You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kylin.apache.org by xx...@apache.org on 2023/02/14 05:54:33 UTC
[kylin] 04/33: KYLIN-5425 fix api security
This is an automated email from the ASF dual-hosted git repository.
xxyu pushed a commit to branch kylin5
in repository https://gitbox.apache.org/repos/asf/kylin.git
commit e4e59cd6b07a09d68cc860251519a5cc0ade3b39
Author: Liang.Hua <36...@users.noreply.github.com>
AuthorDate: Thu Dec 15 10:11:09 2022 +0800
KYLIN-5425 fix api security
Co-authored-by: liang.hua <li...@kyligence.io>
---
src/common-booter/src/main/resources/kylinSecurity.xml | 6 ++++--
src/common-server/src/main/resources/kylinSecurity.xml | 6 ++++--
src/common-service/src/test/resources/kylinSecurity.xml | 6 ++++--
src/data-loading-booter/src/main/resources/kylinSecurity.xml | 6 ++++--
.../src/test/resources/springframework/conf/kylinSecurity.xml | 6 ++++--
src/query-booter/src/main/resources/kylinSecurity.xml | 6 ++++--
src/streaming-service/src/test/resources/kylinSecurity.xml | 6 ++++--
7 files changed, 28 insertions(+), 14 deletions(-)
diff --git a/src/common-booter/src/main/resources/kylinSecurity.xml b/src/common-booter/src/main/resources/kylinSecurity.xml
index f6fd5b2c8d..3588bf5a48 100644
--- a/src/common-booter/src/main/resources/kylinSecurity.xml
+++ b/src/common-booter/src/main/resources/kylinSecurity.xml
@@ -311,10 +311,11 @@
<scr:intercept-url pattern="/api/admin/public_config" access="permitAll"/>
<scr:intercept-url pattern="/api/admin/instance_info" access="permitAll"/>
<scr:intercept-url pattern="/api/projects" access="permitAll"/>
- <scr:intercept-url pattern="/api/system/license/info" access="permitAll"/>
+ <scr:intercept-url pattern="/api/system/license/info" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/error" access="permitAll"/>
<scr:intercept-url pattern="/api/admin*/**" access="hasRole('ROLE_ADMIN')"/>
<scr:intercept-url pattern="/api/**" access="isAuthenticated()"/>
+ <scr:intercept-url pattern="/sparder/**" access="isAuthenticated()"/>
<scr:logout invalidate-session="true" delete-cookies="JSESSIONID" logout-url="/api/j_spring_security_logout"
success-handler-ref="logoutSuccessHandler"/>
@@ -366,10 +367,11 @@
<scr:intercept-url pattern="/api/models*/**" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/job*/**" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/admin/config" access="permitAll"/>
- <scr:intercept-url pattern="/api/system/license/info" access="permitAll"/>
+ <scr:intercept-url pattern="/api/system/license/info" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/projects*/*" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/admin*/**" access="hasRole('ROLE_ADMIN')"/>
<scr:intercept-url pattern="/api/**" access="isAuthenticated()"/>
+ <scr:intercept-url pattern="/sparder/**" access="isAuthenticated()"/>
<scr:form-login login-page="/login"/>
<scr:logout invalidate-session="true" delete-cookies="JSESSIONID" logout-url="/j_spring_security_logout"
diff --git a/src/common-server/src/main/resources/kylinSecurity.xml b/src/common-server/src/main/resources/kylinSecurity.xml
index 82f50d3ee3..85ecab6e94 100644
--- a/src/common-server/src/main/resources/kylinSecurity.xml
+++ b/src/common-server/src/main/resources/kylinSecurity.xml
@@ -312,10 +312,11 @@
<scr:intercept-url pattern="/api/admin/instance_info" access="permitAll"/>
<scr:intercept-url pattern="/api/projects" access="permitAll"/>
<scr:intercept-url pattern="/api/error" access="permitAll"/>
- <scr:intercept-url pattern="/api/system/license/info" access="permitAll"/>
+ <scr:intercept-url pattern="/api/system/license/info" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/error" access="permitAll"/>
<scr:intercept-url pattern="/api/admin*/**" access="hasRole('ROLE_ADMIN')"/>
<scr:intercept-url pattern="/api/**" access="isAuthenticated()"/>
+ <scr:intercept-url pattern="/sparder/**" access="isAuthenticated()"/>
<scr:logout invalidate-session="true" delete-cookies="JSESSIONID" logout-url="/api/j_spring_security_logout"
success-handler-ref="logoutSuccessHandler"/>
@@ -367,10 +368,11 @@
<scr:intercept-url pattern="/api/models*/**" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/job*/**" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/admin/config" access="permitAll"/>
- <scr:intercept-url pattern="/api/system/license/info" access="permitAll"/>
+ <scr:intercept-url pattern="/api/system/license/info" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/projects*/*" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/admin*/**" access="hasRole('ROLE_ADMIN')"/>
<scr:intercept-url pattern="/api/**" access="isAuthenticated()"/>
+ <scr:intercept-url pattern="/sparder/**" access="isAuthenticated()"/>
<scr:form-login login-page="/login"/>
<scr:logout invalidate-session="true" delete-cookies="JSESSIONID" logout-url="/j_spring_security_logout"
diff --git a/src/common-service/src/test/resources/kylinSecurity.xml b/src/common-service/src/test/resources/kylinSecurity.xml
index d8c4920319..c083eaecd1 100644
--- a/src/common-service/src/test/resources/kylinSecurity.xml
+++ b/src/common-service/src/test/resources/kylinSecurity.xml
@@ -303,10 +303,11 @@
<scr:intercept-url pattern="/api/admin/public_config" access="permitAll"/>
<scr:intercept-url pattern="/api/admin/instance_info" access="permitAll"/>
<scr:intercept-url pattern="/api/projects" access="permitAll"/>
- <scr:intercept-url pattern="/api/system/license/info" access="permitAll"/>
+ <scr:intercept-url pattern="/api/system/license/info" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/error" access="permitAll"/>
<scr:intercept-url pattern="/api/admin*/**" access="hasRole('ROLE_ADMIN')"/>
<scr:intercept-url pattern="/api/**" access="isAuthenticated()"/>
+ <scr:intercept-url pattern="/sparder/**" access="isAuthenticated()"/>
<scr:logout invalidate-session="true" delete-cookies="JSESSIONID" logout-url="/api/j_spring_security_logout"
success-handler-ref="logoutSuccessHandler"/>
@@ -358,10 +359,11 @@
<scr:intercept-url pattern="/api/models*/**" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/job*/**" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/admin/config" access="permitAll"/>
- <scr:intercept-url pattern="/api/system/license/info" access="permitAll"/>
+ <scr:intercept-url pattern="/api/system/license/info" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/projects*/*" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/admin*/**" access="hasRole('ROLE_ADMIN')"/>
<scr:intercept-url pattern="/api/**" access="isAuthenticated()"/>
+ <scr:intercept-url pattern="/sparder/**" access="isAuthenticated()"/>
<scr:form-login login-page="/login"/>
<scr:logout invalidate-session="true" delete-cookies="JSESSIONID" logout-url="/j_spring_security_logout"
diff --git a/src/data-loading-booter/src/main/resources/kylinSecurity.xml b/src/data-loading-booter/src/main/resources/kylinSecurity.xml
index 132a31f58b..8b32208b12 100644
--- a/src/data-loading-booter/src/main/resources/kylinSecurity.xml
+++ b/src/data-loading-booter/src/main/resources/kylinSecurity.xml
@@ -311,9 +311,10 @@
<scr:intercept-url pattern="/api/admin/public_config" access="permitAll"/>
<scr:intercept-url pattern="/api/admin/instance_info" access="permitAll"/>
<scr:intercept-url pattern="/api/projects" access="permitAll"/>
- <scr:intercept-url pattern="/api/system/license/info" access="permitAll"/>
+ <scr:intercept-url pattern="/api/system/license/info" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/admin*/**" access="hasRole('ROLE_ADMIN')"/>
<scr:intercept-url pattern="/api/**" access="isAuthenticated()"/>
+ <scr:intercept-url pattern="/sparder/**" access="isAuthenticated()"/>
<scr:logout invalidate-session="true" delete-cookies="JSESSIONID" logout-url="/api/j_spring_security_logout"
success-handler-ref="logoutSuccessHandler"/>
@@ -365,11 +366,12 @@
<scr:intercept-url pattern="/api/models*/**" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/job*/**" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/admin/config" access="permitAll"/>
- <scr:intercept-url pattern="/api/system/license/info" access="permitAll"/>
+ <scr:intercept-url pattern="/api/system/license/info" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/error" access="permitAll"/>
<scr:intercept-url pattern="/api/projects*/*" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/admin*/**" access="hasRole('ROLE_ADMIN')"/>
<scr:intercept-url pattern="/api/**" access="isAuthenticated()"/>
+ <scr:intercept-url pattern="/sparder/**" access="isAuthenticated()"/>
<scr:form-login login-page="/login"/>
<scr:logout invalidate-session="true" delete-cookies="JSESSIONID" logout-url="/j_spring_security_logout"
diff --git a/src/kylin-it/src/test/resources/springframework/conf/kylinSecurity.xml b/src/kylin-it/src/test/resources/springframework/conf/kylinSecurity.xml
index 7a011d6506..f38550ed44 100644
--- a/src/kylin-it/src/test/resources/springframework/conf/kylinSecurity.xml
+++ b/src/kylin-it/src/test/resources/springframework/conf/kylinSecurity.xml
@@ -312,10 +312,11 @@
<scr:intercept-url pattern="/api/admin/public_config" access="permitAll"/>
<scr:intercept-url pattern="/api/admin/instance_info" access="permitAll"/>
<scr:intercept-url pattern="/api/projects" access="permitAll"/>
- <scr:intercept-url pattern="/api/system/license/info" access="permitAll"/>
+ <scr:intercept-url pattern="/api/system/license/info" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/error" access="permitAll"/>
<scr:intercept-url pattern="/api/admin*/**" access="hasRole('ROLE_ADMIN')"/>
<scr:intercept-url pattern="/api/**" access="isAuthenticated()"/>
+ <scr:intercept-url pattern="/sparder/**" access="isAuthenticated()"/>
<scr:logout invalidate-session="true" delete-cookies="JSESSIONID" logout-url="/api/j_spring_security_logout"
success-handler-ref="logoutSuccessHandler"/>
@@ -367,10 +368,11 @@
<scr:intercept-url pattern="/api/models*/**" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/job*/**" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/admin/config" access="permitAll"/>
- <scr:intercept-url pattern="/api/system/license/info" access="permitAll"/>
+ <scr:intercept-url pattern="/api/system/license/info" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/projects*/*" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/admin*/**" access="hasRole('ROLE_ADMIN')"/>
<scr:intercept-url pattern="/api/**" access="isAuthenticated()"/>
+ <scr:intercept-url pattern="/sparder/**" access="isAuthenticated()"/>
<scr:form-login login-page="/login"/>
<scr:logout invalidate-session="true" delete-cookies="JSESSIONID" logout-url="/j_spring_security_logout"
diff --git a/src/query-booter/src/main/resources/kylinSecurity.xml b/src/query-booter/src/main/resources/kylinSecurity.xml
index f6fd5b2c8d..3588bf5a48 100644
--- a/src/query-booter/src/main/resources/kylinSecurity.xml
+++ b/src/query-booter/src/main/resources/kylinSecurity.xml
@@ -311,10 +311,11 @@
<scr:intercept-url pattern="/api/admin/public_config" access="permitAll"/>
<scr:intercept-url pattern="/api/admin/instance_info" access="permitAll"/>
<scr:intercept-url pattern="/api/projects" access="permitAll"/>
- <scr:intercept-url pattern="/api/system/license/info" access="permitAll"/>
+ <scr:intercept-url pattern="/api/system/license/info" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/error" access="permitAll"/>
<scr:intercept-url pattern="/api/admin*/**" access="hasRole('ROLE_ADMIN')"/>
<scr:intercept-url pattern="/api/**" access="isAuthenticated()"/>
+ <scr:intercept-url pattern="/sparder/**" access="isAuthenticated()"/>
<scr:logout invalidate-session="true" delete-cookies="JSESSIONID" logout-url="/api/j_spring_security_logout"
success-handler-ref="logoutSuccessHandler"/>
@@ -366,10 +367,11 @@
<scr:intercept-url pattern="/api/models*/**" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/job*/**" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/admin/config" access="permitAll"/>
- <scr:intercept-url pattern="/api/system/license/info" access="permitAll"/>
+ <scr:intercept-url pattern="/api/system/license/info" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/projects*/*" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/admin*/**" access="hasRole('ROLE_ADMIN')"/>
<scr:intercept-url pattern="/api/**" access="isAuthenticated()"/>
+ <scr:intercept-url pattern="/sparder/**" access="isAuthenticated()"/>
<scr:form-login login-page="/login"/>
<scr:logout invalidate-session="true" delete-cookies="JSESSIONID" logout-url="/j_spring_security_logout"
diff --git a/src/streaming-service/src/test/resources/kylinSecurity.xml b/src/streaming-service/src/test/resources/kylinSecurity.xml
index f6fd5b2c8d..3588bf5a48 100644
--- a/src/streaming-service/src/test/resources/kylinSecurity.xml
+++ b/src/streaming-service/src/test/resources/kylinSecurity.xml
@@ -311,10 +311,11 @@
<scr:intercept-url pattern="/api/admin/public_config" access="permitAll"/>
<scr:intercept-url pattern="/api/admin/instance_info" access="permitAll"/>
<scr:intercept-url pattern="/api/projects" access="permitAll"/>
- <scr:intercept-url pattern="/api/system/license/info" access="permitAll"/>
+ <scr:intercept-url pattern="/api/system/license/info" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/error" access="permitAll"/>
<scr:intercept-url pattern="/api/admin*/**" access="hasRole('ROLE_ADMIN')"/>
<scr:intercept-url pattern="/api/**" access="isAuthenticated()"/>
+ <scr:intercept-url pattern="/sparder/**" access="isAuthenticated()"/>
<scr:logout invalidate-session="true" delete-cookies="JSESSIONID" logout-url="/api/j_spring_security_logout"
success-handler-ref="logoutSuccessHandler"/>
@@ -366,10 +367,11 @@
<scr:intercept-url pattern="/api/models*/**" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/job*/**" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/admin/config" access="permitAll"/>
- <scr:intercept-url pattern="/api/system/license/info" access="permitAll"/>
+ <scr:intercept-url pattern="/api/system/license/info" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/projects*/*" access="isAuthenticated()"/>
<scr:intercept-url pattern="/api/admin*/**" access="hasRole('ROLE_ADMIN')"/>
<scr:intercept-url pattern="/api/**" access="isAuthenticated()"/>
+ <scr:intercept-url pattern="/sparder/**" access="isAuthenticated()"/>
<scr:form-login login-page="/login"/>
<scr:logout invalidate-session="true" delete-cookies="JSESSIONID" logout-url="/j_spring_security_logout"