You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pinot.apache.org by ak...@apache.org on 2019/06/17 23:34:33 UTC
[incubator-pinot] branch master updated: [TE] Clean up and inject
ThirdEye Credentials into SecurityContext (#4326)
This is an automated email from the ASF dual-hosted git repository.
akshayrai09 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-pinot.git
The following commit(s) were added to refs/heads/master by this push:
new fd003dc [TE] Clean up and inject ThirdEye Credentials into SecurityContext (#4326)
fd003dc is described below
commit fd003dc747d85fa7ce76bae4b08b5a4888f97880
Author: Akshay Rai <ak...@gmail.com>
AuthorDate: Mon Jun 17 16:34:28 2019 -0700
[TE] Clean up and inject ThirdEye Credentials into SecurityContext (#4326)
---
.../pinot/thirdeye/auth/ThirdEyeAuthFilter.java | 24 +++--
.../auth/ThirdEyeAuthenticatorDisabled.java | 4 +-
.../{Credentials.java => ThirdEyeCredentials.java} | 26 ++++-
...torLdap.java => ThirdEyeLdapAuthenticator.java} | 120 ++++++++++++---------
.../pinot/thirdeye/auth/ThirdEyePrincipal.java | 9 ++
.../dashboard/ThirdEyeDashboardApplication.java | 20 ++--
.../dashboard/resources/v2/AuthResource.java | 8 +-
.../auth/ThirdEyeAuthenticatorLdapTest.java | 20 ++--
8 files changed, 143 insertions(+), 88 deletions(-)
diff --git a/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeAuthFilter.java b/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeAuthFilter.java
index 53cc6ca..ca30d09 100644
--- a/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeAuthFilter.java
+++ b/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeAuthFilter.java
@@ -19,10 +19,10 @@
package org.apache.pinot.thirdeye.auth;
+import javax.ws.rs.core.SecurityContext;
import org.apache.pinot.thirdeye.dashboard.resources.v2.AuthResource;
import org.apache.pinot.thirdeye.datalayer.bao.SessionManager;
import org.apache.pinot.thirdeye.datalayer.dto.SessionDTO;
-import org.apache.pinot.thirdeye.datasource.DAORegistry;
import io.dropwizard.auth.AuthFilter;
import io.dropwizard.auth.Authenticator;
import java.util.HashSet;
@@ -37,35 +37,34 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-public class ThirdEyeAuthFilter extends AuthFilter<Credentials, ThirdEyePrincipal> {
+public class ThirdEyeAuthFilter extends AuthFilter<ThirdEyeCredentials, ThirdEyePrincipal> {
private static final Logger LOG = LoggerFactory.getLogger(ThirdEyeAuthFilter.class);
private static final ThreadLocal<ThirdEyePrincipal> principalAuthContextThreadLocal = new ThreadLocal<>();
- private static final DAORegistry DAO_REGISTRY = DAORegistry.getInstance();
private final Set<String> allowedPaths;
private final SessionManager sessionDAO;
private Set<String> administrators;
- public ThirdEyeAuthFilter(Authenticator<Credentials, ThirdEyePrincipal> authenticator, Set<String> allowedPaths, List<String> administrators) {
+ public ThirdEyeAuthFilter(Authenticator<ThirdEyeCredentials, ThirdEyePrincipal> authenticator, Set<String> allowedPaths, List<String> administrators, SessionManager sessionDAO) {
this.authenticator = authenticator;
this.allowedPaths = allowedPaths;
- this.sessionDAO = DAO_REGISTRY.getSessionDAO();
+ this.sessionDAO = sessionDAO;
if (administrators != null) {
this.administrators = new HashSet<>(administrators);
}
}
@Override
- public void filter(ContainerRequestContext containerRequestContext) {
+ public void filter(ContainerRequestContext requestContext) {
setCurrentPrincipal(null);
- String uriPath = containerRequestContext.getUriInfo().getPath();
+ String uriPath = requestContext.getUriInfo().getPath();
LOG.info("Checking auth for {}", uriPath);
ThirdEyePrincipal principal = new ThirdEyePrincipal();
- if (!isAuthenticated(containerRequestContext, principal)) {
+ if (!isAuthenticated(requestContext, principal)) {
// not authenticated, check exceptions
// authenticate end points should be out of auth filter
@@ -99,6 +98,15 @@ public class ThirdEyeAuthFilter extends AuthFilter<Credentials, ThirdEyePrincipa
}
setCurrentPrincipal(principal);
+
+ ThirdEyeCredentials credentials = new ThirdEyeCredentials();
+ credentials.setPrincipal(principal.getName());
+ credentials.setToken(principal.getSessionKey());
+
+ // Trigger the parent authentication to inject the credentials into the Security Context
+ if (!this.authenticate(requestContext, credentials, SecurityContext.BASIC_AUTH)) {
+ throw new WebApplicationException(unauthorizedHandler.buildResponse(prefix, realm));
+ }
}
private boolean isAuthenticated(ContainerRequestContext containerRequestContext, ThirdEyePrincipal principal) {
diff --git a/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeAuthenticatorDisabled.java b/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeAuthenticatorDisabled.java
index 897e533..c959ead 100644
--- a/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeAuthenticatorDisabled.java
+++ b/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeAuthenticatorDisabled.java
@@ -26,14 +26,14 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-public class ThirdEyeAuthenticatorDisabled implements Authenticator<Credentials, ThirdEyePrincipal> {
+public class ThirdEyeAuthenticatorDisabled implements Authenticator<ThirdEyeCredentials, ThirdEyePrincipal> {
private static final Logger LOG = LoggerFactory.getLogger(ThirdEyeAuthenticatorDisabled.class);
/**
* {@inheritDoc}
*/
@Override
- public Optional<ThirdEyePrincipal> authenticate(Credentials credentials) throws AuthenticationException {
+ public Optional<ThirdEyePrincipal> authenticate(ThirdEyeCredentials credentials) throws AuthenticationException {
LOG.info("Authentication is disabled. Accepting any credentials for {}.", credentials.getPrincipal());
ThirdEyePrincipal principal = new ThirdEyePrincipal();
diff --git a/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/Credentials.java b/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeCredentials.java
similarity index 70%
rename from thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/Credentials.java
rename to thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeCredentials.java
index af91298..5537b67 100644
--- a/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/Credentials.java
+++ b/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeCredentials.java
@@ -22,9 +22,18 @@ package org.apache.pinot.thirdeye.auth;
import java.util.Objects;
-public class Credentials {
+public class ThirdEyeCredentials {
String principal;
String password;
+ String token;
+
+ ThirdEyeCredentials(String principal, String password) {
+ this.principal = principal;
+ this.password = password;
+ }
+
+ public ThirdEyeCredentials() {
+ }
public String getPrincipal() {
return principal;
@@ -42,16 +51,25 @@ public class Credentials {
this.password = password;
}
+ public String getToken() {
+ return token;
+ }
+
+ public void setToken(String token) {
+ this.token = token;
+ }
+
@Override
public boolean equals(Object o) {
if (this == o) {
return true;
}
- if (!(o instanceof Credentials)) {
+ if (!(o instanceof ThirdEyeCredentials)) {
return false;
}
- Credentials that = (Credentials) o;
- return Objects.equals(principal, that.principal) && Objects.equals(password, that.password);
+ ThirdEyeCredentials that = (ThirdEyeCredentials) o;
+ return (Objects.equals(principal, that.principal) && Objects.equals(password, that.password))
+ || Objects.equals(token, that.token);
}
@Override
diff --git a/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeAuthenticatorLdap.java b/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeLdapAuthenticator.java
similarity index 61%
rename from thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeAuthenticatorLdap.java
rename to thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeLdapAuthenticator.java
index 88a28db..a3bc303 100644
--- a/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeAuthenticatorLdap.java
+++ b/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeLdapAuthenticator.java
@@ -32,22 +32,26 @@ import javax.naming.NamingException;
import javax.naming.directory.InitialDirContext;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
+import org.apache.pinot.thirdeye.datalayer.bao.SessionManager;
+import org.apache.pinot.thirdeye.datalayer.dto.SessionDTO;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-public class ThirdEyeAuthenticatorLdap implements Authenticator<Credentials, ThirdEyePrincipal> {
- private static final Logger LOG = LoggerFactory.getLogger(ThirdEyeAuthenticatorLdap.class);
+public class ThirdEyeLdapAuthenticator implements Authenticator<ThirdEyeCredentials, ThirdEyePrincipal> {
+ private static final Logger LOG = LoggerFactory.getLogger(ThirdEyeLdapAuthenticator.class);
private static final String LDAP_CONTEXT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
private final List<String> domainSuffix;
private final String ldapUrl;
+ private final SessionManager sessionDAO;
private String ldapContextFactory;
- public ThirdEyeAuthenticatorLdap(List<String> domainSuffix, String ldapUrl) {
+ public ThirdEyeLdapAuthenticator(List<String> domainSuffix, String ldapUrl, SessionManager sessionDAO) {
this.domainSuffix = domainSuffix;
this.ldapUrl = ldapUrl;
+ this.sessionDAO = sessionDAO;
this.ldapContextFactory = LDAP_CONTEXT_FACTORY;
}
@@ -56,60 +60,74 @@ public class ThirdEyeAuthenticatorLdap implements Authenticator<Credentials, Thi
}
/**
+ * Attempt ldap authentication with the following steps:
+ * 1. If user's name contains domain name or the system doesn't have any given domain names,
+ * then use the username as is.
+ * 2. Else, try out all combinations of username and the given domain names of the system.
+ */
+ private Optional<ThirdEyePrincipal> ldapAuthenticate(String username, String password) {
+ LOG.info("Authenticating '{}' via username and password", username);
+ Hashtable<String, String> env = new Hashtable<>();
+ env.put(Context.INITIAL_CONTEXT_FACTORY, ldapContextFactory);
+ env.put(Context.PROVIDER_URL, this.ldapUrl);
+ if (this.ldapUrl.startsWith("ldaps")) {
+ env.put(Context.SECURITY_PROTOCOL, "ssl");
+ }
+ env.put(Context.SECURITY_AUTHENTICATION, "simple");
+ env.put(Context.SECURITY_CREDENTIALS, password);
+
+ AuthenticationResults authenticationResults = new AuthenticationResults();
+ if (username.contains("@") || CollectionUtils.isEmpty(domainSuffix)) {
+ env.put(Context.SECURITY_PRINCIPAL, username);
+ AuthenticationResult authenticationResult = authenticate(env);
+ authenticationResults.appendAuthenticationResult(authenticationResult);
+ } else {
+ for (String suffix : domainSuffix) {
+ env.put(Context.SECURITY_PRINCIPAL, username + '@' + suffix);
+ AuthenticationResult authenticationResult = authenticate(env);
+ authenticationResults.appendAuthenticationResult(authenticationResult);
+ if (authenticationResults.isAuthenticated()) {
+ break;
+ }
+ }
+ }
+
+ if (authenticationResults.isAuthenticated()) {
+ ThirdEyePrincipal principal = new ThirdEyePrincipal();
+ principal.setName(env.get(Context.SECURITY_PRINCIPAL));
+ LOG.info("Successfully authenticated {} with LDAP", env.get(Context.SECURITY_PRINCIPAL));
+ return Optional.of(principal);
+ } else {
+ // Failed to authenticate the user; log all error messages.
+ List<String> errorMessages = authenticationResults.getMessages();
+ for (String errorMessage : errorMessages) {
+ LOG.error(errorMessage);
+ }
+ return Optional.empty();
+ }
+ }
+
+ /**
* {@inheritDoc}
*/
@Override
- public Optional<ThirdEyePrincipal> authenticate(Credentials credentials) throws AuthenticationException {
+ public Optional<ThirdEyePrincipal> authenticate(ThirdEyeCredentials credentials) throws AuthenticationException {
try {
- String principalName = credentials.getPrincipal();
- if (StringUtils.isBlank(principalName)) {
- LOG.info("Unable to authenticate empty user name.");
- return Optional.empty();
- } else {
- LOG.info("Authenticating '{}' via username and password", principalName);
-
- Hashtable<String, String> env = new Hashtable<>();
- env.put(Context.INITIAL_CONTEXT_FACTORY, ldapContextFactory);
- env.put(Context.PROVIDER_URL, this.ldapUrl);
- if (this.ldapUrl.startsWith("ldaps")) {
- env.put(Context.SECURITY_PROTOCOL, "ssl");
- }
- env.put(Context.SECURITY_AUTHENTICATION, "simple");
- env.put(Context.SECURITY_CREDENTIALS, credentials.getPassword());
-
- // Attempt ldap authentication with the following steps:
- // 1. If user's name contains domain name or the system doesn't have any given domain names, then
- // use the username as is.
- // 2. Else, try out all combinations of username and the given domain names of the system.
- AuthenticationResults authenticationResults = new AuthenticationResults();
- if (principalName.contains("@") || CollectionUtils.isEmpty(domainSuffix)) {
- env.put(Context.SECURITY_PRINCIPAL, principalName);
- AuthenticationResult authenticationResult = authenticate(env);
- authenticationResults.appendAuthenticationResult(authenticationResult);
- } else {
- for (String suffix : domainSuffix) {
- env.put(Context.SECURITY_PRINCIPAL, principalName + '@' + suffix);
- AuthenticationResult authenticationResult = authenticate(env);
- authenticationResults.appendAuthenticationResult(authenticationResult);
- if (authenticationResults.isAuthenticated()) {
- break;
- }
- }
+ if (StringUtils.isNotBlank(credentials.getToken())) {
+ SessionDTO sessionDTO = this.sessionDAO.findBySessionKey(credentials.getToken());
+ if (sessionDTO != null && System.currentTimeMillis() < sessionDTO.getExpirationTime()) {
+ return Optional.of(new ThirdEyePrincipal(credentials.getPrincipal(), credentials.getToken()));
}
+ }
- if (authenticationResults.isAuthenticated()) {
- ThirdEyePrincipal principal = new ThirdEyePrincipal();
- principal.setName(env.get(Context.SECURITY_PRINCIPAL));
- LOG.info("Successfully authenticated {} with LDAP", env.get(Context.SECURITY_PRINCIPAL));
- return Optional.of(principal);
- } else {
- // Failed to authenticate the user; log all error messages.
- List<String> errorMessages = authenticationResults.getMessages();
- for (String errorMessage : errorMessages) {
- LOG.error(errorMessage);
- }
- return Optional.empty();
- }
+ String username = credentials.getPrincipal();
+ String password = credentials.getPassword();
+
+ if (StringUtils.isBlank(username) || StringUtils.isBlank(password)) {
+ LOG.info("Unable to authenticate empty user name/password");
+ return Optional.empty();
+ } else {
+ return ldapAuthenticate(username, password);
}
} catch (Exception e) {
throw new AuthenticationException(e);
diff --git a/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyePrincipal.java b/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyePrincipal.java
index 1103ddf..c63bdfc 100644
--- a/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyePrincipal.java
+++ b/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyePrincipal.java
@@ -29,6 +29,15 @@ public class ThirdEyePrincipal implements Principal {
Set<String> groups = new HashSet<>();
String sessionKey;
+ public ThirdEyePrincipal(String name, String token) {
+ this.name = name;
+ this.sessionKey = token;
+ }
+
+ public ThirdEyePrincipal() {
+
+ }
+
public String getSessionKey() {
return sessionKey;
}
diff --git a/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/dashboard/ThirdEyeDashboardApplication.java b/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/dashboard/ThirdEyeDashboardApplication.java
index 76b5403..dce1242 100644
--- a/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/dashboard/ThirdEyeDashboardApplication.java
+++ b/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/dashboard/ThirdEyeDashboardApplication.java
@@ -21,15 +21,17 @@ package org.apache.pinot.thirdeye.dashboard;
import com.fasterxml.jackson.databind.SerializationFeature;
import com.google.common.cache.CacheBuilder;
+import io.dropwizard.auth.AuthValueFactoryProvider;
+import io.dropwizard.auth.Authenticator;
import org.apache.pinot.thirdeye.anomaly.detection.DetectionJobScheduler;
import org.apache.pinot.thirdeye.anomaly.onboard.DetectionOnboardResource;
import org.apache.pinot.thirdeye.anomalydetection.alertFilterAutotune.AlertFilterAutotuneFactory;
import org.apache.pinot.thirdeye.api.application.ApplicationResource;
+import org.apache.pinot.thirdeye.auth.ThirdEyeCredentials;
import org.apache.pinot.thirdeye.common.time.TimeGranularity;
-import org.apache.pinot.thirdeye.auth.Credentials;
import org.apache.pinot.thirdeye.auth.ThirdEyeAuthFilter;
import org.apache.pinot.thirdeye.auth.ThirdEyeAuthenticatorDisabled;
-import org.apache.pinot.thirdeye.auth.ThirdEyeAuthenticatorLdap;
+import org.apache.pinot.thirdeye.auth.ThirdEyeLdapAuthenticator;
import org.apache.pinot.thirdeye.auth.ThirdEyePrincipal;
import org.apache.pinot.thirdeye.common.BaseThirdEyeApplication;
import org.apache.pinot.thirdeye.common.ThirdEyeSwaggerBundle;
@@ -65,6 +67,7 @@ import org.apache.pinot.thirdeye.api.user.dashboard.UserDashboardResource;
import org.apache.pinot.thirdeye.dashboard.resources.v2.rootcause.DefaultEntityFormatter;
import org.apache.pinot.thirdeye.dashboard.resources.v2.rootcause.FormatterLoader;
import org.apache.pinot.thirdeye.dataset.DatasetAutoOnboardResource;
+import org.apache.pinot.thirdeye.datasource.DAORegistry;
import org.apache.pinot.thirdeye.datasource.ThirdEyeCacheRegistry;
import org.apache.pinot.thirdeye.datasource.loader.AggregationLoader;
import org.apache.pinot.thirdeye.datasource.loader.DefaultAggregationLoader;
@@ -80,7 +83,6 @@ import org.apache.pinot.thirdeye.rootcause.RCAFramework;
import org.apache.pinot.thirdeye.rootcause.impl.RCAFrameworkLoader;
import org.apache.pinot.thirdeye.tracking.RequestStatisticsLogger;
import io.dropwizard.assets.AssetsBundle;
-import io.dropwizard.auth.Authenticator;
import io.dropwizard.auth.CachingAuthenticator;
import io.dropwizard.bundles.redirect.PathRedirect;
import io.dropwizard.bundles.redirect.RedirectBundle;
@@ -234,21 +236,23 @@ public class ThirdEyeDashboardApplication
LOG.error("Error loading the resource", e);
}
+ // Authentication
if (config.getAuthConfig() != null) {
final AuthConfiguration authConfig = config.getAuthConfig();
// default permissive authenticator
- Authenticator<Credentials, ThirdEyePrincipal> authenticator = new ThirdEyeAuthenticatorDisabled();
+ Authenticator<ThirdEyeCredentials, ThirdEyePrincipal> authenticator = new ThirdEyeAuthenticatorDisabled();
// ldap authenticator
if (authConfig.isAuthEnabled()) {
- final ThirdEyeAuthenticatorLdap authenticatorLdap = new ThirdEyeAuthenticatorLdap(authConfig.getDomainSuffix(), authConfig.getLdapUrl());
+ final ThirdEyeLdapAuthenticator
+ authenticatorLdap = new ThirdEyeLdapAuthenticator(authConfig.getDomainSuffix(), authConfig.getLdapUrl(), DAORegistry.getInstance().getSessionDAO());
authenticator = new CachingAuthenticator<>(env.metrics(), authenticatorLdap, CacheBuilder.newBuilder().expireAfterWrite(authConfig.getCacheTTL(), TimeUnit.SECONDS));
}
- // auth filter
- env.jersey().register(new ThirdEyeAuthFilter(authenticator, authConfig.getAllowedPaths(), authConfig.getAdminUsers()));
- // auth resource
+
+ env.jersey().register(new ThirdEyeAuthFilter(authenticator, authConfig.getAllowedPaths(), authConfig.getAdminUsers(), DAORegistry.getInstance().getSessionDAO()));
env.jersey().register(new AuthResource(authenticator, authConfig.getCookieTTL() * 1000));
+ env.jersey().register(new AuthValueFactoryProvider.Binder<>(ThirdEyePrincipal.class));
}
env.lifecycle().manage(new Managed() {
diff --git a/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/dashboard/resources/v2/AuthResource.java b/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/dashboard/resources/v2/AuthResource.java
index 94b3815..6a7cdca 100644
--- a/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/dashboard/resources/v2/AuthResource.java
+++ b/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/dashboard/resources/v2/AuthResource.java
@@ -20,8 +20,8 @@
package org.apache.pinot.thirdeye.dashboard.resources.v2;
import java.util.Optional;
-import org.apache.pinot.thirdeye.auth.Credentials;
import org.apache.pinot.thirdeye.auth.ThirdEyeAuthFilter;
+import org.apache.pinot.thirdeye.auth.ThirdEyeCredentials;
import org.apache.pinot.thirdeye.auth.ThirdEyePrincipal;
import org.apache.pinot.thirdeye.datalayer.bao.SessionManager;
import org.apache.pinot.thirdeye.datalayer.dto.SessionDTO;
@@ -53,12 +53,12 @@ public class AuthResource {
private final DAORegistry DAO_REGISTRY = DAORegistry.getInstance();
private static final int DEFAULT_VALID_DAYS_VALUE = 90;
- private final Authenticator<Credentials, ThirdEyePrincipal> authenticator;
+ private final Authenticator<ThirdEyeCredentials, ThirdEyePrincipal> authenticator;
private final long cookieTTL;
private final SessionManager sessionDAO;
private final Random random;
- public AuthResource(Authenticator<Credentials, ThirdEyePrincipal> authenticator,
+ public AuthResource(Authenticator<ThirdEyeCredentials, ThirdEyePrincipal> authenticator,
long cookieTTL) {
this.authenticator = authenticator;
this.cookieTTL = cookieTTL;
@@ -93,7 +93,7 @@ public class AuthResource {
@Path("/authenticate")
@POST
- public Response authenticate(Credentials credentials) {
+ public Response authenticate(ThirdEyeCredentials credentials) {
try {
final Optional<ThirdEyePrincipal> optPrincipal = this.authenticator.authenticate(credentials);
if (!optPrincipal.isPresent()) {
diff --git a/thirdeye/thirdeye-pinot/src/test/java/org/apache/pinot/thirdeye/auth/ThirdEyeAuthenticatorLdapTest.java b/thirdeye/thirdeye-pinot/src/test/java/org/apache/pinot/thirdeye/auth/ThirdEyeAuthenticatorLdapTest.java
index 93174f4..9ac0ba5 100644
--- a/thirdeye/thirdeye-pinot/src/test/java/org/apache/pinot/thirdeye/auth/ThirdEyeAuthenticatorLdapTest.java
+++ b/thirdeye/thirdeye-pinot/src/test/java/org/apache/pinot/thirdeye/auth/ThirdEyeAuthenticatorLdapTest.java
@@ -25,6 +25,7 @@ import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.spi.InitialContextFactory;
+import org.apache.pinot.thirdeye.datasource.DAORegistry;
import org.mockito.Mockito;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -35,8 +36,8 @@ import org.testng.annotations.Test;
public class ThirdEyeAuthenticatorLdapTest {
private static final Logger LOG = LoggerFactory.getLogger(ThirdEyeAuthenticatorLdapTest.class);
- private ThirdEyeAuthenticatorLdap thirdEyeAuthenticatorLdap;
- private Credentials credentials;
+ private ThirdEyeLdapAuthenticator thirdEyeAuthenticatorLdap;
+ private ThirdEyeCredentials credentials;
private static String USERNAME1 = "username1"; // @DOMAIN1
private static String USERNAME2 = "username2"; // @DOMAIN2
@@ -49,18 +50,15 @@ public class ThirdEyeAuthenticatorLdapTest {
@BeforeClass
public void setup() {
List<String> domains = Arrays.asList(DOMAIN1, DOMAIN2);
- thirdEyeAuthenticatorLdap = new ThirdEyeAuthenticatorLdap(domains, "ldaps://someLdap");
+ thirdEyeAuthenticatorLdap = new ThirdEyeLdapAuthenticator(domains, "ldaps://someLdap", DAORegistry.getInstance().getSessionDAO());
thirdEyeAuthenticatorLdap.setInitialContextFactory(MockInitialDirContextFactory.class.getName());
-
- credentials = new Credentials();
- credentials.setPassword(PASSWORD);
}
@Test
public void testBasicAuthentication() {
// Test multiple domains
try {
- credentials.setPrincipal(USERNAME1);
+ credentials = new ThirdEyeCredentials(USERNAME1, PASSWORD);
Optional<ThirdEyePrincipal> authenticate = thirdEyeAuthenticatorLdap.authenticate(credentials);
Assert.assertTrue(authenticate.isPresent(), "Authentication should not fail!");
} catch (AuthenticationException e) {
@@ -68,7 +66,7 @@ public class ThirdEyeAuthenticatorLdapTest {
Assert.fail();
}
try {
- credentials.setPrincipal(USERNAME2);
+ credentials = new ThirdEyeCredentials(USERNAME2, PASSWORD);
Optional<ThirdEyePrincipal> authenticate = thirdEyeAuthenticatorLdap.authenticate(credentials);
Assert.assertTrue(authenticate.isPresent(), "Authentication should not fail!");
} catch (AuthenticationException e) {
@@ -78,7 +76,7 @@ public class ThirdEyeAuthenticatorLdapTest {
// Test given domain name
try {
- credentials.setPrincipal(USERNAME3 + '@' + DOMAIN3);
+ credentials = new ThirdEyeCredentials(USERNAME3 + '@' + DOMAIN3, PASSWORD);
Optional<ThirdEyePrincipal> authenticate = thirdEyeAuthenticatorLdap.authenticate(credentials);
Assert.assertTrue(authenticate.isPresent(), "Authentication should not fail!");
} catch (AuthenticationException e) {
@@ -91,7 +89,7 @@ public class ThirdEyeAuthenticatorLdapTest {
public void testFailedAuthentication() {
// Failed reason: username 3 doesn't exist in domain1 and domain2
try {
- credentials.setPrincipal(USERNAME3);
+ credentials = new ThirdEyeCredentials(USERNAME3, PASSWORD);
Optional<ThirdEyePrincipal> authenticate = thirdEyeAuthenticatorLdap.authenticate(credentials);
Assert.assertFalse(authenticate.isPresent(), "Authentication should fail!");
} catch (AuthenticationException e) {
@@ -104,7 +102,7 @@ public class ThirdEyeAuthenticatorLdapTest {
public void testBlankAuthentication() {
// Failed reason: blank username
try {
- credentials.setPrincipal(null);
+ credentials = new ThirdEyeCredentials(null, PASSWORD);
Optional<ThirdEyePrincipal> authenticate = thirdEyeAuthenticatorLdap.authenticate(credentials);
Assert.assertFalse(authenticate.isPresent(), "Authentication should fail!");
} catch (AuthenticationException e) {
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org