You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tinkerpop.apache.org by sp...@apache.org on 2017/04/10 19:41:10 UTC
[1/9] tinkerpop git commit: Abstract over http auth for extensibility
Repository: tinkerpop
Updated Branches:
refs/heads/master 4b9c283c2 -> 960fdc113
Abstract over http auth for extensibility
Abstracting over the http authentication allows for easy extensibility
for users/implementors to provide their own classes for http auth beyond
basic auth. The general issue is that there is a fixed overhead to
hashing passwords securely. This change allows for implementing things
like HMAC token auth and plugging them in easily to the gremlin server.
Project: http://git-wip-us.apache.org/repos/asf/tinkerpop/repo
Commit: http://git-wip-us.apache.org/repos/asf/tinkerpop/commit/69dd924d
Tree: http://git-wip-us.apache.org/repos/asf/tinkerpop/tree/69dd924d
Diff: http://git-wip-us.apache.org/repos/asf/tinkerpop/diff/69dd924d
Branch: refs/heads/master
Commit: 69dd924dc9219791330007e9a5a2d1dabda4cfb1
Parents: f73d7ca
Author: Keith Lohnes <kr...@us.ibm.com>
Authored: Mon Mar 20 13:37:40 2017 -0400
Committer: Keith Lohnes <kr...@us.ibm.com>
Committed: Tue Apr 4 09:22:19 2017 -0400
----------------------------------------------------------------------
.../gremlin/server/AbstractChannelizer.java | 25 ++++++++++++--
.../tinkerpop/gremlin/server/Settings.java | 18 +++++++++-
.../gremlin/server/channel/HttpChannelizer.java | 25 ++++++++++++--
.../handler/AbstractAuthenticationHandler.java | 35 +++++++++++++++++++
.../handler/HttpBasicAuthenticationHandler.java | 5 ++-
.../server/GremlinServerHttpIntegrateTest.java | 36 ++++++++++++++++++++
6 files changed, 135 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/69dd924d/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java
----------------------------------------------------------------------
diff --git a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java
index d28fd4f..8887363 100644
--- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java
+++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java
@@ -30,6 +30,7 @@ import org.apache.tinkerpop.gremlin.driver.ser.GraphSONMessageSerializerV1d0;
import org.apache.tinkerpop.gremlin.driver.ser.GryoMessageSerializerV1d0;
import org.apache.tinkerpop.gremlin.groovy.engine.GremlinExecutor;
import org.apache.tinkerpop.gremlin.server.auth.Authenticator;
+import org.apache.tinkerpop.gremlin.server.handler.AbstractAuthenticationHandler;
import org.apache.tinkerpop.gremlin.server.handler.IteratorHandler;
import org.apache.tinkerpop.gremlin.server.handler.OpExecutorHandler;
import org.apache.tinkerpop.gremlin.server.handler.OpSelectorHandler;
@@ -153,15 +154,33 @@ public abstract class AbstractChannelizer extends ChannelInitializer<SocketChann
finalize(pipeline);
}
+ protected AbstractAuthenticationHandler createAuthenticationHandler(final Settings.AuthenticationSettings config) {
+ try {
+ final Class<?> clazz = Class.forName(config.authenticationHandler);
+ final Class[] constructorArgs = new Class[1];
+ constructorArgs[0] = Authenticator.class;
+ return (AbstractAuthenticationHandler) clazz.getDeclaredConstructor(constructorArgs).newInstance(authenticator);
+ } catch (Exception ex) {
+ logger.warn(ex.getMessage());
+ throw new IllegalStateException(String.format("Could not create/configure AuthenticationHandler %s", config.authenticationHandler), ex);
+ }
+ }
+
private Authenticator createAuthenticator(final Settings.AuthenticationSettings config) {
+ String authenticatorClass = null;
+ if (config.authenticator == null) {
+ authenticatorClass = config.className;
+ } else {
+ authenticatorClass = config.authenticator;
+ }
try {
- final Class<?> clazz = Class.forName(config.className);
+ final Class<?> clazz = Class.forName(authenticatorClass);
final Authenticator authenticator = (Authenticator) clazz.newInstance();
authenticator.setup(config.config);
return authenticator;
} catch (Exception ex) {
logger.warn(ex.getMessage());
- throw new IllegalStateException(String.format("Could not create/configure Authenticator %s", config.className), ex);
+ throw new IllegalStateException(String.format("Could not create/configure Authenticator %s", authenticator), ex);
}
}
@@ -254,4 +273,4 @@ public abstract class AbstractChannelizer extends ChannelInitializer<SocketChann
return null;
}
}
-}
\ No newline at end of file
+}
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/69dd924d/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
----------------------------------------------------------------------
diff --git a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
index e2f2ad5..030c2e6 100644
--- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
+++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
@@ -384,9 +384,25 @@ public class Settings {
* used to load the implementation from the classpath. Defaults to {@link AllowAllAuthenticator} when
* not specified.
*/
+ public String authenticator = AllowAllAuthenticator.class.getName();
+
+ /**
+ * The fully qualified class name of the {@link Authenticator} implementation. This class name will be
+ * used to load the implementation from the classpath. Defaults to {@link AllowAllAuthenticator} when
+ * not specified.
+ * @deprecated As of release 3.2.5, replaced by {@link authenticator}.
+ */
+ @Deprecated
public String className = AllowAllAuthenticator.class.getName();
/**
+ * The fully qualified class name of the {@link HttpAuthenticationHandler} implementation.
+ * This class name will be used to load the implementation from the classpath.
+ * Defaults to null when not specified.
+ */
+ public String authenticationHandler = null;
+
+ /**
* A {@link Map} containing {@link Authenticator} specific configurations. Consult the
* {@link Authenticator} implementation for specifics on what configurations are expected.
*/
@@ -424,7 +440,7 @@ public class Settings {
* contain an X.509 certificate chain in PEM format. {@code null} uses the system default.
*/
public String trustCertChainFile = null;
-
+
/**
* Require client certificate authentication
*/
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/69dd924d/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/HttpChannelizer.java
----------------------------------------------------------------------
diff --git a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/HttpChannelizer.java b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/HttpChannelizer.java
index 9e58a40..eca52a0 100644
--- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/HttpChannelizer.java
+++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/HttpChannelizer.java
@@ -21,7 +21,10 @@ package org.apache.tinkerpop.gremlin.server.channel;
import io.netty.channel.EventLoopGroup;
import org.apache.tinkerpop.gremlin.server.AbstractChannelizer;
import org.apache.tinkerpop.gremlin.server.Channelizer;
+import org.apache.tinkerpop.gremlin.server.Settings;
import org.apache.tinkerpop.gremlin.server.auth.AllowAllAuthenticator;
+import org.apache.tinkerpop.gremlin.server.auth.Authenticator;
+import org.apache.tinkerpop.gremlin.server.handler.AbstractAuthenticationHandler;
import org.apache.tinkerpop.gremlin.server.handler.HttpBasicAuthenticationHandler;
import org.apache.tinkerpop.gremlin.server.handler.HttpGremlinEndpointHandler;
import io.netty.channel.ChannelPipeline;
@@ -42,7 +45,7 @@ public class HttpChannelizer extends AbstractChannelizer {
private static final Logger logger = LoggerFactory.getLogger(HttpChannelizer.class);
private HttpGremlinEndpointHandler httpGremlinEndpointHandler;
- private HttpBasicAuthenticationHandler authenticationHandler;
+ private AbstractAuthenticationHandler authenticationHandler;
@Override
public void init(final ServerGremlinExecutor<EventLoopGroup> serverGremlinExecutor) {
@@ -68,7 +71,7 @@ public class HttpChannelizer extends AbstractChannelizer {
// not occur. It may not be a safe assumption that the handler
// is sharable so create a new handler each time.
authenticationHandler = authenticator.getClass() == AllowAllAuthenticator.class ?
- null : new HttpBasicAuthenticationHandler(authenticator);
+ null : createAuthenticationHandler(settings);
if (authenticationHandler != null)
pipeline.addLast(PIPELINE_AUTHENTICATOR, authenticationHandler);
}
@@ -76,6 +79,24 @@ public class HttpChannelizer extends AbstractChannelizer {
pipeline.addLast("http-gremlin-handler", httpGremlinEndpointHandler);
}
+ private AbstractAuthenticationHandler instantiateAuthenticationHandler(final Settings.AuthenticationSettings authSettings) {
+ final String authHandlerClass = authSettings.authenticationHandler;
+ if (authHandlerClass == null) {
+ //Keep things backwards compatible
+ return new HttpBasicAuthenticationHandler(authenticator);
+ } else {
+ try {
+ final Class<?> clazz = Class.forName(handlerClassName);
+ final Class[] constructorArgs = new Class[1];
+ constructorArgs[0] = Authenticator.class;
+ return (HttpAuthenticationHandler) clazz.getDeclaredConstructor(constructorArgs).newInstance(authenticator);
+ } catch (Exception ex) {
+ logger.warn(ex.getMessage());
+ throw new IllegalStateException(String.format("Could not create/configure HttpAuthenticationHandler %s", handlerClassName), ex);
+ }
+ }
+ }
+
@Override
public void finalize(final ChannelPipeline pipeline) {
pipeline.remove(PIPELINE_OP_SELECTOR);
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/69dd924d/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/AbstractAuthenticationHandler.java
----------------------------------------------------------------------
diff --git a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/AbstractAuthenticationHandler.java b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/AbstractAuthenticationHandler.java
new file mode 100644
index 0000000..026ad59
--- /dev/null
+++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/AbstractAuthenticationHandler.java
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.tinkerpop.gremlin.server.handler;
+
+import org.apache.tinkerpop.gremlin.server.auth.Authenticator;
+
+import io.netty.channel.ChannelInboundHandlerAdapter;
+
+/**
+ * Provides an abstraction point to allow for http auth schemes beyond basic auth.
+ */
+public abstract class AbstractAuthenticationHandler extends ChannelInboundHandlerAdapter {
+ protected final Authenticator authenticator;
+
+ public AbstractAuthenticationHandler(final Authenticator authenticator) {
+ this.authenticator = authenticator;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/69dd924d/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/HttpBasicAuthenticationHandler.java
----------------------------------------------------------------------
diff --git a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/HttpBasicAuthenticationHandler.java b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/HttpBasicAuthenticationHandler.java
index 8732268..2370c92 100644
--- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/HttpBasicAuthenticationHandler.java
+++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/HttpBasicAuthenticationHandler.java
@@ -42,13 +42,12 @@ import static org.apache.tinkerpop.gremlin.groovy.plugin.dsl.credential.Credenti
*
* @author Stephen Mallette (http://stephen.genoprime.com)
*/
-public class HttpBasicAuthenticationHandler extends ChannelInboundHandlerAdapter {
- private final Authenticator authenticator;
+public class HttpBasicAuthenticationHandler extends AbstractAuthenticationHandler {
private final Base64.Decoder decoder = Base64.getUrlDecoder();
public HttpBasicAuthenticationHandler(final Authenticator authenticator) {
- this.authenticator = authenticator;
+ super(authenticator);
}
@Override
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/69dd924d/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerHttpIntegrateTest.java
----------------------------------------------------------------------
diff --git a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerHttpIntegrateTest.java b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerHttpIntegrateTest.java
index 78109e6..b64a7b5 100644
--- a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerHttpIntegrateTest.java
+++ b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerHttpIntegrateTest.java
@@ -21,6 +21,7 @@ package org.apache.tinkerpop.gremlin.server;
import org.apache.tinkerpop.gremlin.driver.ser.GraphSONMessageSerializerV2d0;
import org.apache.tinkerpop.gremlin.server.auth.SimpleAuthenticator;
import org.apache.tinkerpop.gremlin.server.channel.HttpChannelizer;
+import org.apache.tinkerpop.gremlin.server.handler.HttpBasicAuthenticationHandler;
import org.apache.http.Consts;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
@@ -92,6 +93,9 @@ public class GremlinServerHttpIntegrateTest extends AbstractGremlinServerIntegra
case "should401OnGETWithInvalidPasswordAuthorizationHeader":
case "should401OnPOSTWithInvalidPasswordAuthorizationHeader":
case "should200OnGETWithAuthorizationHeader":
+ case "should200OnPOSTWithAuthorizationHeaderExplicitHandlerSetting":
+ configureForAuthenticationWithHandlerClass(settings);
+ break;
case "should200OnPOSTWithAuthorizationHeader":
configureForAuthentication(settings);
break;
@@ -115,6 +119,21 @@ public class GremlinServerHttpIntegrateTest extends AbstractGremlinServerIntegra
settings.authentication = authSettings;
}
+ private void configureForAuthenticationWithHandlerClass(final Settings settings) {
+ final Settings.AuthenticationSettings authSettings = new Settings.AuthenticationSettings();
+ authSettings.className = SimpleAuthenticator.class.getName();
+
+ //Add basic auth handler to make sure the reflection code path works.
+ authSettings.authenticationHandler = HttpBasicAuthenticationHandler.class.getName();
+
+ // use a credentials graph with one user in it: stephen/password
+ final Map<String,Object> authConfig = new HashMap<>();
+ authConfig.put(SimpleAuthenticator.CONFIG_CREDENTIALS_DB, "conf/tinkergraph-credentials.properties");
+
+ authSettings.config = authConfig;
+ settings.authentication = authSettings;
+ }
+
@Deprecated
private void configureForAuthenticationOld(final Settings settings) {
final Settings.AuthenticationSettings authSettings = new Settings.AuthenticationSettings();
@@ -270,6 +289,23 @@ public class GremlinServerHttpIntegrateTest extends AbstractGremlinServerIntegra
}
@Test
+ public void should200OnPOSTWithAuthorizationHeaderExplicitHandlerSetting() throws Exception {
+ final CloseableHttpClient httpclient = HttpClients.createDefault();
+ final HttpPost httppost = new HttpPost(TestClientFactory.createURLString());
+ httppost.addHeader("Content-Type", "application/json");
+ httppost.addHeader("Authorization", "Basic " + encoder.encodeToString("stephen:password".getBytes()));
+ httppost.setEntity(new StringEntity("{\"gremlin\":\"1-1\"}", Consts.UTF_8));
+
+ try (final CloseableHttpResponse response = httpclient.execute(httppost)) {
+ assertEquals(200, response.getStatusLine().getStatusCode());
+ assertEquals("application/json", response.getEntity().getContentType().getValue());
+ final String json = EntityUtils.toString(response.getEntity());
+ final JsonNode node = mapper.readTree(json);
+ assertEquals(0, node.get("result").get("data").get(0).intValue());
+ }
+ }
+
+ @Test
@Deprecated
public void should200OnPOSTWithAuthorizationHeaderOld() throws Exception {
final CloseableHttpClient httpclient = HttpClients.createDefault();
[8/9] tinkerpop git commit: Minor whitespace fixups CTR
Posted by sp...@apache.org.
Minor whitespace fixups CTR
Project: http://git-wip-us.apache.org/repos/asf/tinkerpop/repo
Commit: http://git-wip-us.apache.org/repos/asf/tinkerpop/commit/021831ed
Tree: http://git-wip-us.apache.org/repos/asf/tinkerpop/tree/021831ed
Diff: http://git-wip-us.apache.org/repos/asf/tinkerpop/diff/021831ed
Branch: refs/heads/master
Commit: 021831edae249dd68121998589e2fdd44b086e77
Parents: 911e24c
Author: Stephen Mallette <sp...@genoprime.com>
Authored: Mon Apr 10 14:17:20 2017 -0400
Committer: Stephen Mallette <sp...@genoprime.com>
Committed: Mon Apr 10 14:17:20 2017 -0400
----------------------------------------------------------------------
CHANGELOG.asciidoc | 1 -
docs/src/upgrade/release-3.2.x-incubating.asciidoc | 1 -
2 files changed, 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/021831ed/CHANGELOG.asciidoc
----------------------------------------------------------------------
diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc
index 35fe297..e0e8fbd 100644
--- a/CHANGELOG.asciidoc
+++ b/CHANGELOG.asciidoc
@@ -26,7 +26,6 @@ image::https://raw.githubusercontent.com/apache/tinkerpop/master/docs/static/ima
TinkerPop 3.2.5 (Release Date: NOT OFFICIALLY RELEASED YET)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
* Deprecated `authentication.className` setting in favor of using `authentication.authenticator`
* Added `authentication.authenticationHandler` setting
* Added abstraction to authorization to allow users to plug in their own `AbstractAuthorizationHandler` implementations
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/021831ed/docs/src/upgrade/release-3.2.x-incubating.asciidoc
----------------------------------------------------------------------
diff --git a/docs/src/upgrade/release-3.2.x-incubating.asciidoc b/docs/src/upgrade/release-3.2.x-incubating.asciidoc
index e9242af..f0bbba2 100644
--- a/docs/src/upgrade/release-3.2.x-incubating.asciidoc
+++ b/docs/src/upgrade/release-3.2.x-incubating.asciidoc
@@ -976,7 +976,6 @@ Please see the link:https://github.com/apache/tinkerpop/blob/3.2.0-incubating/CH
Upgrading for Users
~~~~~~~~~~~~~~~~~~~
-
Hadoop FileSystem Variable
^^^^^^^^^^^^^^^^^^^^^^^^^^
[3/9] tinkerpop git commit: Update CHANGELOG
Posted by sp...@apache.org.
Update CHANGELOG
Project: http://git-wip-us.apache.org/repos/asf/tinkerpop/repo
Commit: http://git-wip-us.apache.org/repos/asf/tinkerpop/commit/80672557
Tree: http://git-wip-us.apache.org/repos/asf/tinkerpop/tree/80672557
Diff: http://git-wip-us.apache.org/repos/asf/tinkerpop/diff/80672557
Branch: refs/heads/master
Commit: 80672557f2d992fc50e7c4e2e86d8eff73b6a1fc
Parents: eae4101
Author: Keith Lohnes <kr...@us.ibm.com>
Authored: Tue Apr 4 09:24:24 2017 -0400
Committer: Keith Lohnes <kr...@us.ibm.com>
Committed: Tue Apr 4 09:37:35 2017 -0400
----------------------------------------------------------------------
CHANGELOG.asciidoc | 4 ++++
1 file changed, 4 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/80672557/CHANGELOG.asciidoc
----------------------------------------------------------------------
diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc
index 19d1d59..ddf83de 100644
--- a/CHANGELOG.asciidoc
+++ b/CHANGELOG.asciidoc
@@ -26,6 +26,10 @@ image::https://raw.githubusercontent.com/apache/tinkerpop/master/docs/static/ima
TinkerPop 3.2.5 (Release Date: NOT OFFICIALLY RELEASED YET)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+* Deprecated `authentication.className` setting in favor of using `authentication.authenticator`
+* Added `authentication.authenticationHandler` setting
+* Added abstraction to authorization to allow users to plug in their own `AbstractAuthorizationHandler` implementations
* Fixed a `NullPointerException` bug in `B_LP_O_S_SE_SL_Traverser`.
* `PathRetractionStrategy` now uses the marker-model to reduce recursive lookups of invalidating steps.
* `ProfileStrategy` now uses the marker-model to reduce recursive lookups of `ProfileSideEffectStep`.
[6/9] tinkerpop git commit: Change className -> authenticator in yaml
files
Posted by sp...@apache.org.
Change className -> authenticator in yaml files
Project: http://git-wip-us.apache.org/repos/asf/tinkerpop/repo
Commit: http://git-wip-us.apache.org/repos/asf/tinkerpop/commit/793d9b2a
Tree: http://git-wip-us.apache.org/repos/asf/tinkerpop/tree/793d9b2a
Diff: http://git-wip-us.apache.org/repos/asf/tinkerpop/diff/793d9b2a
Branch: refs/heads/master
Commit: 793d9b2a40b17d3efd57fa5f6fc6a13490e5dfd8
Parents: 49b0f91
Author: Keith Lohnes <kr...@us.ibm.com>
Authored: Wed Apr 5 09:02:46 2017 -0400
Committer: Keith Lohnes <kr...@us.ibm.com>
Committed: Wed Apr 5 09:02:46 2017 -0400
----------------------------------------------------------------------
.../gremlin/python/driver/gremlin-server-modern-secure-py.yaml | 2 +-
gremlin-server/conf/gremlin-server-rest-secure.yaml | 4 ++--
gremlin-server/conf/gremlin-server-secure.yaml | 4 ++--
3 files changed, 5 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/793d9b2a/gremlin-python/src/test/resources/org/apache/tinkerpop/gremlin/python/driver/gremlin-server-modern-secure-py.yaml
----------------------------------------------------------------------
diff --git a/gremlin-python/src/test/resources/org/apache/tinkerpop/gremlin/python/driver/gremlin-server-modern-secure-py.yaml b/gremlin-python/src/test/resources/org/apache/tinkerpop/gremlin/python/driver/gremlin-server-modern-secure-py.yaml
index a5b3480..56ac695 100644
--- a/gremlin-python/src/test/resources/org/apache/tinkerpop/gremlin/python/driver/gremlin-server-modern-secure-py.yaml
+++ b/gremlin-python/src/test/resources/org/apache/tinkerpop/gremlin/python/driver/gremlin-server-modern-secure-py.yaml
@@ -58,7 +58,7 @@ maxContentLength: 65536
maxAccumulationBufferComponents: 1024
resultIterationBatchSize: 64
authentication: {
- className: org.apache.tinkerpop.gremlin.server.auth.SimpleAuthenticator,
+ authenticator: org.apache.tinkerpop.gremlin.server.auth.SimpleAuthenticator,
config: {
credentialsDb: src/test/resources/org/apache/tinkerpop/gremlin/python/driver/tinkergraph-credentials.properties}}
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/793d9b2a/gremlin-server/conf/gremlin-server-rest-secure.yaml
----------------------------------------------------------------------
diff --git a/gremlin-server/conf/gremlin-server-rest-secure.yaml b/gremlin-server/conf/gremlin-server-rest-secure.yaml
index 646a1e5..6b69cce 100644
--- a/gremlin-server/conf/gremlin-server-rest-secure.yaml
+++ b/gremlin-server/conf/gremlin-server-rest-secure.yaml
@@ -65,8 +65,8 @@ resultIterationBatchSize: 64
writeBufferLowWaterMark: 32768
writeBufferHighWaterMark: 65536
authentication: {
- className: org.apache.tinkerpop.gremlin.server.auth.SimpleAuthenticator,
+ authenticator: org.apache.tinkerpop.gremlin.server.auth.SimpleAuthenticator,
config: {
credentialsDb: conf/tinkergraph-credentials.properties}}
ssl: {
- enabled: true}
\ No newline at end of file
+ enabled: true}
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/793d9b2a/gremlin-server/conf/gremlin-server-secure.yaml
----------------------------------------------------------------------
diff --git a/gremlin-server/conf/gremlin-server-secure.yaml b/gremlin-server/conf/gremlin-server-secure.yaml
index 5b5e91e..4492b4c 100644
--- a/gremlin-server/conf/gremlin-server-secure.yaml
+++ b/gremlin-server/conf/gremlin-server-secure.yaml
@@ -68,8 +68,8 @@ resultIterationBatchSize: 64
writeBufferLowWaterMark: 32768
writeBufferHighWaterMark: 65536
authentication: {
- className: org.apache.tinkerpop.gremlin.server.auth.SimpleAuthenticator,
+ authenticator: org.apache.tinkerpop.gremlin.server.auth.SimpleAuthenticator,
config: {
credentialsDb: conf/tinkergraph-credentials.properties}}
ssl: {
- enabled: true}
\ No newline at end of file
+ enabled: true}
[4/9] tinkerpop git commit: Add entry in Update docs in users section
Posted by sp...@apache.org.
Add entry in Update docs in users section
Project: http://git-wip-us.apache.org/repos/asf/tinkerpop/repo
Commit: http://git-wip-us.apache.org/repos/asf/tinkerpop/commit/2df82d4a
Tree: http://git-wip-us.apache.org/repos/asf/tinkerpop/tree/2df82d4a
Diff: http://git-wip-us.apache.org/repos/asf/tinkerpop/diff/2df82d4a
Branch: refs/heads/master
Commit: 2df82d4a8a4f550ead7d77f8e2c99849dfcdf795
Parents: 8067255
Author: Keith Lohnes <kr...@us.ibm.com>
Authored: Tue Apr 4 09:42:18 2017 -0400
Committer: Keith Lohnes <kr...@us.ibm.com>
Committed: Tue Apr 4 09:42:18 2017 -0400
----------------------------------------------------------------------
docs/src/upgrade/release-3.2.x-incubating.asciidoc | 11 +++++++++++
1 file changed, 11 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/2df82d4a/docs/src/upgrade/release-3.2.x-incubating.asciidoc
----------------------------------------------------------------------
diff --git a/docs/src/upgrade/release-3.2.x-incubating.asciidoc b/docs/src/upgrade/release-3.2.x-incubating.asciidoc
index fbe31bd..e9242af 100644
--- a/docs/src/upgrade/release-3.2.x-incubating.asciidoc
+++ b/docs/src/upgrade/release-3.2.x-incubating.asciidoc
@@ -32,6 +32,16 @@ Please see the link:https://github.com/apache/tinkerpop/blob/3.2.5/CHANGELOG.asc
Upgrading for Users
~~~~~~~~~~~~~~~~~~~
+Authentication Configuration
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The server settings previously used `authentication.className` to set an authenticator for the the two provided
+authentication handler and channelizer classes to use. This has been deprecated in favor of `authentication.authenticator`.
+A class that extends `AbstractAuthenticationHandler` may also now be provided as `authentication.authenticationHandler`
+to be used in either of the provided channelizer classes to handle the provided authenticator
+
+See: https://issues.apache.org/jira/browse/TINKERPOP-1657[TINKERPOP-1657]
+
GremlinScriptEngine Metrics
^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -966,6 +976,7 @@ Please see the link:https://github.com/apache/tinkerpop/blob/3.2.0-incubating/CH
Upgrading for Users
~~~~~~~~~~~~~~~~~~~
+
Hadoop FileSystem Variable
^^^^^^^^^^^^^^^^^^^^^^^^^^
[9/9] tinkerpop git commit: Merge branch 'tp32'
Posted by sp...@apache.org.
Merge branch 'tp32'
Conflicts:
docs/src/reference/gremlin-applications.asciidoc
gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/HttpChannelizer.java
gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/WebSocketChannelizer.java
gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/HttpBasicAuthenticationHandler.java
gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java
Project: http://git-wip-us.apache.org/repos/asf/tinkerpop/repo
Commit: http://git-wip-us.apache.org/repos/asf/tinkerpop/commit/960fdc11
Tree: http://git-wip-us.apache.org/repos/asf/tinkerpop/tree/960fdc11
Diff: http://git-wip-us.apache.org/repos/asf/tinkerpop/diff/960fdc11
Branch: refs/heads/master
Commit: 960fdc11399590280522189b08727e90cd9b629a
Parents: 4b9c283 021831e
Author: Stephen Mallette <sp...@genoprime.com>
Authored: Mon Apr 10 15:40:46 2017 -0400
Committer: Stephen Mallette <sp...@genoprime.com>
Committed: Mon Apr 10 15:40:46 2017 -0400
----------------------------------------------------------------------
CHANGELOG.asciidoc | 3 ++
.../src/reference/gremlin-applications.asciidoc | 7 ++--
.../upgrade/release-3.2.x-incubating.asciidoc | 10 ++++++
.../driver/gremlin-server-modern-secure-py.yaml | 2 +-
.../conf/gremlin-server-rest-secure.yaml | 4 +--
gremlin-server/conf/gremlin-server-secure.yaml | 4 +--
.../gremlin/server/AbstractChannelizer.java | 25 ++++++++++++--
.../tinkerpop/gremlin/server/Settings.java | 18 +++++++++-
.../gremlin/server/channel/HttpChannelizer.java | 15 +++++++-
.../server/channel/WebSocketChannelizer.java | 16 +++++++--
.../handler/AbstractAuthenticationHandler.java | 35 +++++++++++++++++++
.../handler/HttpBasicAuthenticationHandler.java | 5 ++-
.../handler/SaslAuthenticationHandler.java | 5 ++-
.../server/GremlinServerHttpIntegrateTest.java | 36 ++++++++++++++++++++
14 files changed, 164 insertions(+), 21 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/CHANGELOG.asciidoc
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/docs/src/reference/gremlin-applications.asciidoc
----------------------------------------------------------------------
diff --cc docs/src/reference/gremlin-applications.asciidoc
index 318f2df,851ef36..ba66f08
--- a/docs/src/reference/gremlin-applications.asciidoc
+++ b/docs/src/reference/gremlin-applications.asciidoc
@@@ -1124,9 -1072,9 +1124,10 @@@ The following table describes the vario
[width="100%",cols="3,10,^2",options="header"]
|=========================================================
|Key |Description |Default
- |authentication.className |The fully qualified classname of an `Authenticator` implementation to use. If this setting is not present, then authentication is effectively disabled. |`AllowAllAuthenticator`
- |authentication.enableAuditLog |The available authenticators can issue audit logging messages, binding the authenticated user to his remote socket address and binding requests with a gremlin query to the remote socket address. For privacy reasons, the default value of this setting is false. The audit logging messages are logged at the INFO level via the `audit.org.apache.tinkerpop.gremlin.server` logger, which can be configured using the log4j.properties file. |false
+ |authentication.authenticator |The fully qualified classname of an `Authenticator` implementation to use. If this setting is not present, then authentication is effectively disabled. |`AllowAllAuthenticator`
+ |authentication.authenticationHandler | The fully qualified classname of an `AbstractAuthenticationHandler` implementation to use. If this setting is not present, but the `authentication.authenticator` is, it will use that authenticator with the default `AbstractAuthenticationHandler` implementation for the specified `Channelizer` |_none_
|authentication.config |A `Map` of configuration settings to be passes to the `Authenticator` when it is constructed. The settings available are dependent on the implementation. |_none_
++|authentication.enableAuditLog |The available authenticators can issue audit logging messages, binding the authenticated user to his remote socket address and binding requests with a gremlin query to the remote socket address. For privacy reasons, the default value of this setting is false. The audit logging messages are logged at the INFO level via the `audit.org.apache.tinkerpop.gremlin.server` logger, which can be configured using the log4j.properties file. |false
|channelizer |The fully qualified classname of the `Channelizer` implementation to use. A `Channelizer` is a "channel initializer" which Gremlin Server uses to define the type of processing pipeline to use. By allowing different `Channelizer` implementations, Gremlin Server can support different communication protocols (e.g. Websockets, Java NIO, etc.). |`WebSocketChannelizer`
|graphs |A `Map` of `Graph` configuration files where the key of the `Map` becomes the name to which the `Graph` will be bound and the value is the file name of a `Graph` configuration file. |_none_
|gremlinPool |The number of "Gremlin" threads available to execute actual scripts in a `ScriptEngine`. This pool represents the workers available to handle blocking operations in Gremlin Server. When set to `0`, Gremlin Server will use the value provided by `Runtime.availableProcessors()`. |0
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/docs/src/upgrade/release-3.2.x-incubating.asciidoc
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/gremlin-python/src/test/resources/org/apache/tinkerpop/gremlin/python/driver/gremlin-server-modern-secure-py.yaml
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/gremlin-server/conf/gremlin-server-rest-secure.yaml
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/gremlin-server/conf/gremlin-server-secure.yaml
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
----------------------------------------------------------------------
diff --cc gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
index 53aa1fb,66c7b56..5893af7
--- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
+++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
@@@ -375,14 -384,25 +375,30 @@@ public class Settings
* used to load the implementation from the classpath. Defaults to {@link AllowAllAuthenticator} when
* not specified.
*/
+ public String authenticator = null;
+
+ /**
+ * The fully qualified class name of the {@link Authenticator} implementation. This class name will be
+ * used to load the implementation from the classpath. Defaults to {@link AllowAllAuthenticator} when
+ * not specified.
- * @deprecated As of release 3.2.5, replaced by {@link authenticator}.
++ * @deprecated As of release 3.2.5, replaced by {@link #authenticator}.
+ */
+ @Deprecated
public String className = AllowAllAuthenticator.class.getName();
/**
+ * The fully qualified class name of the {@link AbstractAuthenticationHandler} implementation.
+ * This class name will be used to load the implementation from the classpath.
+ * Defaults to null when not specified.
+ */
+ public String authenticationHandler = null;
+
+ /**
+ * Enable audit logging of authenticated users and gremlin evaluation requests.
+ */
+ public boolean enableAuditLog = false;
+
+ /**
* A {@link Map} containing {@link Authenticator} specific configurations. Consult the
* {@link Authenticator} implementation for specifics on what configurations are expected.
*/
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/HttpChannelizer.java
----------------------------------------------------------------------
diff --cc gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/HttpChannelizer.java
index b509e2d,8884b62..f516aa7
--- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/HttpChannelizer.java
+++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/HttpChannelizer.java
@@@ -76,6 -79,16 +79,16 @@@ public class HttpChannelizer extends Ab
pipeline.addLast("http-gremlin-handler", httpGremlinEndpointHandler);
}
+ private AbstractAuthenticationHandler instantiateAuthenticationHandler(final Settings.AuthenticationSettings authSettings) {
+ final String authHandlerClass = authSettings.authenticationHandler;
+ if (authHandlerClass == null) {
+ //Keep things backwards compatible
- return new HttpBasicAuthenticationHandler(authenticator);
++ return new HttpBasicAuthenticationHandler(authenticator, authSettings);
+ } else {
+ return createAuthenticationHandler(authSettings);
+ }
+ }
+
@Override
public void finalize(final ChannelPipeline pipeline) {
pipeline.remove(PIPELINE_OP_SELECTOR);
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/WebSocketChannelizer.java
----------------------------------------------------------------------
diff --cc gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/WebSocketChannelizer.java
index ea59e8f,1b613a1..2fb52fe
--- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/WebSocketChannelizer.java
+++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/WebSocketChannelizer.java
@@@ -109,4 -111,14 +111,14 @@@ public class WebSocketChannelizer exten
if (authenticationHandler != null)
pipeline.addLast(PIPELINE_AUTHENTICATOR, authenticationHandler);
}
- }
+
+ private AbstractAuthenticationHandler instantiateAuthenticationHandler(final Settings.AuthenticationSettings authSettings) {
+ final String authenticationHandler = authSettings.authenticationHandler;
+ if (authenticationHandler == null) {
+ //Keep things backwards compatible
- return new SaslAuthenticationHandler(authenticator);
++ return new SaslAuthenticationHandler(authenticator, authSettings);
+ } else {
+ return createAuthenticationHandler(authSettings);
+ }
+ }
+ }
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/HttpBasicAuthenticationHandler.java
----------------------------------------------------------------------
diff --cc gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/HttpBasicAuthenticationHandler.java
index 0ff899d,2370c92..d9e452e
--- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/HttpBasicAuthenticationHandler.java
+++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/HttpBasicAuthenticationHandler.java
@@@ -46,18 -42,12 +46,17 @@@ import static org.apache.tinkerpop.grem
*
* @author Stephen Mallette (http://stephen.genoprime.com)
*/
- public class HttpBasicAuthenticationHandler extends ChannelInboundHandlerAdapter {
+ public class HttpBasicAuthenticationHandler extends AbstractAuthenticationHandler {
+ private static final Logger logger = LoggerFactory.getLogger(HttpBasicAuthenticationHandler.class);
+ private static final Logger auditLogger = LoggerFactory.getLogger(GremlinServer.AUDIT_LOGGER_NAME);
- private final Authenticator authenticator;
+ private final Settings.AuthenticationSettings authenticationSettings;
private final Base64.Decoder decoder = Base64.getUrlDecoder();
- public HttpBasicAuthenticationHandler(final Authenticator authenticator) {
+ public HttpBasicAuthenticationHandler(final Authenticator authenticator,
+ final Settings.AuthenticationSettings authenticationSettings) {
- this.authenticator = authenticator;
+ super(authenticator);
+ this.authenticationSettings = authenticationSettings;
}
@Override
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java
----------------------------------------------------------------------
diff --cc gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java
index 88300fd,66bffad..76af7db
--- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java
+++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java
@@@ -58,14 -55,9 +58,13 @@@ public class SaslAuthenticationHandler
private static final Logger logger = LoggerFactory.getLogger(SaslAuthenticationHandler.class);
private static final Base64.Decoder BASE64_DECODER = Base64.getDecoder();
private static final Base64.Encoder BASE64_ENCODER = Base64.getEncoder();
+ private static final Logger auditLogger = LoggerFactory.getLogger(GremlinServer.AUDIT_LOGGER_NAME);
- private final Authenticator authenticator;
- public SaslAuthenticationHandler(final Authenticator authenticator) {
+ private final Settings.AuthenticationSettings authenticationSettings;
+
+ public SaslAuthenticationHandler(final Authenticator authenticator, final Settings.AuthenticationSettings authenticationSettings) {
- this.authenticator = authenticator;
+ super(authenticator);
+ this.authenticationSettings = authenticationSettings;
}
@Override
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerHttpIntegrateTest.java
----------------------------------------------------------------------
diff --cc gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerHttpIntegrateTest.java
index 9cea2ce,b64a7b5..1c0c289
--- a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerHttpIntegrateTest.java
+++ b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerHttpIntegrateTest.java
@@@ -18,12 -18,10 +18,13 @@@
*/
package org.apache.tinkerpop.gremlin.server;
+import org.apache.tinkerpop.gremlin.driver.ser.GraphSONMessageSerializerV1d0;
import org.apache.tinkerpop.gremlin.driver.ser.GraphSONMessageSerializerV2d0;
+import org.apache.tinkerpop.gremlin.driver.ser.GraphSONMessageSerializerV3d0;
+import org.apache.tinkerpop.gremlin.jsr223.ScriptFileGremlinPlugin;
import org.apache.tinkerpop.gremlin.server.auth.SimpleAuthenticator;
import org.apache.tinkerpop.gremlin.server.channel.HttpChannelizer;
+ import org.apache.tinkerpop.gremlin.server.handler.HttpBasicAuthenticationHandler;
import org.apache.http.Consts;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
[2/9] tinkerpop git commit: Change abstraction to include
WebSocketChannelizer
Posted by sp...@apache.org.
Change abstraction to include WebSocketChannelizer
Changed the abstraction so it applies to both the WebSocketChannelizer
and the HttpChannelizer. Also, renamed the configuration and tried to
make it more clear from the method signatures that the handlerClassName
config goes in Settings.AuthenticationSettings rather than the Settings
root.
Project: http://git-wip-us.apache.org/repos/asf/tinkerpop/repo
Commit: http://git-wip-us.apache.org/repos/asf/tinkerpop/commit/eae4101c
Tree: http://git-wip-us.apache.org/repos/asf/tinkerpop/tree/eae4101c
Diff: http://git-wip-us.apache.org/repos/asf/tinkerpop/diff/eae4101c
Branch: refs/heads/master
Commit: eae4101c5fb7b8b976c5898a12e180ee23e50269
Parents: 69dd924
Author: Keith Lohnes <kr...@us.ibm.com>
Authored: Mon Mar 27 10:46:04 2017 -0400
Committer: Keith Lohnes <kr...@us.ibm.com>
Committed: Tue Apr 4 09:37:28 2017 -0400
----------------------------------------------------------------------
.../apache/tinkerpop/gremlin/server/Settings.java | 4 ++--
.../gremlin/server/channel/HttpChannelizer.java | 12 ++----------
.../server/channel/WebSocketChannelizer.java | 18 +++++++++++++++---
.../server/handler/SaslAuthenticationHandler.java | 6 ++----
4 files changed, 21 insertions(+), 19 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/eae4101c/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
----------------------------------------------------------------------
diff --git a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
index 030c2e6..66c7b56 100644
--- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
+++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
@@ -384,7 +384,7 @@ public class Settings {
* used to load the implementation from the classpath. Defaults to {@link AllowAllAuthenticator} when
* not specified.
*/
- public String authenticator = AllowAllAuthenticator.class.getName();
+ public String authenticator = null;
/**
* The fully qualified class name of the {@link Authenticator} implementation. This class name will be
@@ -396,7 +396,7 @@ public class Settings {
public String className = AllowAllAuthenticator.class.getName();
/**
- * The fully qualified class name of the {@link HttpAuthenticationHandler} implementation.
+ * The fully qualified class name of the {@link AbstractAuthenticationHandler} implementation.
* This class name will be used to load the implementation from the classpath.
* Defaults to null when not specified.
*/
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/eae4101c/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/HttpChannelizer.java
----------------------------------------------------------------------
diff --git a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/HttpChannelizer.java b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/HttpChannelizer.java
index eca52a0..8884b62 100644
--- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/HttpChannelizer.java
+++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/HttpChannelizer.java
@@ -71,7 +71,7 @@ public class HttpChannelizer extends AbstractChannelizer {
// not occur. It may not be a safe assumption that the handler
// is sharable so create a new handler each time.
authenticationHandler = authenticator.getClass() == AllowAllAuthenticator.class ?
- null : createAuthenticationHandler(settings);
+ null : instantiateAuthenticationHandler(settings.authentication);
if (authenticationHandler != null)
pipeline.addLast(PIPELINE_AUTHENTICATOR, authenticationHandler);
}
@@ -85,15 +85,7 @@ public class HttpChannelizer extends AbstractChannelizer {
//Keep things backwards compatible
return new HttpBasicAuthenticationHandler(authenticator);
} else {
- try {
- final Class<?> clazz = Class.forName(handlerClassName);
- final Class[] constructorArgs = new Class[1];
- constructorArgs[0] = Authenticator.class;
- return (HttpAuthenticationHandler) clazz.getDeclaredConstructor(constructorArgs).newInstance(authenticator);
- } catch (Exception ex) {
- logger.warn(ex.getMessage());
- throw new IllegalStateException(String.format("Could not create/configure HttpAuthenticationHandler %s", handlerClassName), ex);
- }
+ return createAuthenticationHandler(authSettings);
}
}
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/eae4101c/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/WebSocketChannelizer.java
----------------------------------------------------------------------
diff --git a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/WebSocketChannelizer.java b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/WebSocketChannelizer.java
index 2373819..1b613a1 100644
--- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/WebSocketChannelizer.java
+++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/WebSocketChannelizer.java
@@ -21,6 +21,8 @@ package org.apache.tinkerpop.gremlin.server.channel;
import io.netty.channel.EventLoopGroup;
import org.apache.tinkerpop.gremlin.server.AbstractChannelizer;
import org.apache.tinkerpop.gremlin.server.auth.AllowAllAuthenticator;
+import org.apache.tinkerpop.gremlin.server.handler.AbstractAuthenticationHandler;
+import org.apache.tinkerpop.gremlin.server.Settings;
import org.apache.tinkerpop.gremlin.server.handler.SaslAuthenticationHandler;
import org.apache.tinkerpop.gremlin.server.handler.WsGremlinBinaryRequestDecoder;
import org.apache.tinkerpop.gremlin.server.handler.WsGremlinCloseRequestDecoder;
@@ -52,7 +54,7 @@ public class WebSocketChannelizer extends AbstractChannelizer {
private WsGremlinBinaryRequestDecoder wsGremlinBinaryRequestDecoder;
private WsGremlinResponseFrameEncoder wsGremlinResponseFrameEncoder;
private WsGremlinCloseRequestDecoder wsGremlinCloseRequestDecoder;
- private SaslAuthenticationHandler authenticationHandler;
+ private AbstractAuthenticationHandler authenticationHandler;
@Override
public void init(final ServerGremlinExecutor<EventLoopGroup> serverGremlinExecutor) {
@@ -67,7 +69,7 @@ public class WebSocketChannelizer extends AbstractChannelizer {
// configure authentication - null means don't bother to add authentication to the pipeline
if (authenticator != null)
authenticationHandler = authenticator.getClass() == AllowAllAuthenticator.class ?
- null : new SaslAuthenticationHandler(authenticator);
+ null : instantiateAuthenticationHandler(settings.authentication);
}
@Override
@@ -109,4 +111,14 @@ public class WebSocketChannelizer extends AbstractChannelizer {
if (authenticationHandler != null)
pipeline.addLast(PIPELINE_AUTHENTICATOR, authenticationHandler);
}
-}
\ No newline at end of file
+
+ private AbstractAuthenticationHandler instantiateAuthenticationHandler(final Settings.AuthenticationSettings authSettings) {
+ final String authenticationHandler = authSettings.authenticationHandler;
+ if (authenticationHandler == null) {
+ //Keep things backwards compatible
+ return new SaslAuthenticationHandler(authenticator);
+ } else {
+ return createAuthenticationHandler(authSettings);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/eae4101c/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java
----------------------------------------------------------------------
diff --git a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java
index 6cb0ddb..66bffad 100644
--- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java
+++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java
@@ -51,15 +51,13 @@ import org.slf4j.LoggerFactory;
* @author Stephen Mallette (http://stephen.genoprime.com)
*/
@ChannelHandler.Sharable
-public class SaslAuthenticationHandler extends ChannelInboundHandlerAdapter {
+public class SaslAuthenticationHandler extends AbstractAuthenticationHandler {
private static final Logger logger = LoggerFactory.getLogger(SaslAuthenticationHandler.class);
private static final Base64.Decoder BASE64_DECODER = Base64.getDecoder();
private static final Base64.Encoder BASE64_ENCODER = Base64.getEncoder();
- private final Authenticator authenticator;
-
public SaslAuthenticationHandler(final Authenticator authenticator) {
- this.authenticator = authenticator;
+ super(authenticator);
}
@Override
[7/9] tinkerpop git commit: Merge branch 'pr-583' into tp32
Posted by sp...@apache.org.
Merge branch 'pr-583' into tp32
Project: http://git-wip-us.apache.org/repos/asf/tinkerpop/repo
Commit: http://git-wip-us.apache.org/repos/asf/tinkerpop/commit/911e24c3
Tree: http://git-wip-us.apache.org/repos/asf/tinkerpop/tree/911e24c3
Diff: http://git-wip-us.apache.org/repos/asf/tinkerpop/diff/911e24c3
Branch: refs/heads/master
Commit: 911e24c33d8ffa5f8f2049f0f889279dd465dc99
Parents: 014575a 793d9b2
Author: Stephen Mallette <sp...@genoprime.com>
Authored: Mon Apr 10 14:12:47 2017 -0400
Committer: Stephen Mallette <sp...@genoprime.com>
Committed: Mon Apr 10 14:12:47 2017 -0400
----------------------------------------------------------------------
CHANGELOG.asciidoc | 4 +++
.../src/reference/gremlin-applications.asciidoc | 5 +--
.../upgrade/release-3.2.x-incubating.asciidoc | 11 ++++++
.../driver/gremlin-server-modern-secure-py.yaml | 2 +-
.../conf/gremlin-server-rest-secure.yaml | 4 +--
gremlin-server/conf/gremlin-server-secure.yaml | 4 +--
.../gremlin/server/AbstractChannelizer.java | 25 ++++++++++++--
.../tinkerpop/gremlin/server/Settings.java | 18 +++++++++-
.../gremlin/server/channel/HttpChannelizer.java | 17 +++++++--
.../server/channel/WebSocketChannelizer.java | 18 ++++++++--
.../handler/AbstractAuthenticationHandler.java | 35 +++++++++++++++++++
.../handler/HttpBasicAuthenticationHandler.java | 5 ++-
.../handler/SaslAuthenticationHandler.java | 6 ++--
.../server/GremlinServerHttpIntegrateTest.java | 36 ++++++++++++++++++++
14 files changed, 167 insertions(+), 23 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/911e24c3/CHANGELOG.asciidoc
----------------------------------------------------------------------
[5/9] tinkerpop git commit: Update reference doc on authentication
Posted by sp...@apache.org.
Update reference doc on authentication
Project: http://git-wip-us.apache.org/repos/asf/tinkerpop/repo
Commit: http://git-wip-us.apache.org/repos/asf/tinkerpop/commit/49b0f914
Tree: http://git-wip-us.apache.org/repos/asf/tinkerpop/tree/49b0f914
Diff: http://git-wip-us.apache.org/repos/asf/tinkerpop/diff/49b0f914
Branch: refs/heads/master
Commit: 49b0f914b8560bce47133f611f144c8bdb62e287
Parents: 2df82d4
Author: Keith Lohnes <kr...@us.ibm.com>
Authored: Tue Apr 4 10:01:15 2017 -0400
Committer: Keith Lohnes <kr...@us.ibm.com>
Committed: Tue Apr 4 10:01:15 2017 -0400
----------------------------------------------------------------------
docs/src/reference/gremlin-applications.asciidoc | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/49b0f914/docs/src/reference/gremlin-applications.asciidoc
----------------------------------------------------------------------
diff --git a/docs/src/reference/gremlin-applications.asciidoc b/docs/src/reference/gremlin-applications.asciidoc
index bfaa153..851ef36 100644
--- a/docs/src/reference/gremlin-applications.asciidoc
+++ b/docs/src/reference/gremlin-applications.asciidoc
@@ -1072,7 +1072,8 @@ The following table describes the various configuration options that Gremlin Ser
[width="100%",cols="3,10,^2",options="header"]
|=========================================================
|Key |Description |Default
-|authentication.className |The fully qualified classname of an `Authenticator` implementation to use. If this setting is not present, then authentication is effectively disabled. |`AllowAllAuthenticator`
+|authentication.authenticator |The fully qualified classname of an `Authenticator` implementation to use. If this setting is not present, then authentication is effectively disabled. |`AllowAllAuthenticator`
+|authentication.authenticationHandler | The fully qualified classname of an `AbstractAuthenticationHandler` implementation to use. If this setting is not present, but the `authentication.authenticator` is, it will use that authenticator with the default `AbstractAuthenticationHandler` implementation for the specified `Channelizer` |_none_
|authentication.config |A `Map` of configuration settings to be passes to the `Authenticator` when it is constructed. The settings available are dependent on the implementation. |_none_
|channelizer |The fully qualified classname of the `Channelizer` implementation to use. A `Channelizer` is a "channel initializer" which Gremlin Server uses to define the type of processing pipeline to use. By allowing different `Channelizer` implementations, Gremlin Server can support different communication protocols (e.g. Websockets, Java NIO, etc.). |`WebSocketChannelizer`
|graphs |A `Map` of `Graph` configuration files where the key of the `Map` becomes the name to which the `Graph` will be bound and the value is the file name of a `Graph` configuration file. |_none_
@@ -1194,7 +1195,7 @@ graph database, which must be provided to it as part of the configuration.
[source,yaml]
authentication: {
- className: org.apache.tinkerpop.gremlin.server.auth.SimpleAuthenticator,
+ authenticator: org.apache.tinkerpop.gremlin.server.auth.SimpleAuthenticator,
config: {
credentialsDb: conf/tinkergraph-credentials.properties}}