You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ma...@apache.org on 2012/10/08 22:11:05 UTC
svn commit: r1395750 - in /incubator/ambari/branches/AMBARI-666: ./
ambari-server/src/main/java/org/apache/ambari/server/configuration/
ambari-server/src/main/java/org/apache/ambari/server/controller/
ambari-server/src/main/java/org/apache/ambari/serve...
Author: mahadev
Date: Mon Oct 8 20:11:04 2012
New Revision: 1395750
URL: http://svn.apache.org/viewvc?rev=1395750&view=rev
Log:
AMBARI-823. Fix security filter on the server agent ports and remove duplication on servlet contexts for certs signing. (mahadev)
Modified:
incubator/ambari/branches/AMBARI-666/AMBARI-666-CHANGES.txt
incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/unsecured/rest/CertificateDownload.java
incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/unsecured/rest/CertificateSign.java
incubator/ambari/branches/AMBARI-666/ambari-server/src/test/java/org/apache/ambari/server/resources/TestResources.java
incubator/ambari/branches/AMBARI-666/ambari-server/src/test/java/org/apache/ambari/server/security/CertGenerationTest.java
Modified: incubator/ambari/branches/AMBARI-666/AMBARI-666-CHANGES.txt
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/AMBARI-666-CHANGES.txt?rev=1395750&r1=1395749&r2=1395750&view=diff
==============================================================================
--- incubator/ambari/branches/AMBARI-666/AMBARI-666-CHANGES.txt (original)
+++ incubator/ambari/branches/AMBARI-666/AMBARI-666-CHANGES.txt Mon Oct 8 20:11:04 2012
@@ -12,6 +12,9 @@ AMBARI-666 branch (unreleased changes)
NEW FEATURES
+ AMBARI-823. Fix security filter on the server agent ports and remove
+ duplication on servlet contexts for certs signing. (mahadev)
+
AMBARI-821. Implement basic service state update and verify flow to
ActionManager. (hitesh)
Modified: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java?rev=1395750&r1=1395749&r2=1395750&view=diff
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java (original)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java Mon Oct 8 20:11:04 2012
@@ -18,9 +18,9 @@
package org.apache.ambari.server.configuration;
import java.io.File;
-import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
+import java.io.InputStream;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
@@ -41,7 +41,6 @@ import com.google.inject.Singleton;
@Singleton
public class Configuration {
- public static final String AMBARI_CONF_VAR = "AMBARI_CONF_DIR";
public static final String CONFIG_FILE = "ambari.properties";
public static final String BOOTSTRAP_DIR = "bootstrap.dir";
public static final String BOOTSTRAP_SCRIPT = "bootstrap.script";
@@ -135,6 +134,8 @@ public class Configuration {
KSTR_NAME_KEY, KSTR_NAME_DEFAULT));
configsMap.put(SRVR_CRT_PASS_FILE_KEY, properties.getProperty(
SRVR_CRT_PASS_FILE_KEY, SRVR_CRT_PASS_FILE_DEFAULT));
+ configsMap.put(SRVR_CRT_PASS_KEY, properties.getProperty(
+ SRVR_CRT_PASS_KEY, SRVR_CRT_PASS_FILE_DEFAULT));
configsMap.put(PASSPHRASE_ENV_KEY, properties.getProperty(
PASSPHRASE_ENV_KEY, PASSPHRASE_ENV_DEFAULT));
@@ -168,25 +169,23 @@ public class Configuration {
private static Properties readConfigFile() {
Properties properties = new Properties();
- // get the configuration directory and filename
-
- String confDir = System.getProperty(AMBARI_CONF_VAR);
- if (confDir == null)
- confDir = System.getenv(AMBARI_CONF_VAR);
- if (confDir == null) {
- confDir = "/etc/ambari";
- }
- String filename = confDir + "/" + CONFIG_FILE;
-
+ //Get property file stream from classpath
+ InputStream inputStream = Configuration.class.getClassLoader().getResourceAsStream(CONFIG_FILE);
+
+ if (inputStream == null)
+ LOG.info(CONFIG_FILE + " not found in classpath");
+
+
// load the properties
try {
- properties.load(new FileInputStream(filename));
+ properties.load(inputStream);
} catch (FileNotFoundException fnf) {
- LOG.info("No configuration file " + filename + " found.", fnf);
+ LOG.info("No configuration file " + CONFIG_FILE + " found in classpath.", fnf);
} catch (IOException ie) {
throw new IllegalArgumentException("Can't read configuration file " +
- filename, ie);
+ CONFIG_FILE, ie);
}
+
return properties;
}
Modified: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java?rev=1395750&r1=1395749&r2=1395750&view=diff
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java (original)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java Mon Oct 8 20:11:04 2012
@@ -27,7 +27,6 @@ import org.apache.ambari.server.actionma
import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.orm.GuiceJpaInitializer;
import org.apache.ambari.server.security.CertificateManager;
-import org.apache.ambari.server.security.SecurityFilter;
import org.mortbay.jetty.Server;
import org.mortbay.jetty.security.SslSocketConnector;
import org.mortbay.jetty.servlet.Context;
@@ -40,6 +39,7 @@ import org.springframework.beans.factory
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.GenericWebApplicationContext;
+import org.springframework.web.filter.DelegatingFilterProxy;
import com.google.inject.Guice;
import com.google.inject.Inject;
@@ -47,7 +47,6 @@ import com.google.inject.Injector;
import com.google.inject.Singleton;
import com.google.inject.persist.jpa.JpaPersistModule;
import com.sun.jersey.spi.container.servlet.ServletContainer;
-import org.springframework.web.filter.DelegatingFilterProxy;
@Singleton
public class AmbariServer {
@@ -115,7 +114,6 @@ public class AmbariServer {
springSecurityFilter.setTargetBeanName("springSecurityFilterChain");
root.addFilter(new FilterHolder(springSecurityFilter), "/*", 1);
- agentroot.addFilter(SecurityFilter.class, "/*", 1);
//Secured connector for 2-way auth
SslSocketConnector sslConnectorTwoWay = new SslSocketConnector();
sslConnectorTwoWay.setPort(CLIENT_TWO_WAY);
@@ -175,17 +173,9 @@ public class AmbariServer {
"com.sun.jersey.api.core.PackagesResourceConfig");
cert.setInitParameter("com.sun.jersey.config.property.packages",
"org.apache.ambari.server.security.unsecured.rest");
- agentroot.addServlet(cert, "/cert/*");
+ agentroot.addServlet(cert, "/*");
cert.setInitOrder(4);
- ServletHolder certs = new ServletHolder(ServletContainer.class);
- certs.setInitParameter("com.sun.jersey.config.property.resourceConfigClass",
- "com.sun.jersey.api.core.PackagesResourceConfig");
- certs.setInitParameter("com.sun.jersey.config.property.packages",
- "org.apache.ambari.server.security.unsecured.rest");
- agentroot.addServlet(cert, "/certs/*");
- certs.setInitOrder(5);
-
ServletHolder resources = new ServletHolder(ServletContainer.class);
resources.setInitParameter("com.sun.jersey.config.property.resourceConfigClass",
"com.sun.jersey.api.core.PackagesResourceConfig");
Modified: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/unsecured/rest/CertificateDownload.java
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/unsecured/rest/CertificateDownload.java?rev=1395750&r1=1395749&r2=1395750&view=diff
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/unsecured/rest/CertificateDownload.java (original)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/unsecured/rest/CertificateDownload.java Mon Oct 8 20:11:04 2012
@@ -29,7 +29,7 @@ import org.apache.commons.logging.LogFac
import com.google.inject.Inject;
-@Path("/ca")
+@Path("/cert/ca")
public class CertificateDownload {
private static Log LOG = LogFactory.getLog(CertificateDownload.class);
private static CertificateManager certMan;
Modified: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/unsecured/rest/CertificateSign.java
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/unsecured/rest/CertificateSign.java?rev=1395750&r1=1395749&r2=1395750&view=diff
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/unsecured/rest/CertificateSign.java (original)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/unsecured/rest/CertificateSign.java Mon Oct 8 20:11:04 2012
@@ -34,7 +34,7 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.google.inject.Inject;
-@Path("/")
+@Path("/certs")
public class CertificateSign {
private static Log LOG = LogFactory.getLog(CertificateSign.class);
private static CertificateManager certMan;
Modified: incubator/ambari/branches/AMBARI-666/ambari-server/src/test/java/org/apache/ambari/server/resources/TestResources.java
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/test/java/org/apache/ambari/server/resources/TestResources.java?rev=1395750&r1=1395749&r2=1395750&view=diff
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/test/java/org/apache/ambari/server/resources/TestResources.java (original)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/test/java/org/apache/ambari/server/resources/TestResources.java Mon Oct 8 20:11:04 2012
@@ -19,8 +19,8 @@
package org.apache.ambari.server.resources;
import java.io.File;
-import java.io.FileOutputStream;
import java.io.IOException;
+import java.lang.reflect.Constructor;
import java.util.Properties;
import junit.framework.TestCase;
@@ -45,10 +45,37 @@ public class TestResources extends TestC
Injector injector;
private TemporaryFolder tempFolder = new TemporaryFolder();
private File resourceFile;
+
+ protected Properties buildTestProperties() {
+
+ Properties properties = new Properties();
+ try {
+ tempFolder.create();
+
+ properties.setProperty(Configuration.SRVR_KSTR_DIR_KEY, tempFolder.getRoot().getAbsolutePath());
+ properties.setProperty(Configuration.RESOURCES_DIR_KEY, tempFolder.getRoot().getAbsolutePath());
+
+ resourceFile = tempFolder.newFile(RESOURCE_FILE_NAME);
+ FileUtils.writeStringToFile(resourceFile, RESOURCE_FILE_CONTENT);
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ return properties;
+ }
+
+ protected Constructor<Configuration> getConfigurationConstructor() {
+ try {
+ return Configuration.class.getConstructor(Properties.class);
+ } catch (NoSuchMethodException e) {
+ throw new RuntimeException("Expected constructor not found in Configuration.java", e);
+ }
+ }
private class ResourceModule extends AbstractModule {
@Override
protected void configure() {
+ bind(Properties.class).toInstance(buildTestProperties());
+ bind(Configuration.class).toConstructor(getConfigurationConstructor());
requestStaticInjection(TestResources.class);
}
}
@@ -60,17 +87,6 @@ public class TestResources extends TestC
@Before
public void setUp() throws IOException {
- tempFolder.create();
-
- System.setProperty(Configuration.AMBARI_CONF_VAR, tempFolder.getRoot().getAbsolutePath());
- Properties props = new Properties();
- props.setProperty(Configuration.SRVR_KSTR_DIR_KEY, tempFolder.getRoot().getAbsolutePath());
- props.setProperty(Configuration.RESOURCES_DIR_KEY, tempFolder.getRoot().getAbsolutePath());
- FileOutputStream out = new FileOutputStream(tempFolder.getRoot().getAbsolutePath() + File.separator + Configuration.CONFIG_FILE);
- props.store(out, "");
- out.close();
- resourceFile = tempFolder.newFile(RESOURCE_FILE_NAME);
- FileUtils.writeStringToFile(resourceFile, RESOURCE_FILE_CONTENT);
injector = Guice.createInjector(new ResourceModule());
resMan = injector.getInstance(ResourceManager.class);
}
Modified: incubator/ambari/branches/AMBARI-666/ambari-server/src/test/java/org/apache/ambari/server/security/CertGenerationTest.java
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/test/java/org/apache/ambari/server/security/CertGenerationTest.java?rev=1395750&r1=1395749&r2=1395750&view=diff
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/test/java/org/apache/ambari/server/security/CertGenerationTest.java (original)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/test/java/org/apache/ambari/server/security/CertGenerationTest.java Mon Oct 8 20:11:04 2012
@@ -19,8 +19,8 @@
package org.apache.ambari.server.security;
import java.io.File;
-import java.io.FileOutputStream;
import java.io.IOException;
+import java.lang.reflect.Constructor;
import java.util.Properties;
import org.apache.ambari.server.configuration.Configuration;
@@ -56,19 +56,38 @@ public class CertGenerationTest extends
private class SecurityModule extends AbstractModule {
@Override
protected void configure() {
+ bind(Properties.class).toInstance(buildTestProperties());
+ bind(Configuration.class).toConstructor(getConfigurationConstructor());
requestStaticInjection(CertGenerationTest.class);
}
}
+
+ protected Properties buildTestProperties() {
+ try {
+ temp.create();
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ Properties properties = new Properties();
+ properties.setProperty(Configuration.SRVR_KSTR_DIR_KEY, temp.getRoot().getAbsolutePath());
+
+
+ System.out.println(properties.get(Configuration.SRVR_CRT_PASS_KEY));
+
+ return properties;
+ }
+
+ protected Constructor<Configuration> getConfigurationConstructor() {
+ try {
+ return Configuration.class.getConstructor(Properties.class);
+ } catch (NoSuchMethodException e) {
+ throw new RuntimeException("Expected constructor not found in Configuration.java", e);
+ }
+ }
@Before
public void setUp() throws IOException {
- temp.create();
- System.setProperty(Configuration.AMBARI_CONF_VAR, temp.getRoot().getAbsolutePath());
- Properties props = new Properties();
- props.setProperty(Configuration.SRVR_KSTR_DIR_KEY, temp.getRoot().getAbsolutePath());
- FileOutputStream out = new FileOutputStream(temp.getRoot().getAbsolutePath() + File.separator + Configuration.CONFIG_FILE);
- props.store(out, "");
- out.close();
+
injector = Guice.createInjector(new SecurityModule());
certMan = injector.getInstance(CertificateManager.class);
@@ -78,7 +97,7 @@ public class CertGenerationTest extends
@After
public void tearDown() throws IOException {
- temp.delete();
+ temp.delete();
}
@Test