You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicecomb.apache.org by li...@apache.org on 2018/08/07 12:50:09 UTC
[incubator-servicecomb-java-chassis] branch master updated (7a5a1c2
-> 7abb7b1)
This is an automated email from the ASF dual-hosted git repository.
liubao pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-servicecomb-java-chassis.git.
from 7a5a1c2 [SCB-801] delete definition
new 2a94220 [SCB-788] public key black/white add feature: choose server by version
new 7abb7b1 [SCB-788] public key black/white choose server by microservice field and properties
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../authentication/provider/AccessController.java | 36 ++++++--
.../authentication/TestAccessController.java | 97 +++++++++++++++++-----
.../store/src/main/resources/microservice.yaml | 5 +-
3 files changed, 107 insertions(+), 31 deletions(-)
[incubator-servicecomb-java-chassis] 01/02: [SCB-788] public key
black/white add feature: choose server by version
Posted by li...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
liubao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-servicecomb-java-chassis.git
commit 2a942208261f1a0527d45f6db95bc3a15f78b6cb
Author: weichao666 <we...@huawei.com>
AuthorDate: Mon Jul 30 20:07:03 2018 +0800
[SCB-788] public key black/white add feature: choose server by version
---
.../authentication/provider/AccessController.java | 42 ++++++++--
.../authentication/TestAccessController.java | 97 +++++++++++++++++-----
.../store/src/main/resources/microservice.yaml | 5 +-
3 files changed, 115 insertions(+), 29 deletions(-)
diff --git a/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/provider/AccessController.java b/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/provider/AccessController.java
index 9d8ff1b..82145ae 100644
--- a/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/provider/AccessController.java
+++ b/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/provider/AccessController.java
@@ -16,9 +16,12 @@
*/
package org.apache.servicecomb.authentication.provider;
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
+import java.util.Map.Entry;
import org.apache.commons.lang3.StringUtils;
import org.apache.servicecomb.serviceregistry.api.registry.Microservice;
@@ -54,6 +57,8 @@ public class AccessController {
private static final String KEY_RULE_POSTFIX = ".rule";
+ private static final String TYPE_STRING_NAME = "java.lang.String";
+
private Map<String, ConfigurationItem> whiteList = new HashMap<>();
private Map<String, ConfigurationItem> blackList = new HashMap<>();
@@ -84,15 +89,40 @@ public class AccessController {
private boolean matchFound(Microservice microservice, Map<String, ConfigurationItem> ruleList) {
boolean matched = false;
for (ConfigurationItem item : ruleList.values()) {
- // TODO: Currently we only support property, not support tags. And we will support tags later.
if (ConfigurationItem.CATEGORY_PROPERTY.equals(item.category)) {
- // TODO: Currently we only support to configure serviceName. And we will support others later.
- if ("serviceName".equals(item.propertyName)) {
- if (isPatternMatch(microservice.getServiceName(), item.rule)) {
- matched = true;
- break;
+ // we support to configure properties, e.g. serviceName, appId, environment, alias, version and so on, also support key in properties.
+ Class<? extends Microservice> service = microservice.getClass();
+ for (Method method : service.getDeclaredMethods()) {
+ String methodName = method.getName();
+ if (!methodName.startsWith("get"))
+ continue;
+ if (!method.getGenericReturnType().getTypeName().equals(TYPE_STRING_NAME))
+ continue;
+ char[] charArray = methodName.toCharArray();
+ charArray[3] += 32;
+ String fieldName = String.valueOf(charArray, 3, charArray.length - 3);
+ if (fieldName.equals(item.propertyName)) {
+ Field field;
+ String fieldValue = null;
+ try {
+ field = service.getDeclaredField(fieldName);
+ field.setAccessible(true);
+ fieldValue = (String) field.get(microservice);
+ } catch (Exception e) {
+ LOG.error("get field by reflection failed, error message: {}", e.getMessage());
+ fieldValue = "";
+ }
+ if (isPatternMatch(fieldValue, item.rule))
+ return true;
}
}
+ Map<String, String> properties = microservice.getProperties();
+ for (Entry<String, String> entry : properties.entrySet()) {
+ if (!entry.getKey().equals(item.propertyName))
+ continue;
+ if (isPatternMatch(entry.getValue(), item.rule))
+ return true;
+ }
}
}
return matched;
diff --git a/handlers/handler-publickey-auth/src/test/java/org/apache/servicecomb/authentication/TestAccessController.java b/handlers/handler-publickey-auth/src/test/java/org/apache/servicecomb/authentication/TestAccessController.java
index c577449..e493e77 100644
--- a/handlers/handler-publickey-auth/src/test/java/org/apache/servicecomb/authentication/TestAccessController.java
+++ b/handlers/handler-publickey-auth/src/test/java/org/apache/servicecomb/authentication/TestAccessController.java
@@ -16,6 +16,9 @@
*/
package org.apache.servicecomb.authentication;
+import java.util.HashMap;
+import java.util.Map;
+
import org.apache.servicecomb.authentication.provider.AccessController;
import org.apache.servicecomb.foundation.common.utils.Log4jUtils;
import org.apache.servicecomb.foundation.test.scaffolding.config.ArchaiusUtils;
@@ -24,7 +27,6 @@ import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
-import org.mockito.Mockito;
public class TestAccessController {
@Before
@@ -38,65 +40,65 @@ public class TestAccessController {
}
@Test
- public void testIsValidOfWhite() {
+ public void testIsValidOfWhiteByServiceName() {
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.propertyName", "serviceName");
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.category", "property");
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.rule", "trust*");
AccessController controller = new AccessController();
- Microservice service = Mockito.mock(Microservice.class);
+ Microservice service = new Microservice();
- Mockito.when(service.getServiceName()).thenReturn("trustCustomer");
+ service.setServiceName("trustCustomer");
Assert.assertTrue(controller.isAllowed(service));
- Mockito.when(service.getServiceName()).thenReturn("nottrustCustomer");
+ service.setServiceName("nottrustCustomer");
Assert.assertTrue(!controller.isAllowed(service));
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.rule", "*trust");
- Mockito.when(service.getServiceName()).thenReturn("Customer_trust");
+ service.setServiceName("Customer_trust");
Assert.assertTrue(controller.isAllowed(service));
- Mockito.when(service.getServiceName()).thenReturn("Customer_trust_not");
+ service.setServiceName("Customer_trust_not");
Assert.assertTrue(!controller.isAllowed(service));
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.rule", "trust");
- Mockito.when(service.getServiceName()).thenReturn("trust");
+ service.setServiceName("trust");
Assert.assertTrue(controller.isAllowed(service));
- Mockito.when(service.getServiceName()).thenReturn("Customer_trust");
+ service.setServiceName("Customer_trust");
Assert.assertTrue(!controller.isAllowed(service));
}
@Test
- public void testIsValidOfBlack() {
+ public void testIsValidOfBlackByServiceName() {
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.propertyName", "serviceName");
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.category", "property");
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.rule", "trust*");
AccessController controller = new AccessController();
- Microservice service = Mockito.mock(Microservice.class);
+ Microservice service = new Microservice();
- Mockito.when(service.getServiceName()).thenReturn("trustCustomer");
+ service.setServiceName("trustCustomer");
Assert.assertTrue(!controller.isAllowed(service));
- Mockito.when(service.getServiceName()).thenReturn("nottrustCustomer");
+ service.setServiceName("nottrustCustomer");
Assert.assertTrue(controller.isAllowed(service));
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.rule", "*trust");
- Mockito.when(service.getServiceName()).thenReturn("Customer_trust");
+ service.setServiceName("Customer_trust");
Assert.assertTrue(!controller.isAllowed(service));
- Mockito.when(service.getServiceName()).thenReturn("Customer_trust_not");
+ service.setServiceName("Customer_trust_not");
Assert.assertTrue(controller.isAllowed(service));
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.rule", "trust");
- Mockito.when(service.getServiceName()).thenReturn("trust");
+ service.setServiceName("trust");
Assert.assertTrue(!controller.isAllowed(service));
- Mockito.when(service.getServiceName()).thenReturn("Customer_trust");
+ service.setServiceName("Customer_trust");
Assert.assertTrue(controller.isAllowed(service));
}
@Test
- public void testIsValidOfBlackAndWhite() {
+ public void testIsValidOfBlackAndWhiteByServiceName() {
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.propertyName", "serviceName");
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.category", "property");
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.rule", "trust*");
@@ -105,12 +107,65 @@ public class TestAccessController {
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.rule", "*hacker");
AccessController controller = new AccessController();
- Microservice service = Mockito.mock(Microservice.class);
+ Microservice service = new Microservice();
+
+ service.setServiceName("trustCustomer");
+ Assert.assertTrue(controller.isAllowed(service));
+
+ service.setServiceName("trustCustomerhacker");
+ Assert.assertTrue(!controller.isAllowed(service));
+ }
+
+ @Test
+ public void testIsValidOfBlackByProperties() {
+ ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.propertyName", "tag");
+ ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.category", "property");
+ ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.rule", "test");
+ AccessController controller = new AccessController();
+ Microservice service = new Microservice();
+ Map<String, String> map = new HashMap<>();
+ map.put("tag", "test");
+
+ service.setProperties(map);
+ Assert.assertTrue(!controller.isAllowed(service));
+
+ map.put("tag", "testa");
+ service.setProperties(map);
+ Assert.assertTrue(controller.isAllowed(service));
+ }
+
+ @Test
+ public void testIsValidOfWhiteByProperties() {
+ ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.propertyName", "tag");
+ ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.category", "property");
+ ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.rule", "test");
+ AccessController controller = new AccessController();
+ Microservice service = new Microservice();
+ Map<String, String> map = new HashMap<>();
+ map.put("tag", "test");
- Mockito.when(service.getServiceName()).thenReturn("trustCustomer");
+ service.setProperties(map);
Assert.assertTrue(controller.isAllowed(service));
- Mockito.when(service.getServiceName()).thenReturn("trustCustomerhacker");
+ map.put("tag", "testa");
+ service.setProperties(map);
+ Assert.assertTrue(!controller.isAllowed(service));
+ }
+
+ @Test
+ public void testIsValidOfBlackAndWhiteByServiceNameAndVersion() {
+ ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.propertyName", "serviceName");
+ ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.category", "property");
+ ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.rule", "trust*");
+ ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.propertyName", "version");
+ ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.category", "property");
+ ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.rule", "0.0.1");
+
+ AccessController controller = new AccessController();
+ Microservice service = new Microservice();
+ service.setServiceName("trustCustomer");
+ service.setVersion("0.0.1");
+
Assert.assertTrue(!controller.isAllowed(service));
}
}
diff --git a/samples/trust-sample/store/src/main/resources/microservice.yaml b/samples/trust-sample/store/src/main/resources/microservice.yaml
index 88bf72b..4358d42 100644
--- a/samples/trust-sample/store/src/main/resources/microservice.yaml
+++ b/samples/trust-sample/store/src/main/resources/microservice.yaml
@@ -38,8 +38,9 @@ servicecomb:
black:
list01:
category: property ## property, fixed value
- propertyName: serviceName ## property name
- rule: hacker ## property value match expression. only supports prefix match and postfix match and exactly match. e.g. hacker*, *hacker, hacker
+ propertyName: serviceName ## property name, e.g. serviceName, appId, environment, alias, version and so on, also support key in properties.
+ rule: hacker ## property value match expression.
+##if propertyName is serviceName, only supports prefix match and postfix match and exactly match. e.g. hacker*, *hacker, hacker
white:
list02:
category: property
[incubator-servicecomb-java-chassis] 02/02: [SCB-788] public key
black/white choose server by microservice field and properties
Posted by li...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
liubao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-servicecomb-java-chassis.git
commit 7abb7b12636fc9040a18778246260b9f438e4bdb
Author: weichao666 <we...@huawei.com>
AuthorDate: Tue Aug 7 20:15:20 2018 +0800
[SCB-788] public key black/white choose server by microservice field and properties
---
.../authentication/provider/AccessController.java | 62 +++++++++-------------
1 file changed, 26 insertions(+), 36 deletions(-)
diff --git a/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/provider/AccessController.java b/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/provider/AccessController.java
index 82145ae..e609e9f 100644
--- a/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/provider/AccessController.java
+++ b/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/provider/AccessController.java
@@ -16,8 +16,7 @@
*/
package org.apache.servicecomb.authentication.provider;
-import java.lang.reflect.Field;
-import java.lang.reflect.Method;
+import java.beans.PropertyDescriptor;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
@@ -57,8 +56,6 @@ public class AccessController {
private static final String KEY_RULE_POSTFIX = ".rule";
- private static final String TYPE_STRING_NAME = "java.lang.String";
-
private Map<String, ConfigurationItem> whiteList = new HashMap<>();
private Map<String, ConfigurationItem> blackList = new HashMap<>();
@@ -91,43 +88,36 @@ public class AccessController {
for (ConfigurationItem item : ruleList.values()) {
if (ConfigurationItem.CATEGORY_PROPERTY.equals(item.category)) {
// we support to configure properties, e.g. serviceName, appId, environment, alias, version and so on, also support key in properties.
- Class<? extends Microservice> service = microservice.getClass();
- for (Method method : service.getDeclaredMethods()) {
- String methodName = method.getName();
- if (!methodName.startsWith("get"))
- continue;
- if (!method.getGenericReturnType().getTypeName().equals(TYPE_STRING_NAME))
- continue;
- char[] charArray = methodName.toCharArray();
- charArray[3] += 32;
- String fieldName = String.valueOf(charArray, 3, charArray.length - 3);
- if (fieldName.equals(item.propertyName)) {
- Field field;
- String fieldValue = null;
- try {
- field = service.getDeclaredField(fieldName);
- field.setAccessible(true);
- fieldValue = (String) field.get(microservice);
- } catch (Exception e) {
- LOG.error("get field by reflection failed, error message: {}", e.getMessage());
- fieldValue = "";
- }
- if (isPatternMatch(fieldValue, item.rule))
- return true;
- }
- }
- Map<String, String> properties = microservice.getProperties();
- for (Entry<String, String> entry : properties.entrySet()) {
- if (!entry.getKey().equals(item.propertyName))
- continue;
- if (isPatternMatch(entry.getValue(), item.rule))
- return true;
- }
+ if (matchMicroserviceField(microservice, item) || matchMicroserviceProperties(microservice, item))
+ return true;
}
}
return matched;
}
+ private boolean matchMicroserviceProperties(Microservice microservice, ConfigurationItem item) {
+ Map<String, String> properties = microservice.getProperties();
+ for (Entry<String, String> entry : properties.entrySet()) {
+ if (!entry.getKey().equals(item.propertyName))
+ continue;
+ return isPatternMatch(entry.getValue(), item.rule);
+ }
+ return false;
+ }
+
+ private boolean matchMicroserviceField(Microservice microservice, ConfigurationItem item) {
+ Object fieldValue = null;
+ try {
+ fieldValue = new PropertyDescriptor(item.propertyName, Microservice.class).getReadMethod().invoke(microservice);
+ } catch (Exception e) {
+ LOG.warn("can't find propertyname: {} in microservice field, will search in microservice properties.", item.propertyName);
+ return false;
+ }
+ if (fieldValue.getClass().getName().equals(String.class.getName()))
+ return isPatternMatch((String) fieldValue, item.rule);
+ return false;
+ }
+
private boolean isPatternMatch(String value, String pattern) {
if (pattern.startsWith("*")) {
return value.endsWith(pattern.substring(1));