You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by zi...@apache.org on 2022/10/16 15:11:17 UTC
[pulsar] branch branch-2.9 updated: [improve][authentication] Improve get the basic authentication config (#16944)
This is an automated email from the ASF dual-hosted git repository.
zixuan pushed a commit to branch branch-2.9
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/branch-2.9 by this push:
new 88d7cf2969a [improve][authentication] Improve get the basic authentication config (#16944)
88d7cf2969a is described below
commit 88d7cf2969a48914ea48159766693478cfb24bf8
Author: Zixuan Liu <no...@gmail.com>
AuthorDate: Sun Oct 16 23:11:06 2022 +0800
[improve][authentication] Improve get the basic authentication config (#16944)
Signed-off-by: Zixuan Liu <no...@gmail.com>
---
conf/broker.conf | 7 ++
conf/proxy.conf | 7 ++
conf/standalone.conf | 6 ++
.../AuthenticationProviderBasic.java | 57 ++++++++---
.../AuthenticationProviderBasicTest.java | 104 +++++++++++++++++++++
.../test/resources/authentication/basic/.htpasswd | 2 +
.../java/org/apache/pulsar/client/api/url/URL.java | 11 +++
7 files changed, 179 insertions(+), 15 deletions(-)
diff --git a/conf/broker.conf b/conf/broker.conf
index 0fd9bbaba8d..46413ad824f 100644
--- a/conf/broker.conf
+++ b/conf/broker.conf
@@ -715,6 +715,13 @@ athenzDomainNames=
# When this parameter is not empty, unauthenticated users perform as anonymousUserRole
anonymousUserRole=
+## Configure the datasource of basic authenticate, supports the file and Base64 format.
+# file:
+# basicAuthConf=/path/my/.htpasswd
+# use Base64 to encode the contents of .htpasswd:
+# basicAuthConf=YOUR-BASE64-DATA
+basicAuthConf=
+
### --- Token Authentication Provider --- ###
## Symmetric key
diff --git a/conf/proxy.conf b/conf/proxy.conf
index 2454b9bf20c..77ab31b80cf 100644
--- a/conf/proxy.conf
+++ b/conf/proxy.conf
@@ -238,6 +238,13 @@ httpRequestsLimitEnabled=false
httpRequestsMaxPerSecond=100.0
+## Configure the datasource of basic authenticate, supports the file and Base64 format.
+# file:
+# basicAuthConf=/path/my/.htpasswd
+# use Base64 to encode the contents of .htpasswd:
+# basicAuthConf=YOUR-BASE64-DATA
+basicAuthConf=
+
### --- Token Authentication Provider --- ###
## Symmetric key
diff --git a/conf/standalone.conf b/conf/standalone.conf
index 08742a43cd5..67c0c6b89fa 100644
--- a/conf/standalone.conf
+++ b/conf/standalone.conf
@@ -469,6 +469,12 @@ athenzDomainNames=
# When this parameter is not empty, unauthenticated users perform as anonymousUserRole
anonymousUserRole=
+## Configure the datasource of basic authenticate, supports the file and Base64 format.
+# file:
+# basicAuthConf=/path/my/.htpasswd
+# use Base64 to encode the contents of .htpasswd:
+# basicAuthConf=YOUR-BASE64-DATA
+basicAuthConf=
### --- Token Authentication Provider --- ###
diff --git a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationProviderBasic.java b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationProviderBasic.java
index 46c1e3a36de..9f6bacf7298 100644
--- a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationProviderBasic.java
+++ b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationProviderBasic.java
@@ -19,28 +19,32 @@
package org.apache.pulsar.broker.authentication;
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.net.URISyntaxException;
+import java.nio.file.Files;
+import java.nio.file.Paths;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import javax.naming.AuthenticationException;
+import lombok.Cleanup;
import org.apache.commons.codec.digest.Crypt;
import org.apache.commons.codec.digest.Md5Crypt;
+import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.pulsar.broker.ServiceConfiguration;
-
-import lombok.Cleanup;
import org.apache.pulsar.broker.authentication.metrics.AuthenticationMetrics;
-
-import javax.naming.AuthenticationException;
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.FileReader;
-import java.io.IOException;
+import org.apache.pulsar.client.api.url.URL;
public class AuthenticationProviderBasic implements AuthenticationProvider {
private static final String HTTP_HEADER_NAME = "Authorization";
private static final String CONF_SYSTEM_PROPERTY_KEY = "pulsar.auth.basic.conf";
+ private static final String CONF_PULSAR_PROPERTY_KEY = "basicAuthConf";
private Map<String, String> users;
@Override
@@ -48,16 +52,38 @@ public class AuthenticationProviderBasic implements AuthenticationProvider {
// noop
}
+ public static byte[] readData(String data)
+ throws IOException, URISyntaxException, InstantiationException, IllegalAccessException {
+ if (data.startsWith("data:") || data.startsWith("file:")) {
+ return IOUtils.toByteArray(URL.createURL(data));
+ } else if (Files.exists(Paths.get(data))) {
+ return Files.readAllBytes(Paths.get(data));
+ } else if (org.apache.commons.codec.binary.Base64.isBase64(data)) {
+ return Base64.getDecoder().decode(data);
+ } else {
+ String msg = "Not supported config";
+ throw new IllegalArgumentException(msg);
+ }
+ }
+
@Override
public void initialize(ServiceConfiguration config) throws IOException {
- File confFile = new File(System.getProperty(CONF_SYSTEM_PROPERTY_KEY));
- if (!confFile.exists()) {
- throw new IOException("The password auth conf file does not exist");
- } else if (!confFile.isFile()) {
- throw new IOException("The path is not a file");
+ String data = config.getProperties().getProperty(CONF_PULSAR_PROPERTY_KEY);
+ if (StringUtils.isEmpty(data)) {
+ data = System.getProperty(CONF_SYSTEM_PROPERTY_KEY);
+ }
+ if (StringUtils.isEmpty(data)) {
+ throw new IOException("No basic authentication config provided");
+ }
+
+ @Cleanup BufferedReader reader = null;
+ try {
+ byte[] bytes = readData(data);
+ reader = new BufferedReader(new InputStreamReader(new ByteArrayInputStream(bytes)));
+ } catch (Exception e) {
+ throw new IllegalArgumentException(e);
}
- @Cleanup BufferedReader reader = new BufferedReader(new FileReader(confFile));
users = new HashMap<>();
for (String line : reader.lines().toArray(s -> new String[s])) {
List<String> splitLine = Arrays.asList(line.split(":"));
@@ -99,7 +125,8 @@ public class AuthenticationProviderBasic implements AuthenticationProvider {
throw new AuthenticationException(msg);
}
} catch (AuthenticationException exception) {
- AuthenticationMetrics.authenticateFailure(getClass().getSimpleName(), getAuthMethodName(), exception.getMessage());
+ AuthenticationMetrics.authenticateFailure(getClass().getSimpleName(), getAuthMethodName(),
+ exception.getMessage());
throw exception;
}
AuthenticationMetrics.authenticateSuccess(getClass().getSimpleName(), getAuthMethodName());
diff --git a/pulsar-broker-common/src/test/java/org/apache/pulsar/broker/authentication/AuthenticationProviderBasicTest.java b/pulsar-broker-common/src/test/java/org/apache/pulsar/broker/authentication/AuthenticationProviderBasicTest.java
new file mode 100644
index 00000000000..ef7dca23e55
--- /dev/null
+++ b/pulsar-broker-common/src/test/java/org/apache/pulsar/broker/authentication/AuthenticationProviderBasicTest.java
@@ -0,0 +1,104 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.pulsar.broker.authentication;
+
+import static org.testng.Assert.assertEquals;
+import com.google.common.io.Resources;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.util.Base64;
+import java.util.Properties;
+import javax.naming.AuthenticationException;
+import lombok.Cleanup;
+import org.apache.pulsar.broker.ServiceConfiguration;
+import org.apache.pulsar.common.api.AuthData;
+import org.testng.annotations.Test;
+
+public class AuthenticationProviderBasicTest {
+ private final String basicAuthConf = Resources.getResource("authentication/basic/.htpasswd").getPath();
+ private final String basicAuthConfBase64 = Base64.getEncoder().encodeToString(Files.readAllBytes(Paths.get(basicAuthConf)));
+
+ public AuthenticationProviderBasicTest() throws IOException {
+ }
+
+ private void testAuthenticate(AuthenticationProviderBasic provider) throws AuthenticationException {
+ AuthData authData = AuthData.of("superUser2:superpassword".getBytes(StandardCharsets.UTF_8));
+ provider.newAuthState(authData, null, null);
+ }
+
+ @Test
+ public void testLoadFileFromPulsarProperties() throws Exception {
+ @Cleanup
+ AuthenticationProviderBasic provider = new AuthenticationProviderBasic();
+ ServiceConfiguration serviceConfiguration = new ServiceConfiguration();
+ Properties properties = new Properties();
+ properties.setProperty("basicAuthConf", basicAuthConf);
+ serviceConfiguration.setProperties(properties);
+ provider.initialize(serviceConfiguration);
+ testAuthenticate(provider);
+ }
+
+ @Test
+ public void testLoadBase64FromPulsarProperties() throws Exception {
+ @Cleanup
+ AuthenticationProviderBasic provider = new AuthenticationProviderBasic();
+ ServiceConfiguration serviceConfiguration = new ServiceConfiguration();
+ Properties properties = new Properties();
+ properties.setProperty("basicAuthConf", basicAuthConfBase64);
+ serviceConfiguration.setProperties(properties);
+ provider.initialize(serviceConfiguration);
+ testAuthenticate(provider);
+ }
+
+ @Test
+ public void testLoadFileFromSystemProperties() throws Exception {
+ @Cleanup
+ AuthenticationProviderBasic provider = new AuthenticationProviderBasic();
+ ServiceConfiguration serviceConfiguration = new ServiceConfiguration();
+ System.setProperty("pulsar.auth.basic.conf", basicAuthConf);
+ provider.initialize(serviceConfiguration);
+ testAuthenticate(provider);
+ }
+
+ @Test
+ public void testLoadBase64FromSystemProperties() throws Exception {
+ @Cleanup
+ AuthenticationProviderBasic provider = new AuthenticationProviderBasic();
+ ServiceConfiguration serviceConfiguration = new ServiceConfiguration();
+ System.setProperty("pulsar.auth.basic.conf", basicAuthConfBase64);
+ provider.initialize(serviceConfiguration);
+ testAuthenticate(provider);
+ }
+
+ @Test
+ public void testReadData() throws Exception {
+ byte[] data = Files.readAllBytes(Paths.get(basicAuthConf));
+ String base64Data = Base64.getEncoder().encodeToString(data);
+
+ // base64 format
+ assertEquals(AuthenticationProviderBasic.readData("data:;base64," + base64Data), data);
+ assertEquals(AuthenticationProviderBasic.readData(base64Data), data);
+
+ // file format
+ assertEquals(AuthenticationProviderBasic.readData("file://" + basicAuthConf), data);
+ assertEquals(AuthenticationProviderBasic.readData(basicAuthConf), data);
+ }
+}
diff --git a/pulsar-broker-common/src/test/resources/authentication/basic/.htpasswd b/pulsar-broker-common/src/test/resources/authentication/basic/.htpasswd
new file mode 100644
index 00000000000..b1a099a5f0e
--- /dev/null
+++ b/pulsar-broker-common/src/test/resources/authentication/basic/.htpasswd
@@ -0,0 +1,2 @@
+superUser:mQQQIsyvvKRtU
+superUser2:$apr1$foobarmq$kuSZlLgOITksCkRgl57ie/
diff --git a/pulsar-common/src/main/java/org/apache/pulsar/client/api/url/URL.java b/pulsar-common/src/main/java/org/apache/pulsar/client/api/url/URL.java
index b2037377d2f..3286900ecb7 100644
--- a/pulsar-common/src/main/java/org/apache/pulsar/client/api/url/URL.java
+++ b/pulsar-common/src/main/java/org/apache/pulsar/client/api/url/URL.java
@@ -42,6 +42,17 @@ public class URL {
}
}
+ /**
+ * Creates java.net.URL with data protocol support.
+ *
+ * @param spec the input URL as String
+ * @return java.net.URL instance
+ */
+ public static final java.net.URL createURL(String spec)
+ throws MalformedURLException, URISyntaxException, InstantiationException, IllegalAccessException {
+ return new URL(spec).url;
+ }
+
public URLConnection openConnection() throws IOException {
return this.url.openConnection();
}