You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by bm...@apache.org on 2016/01/04 22:53:34 UTC
[1/2] mesos git commit: Added implementation of HTTP "Basic"
authentication scheme.
Repository: mesos
Updated Branches:
refs/heads/master 1849bd606 -> 550396823
Added implementation of HTTP "Basic" authentication scheme.
Review: https://reviews.apache.org/r/38094/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/cc1e6e4c
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/cc1e6e4c
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/cc1e6e4c
Branch: refs/heads/master
Commit: cc1e6e4cab374a91a0cb2923f841b7b97549bfc8
Parents: 1849bd6
Author: Alexander Rojas <al...@mesosphere.io>
Authored: Mon Jan 4 13:36:34 2016 -0800
Committer: Benjamin Mahler <be...@gmail.com>
Committed: Mon Jan 4 13:51:11 2016 -0800
----------------------------------------------------------------------
3rdparty/libprocess/Makefile.am | 1 +
.../include/process/authenticator.hpp | 26 ++++
3rdparty/libprocess/src/CMakeLists.txt | 1 +
3rdparty/libprocess/src/authenticator.cpp | 128 +++++++++++++++++++
3rdparty/libprocess/src/tests/http_tests.cpp | 65 ++++++++++
5 files changed, 221 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/cc1e6e4c/3rdparty/libprocess/Makefile.am
----------------------------------------------------------------------
diff --git a/3rdparty/libprocess/Makefile.am b/3rdparty/libprocess/Makefile.am
index 6749fd4..ac8cc8d 100644
--- a/3rdparty/libprocess/Makefile.am
+++ b/3rdparty/libprocess/Makefile.am
@@ -45,6 +45,7 @@ noinst_LTLIBRARIES = libprocess.la
libprocess_la_SOURCES = \
src/authenticator_manager.hpp \
src/authenticator_manager.cpp \
+ src/authenticator.cpp \
src/clock.cpp \
src/config.hpp \
src/decoder.hpp \
http://git-wip-us.apache.org/repos/asf/mesos/blob/cc1e6e4c/3rdparty/libprocess/include/process/authenticator.hpp
----------------------------------------------------------------------
diff --git a/3rdparty/libprocess/include/process/authenticator.hpp b/3rdparty/libprocess/include/process/authenticator.hpp
index 5a32e9a..e5489c6 100644
--- a/3rdparty/libprocess/include/process/authenticator.hpp
+++ b/3rdparty/libprocess/include/process/authenticator.hpp
@@ -18,12 +18,15 @@
#include <process/future.hpp>
#include <process/http.hpp>
+#include <stout/hashmap.hpp>
#include <stout/option.hpp>
namespace process {
namespace http {
namespace authentication {
+class BasicAuthenticatorProcess;
+
/**
* Represents the result of authenticating a request.
* An `AuthenticationResult` can represent one of the
@@ -77,6 +80,29 @@ public:
virtual std::string scheme() const = 0;
};
+
+/**
+ * Implements the "Basic" authentication scheme using a
+ * fixed set of credentials.
+ */
+class BasicAuthenticator : public Authenticator
+{
+public:
+ BasicAuthenticator(
+ const std::string& realm,
+ const hashmap<std::string, std::string>& credentials);
+
+ virtual ~BasicAuthenticator();
+
+ virtual Future<AuthenticationResult> authenticate(
+ const http::Request& request) override;
+
+ virtual std::string scheme() const override;
+
+private:
+ Owned<BasicAuthenticatorProcess> process_;
+};
+
} // namespace authentication {
} // namespace http {
} // namespace process {
http://git-wip-us.apache.org/repos/asf/mesos/blob/cc1e6e4c/3rdparty/libprocess/src/CMakeLists.txt
----------------------------------------------------------------------
diff --git a/3rdparty/libprocess/src/CMakeLists.txt b/3rdparty/libprocess/src/CMakeLists.txt
index 681f0cf..7be3001 100644
--- a/3rdparty/libprocess/src/CMakeLists.txt
+++ b/3rdparty/libprocess/src/CMakeLists.txt
@@ -20,6 +20,7 @@ set(PROCESS_SRC
${PROCESS_SRC}
authentication_router.cpp
authentication_router.hpp
+ authenticator.cpp
clock.cpp
config.hpp
decoder.hpp
http://git-wip-us.apache.org/repos/asf/mesos/blob/cc1e6e4c/3rdparty/libprocess/src/authenticator.cpp
----------------------------------------------------------------------
diff --git a/3rdparty/libprocess/src/authenticator.cpp b/3rdparty/libprocess/src/authenticator.cpp
new file mode 100644
index 0000000..7371a62
--- /dev/null
+++ b/3rdparty/libprocess/src/authenticator.cpp
@@ -0,0 +1,128 @@
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License
+
+#include <process/authenticator.hpp>
+
+#include <string>
+#include <vector>
+
+#include <process/dispatch.hpp>
+#include <process/future.hpp>
+#include <process/http.hpp>
+#include <process/process.hpp>
+
+#include <stout/base64.hpp>
+#include <stout/hashmap.hpp>
+#include <stout/option.hpp>
+#include <stout/strings.hpp>
+#include <stout/try.hpp>
+
+namespace process {
+namespace http {
+namespace authentication {
+
+using std::string;
+using std::vector;
+
+
+class BasicAuthenticatorProcess : public Process<BasicAuthenticatorProcess>
+{
+public:
+ BasicAuthenticatorProcess(
+ const std::string& realm,
+ const hashmap<std::string, std::string>& credentials);
+
+ virtual Future<AuthenticationResult> authenticate(
+ const http::Request& request);
+
+private:
+ const std::string realm_;
+ const hashmap<std::string, std::string> credentials_;
+};
+
+
+BasicAuthenticatorProcess::BasicAuthenticatorProcess(
+ const string& realm,
+ const hashmap<string, string>& credentials)
+ : realm_(realm), credentials_(credentials) {}
+
+
+Future<AuthenticationResult> BasicAuthenticatorProcess::authenticate(
+ const Request& request)
+{
+ AuthenticationResult unauthorized;
+ unauthorized.unauthorized =
+ Unauthorized(vector<string>({"Basic realm=\"" + realm_ + "\""}));
+
+ Option<string> credentials = request.headers.get("Authorization");
+
+ if (credentials.isNone()) {
+ return unauthorized;
+ }
+
+ vector<string> components = strings::split(credentials.get(), " ");
+
+ if (components.size() != 2 || components[0] != "Basic") {
+ return unauthorized;
+ }
+
+ Try<string> decoded = base64::decode(components[1]);
+
+ if (decoded.isError()) {
+ return unauthorized;
+ }
+
+ vector<string> credential = strings::split(decoded.get(), ":");
+
+ if (credential.size() != 2 ||
+ !credentials_.contains(credential[0]) ||
+ credentials_.at(credential[0]) != credential[1]) {
+ return unauthorized;
+ }
+
+ AuthenticationResult authenticated;
+ authenticated.principal = credential[0];
+ return authenticated;
+}
+
+
+BasicAuthenticator::BasicAuthenticator(
+ const string& realm,
+ const hashmap<string, string>& credentials)
+ : process_(new BasicAuthenticatorProcess(realm, credentials))
+{
+ spawn(*process_);
+}
+
+
+BasicAuthenticator::~BasicAuthenticator()
+{
+ terminate(*process_);
+ wait(*process_);
+}
+
+
+Future<AuthenticationResult> BasicAuthenticator::authenticate(
+ const Request& request)
+{
+ return dispatch(*process_, &BasicAuthenticatorProcess::authenticate, request);
+}
+
+
+string BasicAuthenticator::scheme() const
+{
+ return "Basic";
+}
+
+} // namespace authentication {
+} // namespace http {
+} // namespace process {
http://git-wip-us.apache.org/repos/asf/mesos/blob/cc1e6e4c/3rdparty/libprocess/src/tests/http_tests.cpp
----------------------------------------------------------------------
diff --git a/3rdparty/libprocess/src/tests/http_tests.cpp b/3rdparty/libprocess/src/tests/http_tests.cpp
index ec7b4aa..e5999d8 100644
--- a/3rdparty/libprocess/src/tests/http_tests.cpp
+++ b/3rdparty/libprocess/src/tests/http_tests.cpp
@@ -47,6 +47,7 @@ namespace http = process::http;
using authentication::Authenticator;
using authentication::AuthenticationResult;
+using authentication::BasicAuthenticator;
using process::Future;
using process::Owned;
@@ -1424,3 +1425,67 @@ TEST_F(HttpAuthenticationTest, Pipelining)
AWAIT_EXPECT_EQ(authentiation1.principal, principal1);
AWAIT_EXPECT_EQ(authentiation2.principal, principal2);
}
+
+
+// Tests the "Basic" authenticator.
+TEST_F(HttpAuthenticationTest, Basic)
+{
+ Http http;
+
+ Owned<Authenticator> authenticator(
+ new BasicAuthenticator("realm", {{"user", "password"}}));
+
+ AWAIT_READY(setAuthenticator("realm", authenticator));
+
+ // No credentials provided.
+ {
+ Future<http::Response> response = http::get(*http.process, "authenticated");
+
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(
+ http::Unauthorized(vector<string>()).status,
+ response);
+ }
+
+ // Wrong password provided.
+ {
+ http::Headers headers;
+ headers["Authorization"] =
+ "Basic " + base64::encode("user:wrongpassword");
+
+ Future<http::Response> response =
+ http::get(http.process->self(), "authenticated", None(), headers);
+
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(
+ http::Unauthorized(vector<string>()).status,
+ response);
+ }
+
+ // Wrong username provided.
+ {
+ http::Headers headers;
+ headers["Authorization"] =
+ "Basic " + base64::encode("wronguser:password");
+
+ Future<http::Response> response =
+ http::get(http.process->self(), "authenticated", None(), headers);
+
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(
+ http::Unauthorized(vector<string>()).status,
+ response);
+ }
+
+ // Right credentials provided.
+ {
+ EXPECT_CALL(*http.process, authenticated(_, Option<string>("user")))
+ .WillOnce(Return(http::OK()));
+
+ http::Headers headers;
+ headers["Authorization"] =
+ "Basic " + base64::encode("user:password");
+
+ Future<http::Response> response =
+ http::get(http.process->self(), "authenticated", None(), headers);
+
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(http::OK().status, response);
+ }
+}
[2/2] mesos git commit: Updated CMake build for authentication
changes.
Posted by bm...@apache.org.
Updated CMake build for authentication changes.
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/55039682
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/55039682
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/55039682
Branch: refs/heads/master
Commit: 550396823d4754d6e6b0dbd9284d76cfd7be19ac
Parents: cc1e6e4
Author: Benjamin Mahler <be...@gmail.com>
Authored: Mon Jan 4 13:52:36 2016 -0800
Committer: Benjamin Mahler <be...@gmail.com>
Committed: Mon Jan 4 13:52:36 2016 -0800
----------------------------------------------------------------------
3rdparty/libprocess/src/CMakeLists.txt | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/55039682/3rdparty/libprocess/src/CMakeLists.txt
----------------------------------------------------------------------
diff --git a/3rdparty/libprocess/src/CMakeLists.txt b/3rdparty/libprocess/src/CMakeLists.txt
index 7be3001..12dfaf6 100644
--- a/3rdparty/libprocess/src/CMakeLists.txt
+++ b/3rdparty/libprocess/src/CMakeLists.txt
@@ -18,8 +18,8 @@
#######################################
set(PROCESS_SRC
${PROCESS_SRC}
- authentication_router.cpp
- authentication_router.hpp
+ authenticator_manager.cpp
+ authenticator_manager.hpp
authenticator.cpp
clock.cpp
config.hpp