You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ti...@apache.org on 2017/10/10 18:59:29 UTC

[3/4] mesos git commit: Added basic HTTP authenticatee implementation.

Added basic HTTP authenticatee implementation.

Moves the hardcoded basic HTTP authentication code from within the
scheduler library into the modularized HTTP authenticatee interface.

Review: https://reviews.apache.org/r/62592/


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/e89cdc25
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/e89cdc25
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/e89cdc25

Branch: refs/heads/master
Commit: e89cdc2551c77c6951a30e9007c85cbfef58de32
Parents: a687d97
Author: Till Toenshoff <to...@me.com>
Authored: Tue Oct 10 20:17:46 2017 +0200
Committer: Till Toenshoff <to...@me.com>
Committed: Tue Oct 10 20:59:13 2017 +0200

----------------------------------------------------------------------
 src/CMakeLists.txt                              |   1 +
 src/Makefile.am                                 |   2 +
 src/authentication/http/basic_authenticatee.cpp | 103 +++++++++++++++++++
 src/authentication/http/basic_authenticatee.hpp |  66 ++++++++++++
 src/common/http.hpp                             |   3 +
 5 files changed, 175 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/e89cdc25/src/CMakeLists.txt
----------------------------------------------------------------------
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 1a0dff3..219252f 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -310,6 +310,7 @@ set(AUTHENTICATION_SRC
   authentication/cram_md5/authenticatee.cpp
   authentication/cram_md5/authenticator.cpp
   authentication/cram_md5/auxprop.cpp
+  authentication/http/basic_authenticatee.cpp
   authentication/http/basic_authenticator_factory.cpp
   authentication/http/combined_authenticator.cpp)
 

http://git-wip-us.apache.org/repos/asf/mesos/blob/e89cdc25/src/Makefile.am
----------------------------------------------------------------------
diff --git a/src/Makefile.am b/src/Makefile.am
index ca43f25..085ff3b 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -941,6 +941,7 @@ libmesos_no_3rdparty_la_SOURCES +=					\
   authentication/cram_md5/authenticatee.cpp				\
   authentication/cram_md5/authenticator.cpp				\
   authentication/cram_md5/auxprop.cpp					\
+  authentication/http/basic_authenticatee.cpp				\
   authentication/http/basic_authenticator_factory.cpp			\
   authentication/http/combined_authenticator.cpp			\
   authorizer/acls.cpp							\
@@ -1085,6 +1086,7 @@ libmesos_no_3rdparty_la_SOURCES +=					\
   authentication/cram_md5/authenticatee.hpp				\
   authentication/cram_md5/authenticator.hpp				\
   authentication/cram_md5/auxprop.hpp					\
+  authentication/http/basic_authenticatee.hpp				\
   authorizer/local/authorizer.hpp					\
   checks/checker.hpp							\
   checks/checker_process.hpp						\

http://git-wip-us.apache.org/repos/asf/mesos/blob/e89cdc25/src/authentication/http/basic_authenticatee.cpp
----------------------------------------------------------------------
diff --git a/src/authentication/http/basic_authenticatee.cpp b/src/authentication/http/basic_authenticatee.cpp
new file mode 100644
index 0000000..5faeec6
--- /dev/null
+++ b/src/authentication/http/basic_authenticatee.cpp
@@ -0,0 +1,103 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "authentication/http/basic_authenticatee.hpp"
+
+#include <string>
+
+#include <mesos/v1/mesos.hpp>
+
+#include <process/id.hpp>
+#include <process/dispatch.hpp>
+#include <process/future.hpp>
+#include <process/http.hpp>
+#include <process/process.hpp>
+
+#include <stout/base64.hpp>
+#include <stout/option.hpp>
+
+namespace mesos {
+namespace http {
+namespace authentication {
+
+class BasicAuthenticateeProcess
+  : public process::Process<BasicAuthenticateeProcess>
+{
+public:
+  BasicAuthenticateeProcess()
+    : ProcessBase(process::ID::generate("basic_authenticatee")) {}
+
+  process::Future<process::http::Request> authenticate(
+      const process::http::Request& request,
+      const Option<mesos::v1::Credential>& credential)
+  {
+    // Without credential we can and should not try to authenticate.
+    if (credential.isNone()) {
+      return request;
+    }
+
+    process::http::Request decoratedRequest(request);
+
+    // As per https://tools.ietf.org/html/rfc7230#section-3.2.2 we
+    // must not return an additional "Authorization" header if there
+    // was one present already - for those cases, we need to combine
+    // them.
+    // TODO(tillt): Update this code to combine multiple schemes once
+    // our HTTP authenticator implementations do support multiple
+    // authentication schemes for the same request. See MESOS-8059.
+    decoratedRequest.headers["Authorization"] =
+      "Basic " +
+      base64::encode(credential->principal() + ":" + credential->secret());
+
+    return decoratedRequest;
+  }
+};
+
+
+BasicAuthenticatee::BasicAuthenticatee()
+  : process_(new BasicAuthenticateeProcess())
+{
+  spawn(*process_);
+}
+
+
+BasicAuthenticatee::~BasicAuthenticatee()
+{
+  terminate(*process_);
+  wait(*process_);
+}
+
+
+std::string BasicAuthenticatee::scheme() const
+{
+  return "Basic";
+}
+
+
+process::Future<process::http::Request> BasicAuthenticatee::authenticate(
+    const process::http::Request& request,
+    const Option<mesos::v1::Credential>& credential)
+{
+  return dispatch(
+      *process_,
+      &BasicAuthenticateeProcess::authenticate,
+      request,
+      credential);
+}
+
+} // namespace authentication {
+} // namespace http {
+} // namespace mesos {

http://git-wip-us.apache.org/repos/asf/mesos/blob/e89cdc25/src/authentication/http/basic_authenticatee.hpp
----------------------------------------------------------------------
diff --git a/src/authentication/http/basic_authenticatee.hpp b/src/authentication/http/basic_authenticatee.hpp
new file mode 100644
index 0000000..59c1ba6
--- /dev/null
+++ b/src/authentication/http/basic_authenticatee.hpp
@@ -0,0 +1,66 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef __AUTHENTICATION_HTTP_BASIC_AUTHENTICATEE_HPP__
+#define __AUTHENTICATION_HTTP_BASIC_AUTHENTICATEE_HPP__
+
+#include <mesos/v1/mesos.hpp>
+
+#include <mesos/authentication/http/authenticatee.hpp>
+
+#include <process/future.hpp>
+#include <process/http.hpp>
+
+#include <stout/option.hpp>
+
+namespace mesos {
+namespace http {
+namespace authentication {
+
+class BasicAuthenticateeProcess; // Forward declaration.
+
+/**
+ * Authenticatee implementing the client side of basic HTTP
+ * authentication.
+ */
+class BasicAuthenticatee : public Authenticatee
+{
+public:
+  BasicAuthenticatee();
+
+  ~BasicAuthenticatee() override;
+
+  // Not copy-constructable.
+  BasicAuthenticatee(const BasicAuthenticatee&) = delete;
+
+  // Not copyable.
+  BasicAuthenticatee& operator=(const BasicAuthenticatee&) = delete;
+
+  std::string scheme() const override;
+
+  process::Future<process::http::Request> authenticate(
+      const process::http::Request& request,
+      const Option<mesos::v1::Credential>& credential) override;
+
+private:
+  process::Owned<BasicAuthenticateeProcess> process_;
+};
+
+} // namespace authentication {
+} // namespace http {
+} // namespace mesos {
+
+#endif // __AUTHENTICATION_HTTP_BASIC_AUTHENTICATEE_HPP__

http://git-wip-us.apache.org/repos/asf/mesos/blob/e89cdc25/src/common/http.hpp
----------------------------------------------------------------------
diff --git a/src/common/http.hpp b/src/common/http.hpp
index 0e6b1c5..505c6d7 100644
--- a/src/common/http.hpp
+++ b/src/common/http.hpp
@@ -48,6 +48,9 @@ namespace internal {
 // Name of the default, basic authenticator.
 constexpr char DEFAULT_BASIC_HTTP_AUTHENTICATOR[] = "basic";
 
+// Name of the default, basic authenticatee.
+constexpr char DEFAULT_BASIC_HTTP_AUTHENTICATEE[] = "basic";
+
 // Name of the default, JWT authenticator.
 constexpr char DEFAULT_JWT_HTTP_AUTHENTICATOR[] = "jwt";