You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kylin.apache.org by xx...@apache.org on 2022/06/16 01:35:08 UTC
[kylin] branch main updated: KYLIN-5194, fix deleted user can login when auth cache is valid
This is an automated email from the ASF dual-hosted git repository.
xxyu pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/kylin.git
The following commit(s) were added to refs/heads/main by this push:
new d9f112cd78 KYLIN-5194, fix deleted user can login when auth cache is valid
d9f112cd78 is described below
commit d9f112cd78490106694a6ab1bc15f51c7e5832d7
Author: Mukvin <bo...@163.com>
AuthorDate: Wed Jun 15 17:37:55 2022 +0800
KYLIN-5194, fix deleted user can login when auth cache is valid
---
.../kylin/rest/controller/UserController.java | 33 ++++++++++++++++------
.../kylin/rest/security/KylinUserManager.java | 6 ++--
2 files changed, 28 insertions(+), 11 deletions(-)
diff --git a/server-base/src/main/java/org/apache/kylin/rest/controller/UserController.java b/server-base/src/main/java/org/apache/kylin/rest/controller/UserController.java
index 6d62b3835f..8dcbef1eb3 100644
--- a/server-base/src/main/java/org/apache/kylin/rest/controller/UserController.java
+++ b/server-base/src/main/java/org/apache/kylin/rest/controller/UserController.java
@@ -6,9 +6,9 @@
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -46,6 +46,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.cache.CacheManager;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
@@ -64,12 +65,14 @@ import org.springframework.web.bind.annotation.ResponseBody;
import org.apache.kylin.shaded.com.google.common.collect.Lists;
+import static org.apache.kylin.cache.cachemanager.CacheConstants.USER_CACHE;
+
/**
* Handle user authentication request to protected kylin rest resources by
* spring security.
- *
+ *
* @author xduo
- *
+ *
*/
@Controller
@RequestMapping(value = "/user")
@@ -94,6 +97,9 @@ public class UserController extends BasicController {
@Qualifier("userGroupService")
private UserGroupService userGroupService;
+ @Autowired
+ private CacheManager cacheManager;
+
private Pattern passwordPattern;
private Pattern bcryptPattern;
private BCryptPasswordEncoder pwdEncoder;
@@ -181,10 +187,12 @@ public class UserController extends BasicController {
try {
ManagedUser existing = get(userName);
if (existing != null) {
- if (user.getPassword() == null)
+ if (user.getPassword() == null) {
user.setPassword(existing.getPassword());
- if (user.getAuthorities() == null || user.getAuthorities().isEmpty())
+ }
+ if (user.getAuthorities() == null || user.getAuthorities().isEmpty()) {
user.setGrantedAuthorities(existing.getAuthorities());
+ }
}
} catch (UsernameNotFoundException ex) {
// that is OK, we create new
@@ -195,6 +203,8 @@ public class UserController extends BasicController {
completeAuthorities(user);
userService.updateUser(user);
+ // when update user then need to clear authenticated user cache
+ cacheManager.getCache(USER_CACHE).clear();
return get(userName);
}
@@ -237,15 +247,17 @@ public class UserController extends BasicController {
}
private String pwdEncode(String pwd) {
- if (bcryptPattern.matcher(pwd).matches())
+ if (bcryptPattern.matcher(pwd).matches()) {
return pwd;
+ }
return pwdEncoder.encode(pwd);
}
private void checkUserName(String userName) {
- if (userName == null || userName.isEmpty())
+ if (userName == null || userName.isEmpty()) {
throw new BadRequestException("empty user name");
+ }
}
private void checkNewPwdRule(String newPwd) {
@@ -280,8 +292,9 @@ public class UserController extends BasicController {
checkUserName(userName);
UserDetails details = userService.loadUserByUsername(userName);
- if (details == null)
+ if (details == null) {
return null;
+ }
return (ManagedUser) details;
}
@@ -328,6 +341,8 @@ public class UserController extends BasicController {
checkUserName(userName);
userService.deleteUser(userName);
+ // when delete user then need to clear authenticated user cache
+ cacheManager.getCache(USER_CACHE).clear();
return new EnvelopeResponse(ResponseCode.CODE_SUCCESS, userName, "");
}
diff --git a/server-base/src/main/java/org/apache/kylin/rest/security/KylinUserManager.java b/server-base/src/main/java/org/apache/kylin/rest/security/KylinUserManager.java
index afa78b0ab2..15132e84d8 100644
--- a/server-base/src/main/java/org/apache/kylin/rest/security/KylinUserManager.java
+++ b/server-base/src/main/java/org/apache/kylin/rest/security/KylinUserManager.java
@@ -77,10 +77,12 @@ public class KylinUserManager {
public void onEntityChange(Broadcaster broadcaster, String entity, Broadcaster.Event event, String cacheKey)
throws IOException {
try (AutoReadWriteLock.AutoLock l = lock.lockForWrite()) {
- if (event == Broadcaster.Event.DROP)
+ if (event == Broadcaster.Event.DROP) {
userMap.removeLocal(cacheKey);
- else
+ } else {
+ // update metadata
crud.reloadQuietly(cacheKey);
+ }
}
}
}