parent.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.metron</groupId>
+ <artifactId>metron-ui-host</artifactId>
+ <version>${project.parent.version}</version>
+ </dependency>
+ </dependencies>
+
+ <dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>org.springframework.cloud</groupId>
+ <artifactId>spring-cloud-dependencies</artifactId>
+ <version>${spring-cloud.version}</version>
+ <type>pom</type>
+ <scope>import</scope>
+ </dependency>
+ <dependency>
+ <!-- Import dependency management from Spring Boot -->
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-dependencies</artifactId>
+ <version>${spring.boot.version}</version>
+ <type>pom</type>
+ <scope>import</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-slf4j-impl</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-maven-plugin</artifactId>
+ <version>${spring.boot.version}</version>
+ <configuration>
+ <executable>true</executable>
+ <mainClass>org.apache.metron.ui.ConfigApplication</mainClass>
+ <embeddedLaunchScriptProperties>
+ <initInfoProvides>metron-config</initInfoProvides>
+ <initInfoDescription>Metron Management UI server</initInfoDescription>
+ <initInfoShortDescription>Metron Management</initInfoShortDescription>
+ </embeddedLaunchScriptProperties>
+ </configuration>
+ <executions>
+ <execution>
+ <goals>
+ <goal>repackage</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-dependency-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>unpack-shared-resources</id>
+ <goals>
+ <goal>unpack-dependencies</goal>
+ </goals>
+ <phase>generate-resources</phase>
+ <configuration>
+ <outputDirectory>${project.build.directory}/generated-resources</outputDirectory>
+ <includeArtifacIds>shared-resources</includeArtifacIds>
+ <includeGroupIds>${project.groupId}</includeGroupIds>
+ <excludeTransitive>true</excludeTransitive>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <configuration>
+ <descriptor>src/main/assembly/assembly.xml</descriptor>
+ </configuration>
+ <executions>
+ <execution>
+ <phase>package</phase>
+ <goals>
+ <goal>single</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-config-host/src/main/assembly/assembly.xml
----------------------------------------------------------------------
diff --git a/metron-interface/metron-config-host/src/main/assembly/assembly.xml b/metron-interface/metron-config-host/src/main/assembly/assembly.xml
new file mode 100644
index 0000000..e20c39f
--- /dev/null
+++ b/metron-interface/metron-config-host/src/main/assembly/assembly.xml
@@ -0,0 +1,39 @@
+<!--
+ Licensed to the Apache Software
+ Foundation (ASF) under one or more contributor license agreements. See the
+ NOTICE file distributed with this work for additional information regarding
+ copyright ownership. The ASF licenses this file to You under the Apache License,
+ Version 2.0 (the "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software distributed
+ under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
+ OR CONDITIONS OF ANY KIND, either express or implied. See the License for
+ the specific language governing permissions and limitations under the License.
+ -->
+
+<assembly>
+ <id>archive</id>
+ <formats>
+ <format>tar.gz</format>
+ </formats>
+ <includeBaseDirectory>false</includeBaseDirectory>
+ <fileSets>
+ <fileSet>
+ <directory>${project.basedir}/target</directory>
+ <includes>
+ <include>${project.artifactId}-${project.version}.jar</include>
+ </includes>
+ <outputDirectory>lib</outputDirectory>
+ <useDefaultExcludes>true</useDefaultExcludes>
+ </fileSet>
+ <fileSet>
+ <directory>${project.basedir}/src/main/scripts</directory>
+ <includes>
+ <include>metron-config.sh</include>
+ </includes>
+ <outputDirectory>bin</outputDirectory>
+ <useDefaultExcludes>true</useDefaultExcludes>
+ <filtered>true</filtered>
+ </fileSet>
+ </fileSets>
+</assembly>
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-config-host/src/main/java/org/apache/metron/ui/ConfigApplication.java
----------------------------------------------------------------------
diff --git a/metron-interface/metron-config-host/src/main/java/org/apache/metron/ui/ConfigApplication.java b/metron-interface/metron-config-host/src/main/java/org/apache/metron/ui/ConfigApplication.java
new file mode 100644
index 0000000..d769be3
--- /dev/null
+++ b/metron-interface/metron-config-host/src/main/java/org/apache/metron/ui/ConfigApplication.java
@@ -0,0 +1,31 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.ui;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.ComponentScans;
+
+@SpringBootApplication
+@ComponentScans(value = { @ComponentScan, @ComponentScan(basePackageClasses = MetronSecurityConfig.class) })
+public class ConfigApplication extends AbstractHostApplication {
+ public static void main(String[] args) {
+ SpringApplication.run(ConfigApplication.class, args);
+ }
+}
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-config-host/src/main/resources/application.yml
----------------------------------------------------------------------
diff --git a/metron-interface/metron-config-host/src/main/resources/application.yml b/metron-interface/metron-config-host/src/main/resources/application.yml
new file mode 100644
index 0000000..906b739
--- /dev/null
+++ b/metron-interface/metron-config-host/src/main/resources/application.yml
@@ -0,0 +1,34 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+metron:
+ version: 0.5.0
+
+logging:
+ level:
+ root: INFO
+
+server:
+ port: 4200
+
+zuul:
+ routes:
+ rest:
+ path: /api/v1/**
+ url: http://localhost:8082/api/v1
+
+ribbon:
+ ConnectTimeout: 3000
+ ReadTimeout: 60000
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-config-host/src/main/scripts/metron-config.sh
----------------------------------------------------------------------
diff --git a/metron-interface/metron-config-host/src/main/scripts/metron-config.sh b/metron-interface/metron-config-host/src/main/scripts/metron-config.sh
new file mode 100644
index 0000000..5d4d72a
--- /dev/null
+++ b/metron-interface/metron-config-host/src/main/scripts/metron-config.sh
@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+if [ -z "${METRON_SSL_PASSWORD}" ]; then
+ echo "METRON_SSL_PASSWORD unset."
+fi
+
+METRON_VERSION=${project.version}
+METRON_HOME="${METRON_HOME:-/usr/metron/${METRON_VERSION}}"
+METRON_SYSCONFIG="${METRON_SYSCONFIG:-/etc/default/metron}"
+
+echo "METRON_VERSION=${METRON_VERSION}"
+echo "METRON_HOME=${METRON_HOME}"
+echo "METRON_SYSCONFIG=${METRON_SYSCONFIG}"
+
+if [ -f "$METRON_SYSCONFIG" ]; then
+ echo "METRON_SYSCONFIG=${METRON_SYSCONFIG}"
+ set -a
+ . "$METRON_SYSCONFIG"
+fi
+
+echo "METRON_SPRING_PROFILES_ACTIVE=${METRON_SPRING_PROFILES_ACTIVE}"
+
+METRON_CONFIG_LOCATION=" --spring.config.location=classpath:/application.yml,$METRON_HOME/config/config_ui.yml"
+echo "METRON_CONFIG_LOCATION=${METRON_CONFIG_LOCATION}"
+METRON_SPRING_OPTIONS+=${METRON_CONFIG_LOCATION}
+
+# Find the metron alerts jar
+files=( "${METRON_HOME}/lib/metron-config-host-*.jar" )
+echo "Default metron-alerts-host jar is: ${files[0]}"
+APP_JAR="${files[0]}"
+
+export CONF_FOLDER=$METHRON_HOME/config
+export LOG_FOLDER=/var/log/metron/
+export PID_FOLDER=/var/run/metron/
+export RUN_ARGS=$METRON_SPRING_OPTIONS
+export APP_NAME=metron-config
+export MODE=service
+${APP_JAR} $1
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-config/.gitignore
----------------------------------------------------------------------
diff --git a/metron-interface/metron-config/.gitignore b/metron-interface/metron-config/.gitignore
index 4be186c..82c2d7a 100644
--- a/metron-interface/metron-config/.gitignore
+++ b/metron-interface/metron-config/.gitignore
@@ -40,3 +40,6 @@ testem.log
#System Files
.DS_Store
Thumbs.db
+
+# Build Files
+bin/
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-config/assembly.xml
----------------------------------------------------------------------
diff --git a/metron-interface/metron-config/assembly.xml b/metron-interface/metron-config/assembly.xml
deleted file mode 100644
index c07fbd6..0000000
--- a/metron-interface/metron-config/assembly.xml
+++ /dev/null
@@ -1,65 +0,0 @@
-<!--
- Licensed to the Apache Software
- Foundation (ASF) under one or more contributor license agreements. See the
- NOTICE file distributed with this work for additional information regarding
- copyright ownership. The ASF licenses this file to You under the Apache License,
- Version 2.0 (the "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software distributed
- under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
- OR CONDITIONS OF ANY KIND, either express or implied. See the License for
- the specific language governing permissions and limitations under the License.
- -->
-
-<assembly>
- <id>archive</id>
- <formats>
- <format>tar.gz</format>
- </formats>
- <includeBaseDirectory>false</includeBaseDirectory>
- <fileSets>
- <fileSet>
- <directory>${project.basedir}/dist</directory>
- <outputDirectory>web/management-ui</outputDirectory>
- <excludes>
- <exclude>**/.npmignore</exclude>
- </excludes>
- <fileMode>0644</fileMode>
- </fileSet>
- <fileSet>
- <directory>${project.basedir}/scripts</directory>
- <outputDirectory>web/expressjs</outputDirectory>
- <includes>
- <include>package.json</include>
- <include>server.js</include>
- </includes>
- <fileMode>0644</fileMode>
- </fileSet>
- <fileSet>
- <directory>${project.basedir}/scripts</directory>
- <outputDirectory>bin</outputDirectory>
- <useDefaultExcludes>true</useDefaultExcludes>
- <includes>
- <include>metron-management-ui</include>
- </includes>
- <fileMode>0755</fileMode>
- <lineEnding>unix</lineEnding>
- <filtered>true</filtered>
- </fileSet>
- <fileSet>
- <directory>${project.basedir}</directory>
- <outputDirectory>web/management-ui/license</outputDirectory>
- <includes>
- <include>LICENSE</include>
- <include>NOTICE</include>
- </includes>
- <fileMode>0644</fileMode>
- </fileSet>
- </fileSets>
- <files>
- <file>
- <source>src/favicon.ico</source>
- <outputDirectory>web/management-ui</outputDirectory>
- </file>
- </files>
-</assembly>
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-config/pom.xml
----------------------------------------------------------------------
diff --git a/metron-interface/metron-config/pom.xml b/metron-interface/metron-config/pom.xml
index 14acdc6..e48515b 100644
--- a/metron-interface/metron-config/pom.xml
+++ b/metron-interface/metron-config/pom.xml
@@ -12,133 +12,123 @@
the specific language governing permissions and limitations under the License.
-->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.apache.metron</groupId>
- <artifactId>metron-interface</artifactId>
- <version>0.5.1</version>
- </parent>
- <artifactId>metron-config</artifactId>
- <url>https://metron.apache.org/</url>
- <properties>
- <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
- <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
- <node.version>v6.2.0</node.version>
- <npm.version>3.8.9</npm.version>
- </properties>
- <dependencies>
- </dependencies>
-
- <build>
- <plugins>
- <plugin>
- <groupId>com.github.eirslett</groupId>
- <artifactId>frontend-maven-plugin</artifactId>
- <version>1.3</version>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.metron</groupId>
+ <artifactId>metron-interface</artifactId>
+ <version>0.5.1</version>
+ </parent>
+ <artifactId>metron-config</artifactId>
+ <url>https://metron.apache.org/</url>
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+ <node.version>v7.10.0</node.version>
+ <npm.version>4.2.0</npm.version>
+ </properties>
+ <dependencies>
+ </dependencies>
+ <build>
+ <resources>
+ <resource>
+ <directory>dist</directory>
+ <targetPath>public</targetPath>
+ </resource>
+ </resources>
+ <plugins>
+ <plugin>
+ <groupId>com.github.eirslett</groupId>
+ <artifactId>frontend-maven-plugin</artifactId>
+ <version>1.3</version>
+ <configuration>
+ <workingDirectory>./</workingDirectory>
+ <nodeVersion>${node.version}</nodeVersion>
+ <npmVersion>${npm.version}</npmVersion>
+ <npmInheritsProxyConfigFromMaven>false</npmInheritsProxyConfigFromMaven>
+ </configuration>
+ <executions>
+ <execution>
+ <phase>generate-resources</phase>
+ <id>install node and npm</id>
+ <goals>
+ <goal>install-node-and-npm</goal>
+ </goals>
+ </execution>
+ <execution>
+ <phase>generate-resources</phase>
+ <id>npm install</id>
+ <goals>
+ <goal>npm</goal>
+ </goals>
+ <configuration>
+ <arguments>install</arguments>
+ </configuration>
+ </execution>
+ <execution>
+ <phase>generate-resources</phase>
+ <id>ng build</id>
+ <goals>
+ <goal>npm</goal>
+ </goals>
<configuration>
- <workingDirectory>./</workingDirectory>
- <nodeVersion>${node.version}</nodeVersion>
- <npmVersion>${npm.version}</npmVersion>
- <npmInheritsProxyConfigFromMaven>false</npmInheritsProxyConfigFromMaven>
+ <arguments>run build</arguments>
</configuration>
- <executions>
- <execution>
- <phase>generate-resources</phase>
- <id>install node and npm</id>
- <goals>
- <goal>install-node-and-npm</goal>
- </goals>
- </execution>
- <execution>
- <phase>generate-resources</phase>
- <id>npm install</id>
- <goals>
- <goal>npm</goal>
- </goals>
- <configuration>
- <arguments>install</arguments>
- </configuration>
- </execution>
- <execution>
- <phase>generate-resources</phase>
- <id>ng build</id>
- <goals>
- <goal>npm</goal>
- </goals>
- <configuration>
- <arguments>run build</arguments>
- </configuration>
- </execution>
- <execution>
- <id>npm test</id>
- <goals>
- <goal>npm</goal>
- </goals>
- <phase>test</phase>
- <configuration>
- <arguments>test</arguments>
- </configuration>
- </execution>
- </executions>
- </plugin>
- <plugin>
- <artifactId>maven-clean-plugin</artifactId>
- <version>3.0.0</version>
+ </execution>
+ <execution>
+ <id>npm test</id>
+ <goals>
+ <goal>npm</goal>
+ </goals>
+ <phase>test</phase>
<configuration>
- <filesets>
- <fileset>
- <directory>coverage</directory>
- <followSymlinks>false</followSymlinks>
- </fileset>
- <fileset>
- <directory>dist</directory>
- <followSymlinks>false</followSymlinks>
- </fileset>
- <fileset>
- <directory>node</directory>
- <followSymlinks>false</followSymlinks>
- </fileset>
- <fileset>
- <directory>node_modules</directory>
- <followSymlinks>false</followSymlinks>
- </fileset>
- </filesets>
+ <arguments>test</arguments>
</configuration>
- </plugin>
- <plugin>
- <artifactId>maven-assembly-plugin</artifactId>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <artifactId>maven-clean-plugin</artifactId>
+ <version>3.0.0</version>
+ <configuration>
+ <filesets>
+ <fileset>
+ <directory>coverage</directory>
+ <followSymlinks>false</followSymlinks>
+ </fileset>
+ <fileset>
+ <directory>dist</directory>
+ <followSymlinks>false</followSymlinks>
+ </fileset>
+ <fileset>
+ <directory>node</directory>
+ <followSymlinks>false</followSymlinks>
+ </fileset>
+ <fileset>
+ <directory>node_modules</directory>
+ <followSymlinks>false</followSymlinks>
+ </fileset>
+ </filesets>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>exec-maven-plugin</artifactId>
+ <version>1.5.0</version>
+ <executions>
+ <execution>
+ <id>prepend-license-header</id>
+ <phase>prepare-package</phase>
+ <goals>
+ <goal>exec</goal>
+ </goals>
<configuration>
- <descriptor>assembly.xml</descriptor>
+ <executable>./scripts/prepend_license_header.sh</executable>
</configuration>
- <executions>
- <execution>
- <id>make-assembly</id> <!-- this is used for inheritance merges -->
- <phase>package</phase> <!-- bind to the packaging phase -->
- <goals>
- <goal>single</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- <plugin>
- <groupId>org.codehaus.mojo</groupId>
- <artifactId>exec-maven-plugin</artifactId>
- <version>1.5.0</version>
- <executions>
- <execution>
- <id>prepend-license-header</id>
- <phase>prepare-package</phase>
- <goals>
- <goal>exec</goal>
- </goals>
- <configuration>
- <executable>./scripts/prepend_license_header.sh</executable>
- </configuration>
- </execution>
- </executions>
- </plugin>
- </plugins>
- </build>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
</project>
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-config/scripts/metron-management-ui
----------------------------------------------------------------------
diff --git a/metron-interface/metron-config/scripts/metron-management-ui b/metron-interface/metron-config/scripts/metron-management-ui
deleted file mode 100644
index 76b9be8..0000000
--- a/metron-interface/metron-config/scripts/metron-management-ui
+++ /dev/null
@@ -1,159 +0,0 @@
-#!/usr/bin/env bash
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# metron management UI service
-# chkconfig: - 20 80
-# description: Management UI
-# processname: metron-management-ui
-#
-
-# all LSB compliant distributions provide the following
-# http://refspecs.linuxbase.org/LSB_3.0.0/LSB-PDA/LSB-PDA/iniscrptfunc.html
-if [ -f /lib/lsb/init-functions ]; then
- . /lib/lsb/init-functions
-fi
-
-NAME=metron-management-ui
-DESC="Metron Management UI"
-METRON_VERSION=${project.version}
-METRON_HOME=/usr/metron/$METRON_VERSION
-METRON_LOG_DIR="/var/log/metron"
-METRON_PID_DIR="/var/run/metron"
-METRON_USER="metron"
-METRON_GROUP="metron"
-METRON_SYSCONFIG="/etc/default/metron"
-if [ -f "$METRON_SYSCONFIG" ]; then
- set -a
- . "$METRON_SYSCONFIG"
-fi
-
-PIDFILE="$METRON_PID_DIR/$NAME.pid"
-
-DAEMON="node $METRON_HOME/web/expressjs/server.js -c $METRON_HOME/config/management_ui.yml"
-
-#
-# start the rest application
-#
-start() {
-
- # if pidfile exists, do not start another
- if [ -f $PIDFILE ]; then
- PID=`cat $PIDFILE`
- printf "OK [$PID]\n"
- return
- fi
-
- if [ ! -d "$METRON_LOG_DIR" ]; then
- mkdir -p "$METRON_LOG_DIR" && chown "$METRON_USER":"$METRON_GROUP" "$METRON_LOG_DIR"
- fi
-
- if [ ! -d "$METRON_PID_DIR" ]; then
- mkdir -p "$METRON_PID_DIR" && chown "$METRON_USER":"$METRON_GROUP" "$METRON_PID_DIR"
- fi
-
- # kick-off the daemon
- CMD="$DAEMON >> $METRON_LOG_DIR/$NAME.log 2>&1 & echo \$!"
- PID=`su -c "$CMD" $METRON_USER`
-
- if [ -z $PID ]; then
- printf "Fail\n"
- else
- echo $PID > $PIDFILE
- printf "Ok [$PID]\n"
- fi
-}
-
-#
-# stop the rest application
-#
-stop() {
- if [ -f $PIDFILE ]; then
- PID=`cat $PIDFILE`
- while sleep 1
- echo -n "."
- kill -0 $PID >/dev/null 2>&1
- do
- kill $PID
- done
- rm -f $PIDFILE
- printf "%s\n" "Ok"
- else
- printf "%s\n" "Not running"
- fi
-}
-
-#
-# status check of the rest application
-#
-status() {
- if [ -f $PIDFILE ]; then
- PID=`cat $PIDFILE`
- if [ -z "`ps axf | grep ${PID} | grep -v grep`" ]; then
- printf "%s\n" "Process dead but pidfile exists"
- else
- echo "Running"
- fi
- else
- printf "%s\n" "Service not running"
- fi
-}
-
-case "$1" in
-
- ##############################################################################
- # start
- #
- start)
- printf "%-50s \n" "Starting $NAME..."
- start
- ;;
-
- ##############################################################################
- # status
- #
- status)
- printf "%-50s \n" "Checking $NAME..."
- status
- ;;
-
- ##############################################################################
- # stop
- #
- stop)
- printf "%-50s \n" "Stopping $NAME..."
- stop
- ;;
-
- ##############################################################################
- # restart
- #
- restart)
- $0 stop
- $0 start
- ;;
-
- ##############################################################################
- # reload
- #
- reload)
- ;;
-
- *)
- echo "Usage: $0 {status|start|stop|restart}"
- exit 1
-esac
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-config/scripts/package.json
----------------------------------------------------------------------
diff --git a/metron-interface/metron-config/scripts/package.json b/metron-interface/metron-config/scripts/package.json
deleted file mode 100644
index 24d17e0..0000000
--- a/metron-interface/metron-config/scripts/package.json
+++ /dev/null
@@ -1,22 +0,0 @@
-{
- "name": "metron-management-ui-web-server",
- "version": "0.5.1",
- "description": "Metron management ui web server",
- "main": "server.js",
- "dependencies": {
- "compression": "1.6.2",
- "express": "4.15.2",
- "http-proxy-middleware": "0.17.4",
- "optimist": "0.6.1",
- "serve-favicon": "2.4.2",
- "serve-static": "1.12.1",
- "yamljs": "0.2.9"
- },
- "devDependencies": {},
- "scripts": {
- "start": "node server.js"
- },
- "private": true,
- "author": "",
- "license": "Apache-2.0"
-}
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-config/scripts/server.js
----------------------------------------------------------------------
diff --git a/metron-interface/metron-config/scripts/server.js b/metron-interface/metron-config/scripts/server.js
deleted file mode 100755
index 7c8ee9e..0000000
--- a/metron-interface/metron-config/scripts/server.js
+++ /dev/null
@@ -1,76 +0,0 @@
-#!/usr/bin/env node
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-'use strict';
-
-var os = require('os');
-var app = require('express')();
-var path = require('path');
-var compression = require('compression');
-var serveStatic = require('serve-static');
-var favicon = require('serve-favicon');
-var proxy = require('http-proxy-middleware');
-var argv = require('optimist')
- .demand(['c'])
- .alias('c', 'config_file')
- .usage('Usage: server.js -c [config_file]')
- .describe('c', 'Path to management_ui.yml')
- .argv;
-var YAML = require('yamljs');
-
-var metronUIAddress = '';
-var ifaces = os.networkInterfaces();
-var uiConfig = YAML.load(argv.c);
-
-Object.keys(ifaces).forEach(function (dev) {
- ifaces[dev].forEach(function (details) {
- if (details.family === 'IPv4') {
- metronUIAddress += '\n';
- metronUIAddress += 'http://' + details.address + ':' + uiConfig.port;
- }
- });
-});
-
-function setCustomCacheControl (res, path) {
- if (serveStatic.mime.lookup(path) === 'text/html') {
- res.setHeader('Cache-Control', 'public, max-age=10')
- }
- res.setHeader("Expires", new Date(Date.now() + 2592000000).toUTCString());
-}
-
-app.use(compression());
-
-var restUrl = 'http://' + uiConfig.rest.host + ':' + uiConfig.rest.port;
-app.use('/api/v1', proxy(restUrl));
-app.use('/logout', proxy(restUrl));
-
-app.use(favicon(path.join(__dirname, '../management-ui/favicon.ico')));
-
-app.use(serveStatic(path.join(__dirname, '../management-ui'), {
- maxAge: '1d',
- setHeaders: setCustomCacheControl
-}));
-
-app.get('*', function(req, res){
- res.sendFile(path.join(__dirname, '../management-ui/index.html'));
-});
-
-app.listen(uiConfig.port, function(){
- console.log("Metron server listening on " + metronUIAddress);
-});
[2/3] metron git commit: METRON-1665 Move hosting of Alerts and
Config UIs from Nodejs to Spring Boot (simonellistonball via merrimanr)
closes apache/metron#1111
Posted by rm...@apache.org.
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-rest/README.md
----------------------------------------------------------------------
diff --git a/metron-interface/metron-rest/README.md b/metron-interface/metron-rest/README.md
index 44594f7..42c3d0b 100644
--- a/metron-interface/metron-rest/README.md
+++ b/metron-interface/metron-rest/README.md
@@ -25,7 +25,6 @@ This module provides a RESTful API for interacting with Metron.
* A running real-time store, either Elasticsearch or Solr depending on which one is enabled
* Java 8 installed
* Storm CLI and Metron topology scripts (start_parser_topology.sh, start_enrichment_topology.sh, start_elasticsearch_topology.sh) installed
-* A relational database
## Installation
@@ -66,10 +65,6 @@ No optional parameter has a default.
| Environment Variable | Description
| ------------------------------------- | -----------
-| METRON_JDBC_DRIVER | JDBC driver class
-| METRON_JDBC_URL | JDBC url
-| METRON_JDBC_USERNAME | JDBC username
-| METRON_JDBC_PLATFORM | JDBC platform (one of h2, mysql, postgres, oracle
| ZOOKEEPER | Zookeeper quorum (ex. node1:2181,node2:2181)
| BROKERLIST | Kafka Broker list (ex. node1:6667,node2:6667)
| HDFS_URL | HDFS url or `fs.defaultFS` Hadoop setting (ex. hdfs://node1:8020)
@@ -80,7 +75,6 @@ No optional parameter has a default.
| METRON_LOG_DIR | Directory where the log file is written | Optional | /var/log/metron/
| METRON_PID_FILE | File where the pid is written | Optional | /var/run/metron/
| METRON_REST_PORT | REST application port | Optional | 8082
-| METRON_JDBC_CLIENT_PATH | Path to JDBC client jar | Optional | H2 is bundled
| METRON_TEMP_GROK_PATH | Temporary directory used to test grok statements | Optional | ./patterns/temp
| METRON_DEFAULT_GROK_PATH | Defaults HDFS directory used to store grok statements | Optional | /apps/metron/patterns
| SECURITY_ENABLED | Enables Kerberos support | Optional | false
@@ -96,27 +90,6 @@ No optional parameter has a default.
These are set in the `/etc/default/metron` file.
-## Database setup
-
-The REST application persists data in a relational database and requires a dedicated database user and database (see https://docs.spring.io/spring-boot/docs/current/reference/html/boot-features-sql.html for more detail).
-Spring uses Hibernate as the default ORM framework but another framework is needed becaused Hibernate is not compatible with the Apache 2 license. For this reason Metron uses [EclipseLink](https://docs.spring.io/spring-boot/docs/current/reference/html/boot-features-sql.html#boot-features-embedded-database-support). See the [Spring Data JPA - EclipseLink](https://github.com/spring-projects/spring-data-examples/tree/master/jpa/eclipselink) project for an example on how to configure EclipseLink in Spring.
-
-### Development
-
-The REST application comes with [embedded database support](https://docs.spring.io/spring-boot/docs/current/reference/html/boot-features-sql.html#boot-features-embedded-database-support) for development purposes.
-
-For example, edit these variables in `/etc/default/metron` before starting the application to configure H2:
-```
-METRON_JDBC_DRIVER="org.h2.Driver"
-METRON_JDBC_URL="jdbc:h2:file:~/metrondb"
-METRON_JDBC_USERNAME="root"
-METRON_JDBC_PLATFORM="h2"
-```
-
-### Production
-
-The REST application should be configured with a production-grade database outside of development.
-
#### Ambari Install
Installing with Ambari is recommended for production deployments.
@@ -125,48 +98,17 @@ This includes managing the PID file, directing logging, etc.
#### Manual Install
-The following configures the application for MySQL:
-
-1. Install MySQL if not already available (this example uses version 5.7, installation instructions can be found [here](https://dev.mysql.com/doc/refman/5.7/en/linux-installation-yum-repo.html))
-
-1. Create a metron user and REST database and permission the user for that database:
- ```
- CREATE USER 'metron'@'node1' IDENTIFIED BY 'Myp@ssw0rd';
- CREATE DATABASE IF NOT EXISTS metronrest;
- GRANT ALL PRIVILEGES ON metronrest.* TO 'metron'@'node1';
- ```
-
-1. Create the security tables as described in the [Spring Security Guide](https://docs.spring.io/spring-security/site/docs/5.0.4.RELEASE/reference/htmlsingle/#user-schema).
-
-1. Install the MySQL JDBC client onto the REST application host and configurate the METRON_JDBC_CLIENT_PATH variable:
- ```
- cd $METRON_HOME/lib
- wget https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-5.1.41.tar.gz
- tar xf mysql-connector-java-5.1.41.tar.gz
- ```
-
-1. Edit these variables in `/etc/default/metron` to configure the REST application for MySQL:
- ```
- METRON_JDBC_DRIVER="com.mysql.jdbc.Driver"
- METRON_JDBC_URL="jdbc:mysql://mysql_host:3306/metronrest"
- METRON_JDBC_USERNAME="metron"
- METRON_JDBC_PLATFORM="mysql"
- METRON_JDBC_CLIENT_PATH=$METRON_HOME/lib/mysql-connector-java-5.1.41/mysql-connector-java-5.1.41-bin.jar
- ```
-
1. Switch to the metron user
```
sudo su - metron
```
-1. Start the REST API. Adjust the password as necessary.
+1. Start the REST API.
```
set -o allexport;
source /etc/default/metron;
set +o allexport;
- export METRON_JDBC_PASSWORD='Myp@ssw0rd';
$METRON_HOME/bin/metron-rest.sh
- unset METRON_JDBC_PASSWORD;
```
## Usage
@@ -177,13 +119,40 @@ The REST application can be accessed with the Swagger UI at http://host:port/swa
### Authentication
-The metron-rest module uses [Spring Security](http://projects.spring.io/spring-security/) for authentication and stores user credentials in the relational database configured above. The required tables are created automatically the first time the application is started so that should be done first. For example (continuing the MySQL example above), users can be added by connecting to MySQL and running:
+The metron-rest module uses [Spring Security](http://projects.spring.io/spring-security/) for authentication, and supports LDAP based authentication and [Knox SSO](https://knox.apache.org/books/knox-1-1-0/user-guide.html#KnoxSSO+Setup+and+Configuration) based authentication using jwt tokens.
+
+To configure LDAP based application add the following to the rest_application.yml file (note, this would usually be done via the Ambari configuration interface):
+
```
-use metronrest;
-insert into users (username, password, enabled) values ('your_username','your_password',1);
-insert into authorities (username, authority) values ('your_username', 'ROLE_USER');
+ldap:
+ provider:
+ url: ldap://node1:33389
+ userdn: uid=admin,ou=people,dc=hadoop,dc=apache,dc=org
+ password: admin-password
+ user:
+ dn.patterns: uid={0},ou=people,dc=hadoop,dc=apache,dc=org
+ passwordAttribute: userPassword
+ searchBase: ou=people,dc=hadoop,dc=apache,dc=org
+ searchFilter: ""
+ group:
+ searchBase: ou=groups,dc=hadoop,dc=apache,dc=org
+ searchFilter: "member={0}"
+ roleAttribute: "cn"
```
+This example assumes you are using the Demo LDAP server provided by the Knox project, running on a host call node1 (as in full dev) on port 33389.
+
+To configure the use of Knox SSO, add:
+
+```
+knox:
+ sso:
+ url: 'https://{gateway_host}:{gateway_port}/gateway/knoxsso/api/v1/websso'
+ pubkey: '<public key from your Knox gateway server>'
+```
+
+This would usually be done with through Ambari.
+
### Kerberos
Metron REST can be configured for a cluster with Kerberos enabled. A client JAAS file is required for Kafka and Zookeeper and a Kerberos keytab for the metron user principal is required for all other services. Configure these settings in the `/etc/default/metron` file:
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-rest/pom.xml
----------------------------------------------------------------------
diff --git a/metron-interface/metron-rest/pom.xml b/metron-interface/metron-rest/pom.xml
index 543d5b4..d9d4bfe 100644
--- a/metron-interface/metron-rest/pom.xml
+++ b/metron-interface/metron-rest/pom.xml
@@ -29,7 +29,6 @@
<antlr.version>4.5</antlr.version>
<curator.version>2.7.1</curator.version>
<powermock.version>1.6.4</powermock.version>
- <spring.boot.version>2.0.1.RELEASE</spring.boot.version>
<spring.kerberos.version>1.0.1.RELEASE</spring.kerberos.version>
<swagger.version>2.5.0</swagger.version>
<mysql.client.version>5.1.40</mysql.client.version>
@@ -91,8 +90,9 @@
</exclusions>
</dependency>
<dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-security</artifactId>
+ <groupId>org.apache.metron</groupId>
+ <artifactId>metron-ui-security</artifactId>
+ <version>${project.parent.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security.kerberos</groupId>
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-rest/src/main/java/org/apache/metron/rest/MetronRestApplication.java
----------------------------------------------------------------------
diff --git a/metron-interface/metron-rest/src/main/java/org/apache/metron/rest/MetronRestApplication.java b/metron-interface/metron-rest/src/main/java/org/apache/metron/rest/MetronRestApplication.java
index 52cdf8f..b315de6 100644
--- a/metron-interface/metron-rest/src/main/java/org/apache/metron/rest/MetronRestApplication.java
+++ b/metron-interface/metron-rest/src/main/java/org/apache/metron/rest/MetronRestApplication.java
@@ -18,21 +18,23 @@
package org.apache.metron.rest;
import org.apache.metron.rest.util.ParserIndex;
+import org.apache.metron.ui.MetronSecurityConfig;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.gson.GsonAutoConfiguration;
import org.springframework.boot.autoconfigure.kafka.KafkaAutoConfiguration;
-
-import static org.apache.metron.rest.MetronRestConstants.LOGGING_SYSTEM_PROPERTY;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.ComponentScans;
@SpringBootApplication
@EnableAutoConfiguration(exclude = { GsonAutoConfiguration.class, KafkaAutoConfiguration.class })
+@ComponentScans(value = { @ComponentScan, @ComponentScan(basePackageClasses = MetronSecurityConfig.class) })
public class MetronRestApplication {
- public static void main(String[] args) {
- ParserIndex.reload();
- System.setProperty(LOGGING_SYSTEM_PROPERTY, "none");
- SpringApplication.run(MetronRestApplication.class, args);
- }
+ public static void main(String[] args) {
+ ParserIndex.reload();
+ System.setProperty(MetronRestConstants.LOGGING_SYSTEM_PROPERTY, "none");
+ SpringApplication.run(MetronRestApplication.class, args);
+ }
}
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-rest/src/main/java/org/apache/metron/rest/config/WebSecurityConfig.java
----------------------------------------------------------------------
diff --git a/metron-interface/metron-rest/src/main/java/org/apache/metron/rest/config/WebSecurityConfig.java b/metron-interface/metron-rest/src/main/java/org/apache/metron/rest/config/WebSecurityConfig.java
deleted file mode 100644
index f84cdfa..0000000
--- a/metron-interface/metron-rest/src/main/java/org/apache/metron/rest/config/WebSecurityConfig.java
+++ /dev/null
@@ -1,108 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.metron.rest.config;
-
-import static org.apache.metron.rest.MetronRestConstants.SECURITY_ROLE_ADMIN;
-import static org.apache.metron.rest.MetronRestConstants.SECURITY_ROLE_USER;
-
-import org.apache.metron.rest.MetronRestConstants;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.core.env.Environment;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.security.crypto.password.NoOpPasswordEncoder;
-import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler;
-import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-
-import javax.sql.DataSource;
-import java.util.Arrays;
-import java.util.List;
-
-@Configuration
-@EnableWebSecurity
-@EnableGlobalMethodSecurity(securedEnabled = true)
-@Controller
-public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
-
- @Autowired
- private Environment environment;
-
- @RequestMapping(value = {"/login", "/logout", "/sensors", "/sensors*/**"}, method = RequestMethod.GET)
- public String handleNGRequests() {
- return "forward:/index.html";
- }
-
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http
- .authorizeRequests()
- .antMatchers("/", "/home", "/login").permitAll()
- .antMatchers("/app/**").permitAll()
- .antMatchers("/vendor/**").permitAll()
- .antMatchers("/fonts/**").permitAll()
- .antMatchers("/assets/images/**").permitAll()
- .antMatchers("/*.js").permitAll()
- .antMatchers("/*.ttf").permitAll()
- .antMatchers("/*.woff2").permitAll()
- .anyRequest().authenticated()
- .and().httpBasic()
- .and()
- .logout()
- .logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler())
- .invalidateHttpSession(true)
- .deleteCookies("JSESSIONID");
- if (Arrays.asList(environment.getActiveProfiles()).contains(MetronRestConstants.CSRF_ENABLE_PROFILE)) {
- http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
- } else {
- http.csrf().disable();
- }
- }
-
- @Autowired
- private DataSource dataSource;
-
- @Autowired
- public void configureJdbc(AuthenticationManagerBuilder auth) throws Exception {
- List<String> activeProfiles = Arrays.asList(environment.getActiveProfiles());
- if (activeProfiles.contains(MetronRestConstants.DEV_PROFILE) ||
- activeProfiles.contains(MetronRestConstants.TEST_PROFILE)) {
- auth.jdbcAuthentication().dataSource(dataSource)
- .withUser("user").password("password").roles(SECURITY_ROLE_USER).and()
- .withUser("user1").password("password").roles(SECURITY_ROLE_USER).and()
- .withUser("user2").password("password").roles(SECURITY_ROLE_USER).and()
- .withUser("admin").password("password").roles(SECURITY_ROLE_USER, SECURITY_ROLE_ADMIN);
- } else {
- auth.jdbcAuthentication().dataSource(dataSource);
- }
- }
-
- @Bean
- public PasswordEncoder passwordEncoder() {
- return NoOpPasswordEncoder.getInstance();
- }
-}
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-rest/src/main/java/org/apache/metron/rest/controller/AlertsUIController.java
----------------------------------------------------------------------
diff --git a/metron-interface/metron-rest/src/main/java/org/apache/metron/rest/controller/AlertsUIController.java b/metron-interface/metron-rest/src/main/java/org/apache/metron/rest/controller/AlertsUIController.java
index fe2968f..660eb18 100644
--- a/metron-interface/metron-rest/src/main/java/org/apache/metron/rest/controller/AlertsUIController.java
+++ b/metron-interface/metron-rest/src/main/java/org/apache/metron/rest/controller/AlertsUIController.java
@@ -34,6 +34,8 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.annotation.Secured;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.core.parameters.P;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
@@ -103,7 +105,7 @@ public class AlertsUIController {
return responseEntity;
}
- @Secured({"ROLE_" + SECURITY_ROLE_ADMIN})
+ @PreAuthorize("hasRole('ROLE_" + SECURITY_ROLE_ADMIN + "') or #user == authentication.principal.username")
@ApiOperation(value = "Deletes a user's settings. Only users that are part of "
+ "the \"ROLE_ADMIN\" role are allowed to delete user settings.")
@ApiResponses(value = {@ApiResponse(message = "User settings were deleted", code = 200),
@@ -113,7 +115,7 @@ public class AlertsUIController {
@RequestMapping(value = "/settings/{user}", method = RequestMethod.DELETE)
ResponseEntity<Void> delete(
@ApiParam(name = "user", value = "The user whose settings will be deleted", required = true)
- @PathVariable String user)
+ @P("user") @PathVariable String user)
throws RestException {
if (alertsUIService.deleteAlertsUIUserSettings(user)) {
return new ResponseEntity<>(HttpStatus.OK);
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-rest/src/main/resources/application-test.yml
----------------------------------------------------------------------
diff --git a/metron-interface/metron-rest/src/main/resources/application-test.yml b/metron-interface/metron-rest/src/main/resources/application-test.yml
index 0e794cb..e6532fa 100644
--- a/metron-interface/metron-rest/src/main/resources/application-test.yml
+++ b/metron-interface/metron-rest/src/main/resources/application-test.yml
@@ -59,3 +59,22 @@ meta:
dao:
# By default, we use the InMemoryMetaAlertDao for our tests
impl: org.apache.metron.indexing.dao.InMemoryMetaAlertDao
+
+knox:
+ sso:
+ url:
+
+ldap:
+ provider:
+ url: ldap://localhost:33389
+ userdn: uid=admin,ou=people,dc=hadoop,dc=apache,dc=org
+ password: password
+ user:
+ dn.patterns: uid={0},ou=people,dc=hadoop,dc=apache,dc=org
+ passwordAttribute: userPassword
+ searchBase: ou=people,dc=hadoop,dc=apache,dc=org
+ searchFilter: ""
+ group:
+ searchBase: ou=groups,dc=hadoop,dc=apache,dc=org
+ searchFilter: "member={0}"
+ roleAttribute: "cn"
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-rest/src/main/scripts/metron-rest.sh
----------------------------------------------------------------------
diff --git a/metron-interface/metron-rest/src/main/scripts/metron-rest.sh b/metron-interface/metron-rest/src/main/scripts/metron-rest.sh
index c0c9fac..728b60b 100644
--- a/metron-interface/metron-rest/src/main/scripts/metron-rest.sh
+++ b/metron-interface/metron-rest/src/main/scripts/metron-rest.sh
@@ -81,10 +81,15 @@ echo "METRON_SPRING_PROFILES_ACTIVE=${METRON_SPRING_PROFILES_ACTIVE}"
# the vagrant Spring profile provides configuration values, otherwise configuration is provided by rest_application.yml
if [[ !(${METRON_SPRING_PROFILES_ACTIVE} == *"vagrant"*) ]]; then
- METRON_CONFIG_LOCATION=" --spring.config.location=$METRON_HOME/config/rest_application.yml,classpath:/application.yml"
+ METRON_CONFIG_LOCATION=" --spring.config.location=classpath:/application.yml,$METRON_HOME/config/rest_application.yml,$METRON_HOME/config/rest_security.yml"
+ echo "METRON_CONFIG_LOCATION=${METRON_CONFIG_LOCATION}"
+ METRON_SPRING_OPTIONS+=${METRON_CONFIG_LOCATION}
+else
+ METRON_CONFIG_LOCATION=" --spring.config.location=classpath:/application-vagrant.yml,$METRON_HOME/config/rest_application.yml,$METRON_HOME/config/rest_security.yml"
echo "METRON_CONFIG_LOCATION=${METRON_CONFIG_LOCATION}"
METRON_SPRING_OPTIONS+=${METRON_CONFIG_LOCATION}
fi
+
METRON_SPRING_OPTIONS+=" --server.port=$METRON_REST_PORT"
if [ ${METRON_SPRING_PROFILES_ACTIVE} ]; then
METRON_PROFILES_ACTIVE=" --spring.profiles.active=${METRON_SPRING_PROFILES_ACTIVE}"
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-rest/src/test/java/org/apache/metron/rest/config/TestSecurityConfig.java
----------------------------------------------------------------------
diff --git a/metron-interface/metron-rest/src/test/java/org/apache/metron/rest/config/TestSecurityConfig.java b/metron-interface/metron-rest/src/test/java/org/apache/metron/rest/config/TestSecurityConfig.java
new file mode 100644
index 0000000..04e82b9
--- /dev/null
+++ b/metron-interface/metron-rest/src/test/java/org/apache/metron/rest/config/TestSecurityConfig.java
@@ -0,0 +1,44 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.rest.config;
+
+import static org.apache.metron.rest.MetronRestConstants.SECURITY_ROLE_ADMIN;
+import static org.apache.metron.rest.MetronRestConstants.SECURITY_ROLE_USER;
+import static org.apache.metron.rest.MetronRestConstants.TEST_PROFILE;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.test.context.ActiveProfiles;
+
+@Configuration
+@ActiveProfiles(TEST_PROFILE)
+@Order(99)
+public class TestSecurityConfig extends WebSecurityConfigurerAdapter {
+ @Override
+ public void configure(AuthenticationManagerBuilder auth) throws Exception {
+ // @formatter:off
+ auth.inMemoryAuthentication()
+ .withUser("user").password("password").roles(SECURITY_ROLE_USER).and()
+ .withUser("user1").password("password").roles(SECURITY_ROLE_USER).and()
+ .withUser("user2").password("password").roles(SECURITY_ROLE_USER).and()
+ .withUser("admin").password("password").roles(SECURITY_ROLE_USER, SECURITY_ROLE_ADMIN);
+ // @formatter:on
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-rest/src/test/java/org/apache/metron/rest/controller/AlertsUIControllerIntegrationTest.java
----------------------------------------------------------------------
diff --git a/metron-interface/metron-rest/src/test/java/org/apache/metron/rest/controller/AlertsUIControllerIntegrationTest.java b/metron-interface/metron-rest/src/test/java/org/apache/metron/rest/controller/AlertsUIControllerIntegrationTest.java
index 49863d6..98b4819 100644
--- a/metron-interface/metron-rest/src/test/java/org/apache/metron/rest/controller/AlertsUIControllerIntegrationTest.java
+++ b/metron-interface/metron-rest/src/test/java/org/apache/metron/rest/controller/AlertsUIControllerIntegrationTest.java
@@ -157,7 +157,7 @@ public class AlertsUIControllerIntegrationTest {
.andExpect(status().isUnauthorized());
this.mockMvc.perform(get(alertUrl + "/settings/all").with(httpBasic(user1, password)).with(csrf()))
.andExpect(status().isForbidden());
- this.mockMvc.perform(delete(alertUrl + "/settings/user1").with(httpBasic(user1, password)).with(csrf()))
+ this.mockMvc.perform(delete(alertUrl + "/settings/user1").with(httpBasic(user2, password)).with(csrf()))
.andExpect(status().isForbidden());
}
@@ -275,13 +275,16 @@ public class AlertsUIControllerIntegrationTest {
* @throws Exception
*/
private void alertsProfilesShouldBeProperlyDeleted() throws Exception {
-
// user1 deletes their profile
- this.mockMvc.perform(delete(alertUrl + "/settings/user1").with(httpBasic(admin, password)))
+ this.mockMvc.perform(delete(alertUrl + "/settings/user1")
+ .with(httpBasic(admin, password))
+ .with(csrf()))
.andExpect(status().isOk());
// user1 should get a 404 when trying to delete an alerts profile that doesn't exist
- this.mockMvc.perform(delete(alertUrl + "/settings/user1").with(httpBasic(admin, password)))
+ this.mockMvc.perform(delete(alertUrl + "/settings/user1")
+ .with(httpBasic(admin, password))
+ .with(csrf()))
.andExpect(status().isNotFound());
// user1 should get a 404 when trying to retrieve their alerts profile
@@ -289,7 +292,8 @@ public class AlertsUIControllerIntegrationTest {
.andExpect(status().isNotFound());
// user2's alerts profile should still exist
- this.mockMvc.perform(get(alertUrl + "/settings").with(httpBasic(user2, password)))
+ this.mockMvc.perform(get(alertUrl + "/settings")
+ .with(httpBasic(user2, password)))
.andExpect(status().isOk())
.andExpect(
content().contentType(MediaType.parseMediaType("application/json;charset=UTF-8")))
@@ -303,7 +307,9 @@ public class AlertsUIControllerIntegrationTest {
.andExpect(content().json("{\"" + user2 + "\": " + user2AlertUserSettingsJson + "}"));
// user2 deletes their profile
- this.mockMvc.perform(delete(alertUrl + "/settings/user2").with(httpBasic(admin, password)))
+ this.mockMvc.perform(delete(alertUrl + "/settings/user2")
+ .with(httpBasic(admin, password))
+ .with(csrf()))
.andExpect(status().isOk());
// user2 should get a 404 when trying to delete an alerts profile that doesn't exist
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-ui-host/pom.xml
----------------------------------------------------------------------
diff --git a/metron-interface/metron-ui-host/pom.xml b/metron-interface/metron-ui-host/pom.xml
new file mode 100644
index 0000000..82ee1f3
--- /dev/null
+++ b/metron-interface/metron-ui-host/pom.xml
@@ -0,0 +1,138 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ You under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <artifactId>metron-ui-host</artifactId>
+ <packaging>jar</packaging>
+
+ <name>Metron Generic UI Host</name>
+ <description>Spring Server to host config ui</description>
+
+ <parent>
+ <groupId>org.apache.metron</groupId>
+ <artifactId>metron-interface</artifactId>
+ <version>0.5.1</version>
+ </parent>
+
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+ <java.version>1.8</java.version>
+ <jwt.version>4.41.2</jwt.version>
+ </properties>
+
+ <dependencies>
+
+ <dependency>
+ <groupId>org.apache.metron</groupId>
+ <artifactId>metron-ui-security</artifactId>
+ <version>${project.parent.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-web</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+
+ <dependency>
+ <groupId>org.springframework.cloud</groupId>
+ <artifactId>spring-cloud-starter-netflix-zuul</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-test</artifactId>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-test</artifactId>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-test-autoconfigure</artifactId>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.directory.server</groupId>
+ <artifactId>apacheds-all</artifactId>
+ <version>1.5.4</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.metron</groupId>
+ <artifactId>metron-ui-security</artifactId>
+ <version>${project.parent.version}</version>
+ <scope>test</scope>
+ <type>test-jar</type>
+ </dependency>
+ </dependencies>
+
+ <dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>org.springframework.cloud</groupId>
+ <artifactId>spring-cloud-dependencies</artifactId>
+ <version>${spring-cloud.version}</version>
+ <type>pom</type>
+ <scope>import</scope>
+ </dependency>
+ <dependency>
+ <!-- Import dependency management from Spring Boot -->
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-dependencies</artifactId>
+ <version>${spring.boot.version}</version>
+ <type>pom</type>
+ <scope>import</scope>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-maven-plugin</artifactId>
+ <version>${spring.boot.version}</version>
+ <configuration>
+ <executable>true</executable>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+
+</project>
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-ui-host/src/main/java/org/apache/metron/ui/AbstractHostApplication.java
----------------------------------------------------------------------
diff --git a/metron-interface/metron-ui-host/src/main/java/org/apache/metron/ui/AbstractHostApplication.java b/metron-interface/metron-ui-host/src/main/java/org/apache/metron/ui/AbstractHostApplication.java
new file mode 100644
index 0000000..fd7095d
--- /dev/null
+++ b/metron-interface/metron-ui-host/src/main/java/org/apache/metron/ui/AbstractHostApplication.java
@@ -0,0 +1,28 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.ui;
+
+import org.springframework.cloud.netflix.zuul.EnableZuulProxy;
+import org.springframework.context.annotation.Configuration;
+
+public abstract class AbstractHostApplication {
+ @Configuration
+ @EnableZuulProxy
+ public static class ZuulConfig {
+ }
+}
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-ui-host/src/main/java/org/apache/metron/ui/UserController.java
----------------------------------------------------------------------
diff --git a/metron-interface/metron-ui-host/src/main/java/org/apache/metron/ui/UserController.java b/metron-interface/metron-ui-host/src/main/java/org/apache/metron/ui/UserController.java
new file mode 100644
index 0000000..d11d16f
--- /dev/null
+++ b/metron-interface/metron-ui-host/src/main/java/org/apache/metron/ui/UserController.java
@@ -0,0 +1,71 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.ui;
+
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
+import java.security.Principal;
+import java.util.List;
+import java.util.stream.Collectors;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.security.access.annotation.Secured;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.servlet.view.RedirectView;
+
+/**
+ * A trivial endpoint to ping for currently authenticated user principal
+ *
+ */
+@RestController
+public class UserController {
+ @Value("${knox.sso.url}")
+ private String knoxSSOUrl;
+
+ @RequestMapping(path = "/whoami", method = RequestMethod.GET)
+ public String user(Principal user) {
+ return user.getName();
+ }
+
+ @Secured("IS_AUTHENTICATED_FULLY")
+ @RequestMapping(path = "/whoami/roles", method = RequestMethod.GET)
+ public List<String> user() {
+ UserDetails userDetails = (UserDetails)SecurityContextHolder.getContext().
+ getAuthentication().getPrincipal();
+ return userDetails.getAuthorities().stream().map(ga -> ga.getAuthority()).collect(Collectors.toList());
+ }
+
+ @RequestMapping(path = "/logout", method = RequestMethod.GET)
+ public RedirectView logout(Principal user, HttpServletResponse httpServletResponse, @RequestParam("originalUrl") String originalUrl) throws UnsupportedEncodingException {
+ StringBuilder redirect = new StringBuilder();
+ redirect.append(knoxSSOUrl.replaceAll("websso", "webssout"));
+ redirect.append(knoxSSOUrl.contains("?") ? "&": "?");
+ redirect.append("originalUrl=");
+ redirect.append(URLEncoder.encode(originalUrl, StandardCharsets.UTF_8.name()));
+
+ return new RedirectView(redirect.toString());
+ }
+}
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-ui-host/src/main/java/org/apache/metron/ui/ZuulAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/metron-interface/metron-ui-host/src/main/java/org/apache/metron/ui/ZuulAuthenticationFilter.java b/metron-interface/metron-ui-host/src/main/java/org/apache/metron/ui/ZuulAuthenticationFilter.java
new file mode 100644
index 0000000..a322612
--- /dev/null
+++ b/metron-interface/metron-ui-host/src/main/java/org/apache/metron/ui/ZuulAuthenticationFilter.java
@@ -0,0 +1,77 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.ui;
+
+import static org.springframework.cloud.netflix.zuul.filters.support.FilterConstants.PRE_TYPE;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+
+import org.springframework.stereotype.Component;
+
+import com.netflix.zuul.ZuulFilter;
+import com.netflix.zuul.context.RequestContext;
+import com.netflix.zuul.exception.ZuulException;
+
+@Component
+public class ZuulAuthenticationFilter extends ZuulFilter {
+
+ private static final String AUTHORIZATION_HEADER = "Authorization";
+ public static final String COOKIE_NAME = "hadoop-jwt";
+
+ /**
+ * Only filter if we have no Authorization header already
+ */
+ @Override
+ public boolean shouldFilter() {
+ RequestContext currentContext = RequestContext.getCurrentContext();
+ String currentAuth = currentContext.getRequest().getHeader(AUTHORIZATION_HEADER);
+ if (currentAuth == null || currentAuth.isEmpty()) {
+ return true;
+ }
+ return false;
+ }
+
+ @Override
+ public Object run() throws ZuulException {
+ RequestContext ctx = RequestContext.getCurrentContext();
+ HttpServletRequest request = ctx.getRequest();
+ Cookie[] cookies = request.getCookies();
+ for (Cookie cookie : cookies) {
+ if (COOKIE_NAME.equals(cookie.getName())) {
+ // add this cookie to the Authorization header
+ String newAuthHeader = "Bearer " + cookie.getValue();
+ ctx.getZuulRequestHeaders().put(AUTHORIZATION_HEADER, newAuthHeader);
+ break;
+ }
+ }
+ return null;
+ }
+
+ @Override
+ public String filterType() {
+ return PRE_TYPE;
+ }
+
+ @Override
+ public int filterOrder() {
+ // TODO Auto-generated method stub
+ return 0;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-ui-host/src/main/java/org/apache/metron/ui/ZuulError.java
----------------------------------------------------------------------
diff --git a/metron-interface/metron-ui-host/src/main/java/org/apache/metron/ui/ZuulError.java b/metron-interface/metron-ui-host/src/main/java/org/apache/metron/ui/ZuulError.java
new file mode 100644
index 0000000..c5ae65e
--- /dev/null
+++ b/metron-interface/metron-ui-host/src/main/java/org/apache/metron/ui/ZuulError.java
@@ -0,0 +1,34 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.ui;
+
+public class ZuulError {
+ private String error;
+
+ public ZuulError(Throwable throwable) {
+ this.setError(throwable.getMessage());
+ }
+
+ public String getError() {
+ return error;
+ }
+
+ public void setError(String error) {
+ this.error = error;
+ }
+}
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-ui-host/src/main/java/org/apache/metron/ui/ZuulErrorFilter.java
----------------------------------------------------------------------
diff --git a/metron-interface/metron-ui-host/src/main/java/org/apache/metron/ui/ZuulErrorFilter.java b/metron-interface/metron-ui-host/src/main/java/org/apache/metron/ui/ZuulErrorFilter.java
new file mode 100644
index 0000000..9d58c16
--- /dev/null
+++ b/metron-interface/metron-ui-host/src/main/java/org/apache/metron/ui/ZuulErrorFilter.java
@@ -0,0 +1,67 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.ui;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.cloud.netflix.zuul.filters.support.FilterConstants;
+import org.springframework.cloud.netflix.zuul.util.ZuulRuntimeException;
+import org.springframework.stereotype.Component;
+import org.springframework.util.ReflectionUtils;
+
+import com.netflix.zuul.ZuulFilter;
+import com.netflix.zuul.context.RequestContext;
+import com.netflix.zuul.exception.ZuulException;
+
+@Component
+public class ZuulErrorFilter extends ZuulFilter {
+
+ private static final Logger LOG = LoggerFactory.getLogger(ZuulErrorFilter.class);
+
+ @Override
+ public boolean shouldFilter() {
+ return true;
+ }
+
+ @Override
+ public Object run() throws ZuulException {
+ try {
+ RequestContext ctx = RequestContext.getCurrentContext();
+ Throwable throwable = ctx.getThrowable();
+ if (throwable != null && throwable instanceof ZuulException) {
+ LOG.error("Zuul failure: " + throwable.getMessage(), throwable);
+ ctx.setThrowable(new ZuulRuntimeException((ZuulException) throwable));
+ }
+ } catch (Exception ex) {
+ LOG.error("Exception in custom error filter", ex);
+ ReflectionUtils.rethrowRuntimeException(ex);
+ }
+ return null;
+ }
+
+ @Override
+ public String filterType() {
+ return FilterConstants.ERROR_TYPE;
+ }
+
+ @Override
+ public int filterOrder() {
+ return FilterConstants.SEND_ERROR_FILTER_ORDER - 1;
+ }
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-ui-host/src/main/resources/application.yml
----------------------------------------------------------------------
diff --git a/metron-interface/metron-ui-host/src/main/resources/application.yml b/metron-interface/metron-ui-host/src/main/resources/application.yml
new file mode 100644
index 0000000..eebb04b
--- /dev/null
+++ b/metron-interface/metron-ui-host/src/main/resources/application.yml
@@ -0,0 +1,59 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+metron:
+ version: 0.5.0
+
+logging:
+ level:
+ root: WARN
+
+server:
+ port: 4201
+
+zuul:
+ routes:
+ rest:
+ path: /api/v1/**
+ url: http://localhost:8082/api/v1
+
+proxy:
+ auth:
+ routes:
+ rest: passthru
+
+ldap:
+ provider:
+ url: ldap://localhost:33389
+ userdn: uid=admin,ou=people,dc=hadoop,dc=apache,dc=org
+ password: password
+ user:
+ dn.patterns: uid={0},ou=people,dc=hadoop,dc=apache,dc=org
+ passwordAttribute: userPassword
+ searchBase: ou=people,dc=hadoop,dc=apache,dc=org
+ searchFilter: ""
+ group:
+ searchBase: ou=groups,dc=hadoop,dc=apache,dc=org
+ searchFilter: "member={0}"
+ roleAttribute: "cn"
+
+knox:
+ sso:
+ url: ''
+ pubkey: ''
+
+ribbon:
+ ConnectTimeout: 3000
+ ReadTimeout: 60000
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-ui-host/src/test/java/org/apache/metron/ui/TestHostApplication.java
----------------------------------------------------------------------
diff --git a/metron-interface/metron-ui-host/src/test/java/org/apache/metron/ui/TestHostApplication.java b/metron-interface/metron-ui-host/src/test/java/org/apache/metron/ui/TestHostApplication.java
new file mode 100644
index 0000000..04feb53
--- /dev/null
+++ b/metron-interface/metron-ui-host/src/test/java/org/apache/metron/ui/TestHostApplication.java
@@ -0,0 +1,25 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.ui;
+
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class TestHostApplication extends AbstractHostApplication {
+
+}
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-ui-host/src/test/java/org/apache/metron/ui/WhoamiTest.java
----------------------------------------------------------------------
diff --git a/metron-interface/metron-ui-host/src/test/java/org/apache/metron/ui/WhoamiTest.java b/metron-interface/metron-ui-host/src/test/java/org/apache/metron/ui/WhoamiTest.java
new file mode 100644
index 0000000..98c4a9f
--- /dev/null
+++ b/metron-interface/metron-ui-host/src/test/java/org/apache/metron/ui/WhoamiTest.java
@@ -0,0 +1,120 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.ui;
+
+import static org.apache.metron.ui.EmbeddedLdap.EMBEDDED_LDAP_PROFILE;
+import static org.hamcrest.Matchers.containsString;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+import java.security.KeyFactory;
+import java.security.PrivateKey;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.util.Base64;
+
+import javax.servlet.http.Cookie;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.ResultActions;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.web.context.WebApplicationContext;
+
+import com.nimbusds.jose.JWSAlgorithm;
+import com.nimbusds.jose.JWSHeader;
+import com.nimbusds.jose.JWSObject;
+import com.nimbusds.jose.Payload;
+import com.nimbusds.jose.crypto.RSASSASigner;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
+@ActiveProfiles({"test", EMBEDDED_LDAP_PROFILE})
+public class WhoamiTest {
+
+ @Autowired
+ private WebApplicationContext context;
+
+ private MockMvc mockMvc;
+
+ private String username = "admin";
+ private String password = "password";
+
+ @Value("${knox.sso.pubkey}")
+ private String publickey;
+
+ @Value("${knox.sso.privatekey}")
+ private String privatekey;
+
+ @Value("${knox.sso.url}")
+ private String knoxUrl;
+
+ @Before
+ public void setup() {
+ mockMvc = MockMvcBuilders.webAppContextSetup(context).apply(springSecurity()).build();
+ }
+
+ @Test
+ public void testWhoamiNoAuth() throws Exception {
+ mockMvc.perform(get("/whoami")).andExpect(status().is3xxRedirection())
+ .andExpect(redirectedUrl(knoxUrl + "?originalUrl=http://localhost/whoami"));
+ }
+
+ @Test
+ public void testWhoamiBasicAuth() throws Exception {
+ assertLoginCorrect(mockMvc.perform(get("/whoami").with(httpBasic(username, password))));
+ }
+
+ private ResultActions assertLoginCorrect(ResultActions actions) throws Exception {
+ return actions.andExpect(status().isOk()).andExpect(content().string(containsString(username)));
+ }
+
+ @Test
+ public void testWhoamiJwtAuth() throws Exception {
+ String keyStr = String.join("", privatekey.split("\\s*|\\r|\\n"));
+ byte[] dec = Base64.getDecoder().decode(keyStr);
+ PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(dec);
+ KeyFactory kf = KeyFactory.getInstance("RSA");
+ PrivateKey privKey = kf.generatePrivate(keySpec);
+
+ JWSObject jwsObject = new JWSObject(new JWSHeader(JWSAlgorithm.RS256),
+ new Payload("{ \"sub\": \"" + username + "\" }"));
+ jwsObject.sign(new RSASSASigner(privKey));
+ String token = jwsObject.serialize();
+
+ assertLoginCorrect(mockMvc.perform(get("/whoami").cookie(new Cookie("hadoop-jwt", token))));
+ }
+
+ @Test
+ public void testWhoamiRoles() throws Exception {
+ mockMvc.perform(get("/whoami/roles").with(httpBasic(username, password))).andExpect(status().isOk())
+ .andExpect(
+ content().string("[\"ROLE_USER\",\"ROLE_ADMIN\"]"));
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-ui-host/src/test/java/org/apache/metron/ui/ZuulAuthorizationHeaderProxyTest.java
----------------------------------------------------------------------
diff --git a/metron-interface/metron-ui-host/src/test/java/org/apache/metron/ui/ZuulAuthorizationHeaderProxyTest.java b/metron-interface/metron-ui-host/src/test/java/org/apache/metron/ui/ZuulAuthorizationHeaderProxyTest.java
new file mode 100644
index 0000000..8f4c055
--- /dev/null
+++ b/metron-interface/metron-ui-host/src/test/java/org/apache/metron/ui/ZuulAuthorizationHeaderProxyTest.java
@@ -0,0 +1,103 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.ui;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import java.security.SecureRandom;
+
+import javax.servlet.http.Cookie;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+
+import com.netflix.zuul.context.RequestContext;
+import com.netflix.zuul.exception.ZuulException;
+import com.nimbusds.jose.JOSEException;
+import com.nimbusds.jose.JWSAlgorithm;
+import com.nimbusds.jose.JWSHeader;
+import com.nimbusds.jose.JWSObject;
+import com.nimbusds.jose.KeyLengthException;
+import com.nimbusds.jose.Payload;
+import com.nimbusds.jose.crypto.MACSigner;
+
+public class ZuulAuthorizationHeaderProxyTest {
+
+ private static final String BASIC_AUTH_HEADER = "Basic dGVzdDp0ZXN0";
+
+ private RequestContext context;
+
+ private byte[] sharedKey = new byte[32];
+
+ private String validToken;
+
+ private boolean keyInited = false;
+
+ @Before
+ public void setTestRequestcontext() {
+ context = new RequestContext();
+ context.setResponse(new MockHttpServletResponse());
+ context.setResponseGZipped(false);
+
+ RequestContext.testSetCurrentContext(context);
+ }
+
+ @Test
+ public void testThatZuulPassesCookiesToAuthorization() throws ZuulException, KeyLengthException, JOSEException {
+ ZuulAuthenticationFilter zuulAuthenticationFilter = new ZuulAuthenticationFilter();
+
+ MockHttpServletRequest request = new MockHttpServletRequest();
+ request.setCookies(validCookie());
+ context.setRequest(request);
+ zuulAuthenticationFilter.run();
+
+ String header = context.getZuulRequestHeaders().get("Authorization");
+ assertTrue("Authorization contains bearer", header.startsWith("Bearer "));
+ assertTrue("Authorization contains cookie value", header.endsWith(validToken()));
+ }
+
+ @Test
+ public void testDoesNotReplaceAuthorizationHeader() throws ZuulException, KeyLengthException, JOSEException {
+ ZuulAuthenticationFilter zuulAuthenticationFilter = new ZuulAuthenticationFilter();
+ MockHttpServletRequest request = new MockHttpServletRequest();
+ request.setCookies(validCookie());
+ request.addHeader("Authorization", BASIC_AUTH_HEADER);
+ context.setRequest(request);
+ assertFalse(zuulAuthenticationFilter.shouldFilter());
+ }
+
+ private Cookie validCookie() throws KeyLengthException, JOSEException {
+ return new Cookie(ZuulAuthenticationFilter.COOKIE_NAME, validToken());
+ }
+
+ private String validToken() throws KeyLengthException, JOSEException {
+ if (!this.keyInited ) {
+ new SecureRandom().nextBytes(sharedKey);
+ this.keyInited = true;
+ }
+ if (this.validToken == null) {
+ JWSObject jwsObject = new JWSObject(new JWSHeader(JWSAlgorithm.HS256), new Payload("Test"));
+ jwsObject.sign(new MACSigner(sharedKey));
+ this.validToken = jwsObject.serialize();
+ }
+ return this.validToken;
+ }
+}
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-ui-host/src/test/resources/application-test.yml
----------------------------------------------------------------------
diff --git a/metron-interface/metron-ui-host/src/test/resources/application-test.yml b/metron-interface/metron-ui-host/src/test/resources/application-test.yml
new file mode 100644
index 0000000..f89a618
--- /dev/null
+++ b/metron-interface/metron-ui-host/src/test/resources/application-test.yml
@@ -0,0 +1,77 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+spring:
+ logging:
+ level:
+ root: debug
+
+knox:
+ sso:
+ url: https://localhost:8443/gateway/knoxsso/api/v1/websso
+ pubkey: |
+ MIIEqTCCApGgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwRTELMAkGA1UEBhMCVVMx
+ CzAJBgNVBAgMAkNBMQ8wDQYDVQQKDAZBcGFjaGUxGDAWBgNVBAMMD0NBIGludGVy
+ bWVkaWF0ZTAeFw0xODA3MTExOTA0NTRaFw0yODEwMTYxOTA0NTRaMDsxCzAJBgNV
+ BAYTAlVTMQswCQYDVQQIDAJDQTEPMA0GA1UECgwGQXBhY2hlMQ4wDAYDVQQDDAVu
+ b2RlMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6j8MIkAi4hZXd8
+ rD+lmcQ6SmmUX8DrWKOu3cywUTcUR6ZfJQ+Lt0kZH2yDOPhpmr5TIEx7aTzAmloz
+ ZUVoArcoqjGan7Np5Hy2vC1rDeqMbueQ7m4LSpwFRzqb9ZnFycq+U1Jo5nrHwVdy
+ xfvo5yOYOgyWQT/upEsStiR0ADjyLPzTVQlErdAAVxKbRHF3ikWSvHzu8yoKcWAG
+ n7CbShuOF0bIMOR9e7GtlSQH6JMxH17oEU98KiVRvJV52RKHpHZpPfDb36YvsgTy
+ 7ZczDmCQPNpU9hfV+vcgZEXFyrpxLgG7pHJBXPXWv8cw9rQLLim0297LNRpGAAz2
+ Gc2todECAwEAAaOBrDCBqTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAz
+ BglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmlj
+ YXRlMB0GA1UdDgQWBBQWMdyJLWA4vgE90pAuRa4/z4S4kDAOBgNVHQ8BAf8EBAMC
+ BaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwEAYDVR0RBAkwB4IFbm9kZTEwDQYJKoZI
+ hvcNAQELBQADggIBAMdFhC4xDxGs7i/gKhgBCv1JicNqk6Y2OQsS8ohk64ansx1r
+ uU0Rbx/pOsuD+d3ZuYeBaOYnHSLhExCcSxFjUlBkjS7aEigMxlHf2D+tYOgdcwlc
+ SjMaqyFDke+mR0rm8I15HviLjjZy1bDLnb8UsozLtdU040/MAtx9uF7SqvYUsTqy
+ alyfPeYZGpHZiFAmTcZ33uF3EByaSLACMVje0O1C9Xi/1v5Smp64NF15EF2DlHIv
+ TAj88oG7eEivVWie41mx8s/8WpR6XE3WFuZSc+j4qndtzwvmzlaO/e/v64ZzTPTL
+ SnrV424gtfZahjCb7+rSLQnSZShPeQessa1uF00xkCwlXuA7WXP9dAtOycySRsI+
+ qy7vwD9Y5ZkZwFK8+8UnvySwwCSEHmy4zM0irA/XIKIRw7ahU3rxbkHgVCGh6Pyu
+ kGfv/+Wy9yW461w0aYUTMrUrS429CBDY0ek3T9eQ5bieJRjOYOl/uuPH+L4VSCOS
+ p2WIuXqqDMXqmxMUFNuaLYEg4Y51aLD0lkB+SH+tnOP5CZdufIKZRQhYiC+xcs2E
+ 2/VvbqjAMe9vzF6d7a5EqbTkdS9k8CNnmxCfN+FlSl/iqUI3HKLVxNs+2Sux+Dhl
+ Nkt9qMcG2Gj0TxlqU43HrGeruVIxgC6Lj/QcIrc3Ddb1u7dccuNtF5UoqnVD
+ privatekey: |
+ MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDOo/DCJAIuIWV3
+ fKw/pZnEOkpplF/A61ijrt3MsFE3FEemXyUPi7dJGR9sgzj4aZq+UyBMe2k8wJpa
+ M2VFaAK3KKoxmp+zaeR8trwtaw3qjG7nkO5uC0qcBUc6m/WZxcnKvlNSaOZ6x8FX
+ csX76OcjmDoMlkE/7qRLErYkdAA48iz801UJRK3QAFcSm0Rxd4pFkrx87vMqCnFg
+ Bp+wm0objhdGyDDkfXuxrZUkB+iTMR9e6BFPfColUbyVedkSh6R2aT3w29+mL7IE
+ 8u2XMw5gkDzaVPYX1fr3IGRFxcq6cS4Bu6RyQVz11r/HMPa0Cy4ptNveyzUaRgAM
+ 9hnNraHRAgMBAAECggEBAJ2MMvDiIWNohQMf4/g221DYHIn43TSqew95MJRyTcmP
+ xb0cR5ZdsOWjqOjD97i2U4wOts55PVhbhJOHIgxT69YXxAND38Ub1GAdtsVuHNMa
+ NSiKwK7YHw9rms4dwJh4S40vpTlsz2UHTerNkBOrlCb4VjHokWEcItk2L/cFFnJT
+ Gymql1ZpD3BMprZW12yjLX38utCsuH2uFdYj2l53BtNNt8Su4ToXmvB4+rqW+ktF
+ rHINUe64EoKLnbBKpjzDlYH16uGVGAt6VBHU8Gr6n70gdWJvrLIaFy8ZNxRiER+x
+ qwgFad/aQWCGedb5PRtkQmvB+EIGRBbJ0zeZV+IrqMECgYEA8uWwcfAIOo9mZIUP
+ vlUCODO7oCIB7n1J5OZQlkKgCWpiIKgvSpGW/+dBaSKCspLfmlvFsb5XwKio26io
+ xGJ8gBnwexY4vuHsdA3DZWDcC1IHBf/chix5sRlYAqh6NRfgmhoUq05fYJTpr+A5
+ EWXZs1Edt0wj0mswPdNgkevHX9kCgYEA2cmPLhRKP4zrNZj3ojChjiFXrYtryQVv
+ Vypd6sznyuiyN1DGYBN1VrEg+ukpAYv6Ez0clX7Xa/03BUAUhwTYve/ZRrZC5w3P
+ 4EYCRAaNzDZWqhQrb+z3GFz+h4eOVZ6dnkAmuFqIf+ws11pocM04dCjy2e97UZZA
+ naGu54iHjrkCgYEAhtR/RE/kkXUmdmfyXEnd6Iq2/OXDwrnjed9rHm2vXmqiO9SA
+ I9l7Q2QASDby6+NhodKNg+PP3E8DJKOTwyeUSpubhQfJyhOo6Kb3LuA8ZUBMS8VC
+ iWxIxMj3tMoGxFATyhbuIEVp5jfjHFDP/NtXpBVD9IqcW+JKLheWxIln68kCgYAq
+ z8+AnGZ4FaiLEbXkQTEQ8ob8y4J1ssbPWLm7lWofXhzieNN2QXz4fLth94GjFzQi
+ ognDbXrFdLJjKtSeMhq1Q7fviZafOvzZNonte2hWc3wX1P0w9GEife1fEQuu0w5i
+ 9HNoHAvnMbMi5lfPjNgDJaWPp98TC7lKA2WRiCo1qQKBgErhfGKRxU13ZTPsKXZf
+ 7i0vMC7n5CPJajrFDml/NZLODHwif2KqZE+gHlxtgWayU1UigSdUVDXdRZbS0RmA
+ yrmpu5zIdozX3pFmBsObpvd5TtLvq9er+HF93gedBotRqqVuK8yX7VY/M9/nBJnc
+ FITLrkrz6SPpr9Wm+ufjKxn2
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-ui-security/pom.xml
----------------------------------------------------------------------
diff --git a/metron-interface/metron-ui-security/pom.xml b/metron-interface/metron-ui-security/pom.xml
new file mode 100644
index 0000000..dc980d4
--- /dev/null
+++ b/metron-interface/metron-ui-security/pom.xml
@@ -0,0 +1,135 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ You under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+
+ <artifactId>metron-ui-security</artifactId>
+ <packaging>jar</packaging>
+
+ <name>Metron SSO Security Configs</name>
+ <description>Spring Security setup to Metron SSO</description>
+
+ <parent>
+ <groupId>org.apache.metron</groupId>
+ <artifactId>metron-interface</artifactId>
+ <version>0.5.1</version>
+ </parent>
+
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+ <java.version>1.8</java.version>
+ <spring-cloud.version>Finchley.RELEASE</spring-cloud.version>
+ <spring.boot.version>2.0.1.RELEASE</spring.boot.version>
+ <jwt.version>4.41.2</jwt.version>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-web</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-security</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.springframework.ldap</groupId>
+ <artifactId>spring-ldap-core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-ldap</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>com.nimbusds</groupId>
+ <artifactId>nimbus-jose-jwt</artifactId>
+ <version>${jwt.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-test</artifactId>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-test</artifactId>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>commons-io</groupId>
+ <artifactId>commons-io</artifactId>
+ <version>2.5</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.directory.server</groupId>
+ <artifactId>apacheds-all</artifactId>
+ <version>1.5.4</version>
+ <scope>test</scope>
+ </dependency>
+
+ </dependencies>
+
+ <dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>org.springframework.cloud</groupId>
+ <artifactId>spring-cloud-dependencies</artifactId>
+ <version>${spring-cloud.version}</version>
+ <type>pom</type>
+ <scope>import</scope>
+ </dependency>
+ <dependency>
+ <!-- Import dependency management from Spring Boot -->
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-dependencies</artifactId>
+ <version>${spring.boot.version}</version>
+ <type>pom</type>
+ <scope>import</scope>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <version>${global_jar_version}</version>
+ <executions>
+ <execution>
+ <goals>
+ <goal>test-jar</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+</project>
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-ui-security/src/main/java/org/apache/metron/ui/KnoxSSOAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/metron-interface/metron-ui-security/src/main/java/org/apache/metron/ui/KnoxSSOAuthenticationFilter.java b/metron-interface/metron-ui-security/src/main/java/org/apache/metron/ui/KnoxSSOAuthenticationFilter.java
new file mode 100644
index 0000000..8cd64d0
--- /dev/null
+++ b/metron-interface/metron-ui-security/src/main/java/org/apache/metron/ui/KnoxSSOAuthenticationFilter.java
@@ -0,0 +1,289 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.ui;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.security.PublicKey;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.security.interfaces.RSAPublicKey;
+import java.text.ParseException;
+import java.util.Date;
+import java.util.List;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.web.authentication.WebAuthenticationDetails;
+
+import com.nimbusds.jose.JOSEException;
+import com.nimbusds.jose.JWSObject;
+import com.nimbusds.jose.JWSVerifier;
+import com.nimbusds.jose.crypto.RSASSAVerifier;
+import com.nimbusds.jwt.SignedJWT;
+
+public class KnoxSSOAuthenticationFilter implements Filter {
+ private static final Logger LOG = LoggerFactory.getLogger(KnoxSSOAuthenticationFilter.class);
+
+ private final String knoxUrl;
+ private final RSAPublicKey publicKey;
+ private final MetronAuthenticationProvider authenticationProvider;
+ private String knoxCookie;
+ private String knoxOriginalUrl;
+
+ public KnoxSSOAuthenticationFilter(MetronAuthenticationProvider authenticationProvider, String knoxUrl,
+ String knoxCookie, String knoxOriginalUrl, RSAPublicKey publicKey) {
+ super();
+ this.authenticationProvider = authenticationProvider;
+ this.knoxUrl = knoxUrl;
+ if (knoxCookie == null) {
+ this.knoxCookie = "hadoop-jwt";
+ } else {
+ this.knoxCookie = knoxCookie;
+ }
+ if (knoxOriginalUrl == null) {
+ this.knoxOriginalUrl = "originalUrl";
+ } else {
+ this.knoxOriginalUrl = knoxOriginalUrl;
+ }
+ this.publicKey = publicKey;
+ }
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ }
+
+ @Override
+ public void destroy() {
+ }
+
+ @Override
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+ throws IOException, ServletException {
+ HttpServletRequest httpRequest = (HttpServletRequest) request;
+ HttpServletResponse httpResponse = (HttpServletResponse) response;
+ String authHeader = httpRequest.getHeader("Authorization");
+ // if SSO is not enabled, skip this filter
+ if (this.knoxUrl.isEmpty() || (authHeader != null && authHeader.startsWith("Basic"))) {
+ chain.doFilter(request, response);
+ } else {
+ String serializedJWT = getJWTFromAuthorization(httpRequest);
+ if (serializedJWT == null) {
+ serializedJWT = getJWTFromCookie(httpRequest);
+ }
+
+ if (serializedJWT != null) {
+ SignedJWT jwtToken = null;
+ try {
+ jwtToken = SignedJWT.parse(serializedJWT);
+ boolean valid = validateToken(jwtToken);
+ // if the public key provide is correct and also token is not expired the
+ // process token
+ if (valid) {
+ String userName = jwtToken.getJWTClaimsSet().getSubject();
+ LOG.info("SSO login user : {} ", userName);
+ if (userName != null && !userName.trim().isEmpty()) {
+ List<GrantedAuthority> grantedAuths = MetronAuthenticationProvider
+ .getAuthoritiesFromUGI(userName);
+ final UserDetails principal = new User(userName, "", grantedAuths);
+ final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(
+ principal, "", grantedAuths);
+ WebAuthenticationDetails webDetails = new WebAuthenticationDetails(httpRequest);
+ ((AbstractAuthenticationToken) finalAuthentication).setDetails(webDetails);
+ Authentication authentication = authenticationProvider.authenticate(finalAuthentication);
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+ }
+ Date expirationTime = jwtToken.getJWTClaimsSet().getExpirationTime();
+ Date notBeforeTime = jwtToken.getJWTClaimsSet().getNotBeforeTime();
+ Date now = new Date();
+ if (expirationTime != null && now.after(expirationTime)) {
+ LOG.info("SSO token expired: {} ", userName);
+ redirectToKnox(httpRequest, httpResponse, chain);
+ }
+ if (notBeforeTime != null && now.before(notBeforeTime)) {
+ LOG.info("SSO token not yet valid: {} ", userName);
+ redirectToKnox(httpRequest, httpResponse, chain);
+ }
+ chain.doFilter(request, response);
+ } else { // if the token is not valid then redirect to knox sso
+ redirectToKnox(httpRequest, httpResponse, chain);
+ }
+ } catch (ParseException e) {
+ LOG.warn("Unable to parse the JWT token", e);
+ redirectToKnox(httpRequest, httpResponse, chain);
+ }
+ } else { // if there is no token, redirect
+ redirectToKnox(httpRequest, httpResponse, chain);
+ }
+ }
+ }
+
+ private void redirectToKnox(HttpServletRequest httpRequest, HttpServletResponse httpResponse, FilterChain chain)
+ throws IOException, ServletException {
+ // should probably check it's a browser
+ String ssourl = constructLoginURL(httpRequest);
+ httpResponse.sendRedirect(ssourl);
+ }
+
+ /**
+ * Create the URL to be used for authentication of the user in the absence of a
+ * JWT token within the incoming request.
+ *
+ * @param request
+ * for getting the original request URL
+ * @return url to use as login url for redirect
+ */
+ protected String constructLoginURL(HttpServletRequest request) {
+ String delimiter = "?";
+ if (knoxUrl.contains("?")) {
+ delimiter = "&";
+ }
+ String loginURL = knoxUrl + delimiter + knoxOriginalUrl + "=" + request.getRequestURL().toString()
+ + getOriginalQueryString(request);
+ return loginURL;
+ }
+
+ private String getOriginalQueryString(HttpServletRequest request) {
+ String originalQueryString = request.getQueryString();
+ return (originalQueryString == null) ? "" : "?" + originalQueryString;
+ }
+
+ /**
+ * Verify the signature of the JWT token in this method. This method depends on
+ * the public key that was established during init based upon the provisioned
+ * public key. Override this method in subclasses in order to customize the
+ * signature verification behavior.
+ *
+ * @param jwtToken
+ * the token that contains the signature to be validated
+ * @return valid true if signature verifies successfully; false otherwise
+ */
+ protected boolean validateToken(SignedJWT jwtToken) {
+ boolean valid = false;
+ if (JWSObject.State.SIGNED == jwtToken.getState()) {
+ LOG.debug("SSO token is in a SIGNED state");
+ if (jwtToken.getSignature() != null) {
+ LOG.debug("SSO token signature is not null");
+ try {
+ JWSVerifier verifier = new RSASSAVerifier(publicKey);
+ if (jwtToken.verify(verifier)) {
+ valid = true;
+ LOG.debug("SSO token has been successfully verified");
+ } else {
+ LOG.warn("SSO signature verification failed.Please check the public key");
+ }
+ } catch (JOSEException je) {
+ LOG.warn("Error while validating signature", je);
+ } catch (Exception e) {
+ LOG.warn("Error while validating signature", e);
+ }
+ }
+ // Now check that the signature algorithm was as expected
+ if (valid) {
+ String receivedSigAlg = jwtToken.getHeader().getAlgorithm().getName();
+ if (!receivedSigAlg.equals("RS256")) {
+ valid = false;
+ }
+ }
+ }
+ return valid;
+ }
+
+ private String getJWTFromAuthorization(HttpServletRequest httpRequest) {
+ String header = httpRequest.getHeader("Authorization");
+ return (header != null && header.matches("Bearer (.*)")) ? header.substring(7) : null;
+ }
+
+ /**
+ * Encapsulate the acquisition of the JWT token from HTTP cookies within the
+ * request.
+ *
+ * Taken from
+ *
+ * @param req
+ * servlet request to get the JWT token from
+ * @return serialized JWT token
+ */
+ protected String getJWTFromCookie(HttpServletRequest req) {
+ String serializedJWT = null;
+ Cookie[] cookies = req.getCookies();
+ if (cookies != null) {
+ for (Cookie cookie : cookies) {
+ LOG.debug(String.format("Found cookie: %s [%s]", cookie.getName(), cookie.getValue()));
+ if (knoxCookie.equals(cookie.getName())) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(knoxCookie + " cookie has been found and is being processed");
+ }
+ serializedJWT = cookie.getValue();
+ break;
+ }
+ }
+ } else {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(knoxCookie + " not found");
+ }
+ }
+ return serializedJWT;
+ }
+
+ public static RSAPublicKey parseRSAPublicKey(String pem)
+ throws CertificateException, UnsupportedEncodingException, ServletException {
+ String PEM_HEADER = "-----BEGIN CERTIFICATE-----\n";
+ String PEM_FOOTER = "\n-----END CERTIFICATE-----";
+ String fullPem = (pem.startsWith(PEM_HEADER) && pem.endsWith(PEM_FOOTER)) ? pem : PEM_HEADER + pem + PEM_FOOTER;
+ PublicKey key = null;
+ try {
+ CertificateFactory fact = CertificateFactory.getInstance("X.509");
+ ByteArrayInputStream is = new ByteArrayInputStream(fullPem.getBytes("UTF8"));
+ X509Certificate cer = (X509Certificate) fact.generateCertificate(is);
+ key = cer.getPublicKey();
+ } catch (CertificateException ce) {
+ String message = null;
+ if (pem.startsWith(PEM_HEADER)) {
+ message = "CertificateException - be sure not to include PEM header "
+ + "and footer in the PEM configuration element.";
+ } else {
+ message = "CertificateException - PEM may be corrupt";
+ }
+ throw new ServletException(message, ce);
+ } catch (UnsupportedEncodingException uee) {
+ throw new ServletException(uee);
+ }
+ return (RSAPublicKey) key;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/metron/blob/54880ba8/metron-interface/metron-ui-security/src/main/java/org/apache/metron/ui/MetronAuthenticationException.java
----------------------------------------------------------------------
diff --git a/metron-interface/metron-ui-security/src/main/java/org/apache/metron/ui/MetronAuthenticationException.java b/metron-interface/metron-ui-security/src/main/java/org/apache/metron/ui/MetronAuthenticationException.java
new file mode 100644
index 0000000..ddf177b
--- /dev/null
+++ b/metron-interface/metron-ui-security/src/main/java/org/apache/metron/ui/MetronAuthenticationException.java
@@ -0,0 +1,29 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.metron.ui;
+
+import org.springframework.security.core.AuthenticationException;
+
+public class MetronAuthenticationException extends AuthenticationException{
+ public MetronAuthenticationException(String msg) {
+ super(msg);
+ }
+
+ private static final long serialVersionUID = 1L;
+
+}