You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ti...@apache.org on 2017/10/10 18:59:29 UTC
[3/4] mesos git commit: Added basic HTTP authenticatee implementation.
Added basic HTTP authenticatee implementation.
Moves the hardcoded basic HTTP authentication code from within the
scheduler library into the modularized HTTP authenticatee interface.
Review: https://reviews.apache.org/r/62592/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/e89cdc25
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/e89cdc25
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/e89cdc25
Branch: refs/heads/master
Commit: e89cdc2551c77c6951a30e9007c85cbfef58de32
Parents: a687d97
Author: Till Toenshoff <to...@me.com>
Authored: Tue Oct 10 20:17:46 2017 +0200
Committer: Till Toenshoff <to...@me.com>
Committed: Tue Oct 10 20:59:13 2017 +0200
----------------------------------------------------------------------
src/CMakeLists.txt | 1 +
src/Makefile.am | 2 +
src/authentication/http/basic_authenticatee.cpp | 103 +++++++++++++++++++
src/authentication/http/basic_authenticatee.hpp | 66 ++++++++++++
src/common/http.hpp | 3 +
5 files changed, 175 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/e89cdc25/src/CMakeLists.txt
----------------------------------------------------------------------
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 1a0dff3..219252f 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -310,6 +310,7 @@ set(AUTHENTICATION_SRC
authentication/cram_md5/authenticatee.cpp
authentication/cram_md5/authenticator.cpp
authentication/cram_md5/auxprop.cpp
+ authentication/http/basic_authenticatee.cpp
authentication/http/basic_authenticator_factory.cpp
authentication/http/combined_authenticator.cpp)
http://git-wip-us.apache.org/repos/asf/mesos/blob/e89cdc25/src/Makefile.am
----------------------------------------------------------------------
diff --git a/src/Makefile.am b/src/Makefile.am
index ca43f25..085ff3b 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -941,6 +941,7 @@ libmesos_no_3rdparty_la_SOURCES += \
authentication/cram_md5/authenticatee.cpp \
authentication/cram_md5/authenticator.cpp \
authentication/cram_md5/auxprop.cpp \
+ authentication/http/basic_authenticatee.cpp \
authentication/http/basic_authenticator_factory.cpp \
authentication/http/combined_authenticator.cpp \
authorizer/acls.cpp \
@@ -1085,6 +1086,7 @@ libmesos_no_3rdparty_la_SOURCES += \
authentication/cram_md5/authenticatee.hpp \
authentication/cram_md5/authenticator.hpp \
authentication/cram_md5/auxprop.hpp \
+ authentication/http/basic_authenticatee.hpp \
authorizer/local/authorizer.hpp \
checks/checker.hpp \
checks/checker_process.hpp \
http://git-wip-us.apache.org/repos/asf/mesos/blob/e89cdc25/src/authentication/http/basic_authenticatee.cpp
----------------------------------------------------------------------
diff --git a/src/authentication/http/basic_authenticatee.cpp b/src/authentication/http/basic_authenticatee.cpp
new file mode 100644
index 0000000..5faeec6
--- /dev/null
+++ b/src/authentication/http/basic_authenticatee.cpp
@@ -0,0 +1,103 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "authentication/http/basic_authenticatee.hpp"
+
+#include <string>
+
+#include <mesos/v1/mesos.hpp>
+
+#include <process/id.hpp>
+#include <process/dispatch.hpp>
+#include <process/future.hpp>
+#include <process/http.hpp>
+#include <process/process.hpp>
+
+#include <stout/base64.hpp>
+#include <stout/option.hpp>
+
+namespace mesos {
+namespace http {
+namespace authentication {
+
+class BasicAuthenticateeProcess
+ : public process::Process<BasicAuthenticateeProcess>
+{
+public:
+ BasicAuthenticateeProcess()
+ : ProcessBase(process::ID::generate("basic_authenticatee")) {}
+
+ process::Future<process::http::Request> authenticate(
+ const process::http::Request& request,
+ const Option<mesos::v1::Credential>& credential)
+ {
+ // Without credential we can and should not try to authenticate.
+ if (credential.isNone()) {
+ return request;
+ }
+
+ process::http::Request decoratedRequest(request);
+
+ // As per https://tools.ietf.org/html/rfc7230#section-3.2.2 we
+ // must not return an additional "Authorization" header if there
+ // was one present already - for those cases, we need to combine
+ // them.
+ // TODO(tillt): Update this code to combine multiple schemes once
+ // our HTTP authenticator implementations do support multiple
+ // authentication schemes for the same request. See MESOS-8059.
+ decoratedRequest.headers["Authorization"] =
+ "Basic " +
+ base64::encode(credential->principal() + ":" + credential->secret());
+
+ return decoratedRequest;
+ }
+};
+
+
+BasicAuthenticatee::BasicAuthenticatee()
+ : process_(new BasicAuthenticateeProcess())
+{
+ spawn(*process_);
+}
+
+
+BasicAuthenticatee::~BasicAuthenticatee()
+{
+ terminate(*process_);
+ wait(*process_);
+}
+
+
+std::string BasicAuthenticatee::scheme() const
+{
+ return "Basic";
+}
+
+
+process::Future<process::http::Request> BasicAuthenticatee::authenticate(
+ const process::http::Request& request,
+ const Option<mesos::v1::Credential>& credential)
+{
+ return dispatch(
+ *process_,
+ &BasicAuthenticateeProcess::authenticate,
+ request,
+ credential);
+}
+
+} // namespace authentication {
+} // namespace http {
+} // namespace mesos {
http://git-wip-us.apache.org/repos/asf/mesos/blob/e89cdc25/src/authentication/http/basic_authenticatee.hpp
----------------------------------------------------------------------
diff --git a/src/authentication/http/basic_authenticatee.hpp b/src/authentication/http/basic_authenticatee.hpp
new file mode 100644
index 0000000..59c1ba6
--- /dev/null
+++ b/src/authentication/http/basic_authenticatee.hpp
@@ -0,0 +1,66 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef __AUTHENTICATION_HTTP_BASIC_AUTHENTICATEE_HPP__
+#define __AUTHENTICATION_HTTP_BASIC_AUTHENTICATEE_HPP__
+
+#include <mesos/v1/mesos.hpp>
+
+#include <mesos/authentication/http/authenticatee.hpp>
+
+#include <process/future.hpp>
+#include <process/http.hpp>
+
+#include <stout/option.hpp>
+
+namespace mesos {
+namespace http {
+namespace authentication {
+
+class BasicAuthenticateeProcess; // Forward declaration.
+
+/**
+ * Authenticatee implementing the client side of basic HTTP
+ * authentication.
+ */
+class BasicAuthenticatee : public Authenticatee
+{
+public:
+ BasicAuthenticatee();
+
+ ~BasicAuthenticatee() override;
+
+ // Not copy-constructable.
+ BasicAuthenticatee(const BasicAuthenticatee&) = delete;
+
+ // Not copyable.
+ BasicAuthenticatee& operator=(const BasicAuthenticatee&) = delete;
+
+ std::string scheme() const override;
+
+ process::Future<process::http::Request> authenticate(
+ const process::http::Request& request,
+ const Option<mesos::v1::Credential>& credential) override;
+
+private:
+ process::Owned<BasicAuthenticateeProcess> process_;
+};
+
+} // namespace authentication {
+} // namespace http {
+} // namespace mesos {
+
+#endif // __AUTHENTICATION_HTTP_BASIC_AUTHENTICATEE_HPP__
http://git-wip-us.apache.org/repos/asf/mesos/blob/e89cdc25/src/common/http.hpp
----------------------------------------------------------------------
diff --git a/src/common/http.hpp b/src/common/http.hpp
index 0e6b1c5..505c6d7 100644
--- a/src/common/http.hpp
+++ b/src/common/http.hpp
@@ -48,6 +48,9 @@ namespace internal {
// Name of the default, basic authenticator.
constexpr char DEFAULT_BASIC_HTTP_AUTHENTICATOR[] = "basic";
+// Name of the default, basic authenticatee.
+constexpr char DEFAULT_BASIC_HTTP_AUTHENTICATEE[] = "basic";
+
// Name of the default, JWT authenticator.
constexpr char DEFAULT_JWT_HTTP_AUTHENTICATOR[] = "jwt";