You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by si...@apache.org on 2021/01/14 17:42:31 UTC

[pulsar] branch master updated: [Spotbugs] Enable spotbugs in module pulsar-broker-auth-athenz and pulsar-client-auth-athenz. (#8857)

This is an automated email from the ASF dual-hosted git repository.

sijie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/master by this push:
     new 17c0d11  [Spotbugs] Enable spotbugs in module pulsar-broker-auth-athenz and pulsar-client-auth-athenz. (#8857)
17c0d11 is described below

commit 17c0d11eb0252192068d519d3cf18c667d6a155a
Author: Zike Yang <Ro...@outlook.com>
AuthorDate: Fri Jan 15 01:41:58 2021 +0800

    [Spotbugs] Enable spotbugs in module pulsar-broker-auth-athenz and pulsar-client-auth-athenz. (#8857)
    
    Fixes streamnative#1777
    
    ### Motivation
    
    Enable spotbugs in module pulsar-broker-auth-athenz and pulsar-client-auth-athenz.
---
 pulsar-broker-auth-athenz/pom.xml                  | 22 ++++++++++++++++++++++
 .../src/test/resources/findbugsExclude.xml         | 22 ++++++++++++++++++++++
 pulsar-client-auth-athenz/pom.xml                  | 21 +++++++++++++++++++++
 .../client/impl/auth/AuthenticationAthenz.java     | 17 +++++++++++------
 .../src/test/resources/findbugsExclude.xml         | 22 ++++++++++++++++++++++
 5 files changed, 98 insertions(+), 6 deletions(-)

diff --git a/pulsar-broker-auth-athenz/pom.xml b/pulsar-broker-auth-athenz/pom.xml
index dbbcd31..b3e77f6 100644
--- a/pulsar-broker-auth-athenz/pom.xml
+++ b/pulsar-broker-auth-athenz/pom.xml
@@ -54,4 +54,26 @@
     </dependency>
 
   </dependencies>
+
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>com.github.spotbugs</groupId>
+        <artifactId>spotbugs-maven-plugin</artifactId>
+        <version>${spotbugs-maven-plugin.version}</version>
+        <configuration>
+          <excludeFilterFile>${basedir}/src/test/resources/findbugsExclude.xml</excludeFilterFile>
+        </configuration>
+        <executions>
+          <execution>
+            <id>spotbugs</id>
+            <phase>verify</phase>
+            <goals>
+              <goal>check</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
 </project>
diff --git a/pulsar-broker-auth-athenz/src/test/resources/findbugsExclude.xml b/pulsar-broker-auth-athenz/src/test/resources/findbugsExclude.xml
new file mode 100644
index 0000000..ddde812
--- /dev/null
+++ b/pulsar-broker-auth-athenz/src/test/resources/findbugsExclude.xml
@@ -0,0 +1,22 @@
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+-->
+<FindBugsFilter>
+</FindBugsFilter>
\ No newline at end of file
diff --git a/pulsar-client-auth-athenz/pom.xml b/pulsar-client-auth-athenz/pom.xml
index e7b3aff..ceff79f 100644
--- a/pulsar-client-auth-athenz/pom.xml
+++ b/pulsar-client-auth-athenz/pom.xml
@@ -58,4 +58,25 @@
     </dependency>
 
   </dependencies>
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>com.github.spotbugs</groupId>
+        <artifactId>spotbugs-maven-plugin</artifactId>
+        <version>${spotbugs-maven-plugin.version}</version>
+        <configuration>
+          <excludeFilterFile>${basedir}/src/test/resources/findbugsExclude.xml</excludeFilterFile>
+        </configuration>
+        <executions>
+          <execution>
+            <id>spotbugs</id>
+            <phase>verify</phase>
+            <goals>
+              <goal>check</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
 </project>
diff --git a/pulsar-client-auth-athenz/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenz.java b/pulsar-client-auth-athenz/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenz.java
index cf93064..28af611 100644
--- a/pulsar-client-auth-athenz/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenz.java
+++ b/pulsar-client-auth-athenz/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenz.java
@@ -26,6 +26,7 @@ import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.net.URISyntaxException;
 import java.net.URLConnection;
+import java.nio.charset.Charset;
 import java.security.PrivateKey;
 import java.util.Map;
 import java.util.concurrent.TimeUnit;
@@ -57,6 +58,7 @@ public class AuthenticationAthenz implements Authentication, EncodedAuthenticati
     private String tenantDomain;
     private String tenantService;
     private String providerDomain;
+    private final Object providerDomainLock = new Object();
     private PrivateKey privateKey;
     private String keyId = "0";
     private String roleHeader = null;
@@ -66,9 +68,9 @@ public class AuthenticationAthenz implements Authentication, EncodedAuthenticati
     private boolean autoPrefetchEnabled = false;
     private long cachedRoleTokenTimestamp;
     private String roleToken;
-    private final int minValidity = 2 * 60 * 60; // athenz will only give this token if it's at least valid for 2hrs
-    private final int maxValidity = 24 * 60 * 60; // token has upto 24 hours validity
-    private final int cacheDurationInHour = 1; // we will cache role token for an hour then ask athenz lib again
+    private static final int minValidity = 2 * 60 * 60; // athenz will only give this token if it's at least valid for 2hrs
+    private static final int maxValidity = 24 * 60 * 60; // token has upto 24 hours validity
+    private static final int cacheDurationInHour = 1; // we will cache role token for an hour then ask athenz lib again
 
     public AuthenticationAthenz() {
     }
@@ -87,7 +89,10 @@ public class AuthenticationAthenz implements Authentication, EncodedAuthenticati
             // the following would set up the API call that requests tokens from the server
             // that can only be used if they are 10 minutes from expiration and last twenty
             // four hours
-            RoleToken token = getZtsClient().getRoleToken(providerDomain, null, minValidity, maxValidity, false);
+            RoleToken token;
+            synchronized (providerDomainLock) {
+                token = getZtsClient().getRoleToken(providerDomain, null, minValidity, maxValidity, false);
+            }
             roleToken = token.getToken();
             cachedRoleTokenTimestamp = System.nanoTime();
             return new AuthenticationDataAthenz(roleToken, isNotBlank(roleHeader) ? roleHeader : ZTSClient.getHeader());
@@ -125,7 +130,7 @@ public class AuthenticationAthenz implements Authentication, EncodedAuthenticati
         setAuthParams(authParams);
     }
 
-    private void setAuthParams(Map<String, String> authParams) {
+    private synchronized void setAuthParams(Map<String, String> authParams) {
         this.tenantDomain = authParams.get("tenantDomain");
         this.tenantService = authParams.get("tenantService");
         this.providerDomain = authParams.get("providerDomain");
@@ -188,7 +193,7 @@ public class AuthenticationAthenz implements Authentication, EncodedAuthenticati
                 throw new IllegalArgumentException(
                         "Unsupported media type or encoding format: " + urlConnection.getContentType());
             }
-            String keyData = CharStreams.toString(new InputStreamReader((InputStream) urlConnection.getContent()));
+            String keyData = CharStreams.toString(new InputStreamReader((InputStream) urlConnection.getContent(), Charset.defaultCharset()));
             privateKey = Crypto.loadPrivateKey(keyData);
         } catch (URISyntaxException e) {
             throw new IllegalArgumentException("Invalid privateKey format", e);
diff --git a/pulsar-client-auth-athenz/src/test/resources/findbugsExclude.xml b/pulsar-client-auth-athenz/src/test/resources/findbugsExclude.xml
new file mode 100644
index 0000000..07f4609
--- /dev/null
+++ b/pulsar-client-auth-athenz/src/test/resources/findbugsExclude.xml
@@ -0,0 +1,22 @@
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+-->
+<FindBugsFilter>
+</FindBugsFilter>