You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tinkerpop.apache.org by sp...@apache.org on 2015/09/30 12:51:52 UTC

[1/3] incubator-tinkerpop git commit: Made correction to fix TINKERPOP3-855. Added Test and changed documentation.

Repository: incubator-tinkerpop
Updated Branches:
  refs/heads/tp30 4bcddd7ad -> 9f2973490


Made correction to fix TINKERPOP3-855. Added Test and changed documentation.


Project: http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/commit/39cb42dd
Tree: http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/tree/39cb42dd
Diff: http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/diff/39cb42dd

Branch: refs/heads/tp30
Commit: 39cb42ddde538a33bd7b3b3a0b27428aae2a2276
Parents: ad27fce
Author: Dylan Millikin <dy...@brightzone.fr>
Authored: Wed Sep 30 10:52:56 2015 +0200
Committer: Dylan Millikin <dy...@brightzone.fr>
Committed: Wed Sep 30 11:00:56 2015 +0200

----------------------------------------------------------------------
 docs/src/gremlin-applications.asciidoc            |  2 +-
 .../server/handler/SaslAuthenticationHandler.java | 18 +++++++++++++++++-
 .../server/GremlinServerAuthIntegrateTest.java    | 15 +++++++++++++++
 3 files changed, 33 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/blob/39cb42dd/docs/src/gremlin-applications.asciidoc
----------------------------------------------------------------------
diff --git a/docs/src/gremlin-applications.asciidoc b/docs/src/gremlin-applications.asciidoc
index 88a1c0d..2388f9d 100644
--- a/docs/src/gremlin-applications.asciidoc
+++ b/docs/src/gremlin-applications.asciidoc
@@ -1029,7 +1029,7 @@ Authentication
 
 Gremlin Server supports link:https://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer[SASL-based] authentication.  A SASL implementation provides a series of challenges and responses that a driver must comply with in order to authenticate.  By default, Gremlin Server only supports the "PLAIN" SASL mechanism, which is a cleartext password system.  When authentication is enabled, an incoming request is intercepted before it is evaluated by the `ScriptEngine`.  The request is saved on the server and a `AUTHENTICATE` challenge response (status code `407`) is returned to the client.
 
-The client will detect the `AUTHENTICATE` and respond with an `authentication` for the `op` and an `arg` named `sasl` that contains the password.  The password should be an encoded sequence of UTF-8 bytes, delimited by 0 (US-ASCII NUL), where the form is : `<NUL>username<NUL>password`.  Should Gremlin Server be able to authenticate with the provided credentials, the server will return the results of the original request as it normally does without authentication.  If it cannot authenticate given the challenge response from the client, it will return `UNAUTHORIZED` (status code `401`).
+The client will detect the `AUTHENTICATE` and respond with an `authentication` for the `op` and an `arg` named `sasl` that contains the password.  The password should be either, an encoded sequence of UTF-8 bytes, delimited by 0 (US-ASCII NUL), where the form is : `<NUL>username<NUL>password`, or a Base64 encoded string of the former (which in this instance would be `AHVzZXJuYW1lAHBhc3N3b3Jk`).  Should Gremlin Server be able to authenticate with the provided credentials, the server will return the results of the original request as it normally does without authentication.  If it cannot authenticate given the challenge response from the client, it will return `UNAUTHORIZED` (status code `401`).
 
 NOTE: Gremlin Server does not support the "authorization identity" as described in link:https://tools.ietf.org/html/rfc4616[RFC4616].
 

http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/blob/39cb42dd/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java
----------------------------------------------------------------------
diff --git a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java
index 813cd6c..6dee0e8 100644
--- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java
+++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java
@@ -23,6 +23,7 @@ import io.netty.channel.ChannelHandlerContext;
 import io.netty.channel.ChannelInboundHandlerAdapter;
 import io.netty.util.Attribute;
 import io.netty.util.AttributeKey;
+import java.util.Base64;
 import org.apache.tinkerpop.gremlin.driver.Tokens;
 import org.apache.tinkerpop.gremlin.driver.message.RequestMessage;
 import org.apache.tinkerpop.gremlin.driver.message.ResponseMessage;
@@ -71,7 +72,22 @@ public class SaslAuthenticationHandler extends ChannelInboundHandlerAdapter {
                 ctx.writeAndFlush(authenticate);
             } else {
                 if (requestMessage.getOp().equals(Tokens.OPS_AUTHENTICATION) && requestMessage.getArgs().containsKey(Tokens.ARGS_SASL)) {
-                    final byte[] saslResponse = (byte[]) requestMessage.getArgs().get(Tokens.ARGS_SASL);
+                    
+                    final Object saslObject = requestMessage.getArgs().get(Tokens.ARGS_SASL);
+                    final byte[] saslResponse;
+                    
+                    if (saslObject instanceof byte[]) {
+                        saslResponse = (byte[]) saslObject;
+                    } else if(saslObject instanceof String) {
+                        saslResponse = Base64.getDecoder().decode((String) saslObject);
+                    } else {
+                        final ResponseMessage error = ResponseMessage.build(request.get())
+                                .statusMessage("Incorrect type for : " + Tokens.ARGS_SASL + ". byte[] or String is expected")
+                                .code(ResponseStatusCode.REQUEST_ERROR_MALFORMED_REQUEST).create();
+                        ctx.writeAndFlush(error);
+                        return;
+                    }
+                    
                     try {
                         final byte[] saslMessage = negotiator.get().evaluateResponse(saslResponse);
                         if (negotiator.get().isComplete()) {

http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/blob/39cb42dd/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerAuthIntegrateTest.java
----------------------------------------------------------------------
diff --git a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerAuthIntegrateTest.java b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerAuthIntegrateTest.java
index f9d845d..f0ff50c 100644
--- a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerAuthIntegrateTest.java
+++ b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerAuthIntegrateTest.java
@@ -28,6 +28,7 @@ import org.junit.Test;
 
 import java.util.HashMap;
 import java.util.Map;
+import org.apache.tinkerpop.gremlin.driver.ser.Serializers;
 
 import static org.junit.Assert.assertEquals;
 
@@ -141,4 +142,18 @@ public class GremlinServerAuthIntegrateTest extends AbstractGremlinServerIntegra
             cluster.close();
         }
     }
+    
+    @Test
+    public void shouldAuthenticateWithPlainTextOverJSONSerialization() throws Exception {
+        final Cluster cluster = Cluster.build().serializer(Serializers.GRAPHSON).credentials("stephen", "password").create();
+        final Client client = cluster.connect();
+
+        try {
+            assertEquals(2, client.submit("1+1").all().get().get(0).getInt());
+            assertEquals(3, client.submit("1+2").all().get().get(0).getInt());
+            assertEquals(4, client.submit("1+3").all().get().get(0).getInt());
+        } finally {
+            cluster.close();
+        }
+    }
 }

[2/3] incubator-tinkerpop git commit: Merge branch 'TINKERPOP3-855-json-auth' of https://github.com/PommeVerte/incubator-tinkerpop into TINKERPOP3-855

Posted by sp...@apache.org.

Merge branch 'TINKERPOP3-855-json-auth' of https://github.com/PommeVerte/incubator-tinkerpop into TINKERPOP3-855


Project: http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/commit/4c37440d
Tree: http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/tree/4c37440d
Diff: http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/diff/4c37440d

Branch: refs/heads/tp30
Commit: 4c37440d30093beaf42aaa9663dd7acc0652ee43
Parents: 4bcddd7 39cb42d
Author: Stephen Mallette <sp...@genoprime.com>
Authored: Wed Sep 30 06:39:57 2015 -0400
Committer: Stephen Mallette <sp...@genoprime.com>
Committed: Wed Sep 30 06:39:57 2015 -0400

----------------------------------------------------------------------
 docs/src/gremlin-applications.asciidoc            |  2 +-
 .../server/handler/SaslAuthenticationHandler.java | 18 +++++++++++++++++-
 .../server/GremlinServerAuthIntegrateTest.java    | 15 +++++++++++++++
 3 files changed, 33 insertions(+), 2 deletions(-)
----------------------------------------------------------------------

[3/3] incubator-tinkerpop git commit: Added an extra test for typed GraphSON sasl authentication.

Posted by sp...@apache.org.

Added an extra test for typed GraphSON sasl authentication.


Project: http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/commit/9f297349
Tree: http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/tree/9f297349
Diff: http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/diff/9f297349

Branch: refs/heads/tp30
Commit: 9f2973490fb7c2049f05c7f6941de2dd712fe4f8
Parents: 4c37440
Author: Stephen Mallette <sp...@genoprime.com>
Authored: Wed Sep 30 06:48:40 2015 -0400
Committer: Stephen Mallette <sp...@genoprime.com>
Committed: Wed Sep 30 06:48:40 2015 -0400

----------------------------------------------------------------------
 .../server/GremlinServerAuthIntegrateTest.java        | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/blob/9f297349/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerAuthIntegrateTest.java
----------------------------------------------------------------------
diff --git a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerAuthIntegrateTest.java b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerAuthIntegrateTest.java
index f0ff50c..39ec6c1 100644
--- a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerAuthIntegrateTest.java
+++ b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerAuthIntegrateTest.java
@@ -156,4 +156,18 @@ public class GremlinServerAuthIntegrateTest extends AbstractGremlinServerIntegra
             cluster.close();
         }
     }
+
+    @Test
+    public void shouldAuthenticateWithPlainTextOverGraphSONSerialization() throws Exception {
+        final Cluster cluster = Cluster.build().serializer(Serializers.GRAPHSON_V1D0).credentials("stephen", "password").create();
+        final Client client = cluster.connect();
+
+        try {
+            assertEquals(2, client.submit("1+1").all().get().get(0).getInt());
+            assertEquals(3, client.submit("1+2").all().get().get(0).getInt());
+            assertEquals(4, client.submit("1+3").all().get().get(0).getInt());
+        } finally {
+            cluster.close();
+        }
+    }
 }