You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@atlas.apache.org by ni...@apache.org on 2020/03/24 12:51:10 UTC
[atlas] branch branch-2.0 updated: Revert "ATLAS-3667 : Option to
store Ldap/AD bind password in jceks keystore file"
This is an automated email from the ASF dual-hosted git repository.
nixon pushed a commit to branch branch-2.0
in repository https://gitbox.apache.org/repos/asf/atlas.git
The following commit(s) were added to refs/heads/branch-2.0 by this push:
new 8689735 Revert "ATLAS-3667 : Option to store Ldap/AD bind password in jceks keystore file"
8689735 is described below
commit 8689735857cbc38ed46cd03e8ffba8d8ffb463b5
Author: nixonrodrigues <ni...@apache.org>
AuthorDate: Tue Mar 24 18:20:08 2020 +0530
Revert "ATLAS-3667 : Option to store Ldap/AD bind password in jceks keystore file"
This reverts commit a49f98832ad65b31022fb550912aa018e938b921.
---
.../org/apache/atlas/ApplicationProperties.java | 31 +---------------------
.../atlas/util/CredentialProviderUtility.java | 28 +++----------------
2 files changed, 5 insertions(+), 54 deletions(-)
diff --git a/intg/src/main/java/org/apache/atlas/ApplicationProperties.java b/intg/src/main/java/org/apache/atlas/ApplicationProperties.java
index e3d8b13..d3afd53 100644
--- a/intg/src/main/java/org/apache/atlas/ApplicationProperties.java
+++ b/intg/src/main/java/org/apache/atlas/ApplicationProperties.java
@@ -18,7 +18,6 @@
package org.apache.atlas;
import org.apache.atlas.security.InMemoryJAASConfiguration;
-import org.apache.atlas.security.SecurityUtil;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.configuration.ConfigurationConverter;
import org.apache.commons.configuration.ConfigurationException;
@@ -57,10 +56,6 @@ public final class ApplicationProperties extends PropertiesConfiguration {
public static final String STORAGE_BACKEND_HBASE = "hbase";
public static final String STORAGE_BACKEND_HBASE2 = "hbase2";
public static final String INDEX_BACKEND_SOLR = "solr";
- public static final String LDAP_TYPE = "atlas.authentication.method.ldap.type";
- public static final String LDAP_AD_BIND_PASSWORD = "atlas.authentication.method.ldap.ad.bind.password";
- public static final String LDAP_BIND_PASSWORD = "atlas.authentication.method.ldap.bind.password";
- public static final String MASK_LDAP_PASSWORD = "*****";
public static final String DEFAULT_GRAPHDB_BACKEND = GRAPHBD_BACKEND_JANUS;
public static final boolean DEFAULT_SOLR_WAIT_SEARCHER = true;
public static final boolean DEFAULT_INDEX_MAP_NAME = false;
@@ -140,8 +135,6 @@ public final class ApplicationProperties extends PropertiesConfiguration {
appProperties.setDefaults();
- setLdapPasswordFromKeystore(appProperties);
-
Configuration configuration = appProperties.interpolatedConfiguration();
logConfiguration(configuration);
@@ -276,28 +269,6 @@ public final class ApplicationProperties extends PropertiesConfiguration {
return inStr;
}
- private static void setLdapPasswordFromKeystore(Configuration configuration) {
- try {
- if (configuration.getString(LDAP_TYPE).equalsIgnoreCase("ldap")) {
- String maskPasssword = configuration.getString(LDAP_BIND_PASSWORD);
- if (MASK_LDAP_PASSWORD.equals(maskPasssword)) {
- String password = SecurityUtil.getPassword(configuration, LDAP_BIND_PASSWORD);
- configuration.clearProperty(LDAP_BIND_PASSWORD);
- configuration.addProperty(LDAP_BIND_PASSWORD, password);
- }
- } else if (configuration.getString(LDAP_TYPE).equalsIgnoreCase("ad")) {
- String maskPasssword = configuration.getString(LDAP_AD_BIND_PASSWORD);
- if (MASK_LDAP_PASSWORD.equals(maskPasssword)) {
- String password = SecurityUtil.getPassword(configuration, LDAP_AD_BIND_PASSWORD);
- configuration.clearProperty(LDAP_AD_BIND_PASSWORD);
- configuration.addProperty(LDAP_AD_BIND_PASSWORD, password);
- }
- }
- } catch (Exception e) {
- LOG.info("Error in getting secure password : {} ", e);
- }
- }
-
private void setDefaults() {
AtlasRunMode runMode = AtlasRunMode.valueOf(getString(ATLAS_RUN_MODE, DEFAULT_ATLAS_RUN_MODE.name()));
@@ -374,4 +345,4 @@ public final class ApplicationProperties extends PropertiesConfiguration {
setDefault(kv, currentValue);
}
}
-}
\ No newline at end of file
+}
diff --git a/webapp/src/main/java/org/apache/atlas/util/CredentialProviderUtility.java b/webapp/src/main/java/org/apache/atlas/util/CredentialProviderUtility.java
index 51b5e6d..871416b 100755
--- a/webapp/src/main/java/org/apache/atlas/util/CredentialProviderUtility.java
+++ b/webapp/src/main/java/org/apache/atlas/util/CredentialProviderUtility.java
@@ -28,6 +28,7 @@ import org.apache.hadoop.security.alias.CredentialProviderFactory;
import java.io.Console;
import java.io.IOException;
import java.util.Arrays;
+
import static org.apache.atlas.security.SecurityProperties.KEYSTORE_PASSWORD_KEY;
import static org.apache.atlas.security.SecurityProperties.SERVER_CERT_PASSWORD_KEY;
import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_PASSWORD_KEY;
@@ -39,6 +40,7 @@ import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_PASSWORD_K
*/
public class CredentialProviderUtility {
private static final String[] KEYS = new String[] { KEYSTORE_PASSWORD_KEY, TRUSTSTORE_PASSWORD_KEY, SERVER_CERT_PASSWORD_KEY };
+
public static abstract class TextDevice {
public abstract void printf(String fmt, Object... params);
@@ -73,17 +75,11 @@ public class CredentialProviderUtility {
try {
CommandLine cmd = new DefaultParser().parse(createOptions(), args);
boolean generatePasswordOption = cmd.hasOption("g");
- String key = cmd.getOptionValue("k");
- char[] cred = null;
- String providerPath = cmd.getOptionValue("f");
-
- if (cmd.hasOption("p")) {
- cred = cmd.getOptionValue("p").toCharArray();
- }
if (generatePasswordOption) {
String userName = cmd.getOptionValue("u");
String password = cmd.getOptionValue("p");
+
if (userName != null && password != null) {
String encryptedPassword = UserDao.encrypt(password);
boolean silentOption = cmd.hasOption("s");
@@ -99,20 +95,6 @@ public class CredentialProviderUtility {
return;
}
-
- if (key != null && cred != null && providerPath != null) {
- if (!StringUtils.isEmpty(String.valueOf(cred))) {
- Configuration conf = new Configuration(false);
- conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerPath);
- CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);
- provider.createCredentialEntry(key, cred);
- provider.flush();
- System.out.println("Password is stored in Credential Provider");
- } else {
- System.out.println("Please enter a valid password");
- }
- return;
- }
} catch (Exception e) {
System.out.println("Exception while generatePassword " + e.getMessage());
return;
@@ -152,8 +134,6 @@ public class CredentialProviderUtility {
private static Options createOptions() {
Options options = new Options();
- options.addOption("k", "ldapkey", true, "key");
- options.addOption("f", "ldapPath", true, "path");
options.addOption("g", "generatePassword", false, "Generate Password");
options.addOption("s", "silent", false, "Silent");
options.addOption("u", "username", true, "UserName");
@@ -223,4 +203,4 @@ public class CredentialProviderUtility {
return null;
}
-}
\ No newline at end of file
+}