You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nutch.apache.org by le...@apache.org on 2016/07/13 20:41:14 UTC
nutch git commit: NUTCH-2285 Digest Authentication support for Nutch
2.X REST API.
Repository: nutch
Updated Branches:
refs/heads/2.x 5a1afbaf7 -> 04eb5707e
NUTCH-2285 Digest Authentication support for Nutch 2.X REST API.
Project: http://git-wip-us.apache.org/repos/asf/nutch/repo
Commit: http://git-wip-us.apache.org/repos/asf/nutch/commit/04eb5707
Tree: http://git-wip-us.apache.org/repos/asf/nutch/tree/04eb5707
Diff: http://git-wip-us.apache.org/repos/asf/nutch/diff/04eb5707
Branch: refs/heads/2.x
Commit: 04eb5707e47fc286bee4625a02d79be15c0d0a3e
Parents: 5a1afba
Author: Furkan KAMACI <fu...@gmail.com>
Authored: Wed Jul 13 23:34:46 2016 +0300
Committer: Furkan KAMACI <fu...@gmail.com>
Committed: Wed Jul 13 23:34:46 2016 +0300
----------------------------------------------------------------------
conf/nutch-default.xml | 19 ++++---
src/java/org/apache/nutch/api/NutchServer.java | 59 +++++++++++++-------
.../api/security/AuthenticationTypeEnum.java | 26 +++++++++
3 files changed, 75 insertions(+), 29 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/nutch/blob/04eb5707/conf/nutch-default.xml
----------------------------------------------------------------------
diff --git a/conf/nutch-default.xml b/conf/nutch-default.xml
index 1985dfc..a4fede2 100644
--- a/conf/nutch-default.xml
+++ b/conf/nutch-default.xml
@@ -1437,29 +1437,30 @@
<property>
<name>restapi.auth</name>
- <value>false</value>
+ <value>NONE</value>
<description>
- Whether to enable HTTP basic authentication for communicating with RESTAPI.
+ Configures authentication type for communicating with RESTAPI. Valid values are BASIC, DIGEST and NONE.
+ When no authentication type is defined NONE will be used as default which does not provide security.
Use the restapi.auth.username and restapi.auth.password properties to configure
- your credentials.
+ your credentials if security is used.
</description>
</property>
<property>
<name>restapi.auth.username</name>
- <value>login</value>
+ <value>admin</value>
<description>
- Username for HTTP basic authentication. restapi.auth should be true to use this property.
- "login" is used for username as default.
+ Username for REST API authentication. restapi.auth property should be set to either BASIC or DIGEST to use this property.
+ "nutch" is used for username as default.
</description>
</property>
<property>
<name>restapi.auth.password</name>
- <value>secret</value>
+ <value>nutch</value>
<description>
- Password for HTTP basic authentication. restapi.auth should be true to use this property.
- "secret" is used for password as default.
+ Password for REST API authentication. restapi.auth property should be set to either BASIC or DIGEST to use this property.
+ "nutch" is used for password as default.
</description>
</property>
http://git-wip-us.apache.org/repos/asf/nutch/blob/04eb5707/src/java/org/apache/nutch/api/NutchServer.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/nutch/api/NutchServer.java b/src/java/org/apache/nutch/api/NutchServer.java
index 6af991c..af948cd 100644
--- a/src/java/org/apache/nutch/api/NutchServer.java
+++ b/src/java/org/apache/nutch/api/NutchServer.java
@@ -43,6 +43,7 @@ import org.apache.nutch.api.resources.ConfigResource;
import org.apache.nutch.api.resources.DbResource;
import org.apache.nutch.api.resources.JobResource;
import org.apache.nutch.api.resources.SeedResource;
+import org.apache.nutch.api.security.AuthenticationTypeEnum;
import org.restlet.Component;
import org.restlet.Context;
import org.restlet.data.ChallengeScheme;
@@ -51,6 +52,7 @@ import org.restlet.data.Reference;
import org.restlet.ext.jaxrs.JaxRsApplication;
import org.restlet.resource.ClientResource;
import org.restlet.security.ChallengeAuthenticator;
+import org.restlet.ext.crypto.DigestAuthenticator;
import org.restlet.security.MapVerifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -90,6 +92,10 @@ public class NutchServer extends Application {
* 'INFO' however best attempts should always be made to specify a logging
* level.<br>
* {@link org.apache.nutch.api.NutchServer} can be run as secure. restapi.auth property
+ * should be set to BASIC or DIGEST at <code>nutch-site.xml</code> to enable HTTP basic authentication
+ * or digest authentication when communicating with RESTAPI.
+ * Use restapi.auth.username and restapi.auth.auth.password properties at <code>nutch-site.xml</code> to configure
+ * credentials when security is enabled with restapi.auth property.
* should be set to true at <code>nutch-site.xml</code> to enable HTTP basic authentication
* for communicating with RESTAPI.
* Use the restapi.auth.username and restapi.auth.auth.password properties to configure
@@ -116,28 +122,31 @@ public class NutchServer extends Application {
application.setStatusService(new ErrorStatusService());
childContext.getAttributes().put(NUTCH_SERVER, this);
- boolean isSecure = configManager.get(ConfigResource.DEFAULT).getBoolean("restapi.auth", false);
-
- if (!isSecure) {
- // Attach the application.
- component.getDefaultHost().attach(application);
- return;
+ AuthenticationTypeEnum authenticationType = configManager.get(ConfigResource.DEFAULT).getEnum("restapi.auth", AuthenticationTypeEnum.NONE);
+
+ switch (authenticationType) {
+ case NONE:
+ // Attach the application without security
+ component.getDefaultHost().attach(application);
+ break;
+ case BASIC:
+ ChallengeAuthenticator challengeGuard = new ChallengeAuthenticator(null, ChallengeScheme.HTTP_BASIC, "Nutch REST API Realm");
+ challengeGuard.setVerifier(retrieveServerCredentials());
+ challengeGuard.setNext(application);
+ // Attach the application with HTTP basic authentication security
+ component.getDefaultHost().attach(challengeGuard);
+ break;
+ case DIGEST:
+ DigestAuthenticator digestGuard = new DigestAuthenticator(null, "Nutch REST API Realm", "NutchSecretKey");
+ digestGuard.setWrappedVerifier(retrieveServerCredentials());
+ digestGuard.setNext(application);
+ // Attach the application with digest authentication security
+ component.getDefaultHost().attachDefault(digestGuard);
+ break;
+ default:
+ throw new IllegalStateException("Unsupported Server Security Type!");
}
- // Guard the restlet with BASIC authentication.
- ChallengeAuthenticator guard = new ChallengeAuthenticator(null, ChallengeScheme.HTTP_BASIC, "testRealm");
- // Instantiates a Verifier of identifier/secret couples based on a simple Map.
- MapVerifier mapVerifier = new MapVerifier();
-
- // Load a single static login/secret pair.
- String username = configManager.get(ConfigResource.DEFAULT).get("restapi.auth.username", "login");
- String password = configManager.get(ConfigResource.DEFAULT).get("restapi.auth.password", "secret");
-
- mapVerifier.getLocalSecrets().put(username, password.toCharArray());
- guard.setVerifier(mapVerifier);
- guard.setNext(application);
-
- component.getDefaultHost().attach(guard);
}
@Override
@@ -311,4 +320,14 @@ public class NutchServer extends Application {
options.addOption(OptionBuilder.create(CMD_PORT));
return options;
}
+
+ private MapVerifier retrieveServerCredentials() {
+ MapVerifier mapVerifier = new MapVerifier();
+
+ String username = configManager.get(ConfigResource.DEFAULT).get("restapi.auth.username", "admin");
+ String password = configManager.get(ConfigResource.DEFAULT).get("restapi.auth.password", "nutch");
+ mapVerifier.getLocalSecrets().put(username, password.toCharArray());
+
+ return mapVerifier;
+ }
}
http://git-wip-us.apache.org/repos/asf/nutch/blob/04eb5707/src/java/org/apache/nutch/api/security/AuthenticationTypeEnum.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/nutch/api/security/AuthenticationTypeEnum.java b/src/java/org/apache/nutch/api/security/AuthenticationTypeEnum.java
new file mode 100644
index 0000000..cfbffea
--- /dev/null
+++ b/src/java/org/apache/nutch/api/security/AuthenticationTypeEnum.java
@@ -0,0 +1,26 @@
+/*******************************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ ******************************************************************************/
+package org.apache.nutch.api.security;
+
+/**
+ * Authentication enum which holds authentication types for NutchServer REST API.
+ */
+public enum AuthenticationTypeEnum {
+ BASIC,
+ DIGEST,
+ NONE
+}