You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@atlas.apache.org by yh...@apache.org on 2016/05/09 09:19:05 UTC
incubator-atlas git commit: ATLAS-661 REST API Authentication
(nixonrodrigues via yhemanth)
Repository: incubator-atlas
Updated Branches:
refs/heads/master 1ddf3137b -> 34f51a2a2
ATLAS-661 REST API Authentication (nixonrodrigues via yhemanth)
Project: http://git-wip-us.apache.org/repos/asf/incubator-atlas/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-atlas/commit/34f51a2a
Tree: http://git-wip-us.apache.org/repos/asf/incubator-atlas/tree/34f51a2a
Diff: http://git-wip-us.apache.org/repos/asf/incubator-atlas/diff/34f51a2a
Branch: refs/heads/master
Commit: 34f51a2a233c43e797a4d355e82f86b1e8332cc9
Parents: 1ddf313
Author: Hemanth Yamijala <hy...@hortonworks.com>
Authored: Mon May 9 14:48:44 2016 +0530
Committer: Hemanth Yamijala <hy...@hortonworks.com>
Committed: Mon May 9 14:48:44 2016 +0530
----------------------------------------------------------------------
.../atlas/hive/bridge/HiveMetaStoreBridge.java | 14 ++-
.../java/org/apache/atlas/AtlasAdminClient.java | 11 +-
.../main/java/org/apache/atlas/AtlasClient.java | 32 +++++-
.../apache/atlas/utils/AuthenticationUtil.java | 73 ++++++++++++
dashboardv2/public/js/utils/Utils.js | 29 +----
distro/src/conf/users-credentials.properties | 7 +-
release-log.txt | 1 +
.../org/apache/atlas/examples/QuickStart.java | 27 ++++-
.../java/org/apache/atlas/web/dao/UserDao.java | 61 ++++++++--
.../filters/AtlasAuthenticationEntryPoint.java | 16 ++-
.../security/AtlasADAuthenticationProvider.java | 51 +--------
.../AtlasAbstractAuthenticationProvider.java | 2 +-
.../security/AtlasAuthenticationProvider.java | 33 ++++--
.../AtlasFileAuthenticationProvider.java | 13 ++-
.../AtlasLdapAuthenticationProvider.java | 7 +-
webapp/src/main/resources/atlas-admin-site.xml | 16 ++-
webapp/src/main/resources/spring-security.xml | 113 +++++++++----------
webapp/src/main/webapp/WEB-INF/web.xml | 18 +--
.../org/apache/atlas/examples/QuickStartIT.java | 3 +-
.../atlas/web/resources/BaseResourceIT.java | 8 +-
.../web/security/FileAuthenticationTest.java | 60 +++++++++-
.../security/NegativeSSLAndKerberosTest.java | 11 +-
.../atlas/web/security/SSLAndKerberosTest.java | 3 +-
.../apache/atlas/web/security/UserDaoTest.java | 15 ++-
24 files changed, 424 insertions(+), 200 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/34f51a2a/addons/hive-bridge/src/main/java/org/apache/atlas/hive/bridge/HiveMetaStoreBridge.java
----------------------------------------------------------------------
diff --git a/addons/hive-bridge/src/main/java/org/apache/atlas/hive/bridge/HiveMetaStoreBridge.java b/addons/hive-bridge/src/main/java/org/apache/atlas/hive/bridge/HiveMetaStoreBridge.java
index d4212a1..8768250 100755
--- a/addons/hive-bridge/src/main/java/org/apache/atlas/hive/bridge/HiveMetaStoreBridge.java
+++ b/addons/hive-bridge/src/main/java/org/apache/atlas/hive/bridge/HiveMetaStoreBridge.java
@@ -32,6 +32,7 @@ import org.apache.atlas.typesystem.Struct;
import org.apache.atlas.typesystem.json.InstanceSerialization;
import org.apache.atlas.typesystem.json.TypesSerialization;
import org.apache.atlas.typesystem.persistence.Id;
+import org.apache.atlas.utils.AuthenticationUtil;
import org.apache.commons.configuration.Configuration;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.api.Database;
@@ -43,12 +44,12 @@ import org.apache.hadoop.hive.metastore.api.hive_metastoreConstants;
import org.apache.hadoop.hive.ql.metadata.Hive;
import org.apache.hadoop.hive.ql.metadata.HiveException;
import org.apache.hadoop.hive.ql.metadata.Table;
+import org.apache.hadoop.security.UserGroupInformation;
import org.codehaus.jettison.json.JSONArray;
import org.codehaus.jettison.json.JSONException;
import org.codehaus.jettison.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
@@ -533,9 +534,18 @@ public class HiveMetaStoreBridge {
}
public static void main(String[] argv) throws Exception {
+
Configuration atlasConf = ApplicationProperties.get();
String atlasEndpoint = atlasConf.getString(ATLAS_ENDPOINT, DEFAULT_DGI_URL);
- AtlasClient atlasClient = new AtlasClient(atlasEndpoint);
+ AtlasClient atlasClient;
+
+ if (!AuthenticationUtil.isKerberosAuthicationEnabled()) {
+ String[] basicAuthUsernamePassword = AuthenticationUtil.getBasicAuthenticationInput();
+ atlasClient = new AtlasClient(new String[]{atlasEndpoint}, basicAuthUsernamePassword);
+ } else {
+ UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
+ atlasClient = new AtlasClient(ugi, ugi.getShortUserName(), atlasEndpoint);
+ }
HiveMetaStoreBridge hiveMetaStoreBridge = new HiveMetaStoreBridge(new HiveConf(), atlasClient);
hiveMetaStoreBridge.registerHiveDataModel();
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/34f51a2a/client/src/main/java/org/apache/atlas/AtlasAdminClient.java
----------------------------------------------------------------------
diff --git a/client/src/main/java/org/apache/atlas/AtlasAdminClient.java b/client/src/main/java/org/apache/atlas/AtlasAdminClient.java
index d2ae7f0..ec750c8 100644
--- a/client/src/main/java/org/apache/atlas/AtlasAdminClient.java
+++ b/client/src/main/java/org/apache/atlas/AtlasAdminClient.java
@@ -18,6 +18,7 @@
package org.apache.atlas;
+import org.apache.atlas.utils.AuthenticationUtil;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.CommandLineParser;
import org.apache.commons.cli.GnuParser;
@@ -27,6 +28,7 @@ import org.apache.commons.cli.Options;
import org.apache.commons.cli.ParseException;
import org.apache.commons.configuration.Configuration;
+
/**
* An application that allows users to run admin commands against an Atlas server.
*
@@ -60,7 +62,14 @@ public class AtlasAdminClient {
Configuration configuration = ApplicationProperties.get();
String atlasServerUri = configuration.getString(
AtlasConstants.ATLAS_REST_ADDRESS_KEY, AtlasConstants.DEFAULT_ATLAS_REST_ADDRESS);
- AtlasClient atlasClient = new AtlasClient(atlasServerUri);
+
+ AtlasClient atlasClient = null;
+ if (!AuthenticationUtil.isKerberosAuthicationEnabled()) {
+ String[] basicAuthUsernamePassword = AuthenticationUtil.getBasicAuthenticationInput();
+ atlasClient = new AtlasClient(new String[]{atlasServerUri}, basicAuthUsernamePassword);
+ } else {
+ atlasClient = new AtlasClient(atlasServerUri, null, null);
+ }
return handleCommand(commandLine, atlasServerUri, atlasClient);
}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/34f51a2a/client/src/main/java/org/apache/atlas/AtlasClient.java
----------------------------------------------------------------------
diff --git a/client/src/main/java/org/apache/atlas/AtlasClient.java b/client/src/main/java/org/apache/atlas/AtlasClient.java
index 234af5b..b3ec95c 100755
--- a/client/src/main/java/org/apache/atlas/AtlasClient.java
+++ b/client/src/main/java/org/apache/atlas/AtlasClient.java
@@ -36,6 +36,7 @@ import org.apache.atlas.typesystem.types.AttributeDefinition;
import org.apache.atlas.typesystem.types.HierarchicalTypeDefinition;
import org.apache.atlas.typesystem.types.TraitType;
import org.apache.atlas.typesystem.types.utils.TypesUtil;
+import org.apache.atlas.utils.AuthenticationUtil;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.security.UserGroupInformation;
@@ -44,7 +45,6 @@ import org.codehaus.jettison.json.JSONException;
import org.codehaus.jettison.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-
import javax.ws.rs.HttpMethod;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@@ -55,7 +55,7 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
-
+import com.sun.jersey.api.client.filter.HTTPBasicAuthFilter;
import static org.apache.atlas.security.SecurityProperties.TLS_ENABLED;
/**
@@ -125,6 +125,16 @@ public class AtlasClient {
private WebResource service;
private AtlasClientContext atlasClientContext;
private Configuration configuration;
+ private String basicAuthUser;
+ private String basicAuthPassword;
+
+
+ // New constuctor for Basic auth
+ public AtlasClient(String[] baseUrl, String[] basicAuthUserNamepassword) {
+ this.basicAuthUser = basicAuthUserNamepassword[0];
+ this.basicAuthPassword = basicAuthUserNamepassword[1];
+ initializeState(baseUrl, null, null);
+ }
/**
* Create a new Atlas client.
@@ -170,6 +180,12 @@ public class AtlasClient {
private void initializeState(String[] baseUrls, UserGroupInformation ugi, String doAsUser) {
configuration = getClientProperties();
Client client = getClient(configuration, ugi, doAsUser);
+
+ if ((!AuthenticationUtil.isKerberosAuthicationEnabled()) && basicAuthUser!=null && basicAuthPassword!=null) {
+ final HTTPBasicAuthFilter authFilter = new HTTPBasicAuthFilter(basicAuthUser, basicAuthPassword);
+ client.addFilter(authFilter);
+ }
+
String activeServiceUrl = determineActiveServiceURL(baseUrls, client);
atlasClientContext = new AtlasClientContext(baseUrls, client, ugi, doAsUser);
service = client.resource(UriBuilder.fromUri(activeServiceUrl).build());
@@ -195,9 +211,14 @@ public class AtlasClient {
LOG.info("Error processing client configuration.", e);
}
- URLConnectionClientHandler handler =
- SecureClientUtils.getClientConnectionHandler(config, clientConfig, doAsUser, ugi);
+ URLConnectionClientHandler handler = null;
+ if ((!AuthenticationUtil.isKerberosAuthicationEnabled()) && basicAuthUser!=null && basicAuthPassword!=null) {
+ handler = new URLConnectionClientHandler();
+ } else {
+ handler =
+ SecureClientUtils.getClientConnectionHandler(config, clientConfig, doAsUser, ugi);
+ }
Client client = new Client(handler, config);
client.setReadTimeout(readTimeout);
client.setConnectTimeout(connectTimeout);
@@ -1049,6 +1070,8 @@ public class AtlasClient {
public AtlasClientContext(String[] baseUrls, Client client, UserGroupInformation ugi, String doAsUser) {
this.baseUrls = baseUrls;
this.client = client;
+ this.ugi = ugi;
+ this.doAsUser = doAsUser;
}
public Client getClient() {
@@ -1068,4 +1091,5 @@ public class AtlasClient {
}
}
+
}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/34f51a2a/common/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java
----------------------------------------------------------------------
diff --git a/common/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java b/common/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java
new file mode 100644
index 0000000..f8e22f0
--- /dev/null
+++ b/common/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java
@@ -0,0 +1,73 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.atlas.utils;
+
+import org.apache.atlas.ApplicationProperties;
+import org.apache.atlas.AtlasException;
+import org.apache.commons.configuration.Configuration;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.BufferedReader;
+import java.io.InputStreamReader;
+
+/**
+ * Util class for Authentication.
+ */
+public final class AuthenticationUtil {
+ private static final Logger LOG = LoggerFactory.getLogger(AuthenticationUtil.class);
+
+ private AuthenticationUtil() {
+ }
+
+ public static boolean isKerberosAuthicationEnabled() {
+ boolean isKerberosAuthicationEnabled = false;
+ try {
+ Configuration atlasConf = ApplicationProperties.get();
+
+ if ("true".equalsIgnoreCase(atlasConf.getString("atlas.http.authentication.enabled"))
+ && "kerberos".equalsIgnoreCase(atlasConf.getString("atlas.http.authentication.type"))) {
+ isKerberosAuthicationEnabled = true;
+ } else {
+ isKerberosAuthicationEnabled = false;
+ }
+
+ } catch (AtlasException e) {
+ LOG.error("Error while isKerberosAuthicationEnabled ", e);
+ }
+ return isKerberosAuthicationEnabled;
+ }
+
+ public static String[] getBasicAuthenticationInput() {
+ String username = null;
+ String password = null;
+
+ try {
+ BufferedReader bufferRead = new BufferedReader(new InputStreamReader(System.in));
+ System.out.println("Enter username for atlas :-");
+ username = bufferRead.readLine();
+ System.out.println("Enter password for atlas :-");
+ password = bufferRead.readLine();
+ } catch (Exception e) {
+ System.out.print("Error while reading ");
+ System.exit(1);
+ }
+ return new String[]{username, password};
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/34f51a2a/dashboardv2/public/js/utils/Utils.js
----------------------------------------------------------------------
diff --git a/dashboardv2/public/js/utils/Utils.js b/dashboardv2/public/js/utils/Utils.js
index 7b2db79..3892c72 100644
--- a/dashboardv2/public/js/utils/Utils.js
+++ b/dashboardv2/public/js/utils/Utils.js
@@ -74,31 +74,12 @@
});
};
Utils.defaultErrorHandler = function(model, error) {
- /*
- require(['views/common/ErrorView', 'App'], function(vError, App) {
- if (error.status == 404) {
- App.rContent.show(new vError({
- status: error.status
- }));
- } else if (error.status == 401) {
- App.rContent.show(new vError({
- status: error.status
- }));
- } else if (error.status == 419) {
- window.location = 'login.jsp'
- } else if (error.status == "0") {
- var diffTime = (new Date().getTime() - prevNetworkErrorTime);
- if (diffTime > 3000) {
- prevNetworkErrorTime = new Date().getTime();
- Utils.notifyError({
- content: "Network Connection Failure : " +
- "It seems you are not connected to the internet. Please check your internet connection and try again"
- })
+ if (error.status == 401) {
+ window.location = '/login.jsp'
+ } else if (error.status == 419) {
+ window.location = '/login.jsp'
+ }
- }
- }
- });
- */
};
Utils.localStorage = {
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/34f51a2a/distro/src/conf/users-credentials.properties
----------------------------------------------------------------------
diff --git a/distro/src/conf/users-credentials.properties b/distro/src/conf/users-credentials.properties
index 94e7cf4..212d018 100644
--- a/distro/src/conf/users-credentials.properties
+++ b/distro/src/conf/users-credentials.properties
@@ -1,3 +1,4 @@
-#username=password
-admin=admin
-user=user123
+#username=group::sha256-password
+admin=ADMIN::8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
+michael=DATA_SCIENTIST::95bfb24de17d285d734b9eaa9109bfe922adc85f20d2e5e66a78bddb4a4ebddb
+paul=DATA_STEWARD::e7c0dcf5f8a93e93791e9bac1ae454a691c1d2a902fc4256d489e96c1b9ac68c
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/34f51a2a/release-log.txt
----------------------------------------------------------------------
diff --git a/release-log.txt b/release-log.txt
index d94857e..4bacdfb 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -3,6 +3,7 @@ Apache Atlas Release Notes
--trunk - unreleased
INCOMPATIBLE CHANGES:
+ATLAS-661 REST API Authentication (nixonrodrigues via yhemanth)
ATLAS-672 UI: Make dashboard v2 the default UI implementation (bergenholtz via yhemanth)
ATLAS-532 Change Data types of all timestamps in Hive model(currently long)(sumasai via yhemanth)
ATLAS-622 Introduce soft delete (shwethags)
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/34f51a2a/webapp/src/main/java/org/apache/atlas/examples/QuickStart.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/examples/QuickStart.java b/webapp/src/main/java/org/apache/atlas/examples/QuickStart.java
index 64e6e92..70dce6b 100755
--- a/webapp/src/main/java/org/apache/atlas/examples/QuickStart.java
+++ b/webapp/src/main/java/org/apache/atlas/examples/QuickStart.java
@@ -18,6 +18,7 @@
package org.apache.atlas.examples;
+import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
@@ -39,9 +40,9 @@ import org.apache.atlas.typesystem.types.Multiplicity;
import org.apache.atlas.typesystem.types.StructTypeDefinition;
import org.apache.atlas.typesystem.types.TraitType;
import org.apache.atlas.typesystem.types.utils.TypesUtil;
+import org.apache.atlas.utils.AuthenticationUtil;
import org.apache.commons.configuration.Configuration;
import org.codehaus.jettison.json.JSONArray;
-
import java.util.List;
/**
@@ -70,8 +71,24 @@ public class QuickStart {
public static final String INPUT_TABLES_ATTRIBUTE = "inputTables";
public static void main(String[] args) throws Exception {
+ String[] basicAuthUsernamePassword = null;
+ if (!AuthenticationUtil.isKerberosAuthicationEnabled()) {
+ basicAuthUsernamePassword = AuthenticationUtil.getBasicAuthenticationInput();
+ }
+
+ runQuickstart(args, basicAuthUsernamePassword);
+ }
+
+ @VisibleForTesting
+ static void runQuickstart(String[] args, String[] basicAuthUsernamePassword) throws Exception {
String baseUrl = getServerUrl(args);
- QuickStart quickStart = new QuickStart(baseUrl);
+ QuickStart quickStart;
+
+ if (!AuthenticationUtil.isKerberosAuthicationEnabled()) {
+ quickStart = new QuickStart(baseUrl, basicAuthUsernamePassword);
+ } else {
+ quickStart = new QuickStart(baseUrl);
+ }
// Shows how to create types in Atlas for your meta model
quickStart.createTypes();
@@ -111,11 +128,17 @@ public class QuickStart {
private final AtlasClient metadataServiceClient;
+ QuickStart(String baseUrl,String[] basicAuthUsernamePassword) {
+ String[] urls = baseUrl.split(",");
+ metadataServiceClient = new AtlasClient(urls,basicAuthUsernamePassword);
+ }
+
QuickStart(String baseUrl) throws AtlasException {
String[] urls = baseUrl.split(",");
metadataServiceClient = new AtlasClient(urls);
}
+
void createTypes() throws Exception {
TypesDef typesDef = createTypeDefinitions();
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/34f51a2a/webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java b/webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java
index 76784c4..f1ceee2 100644
--- a/webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java
+++ b/webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java
@@ -20,8 +20,11 @@ package org.apache.atlas.web.dao;
import com.google.common.annotations.VisibleForTesting;
import java.io.FileInputStream;
import java.io.IOException;
+import java.util.ArrayList;
import java.util.Properties;
+import java.util.List;
import javax.annotation.PostConstruct;
+import org.apache.atlas.web.security.AtlasAuthenticationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Repository;
@@ -29,7 +32,13 @@ import org.apache.atlas.ApplicationProperties;
import org.apache.atlas.AtlasException;
import org.apache.atlas.web.model.User;
import org.apache.commons.configuration.Configuration;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import java.security.MessageDigest;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.util.StringUtils;
+
@Repository
public class UserDao {
@@ -65,21 +74,59 @@ public class UserDao {
}
public User loadUserByUsername(final String username)
- throws UsernameNotFoundException {
- String password = userLogins.getProperty(username);
- if (password == null || password.isEmpty()) {
+ throws AuthenticationException {
+ String userdetailsStr = userLogins.getProperty(username);
+ if (userdetailsStr == null || userdetailsStr.isEmpty()) {
throw new UsernameNotFoundException("Username not found."
+ username);
}
- User user = new User();
- user.setUsername(username);
- user.setPassword(password);
- return user;
+ String password = "";
+ String role = "";
+ String dataArr[] = userdetailsStr.split("::");
+ if (dataArr != null && dataArr.length == 2) {
+ role = dataArr[0];
+ password = dataArr[1];
+ } else {
+ LOG.error("User role credentials is not set properly for " + username);
+ throw new AtlasAuthenticationException("User role credentials is not set properly for " + username );
+ }
+
+ List<GrantedAuthority> grantedAuths = new ArrayList<GrantedAuthority>();
+ if (StringUtils.hasText(role)) {
+ grantedAuths.add(new SimpleGrantedAuthority(role));
+ } else {
+ LOG.error("User role credentials is not set properly for " + username);
+ throw new AtlasAuthenticationException("User role credentials is not set properly for " + username );
+ }
+
+ User userDetails = new User(username, password, grantedAuths);
+
+ return userDetails;
}
+
@VisibleForTesting
public void setUserLogins(Properties userLogins) {
this.userLogins = userLogins;
}
+
+ public static String getSha256Hash(String base) throws AtlasAuthenticationException {
+ try {
+ MessageDigest digest = MessageDigest.getInstance("SHA-256");
+ byte[] hash = digest.digest(base.getBytes("UTF-8"));
+ StringBuffer hexString = new StringBuffer();
+
+ for (int i = 0; i < hash.length; i++) {
+ String hex = Integer.toHexString(0xff & hash[i]);
+ if (hex.length() == 1) hexString.append('0');
+ hexString.append(hex);
+ }
+ return hexString.toString();
+
+ } catch (Exception ex) {
+ throw new AtlasAuthenticationException("Exception while encoding password.", ex);
+ }
+ }
+
}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/34f51a2a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationEntryPoint.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationEntryPoint.java b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationEntryPoint.java
index b77bd28..382b494 100644
--- a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationEntryPoint.java
+++ b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthenticationEntryPoint.java
@@ -21,8 +21,6 @@ import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-
-import org.apache.atlas.Atlas;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.AuthenticationException;
@@ -31,15 +29,23 @@ import org.springframework.security.web.authentication.LoginUrlAuthenticationEnt
@SuppressWarnings("deprecation")
class AtlasAuthenticationEntryPoint extends LoginUrlAuthenticationEntryPoint {
- private static final Logger LOG = LoggerFactory.getLogger(Atlas.class);
+ private static final Logger LOG = LoggerFactory.getLogger(AtlasAuthenticationEntryPoint.class);
private String loginPath = "/login.jsp";
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)
throws IOException, ServletException {
- LOG.debug("redirecting to login page loginPath" + loginPath);
- response.sendRedirect(loginPath);
+
+ String ajaxRequestHeader = request.getHeader("X-Requested-With");
+ response.setHeader("X-Frame-Options", "DENY");
+
+ if ("XMLHttpRequest".equals(ajaxRequestHeader)) {
+ response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+ } else {
+ LOG.debug("redirecting to login page loginPath" + loginPath);
+ response.sendRedirect(loginPath);
+ }
}
}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/34f51a2a/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java b/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java
index 96dca45..9e5df45 100644
--- a/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java
+++ b/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java
@@ -25,16 +25,12 @@ import javax.annotation.PostConstruct;
import org.apache.atlas.util.PropertiesUtil;
import org.apache.atlas.web.model.User;
import org.apache.log4j.Logger;
-import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
-import org.springframework.security.ldap.authentication.BindAuthenticator;
-import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
-import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
+import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;
import org.springframework.stereotype.Component;
@Component
@@ -44,6 +40,7 @@ public class AtlasADAuthenticationProvider extends
.getLogger(AtlasADAuthenticationProvider.class);
private String adURL;
+ private String adDomain;
private String adBindDN;
private String adBindPassword;
private String adUserSearchFilter;
@@ -74,17 +71,10 @@ public class AtlasADAuthenticationProvider extends
if (authentication.getCredentials() != null) {
userPassword = authentication.getCredentials().toString();
}
- LdapContextSource ldapContextSource = getLdapContextSource();
- if (adUserSearchFilter == null
- || adUserSearchFilter.trim().isEmpty()) {
- adUserSearchFilter = "(sAMAccountName={0})";
- }
-
- BindAuthenticator bindAuthenticator = getBindAuthenticator(ldapContextSource);
+ ActiveDirectoryLdapAuthenticationProvider adAuthenticationProvider =
+ new ActiveDirectoryLdapAuthenticationProvider(adDomain, adURL);
- LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(
- bindAuthenticator);
if (userName != null && userPassword != null
&& !userName.trim().isEmpty()
&& !userPassword.trim().isEmpty()) {
@@ -93,9 +83,7 @@ public class AtlasADAuthenticationProvider extends
grantedAuths);
final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(
principal, userPassword, grantedAuths);
- authentication = ldapAuthenticationProvider
- .authenticate(finalAuthentication);
- authentication = getAuthenticationWithGrantedAuthority(authentication);
+ authentication = adAuthenticationProvider.authenticate(finalAuthentication);
return authentication;
} else {
throw new AtlasAuthenticationException(
@@ -109,6 +97,7 @@ public class AtlasADAuthenticationProvider extends
}
private void setADProperties() {
+ adDomain = PropertiesUtil.getProperty("atlas.ad.domain", adDomain);
adURL = PropertiesUtil.getProperty("atlas.ad.url", adURL);
adBindDN = PropertiesUtil.getProperty("atlas.ad.bind.dn", adBindDN);
adBindPassword = PropertiesUtil.getProperty("atlas.ad.bind.password",
@@ -122,32 +111,4 @@ public class AtlasADAuthenticationProvider extends
adDefaultRole);
}
- private LdapContextSource getLdapContextSource() throws Exception {
-
- LdapContextSource ldapContextSource = new DefaultSpringSecurityContextSource(
- adURL);
- ldapContextSource.setUserDn(adBindDN);
- ldapContextSource.setPassword(adBindPassword);
- ldapContextSource.setReferral(adReferral);
- ldapContextSource.setCacheEnvironmentProperties(true);
- ldapContextSource.setAnonymousReadOnly(false);
- ldapContextSource.setPooled(true);
- ldapContextSource.afterPropertiesSet();
-
- return ldapContextSource;
-
- }
-
- private BindAuthenticator getBindAuthenticator(
- LdapContextSource ldapContextSource) throws Exception {
- FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch(
- adBase, adUserSearchFilter, ldapContextSource);
- userSearch.setSearchSubtree(true);
- BindAuthenticator bindAuthenticator = new BindAuthenticator(
- ldapContextSource);
- bindAuthenticator.setUserSearch(userSearch);
- bindAuthenticator.afterPropertiesSet();
- return bindAuthenticator;
- }
-
}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/34f51a2a/webapp/src/main/java/org/apache/atlas/web/security/AtlasAbstractAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/web/security/AtlasAbstractAuthenticationProvider.java b/webapp/src/main/java/org/apache/atlas/web/security/AtlasAbstractAuthenticationProvider.java
index b2b11da..5f1a245 100644
--- a/webapp/src/main/java/org/apache/atlas/web/security/AtlasAbstractAuthenticationProvider.java
+++ b/webapp/src/main/java/org/apache/atlas/web/security/AtlasAbstractAuthenticationProvider.java
@@ -67,7 +67,7 @@ public abstract class AtlasAbstractAuthenticationProvider implements
*/
protected List<GrantedAuthority> getAuthorities(String username) {
final List<GrantedAuthority> grantedAuths = new ArrayList<GrantedAuthority>();
- grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER"));
+ grantedAuths.add(new SimpleGrantedAuthority("DATA_SCIENTIST"));
return grantedAuths;
}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/34f51a2a/webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java b/webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java
index 7f87bd5..389a609 100644
--- a/webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java
+++ b/webapp/src/main/java/org/apache/atlas/web/security/AtlasAuthenticationProvider.java
@@ -18,6 +18,7 @@
package org.apache.atlas.web.security;
import javax.annotation.PostConstruct;
+
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -70,12 +71,20 @@ public class AtlasAuthenticationProvider extends
.authenticate(authentication);
} else if (atlasAuthenticationMethod.equalsIgnoreCase(AUTH_METHOD.LDAP
.name())) {
- authentication = ldapAuthenticationProvider
- .authenticate(authentication);
+ try {
+ authentication = ldapAuthenticationProvider
+ .authenticate(authentication);
+ } catch (Exception ex) {
+ LOG.error("Error while LDAP authentication", ex);
+ }
} else if (atlasAuthenticationMethod.equalsIgnoreCase(AUTH_METHOD.AD
.name())) {
- authentication = adAuthenticationProvider
- .authenticate(authentication);
+ try {
+ authentication = adAuthenticationProvider
+ .authenticate(authentication);
+ } catch (Exception ex) {
+ LOG.error("Error while AD authentication", ex);
+ }
} else {
LOG.error("Invalid authentication method :"
+ atlasAuthenticationMethod);
@@ -84,10 +93,20 @@ public class AtlasAuthenticationProvider extends
if (authentication != null && authentication.isAuthenticated()) {
return authentication;
} else {
- LOG.error("Authentication failed.");
- throw new AtlasAuthenticationException("Authentication failed.");
+ // If the LDAP/AD authentication fails try the local file login method
+ if (atlasAuthenticationMethod.equalsIgnoreCase(AUTH_METHOD.AD
+ .name()) || atlasAuthenticationMethod.equalsIgnoreCase(AUTH_METHOD.LDAP
+ .name())) {
+ authentication = fileAuthenticationProvider
+ .authenticate(authentication);
+ }
+ if (authentication != null && authentication.isAuthenticated()) {
+ return authentication;
+ } else {
+ LOG.error("Authentication failed.");
+ throw new AtlasAuthenticationException("Authentication failed.");
+ }
}
}
-
}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/34f51a2a/webapp/src/main/java/org/apache/atlas/web/security/AtlasFileAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/web/security/AtlasFileAuthenticationProvider.java b/webapp/src/main/java/org/apache/atlas/web/security/AtlasFileAuthenticationProvider.java
index b3e3354..3e1e2e6 100644
--- a/webapp/src/main/java/org/apache/atlas/web/security/AtlasFileAuthenticationProvider.java
+++ b/webapp/src/main/java/org/apache/atlas/web/security/AtlasFileAuthenticationProvider.java
@@ -18,6 +18,7 @@ package org.apache.atlas.web.security;
import java.util.Collection;
+import org.apache.atlas.web.dao.UserDao;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.BadCredentialsException;
@@ -28,6 +29,7 @@ import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.stereotype.Component;
+
@Component
public class AtlasFileAuthenticationProvider extends AtlasAbstractAuthenticationProvider {
@@ -46,6 +48,7 @@ public class AtlasFileAuthenticationProvider extends AtlasAbstractAuthentication
throw new BadCredentialsException(
"Username can't be null or empty.");
}
+
if (password == null || password.isEmpty()) {
logger.error("Password can't be null or empty.");
throw new BadCredentialsException(
@@ -53,16 +56,16 @@ public class AtlasFileAuthenticationProvider extends AtlasAbstractAuthentication
}
UserDetails user = userDetailsService.loadUserByUsername(username);
-
- if (!password.equals(user.getPassword())) {
+
+ String encodedPassword = UserDao.getSha256Hash(password);
+
+ if (!encodedPassword.equals(user.getPassword())) {
logger.error("Wrong password " + username);
throw new BadCredentialsException("Wrong password");
}
- Collection<? extends GrantedAuthority> authorities = getAuthorities(username);
+ Collection<? extends GrantedAuthority> authorities = user.getAuthorities();
authentication = new UsernamePasswordAuthenticationToken(username, password, authorities);
- authentication = getAuthenticationWithGrantedAuthority(authentication);
-
return authentication;
}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/34f51a2a/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java b/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java
index d911c1b..e66b930 100644
--- a/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java
+++ b/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java
@@ -19,9 +19,7 @@
package org.apache.atlas.web.security;
import java.util.List;
-
import javax.annotation.PostConstruct;
-
import org.apache.atlas.util.PropertiesUtil;
import org.apache.atlas.web.model.User;
import org.apache.log4j.Logger;
@@ -107,9 +105,7 @@ public class AtlasLdapAuthenticationProvider extends
grantedAuths);
final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(
principal, userPassword, grantedAuths);
- authentication = ldapAuthenticationProvider
- .authenticate(finalAuthentication);
- authentication = getAuthenticationWithGrantedAuthority(authentication);
+ authentication = ldapAuthenticationProvider.authenticate(finalAuthentication);
return authentication;
} else {
throw new AtlasAuthenticationException(
@@ -168,7 +164,6 @@ public class AtlasLdapAuthenticationProvider extends
defaultLdapAuthoritiesPopulator
.setGroupSearchFilter(ldapGroupSearchFilter);
defaultLdapAuthoritiesPopulator.setIgnorePartialResultException(true);
-
return defaultLdapAuthoritiesPopulator;
}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/34f51a2a/webapp/src/main/resources/atlas-admin-site.xml
----------------------------------------------------------------------
diff --git a/webapp/src/main/resources/atlas-admin-site.xml b/webapp/src/main/resources/atlas-admin-site.xml
index ab8ba3d..c4b4be7 100644
--- a/webapp/src/main/resources/atlas-admin-site.xml
+++ b/webapp/src/main/resources/atlas-admin-site.xml
@@ -34,7 +34,7 @@
<property>
<name>atlas.ldap.group.searchfilter</name>
<display-name>Group Search Filter</display-name>
- <value>(member=uid={0},ou=People,dc=example,dc=com)
+ <value>(member=uid={0},ou=Users,dc=example,dc=com)
</value>
<description></description>
</property>
@@ -91,18 +91,22 @@
<!-- #AD info start -->
<property>
<name>atlas.ad.url</name>
- <value>ldap://172.25.16.111:389</value>
+ <value>ldap://13.76.128.185:389</value>
<description></description>
</property>
-
+ <property>
+ <name>atlas.ad.domain</name>
+ <value>example.com</value>
+ <description>Ad Domain</description>
+ </property>
<property>
<name>atlas.ad.bind.dn</name>
- <value>CN=team,CN=Users,DC=SME,DC=support,DC=com</value>
+ <value>CN=adadmin admin,CN=Users,DC=example,DC=com</value>
<description>AD bind dn or manager dn</description>
</property>
<property>
<name>atlas.ad.bind.password</name>
- <value>Abcd1234!!</value>
+ <value>p@ssword</value>
<description>AD bind password</description>
</property>
<property>
@@ -113,7 +117,7 @@
</property>
<property>
<name>atlas.ad.base.dn</name>
- <value>DC=SME,DC=support,DC=com</value>
+ <value>dc=example,dc=com</value>
<description>AD base dn or search base</description>
</property>
<property>
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/34f51a2a/webapp/src/main/resources/spring-security.xml
----------------------------------------------------------------------
diff --git a/webapp/src/main/resources/spring-security.xml b/webapp/src/main/resources/spring-security.xml
index 8533473..d90b9d6 100644
--- a/webapp/src/main/resources/spring-security.xml
+++ b/webapp/src/main/resources/spring-security.xml
@@ -11,13 +11,13 @@
language governing permissions and limitations under the License. -->
<beans:beans xmlns="http://www.springframework.org/schema/security"
- xmlns:beans="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:security="http://www.springframework.org/schema/security"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
- xmlns:context="http://www.springframework.org/schema/context"
- xsi:schemaLocation="http://www.springframework.org/schema/beans
+ xmlns:beans="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:security="http://www.springframework.org/schema/security"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd
@@ -28,65 +28,62 @@
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.1.xsd">
- <security:http pattern="/login.jsp" security="none" />
- <security:http pattern="/css/**" security="none" />
- <security:http pattern="/lib/**" security="none" />
+ <security:http pattern="/login.jsp" security="none" />
+ <security:http pattern="/css/**" security="none" />
+ <security:http pattern="/lib/**" security="none" />
- <security:http disable-url-rewriting="true"
- use-expressions="true" create-session="always"
- entry-point-ref="authenticationProcessingFilterEntryPoint">
- <security:session-management
- session-fixation-protection="newSession" />
- <intercept-url pattern="/**" access="isAuthenticated()" />
- <security:custom-filter position="FORM_LOGIN_FILTER"
- ref="atlasUsernamePasswordAuthenticationFilter" />
- <security:logout delete-cookies="JSESSIONID"
- logout-url="/logout.html" />
- <http-basic entry-point-ref="authenticationProcessingFilterEntryPoint" />
- </security:http>
+ <security:http disable-url-rewriting="true"
+ use-expressions="true" create-session="always"
+ entry-point-ref="entryPoint">
+ <security:session-management
+ session-fixation-protection="newSession" />
+ <intercept-url pattern="/**" access="isAuthenticated()" />
- <beans:bean id="atlasUsernamePasswordAuthenticationFilter"
- class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
- <beans:property name="authenticationManager"
- ref="authenticationManager" />
- <beans:property name="authenticationSuccessHandler"
- ref="ajaxAuthSuccessHandler" />
- <beans:property name="authenticationFailureHandler"
- ref="ajaxAuthFailureHandler" />
- </beans:bean>
+ <form-login
+ login-page="/login.jsp"
+ default-target-url="/index.html"
+ authentication-failure-url="/login.jsp?error=true"
+ username-parameter="j_username"
+ password-parameter="j_password" />
- <beans:bean id="authenticationProcessingFilterEntryPoint"
+ <security:logout logout-success-url="/login.jsp" delete-cookies="JSESSIONID"
+ logout-url="/logout.html" />
+ <http-basic />
+ </security:http>
+
+ <beans:bean id="formAuthenticationEntryPoint"
class="org.apache.atlas.web.filters.AtlasAuthenticationEntryPoint">
- <beans:property name="loginFormUrl"
- value="/login.jsp" />
- <beans:property name="forceHttps" value="false" />
- </beans:bean>
+ <beans:property name="loginFormUrl" value="/login.jsp" />
+ </beans:bean>
+
+ <beans:bean id="authenticationEntryPoint"
+ class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint">
+ <beans:property name="realmName" value="atlas.com" />
+ </beans:bean>
- <beans:bean id="ajaxAuthSuccessHandler"
- class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
- <beans:property name="defaultTargetUrl"
- value="/index.html" />
- </beans:bean>
+ <beans:bean id="entryPoint" class="org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint">
+ <beans:constructor-arg>
+ <beans:map>
+ <beans:entry key="hasHeader('User-Agent','Mozilla')" value-ref="formAuthenticationEntryPoint" />
+ </beans:map>
+ </beans:constructor-arg>
+ <beans:property name="defaultEntryPoint" ref="authenticationEntryPoint"/>
+ </beans:bean>
- <beans:bean id="ajaxAuthFailureHandler"
- class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
- <beans:property name="defaultFailureUrl"
- value="/login.jsp?login_error=true " />
- </beans:bean>
- <beans:bean id="atlasAuthenticationProvider"
+ <beans:bean id="atlasAuthenticationProvider"
class="org.apache.atlas.web.security.AtlasAuthenticationProvider">
- </beans:bean>
+ </beans:bean>
+
+ <security:authentication-manager
+ alias="authenticationManager">
+ <security:authentication-provider
+ ref="atlasAuthenticationProvider" />
+ </security:authentication-manager>
+
- <security:authentication-manager
- alias="authenticationManager">
- <security:authentication-provider
- ref="atlasAuthenticationProvider" />
- </security:authentication-manager>
+ <security:global-method-security
+ pre-post-annotations="enabled" />
- <security:global-method-security
- pre-post-annotations="enabled" />
-
- <context:component-scan base-package="org.apache.atlas.web" />
-
+ <context:component-scan base-package="org.apache.atlas.web" />
</beans:beans>
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/34f51a2a/webapp/src/main/webapp/WEB-INF/web.xml
----------------------------------------------------------------------
diff --git a/webapp/src/main/webapp/WEB-INF/web.xml b/webapp/src/main/webapp/WEB-INF/web.xml
index deb97d9..f0b606e 100755
--- a/webapp/src/main/webapp/WEB-INF/web.xml
+++ b/webapp/src/main/webapp/WEB-INF/web.xml
@@ -38,6 +38,16 @@
-->
<filter>
+ <filter-name>springSecurityFilterChain</filter-name>
+ <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+ </filter>
+
+ <filter-mapping>
+ <filter-name>springSecurityFilterChain</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+
+ <filter>
<filter-name>guiceFilter</filter-name>
<filter-class>com.google.inject.servlet.GuiceFilter</filter-class>
</filter>
@@ -63,14 +73,6 @@
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
- <filter>
- <filter-name>springSecurityFilterChain</filter-name>
- <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>springSecurityFilterChain</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
</web-app>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/34f51a2a/webapp/src/test/java/org/apache/atlas/examples/QuickStartIT.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/examples/QuickStartIT.java b/webapp/src/test/java/org/apache/atlas/examples/QuickStartIT.java
index cfe7488..cdf6049 100644
--- a/webapp/src/test/java/org/apache/atlas/examples/QuickStartIT.java
+++ b/webapp/src/test/java/org/apache/atlas/examples/QuickStartIT.java
@@ -39,7 +39,8 @@ public class QuickStartIT extends BaseResourceIT {
@BeforeClass
public void runQuickStart() throws Exception {
super.setUp();
- QuickStart.main(new String[]{});
+
+ QuickStart.runQuickstart(new String[]{}, new String[]{"admin", "admin"});
}
@Test
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/34f51a2a/webapp/src/test/java/org/apache/atlas/web/resources/BaseResourceIT.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/web/resources/BaseResourceIT.java b/webapp/src/test/java/org/apache/atlas/web/resources/BaseResourceIT.java
index ab3aa23..d1d1988 100755
--- a/webapp/src/test/java/org/apache/atlas/web/resources/BaseResourceIT.java
+++ b/webapp/src/test/java/org/apache/atlas/web/resources/BaseResourceIT.java
@@ -49,6 +49,7 @@ import org.apache.atlas.typesystem.types.StructTypeDefinition;
import org.apache.atlas.typesystem.types.TraitType;
import org.apache.atlas.typesystem.types.TypeUtils;
import org.apache.atlas.typesystem.types.utils.TypesUtil;
+import org.apache.atlas.utils.AuthenticationUtil;
import org.apache.atlas.utils.ParamChecker;
import org.apache.atlas.web.util.Servlets;
import org.apache.commons.configuration.Configuration;
@@ -87,7 +88,12 @@ public abstract class BaseResourceIT {
client.resource(UriBuilder.fromUri(baseUrl).build());
service = client.resource(UriBuilder.fromUri(baseUrl).build());
- serviceClient = new AtlasClient(baseUrl);
+
+ if (!AuthenticationUtil.isKerberosAuthicationEnabled()) {
+ serviceClient = new AtlasClient(new String[]{baseUrl}, new String[]{"admin", "admin"});
+ } else {
+ serviceClient = new AtlasClient(baseUrl);
+ }
}
protected void createType(TypesDef typesDef) throws Exception {
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/34f51a2a/webapp/src/test/java/org/apache/atlas/web/security/FileAuthenticationTest.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/web/security/FileAuthenticationTest.java b/webapp/src/test/java/org/apache/atlas/web/security/FileAuthenticationTest.java
index 7e4c2c8..ae98b61 100644
--- a/webapp/src/test/java/org/apache/atlas/web/security/FileAuthenticationTest.java
+++ b/webapp/src/test/java/org/apache/atlas/web/security/FileAuthenticationTest.java
@@ -19,6 +19,7 @@
package org.apache.atlas.web.security;
import java.io.File;
+import java.util.Collection;
import org.apache.atlas.ApplicationProperties;
import org.apache.atlas.web.TestUtils;
import org.apache.commons.configuration.PropertiesConfiguration;
@@ -31,6 +32,7 @@ import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
@@ -87,9 +89,11 @@ public class FileAuthenticationTest {
private void setupUserCredential(String tmpDir) throws Exception {
StringBuilder credentialFileStr = new StringBuilder(1024);
- credentialFileStr.append("admin=admin123\n");
- credentialFileStr.append("user=user123\n");
- credentialFileStr.append("test=test123\n");
+ credentialFileStr.append("admin=ADMIN::8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918\n");
+ credentialFileStr.append("michael=DATA_SCIENTIST::95bfb24de17d285d734b9eaa9109bfe922adc85f20d2e5e66a78bddb4a4ebddb\n");
+ credentialFileStr.append("paul=DATA_STEWARD::e7c0dcf5f8a93e93791e9bac1ae454a691c1d2a902fc4256d489e96c1b9ac68c\n");
+ credentialFileStr.append("user= \n");
+ credentialFileStr.append("user12= ::bd35283fe8fcfd77d7c05a8bf2adb85c773281927e12c9829c72a9462092f7c4\n");
File credentialFile = new File(tmpDir, "users-credentials");
FileUtils.write(credentialFile, credentialFileStr.toString());
}
@@ -98,7 +102,7 @@ public class FileAuthenticationTest {
public void testValidUserLogin() {
when(authentication.getName()).thenReturn("admin");
- when(authentication.getCredentials()).thenReturn("admin123");
+ when(authentication.getCredentials()).thenReturn("admin");
Authentication auth = authProvider.authenticate(authentication);
LOG.debug(" " + auth);
@@ -133,6 +137,54 @@ public class FileAuthenticationTest {
}
}
+ @Test
+ public void testLoginWhenRoleIsNotSet() {
+
+ when(authentication.getName()).thenReturn("user12"); // for this user role is not set properly
+ when(authentication.getCredentials()).thenReturn("user12");
+ try {
+ Authentication auth = authProvider.authenticate(authentication);
+ LOG.debug(" " + auth);
+ } catch (AtlasAuthenticationException uExp) {
+ Assert.assertTrue(uExp.getMessage().startsWith("User role credentials is not set properly for"));
+ }
+ }
+
+
+ @Test
+ public void testLoginWhenRolePasswordNotSet() {
+
+ when(authentication.getName()).thenReturn("user"); // for this user password details are set blank
+ when(authentication.getCredentials()).thenReturn("P@ssword");
+ try {
+ Authentication auth = authProvider.authenticate(authentication);
+ LOG.debug(" " + auth);
+ } catch (UsernameNotFoundException uExp) {
+ Assert.assertTrue(uExp.getMessage().startsWith("Username not found"));
+ }
+ }
+
+ @Test
+ public void testUserRoleMapping() {
+
+ when(authentication.getName()).thenReturn("admin");
+ when(authentication.getCredentials()).thenReturn("admin");
+
+ Authentication auth = authProvider.authenticate(authentication);
+ LOG.debug(" " + auth);
+
+ Assert.assertTrue(auth.isAuthenticated());
+
+ Collection<? extends GrantedAuthority> authorities = auth.getAuthorities();
+
+ String role = "";
+ for (GrantedAuthority gauth : authorities) {
+ role = gauth.getAuthority();
+ }
+ Assert.assertTrue("ADMIN".equals(role));
+ }
+
+
@AfterClass
public void tearDown() throws Exception {
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/34f51a2a/webapp/src/test/java/org/apache/atlas/web/security/NegativeSSLAndKerberosTest.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/web/security/NegativeSSLAndKerberosTest.java b/webapp/src/test/java/org/apache/atlas/web/security/NegativeSSLAndKerberosTest.java
index 9aac32a..4d7794a 100755
--- a/webapp/src/test/java/org/apache/atlas/web/security/NegativeSSLAndKerberosTest.java
+++ b/webapp/src/test/java/org/apache/atlas/web/security/NegativeSSLAndKerberosTest.java
@@ -60,7 +60,6 @@ public class NegativeSSLAndKerberosTest extends BaseSSLAndKerberosTest {
// client will actually only leverage subset of these properties
final PropertiesConfiguration configuration = getSSLConfiguration(providerUrl);
- configuration.setProperty("atlas.http.authentication.type", "kerberos");
TestUtils.writeConfiguration(configuration, persistDir + File.separator +
ApplicationProperties.APPLICATION_PROPERTIES);
@@ -76,6 +75,7 @@ public class NegativeSSLAndKerberosTest extends BaseSSLAndKerberosTest {
configuration.setProperty(TLS_ENABLED, true);
configuration.setProperty("atlas.http.authentication.enabled", "true");
+ configuration.setProperty("atlas.http.authentication.type", "kerberos");
configuration.setProperty("atlas.http.authentication.kerberos.principal", "HTTP/localhost@" + kdc.getRealm());
configuration.setProperty("atlas.http.authentication.kerberos.keytab", httpKeytabFile.getAbsolutePath());
configuration.setProperty("atlas.http.authentication.kerberos.name.rules",
@@ -84,6 +84,10 @@ public class NegativeSSLAndKerberosTest extends BaseSSLAndKerberosTest {
TestUtils.writeConfiguration(configuration, persistDir + File.separator +
ApplicationProperties.APPLICATION_PROPERTIES);
+ // save original setting
+ originalConf = System.getProperty("atlas.conf");
+ System.setProperty("atlas.conf", persistDir);
+
dgiClient = new AtlasClient(DGI_URL) {
@Override
protected PropertiesConfiguration getClientProperties() {
@@ -91,9 +95,7 @@ public class NegativeSSLAndKerberosTest extends BaseSSLAndKerberosTest {
}
};
- // save original setting
- originalConf = System.getProperty("atlas.conf");
- System.setProperty("atlas.conf", persistDir);
+
secureEmbeddedServer = new TestSecureEmbeddedServer(21443, getWarPath()) {
@Override
public Configuration getConfiguration() {
@@ -125,7 +127,6 @@ public class NegativeSSLAndKerberosTest extends BaseSSLAndKerberosTest {
Assert.fail("Should have failed with GSSException");
} catch(Exception e) {
e.printStackTrace();
- Assert.assertTrue(e.getMessage().contains("Mechanism level: Failed to find any Kerberos tgt"));
}
}
}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/34f51a2a/webapp/src/test/java/org/apache/atlas/web/security/SSLAndKerberosTest.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/web/security/SSLAndKerberosTest.java b/webapp/src/test/java/org/apache/atlas/web/security/SSLAndKerberosTest.java
index 2be52e7..b550f70 100755
--- a/webapp/src/test/java/org/apache/atlas/web/security/SSLAndKerberosTest.java
+++ b/webapp/src/test/java/org/apache/atlas/web/security/SSLAndKerberosTest.java
@@ -69,7 +69,7 @@ public class SSLAndKerberosTest extends BaseSSLAndKerberosTest {
// client will actually only leverage subset of these properties
final PropertiesConfiguration configuration = getSSLConfiguration(providerUrl);
- configuration.setProperty("atlas.http.authentication.type", "kerberos");
+
TestUtils.writeConfiguration(configuration, persistDir + File.separator +
ApplicationProperties.APPLICATION_PROPERTIES);
@@ -83,6 +83,7 @@ public class SSLAndKerberosTest extends BaseSSLAndKerberosTest {
configuration.load(url);
configuration.setProperty(TLS_ENABLED, true);
configuration.setProperty("atlas.http.authentication.enabled", "true");
+ configuration.setProperty("atlas.http.authentication.type", "kerberos");
configuration.setProperty("atlas.http.authentication.kerberos.principal", "HTTP/localhost@" + kdc.getRealm());
configuration.setProperty("atlas.http.authentication.kerberos.keytab", httpKeytabFile.getAbsolutePath());
configuration.setProperty("atlas.http.authentication.kerberos.name.rules",
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/34f51a2a/webapp/src/test/java/org/apache/atlas/web/security/UserDaoTest.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/web/security/UserDaoTest.java b/webapp/src/test/java/org/apache/atlas/web/security/UserDaoTest.java
index 5b5c70e..2648ca7 100644
--- a/webapp/src/test/java/org/apache/atlas/web/security/UserDaoTest.java
+++ b/webapp/src/test/java/org/apache/atlas/web/security/UserDaoTest.java
@@ -16,11 +16,12 @@
*/
package org.apache.atlas.web.security;
+import java.util.Collection;
import java.util.Properties;
-
import org.apache.atlas.web.dao.UserDao;
import org.apache.atlas.web.model.User;
import org.junit.Assert;
+import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.testng.annotations.Test;
@@ -30,21 +31,27 @@ public class UserDaoTest {
public void testUserDaowithValidUserLoginAndPassword() {
Properties userLogins = new Properties();
- userLogins.put("admin", "admin123");
+ userLogins.put("admin", "ADMIN::admin123");
UserDao user = new UserDao();
user.setUserLogins(userLogins);
User userBean = user.loadUserByUsername("admin");
Assert.assertTrue(userBean.getPassword().equals("admin123"));
+ Collection<? extends GrantedAuthority> authorities = userBean.getAuthorities();
+ String role = "";
+ for (GrantedAuthority gauth : authorities) {
+ role = gauth.getAuthority();
+ }
+ Assert.assertTrue("ADMIN".equals(role));
}
@Test
public void testUserDaowithInValidLogin() {
boolean hadException = false;
Properties userLogins = new Properties();
- userLogins.put("admin", "admin123");
- userLogins.put("test", "test123");
+ userLogins.put("admin", "ADMIN::admin123");
+ userLogins.put("test", "DATA_STEWARD::test123");
UserDao user = new UserDao();
user.setUserLogins(userLogins);