You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by si...@apache.org on 2021/01/14 17:42:31 UTC
[pulsar] branch master updated: [Spotbugs] Enable spotbugs in
module pulsar-broker-auth-athenz and pulsar-client-auth-athenz. (#8857)
This is an automated email from the ASF dual-hosted git repository.
sijie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 17c0d11 [Spotbugs] Enable spotbugs in module pulsar-broker-auth-athenz and pulsar-client-auth-athenz. (#8857)
17c0d11 is described below
commit 17c0d11eb0252192068d519d3cf18c667d6a155a
Author: Zike Yang <Ro...@outlook.com>
AuthorDate: Fri Jan 15 01:41:58 2021 +0800
[Spotbugs] Enable spotbugs in module pulsar-broker-auth-athenz and pulsar-client-auth-athenz. (#8857)
Fixes streamnative#1777
### Motivation
Enable spotbugs in module pulsar-broker-auth-athenz and pulsar-client-auth-athenz.
---
pulsar-broker-auth-athenz/pom.xml | 22 ++++++++++++++++++++++
.../src/test/resources/findbugsExclude.xml | 22 ++++++++++++++++++++++
pulsar-client-auth-athenz/pom.xml | 21 +++++++++++++++++++++
.../client/impl/auth/AuthenticationAthenz.java | 17 +++++++++++------
.../src/test/resources/findbugsExclude.xml | 22 ++++++++++++++++++++++
5 files changed, 98 insertions(+), 6 deletions(-)
diff --git a/pulsar-broker-auth-athenz/pom.xml b/pulsar-broker-auth-athenz/pom.xml
index dbbcd31..b3e77f6 100644
--- a/pulsar-broker-auth-athenz/pom.xml
+++ b/pulsar-broker-auth-athenz/pom.xml
@@ -54,4 +54,26 @@
</dependency>
</dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>com.github.spotbugs</groupId>
+ <artifactId>spotbugs-maven-plugin</artifactId>
+ <version>${spotbugs-maven-plugin.version}</version>
+ <configuration>
+ <excludeFilterFile>${basedir}/src/test/resources/findbugsExclude.xml</excludeFilterFile>
+ </configuration>
+ <executions>
+ <execution>
+ <id>spotbugs</id>
+ <phase>verify</phase>
+ <goals>
+ <goal>check</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
</project>
diff --git a/pulsar-broker-auth-athenz/src/test/resources/findbugsExclude.xml b/pulsar-broker-auth-athenz/src/test/resources/findbugsExclude.xml
new file mode 100644
index 0000000..ddde812
--- /dev/null
+++ b/pulsar-broker-auth-athenz/src/test/resources/findbugsExclude.xml
@@ -0,0 +1,22 @@
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+<FindBugsFilter>
+</FindBugsFilter>
\ No newline at end of file
diff --git a/pulsar-client-auth-athenz/pom.xml b/pulsar-client-auth-athenz/pom.xml
index e7b3aff..ceff79f 100644
--- a/pulsar-client-auth-athenz/pom.xml
+++ b/pulsar-client-auth-athenz/pom.xml
@@ -58,4 +58,25 @@
</dependency>
</dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>com.github.spotbugs</groupId>
+ <artifactId>spotbugs-maven-plugin</artifactId>
+ <version>${spotbugs-maven-plugin.version}</version>
+ <configuration>
+ <excludeFilterFile>${basedir}/src/test/resources/findbugsExclude.xml</excludeFilterFile>
+ </configuration>
+ <executions>
+ <execution>
+ <id>spotbugs</id>
+ <phase>verify</phase>
+ <goals>
+ <goal>check</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
</project>
diff --git a/pulsar-client-auth-athenz/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenz.java b/pulsar-client-auth-athenz/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenz.java
index cf93064..28af611 100644
--- a/pulsar-client-auth-athenz/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenz.java
+++ b/pulsar-client-auth-athenz/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenz.java
@@ -26,6 +26,7 @@ import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URISyntaxException;
import java.net.URLConnection;
+import java.nio.charset.Charset;
import java.security.PrivateKey;
import java.util.Map;
import java.util.concurrent.TimeUnit;
@@ -57,6 +58,7 @@ public class AuthenticationAthenz implements Authentication, EncodedAuthenticati
private String tenantDomain;
private String tenantService;
private String providerDomain;
+ private final Object providerDomainLock = new Object();
private PrivateKey privateKey;
private String keyId = "0";
private String roleHeader = null;
@@ -66,9 +68,9 @@ public class AuthenticationAthenz implements Authentication, EncodedAuthenticati
private boolean autoPrefetchEnabled = false;
private long cachedRoleTokenTimestamp;
private String roleToken;
- private final int minValidity = 2 * 60 * 60; // athenz will only give this token if it's at least valid for 2hrs
- private final int maxValidity = 24 * 60 * 60; // token has upto 24 hours validity
- private final int cacheDurationInHour = 1; // we will cache role token for an hour then ask athenz lib again
+ private static final int minValidity = 2 * 60 * 60; // athenz will only give this token if it's at least valid for 2hrs
+ private static final int maxValidity = 24 * 60 * 60; // token has upto 24 hours validity
+ private static final int cacheDurationInHour = 1; // we will cache role token for an hour then ask athenz lib again
public AuthenticationAthenz() {
}
@@ -87,7 +89,10 @@ public class AuthenticationAthenz implements Authentication, EncodedAuthenticati
// the following would set up the API call that requests tokens from the server
// that can only be used if they are 10 minutes from expiration and last twenty
// four hours
- RoleToken token = getZtsClient().getRoleToken(providerDomain, null, minValidity, maxValidity, false);
+ RoleToken token;
+ synchronized (providerDomainLock) {
+ token = getZtsClient().getRoleToken(providerDomain, null, minValidity, maxValidity, false);
+ }
roleToken = token.getToken();
cachedRoleTokenTimestamp = System.nanoTime();
return new AuthenticationDataAthenz(roleToken, isNotBlank(roleHeader) ? roleHeader : ZTSClient.getHeader());
@@ -125,7 +130,7 @@ public class AuthenticationAthenz implements Authentication, EncodedAuthenticati
setAuthParams(authParams);
}
- private void setAuthParams(Map<String, String> authParams) {
+ private synchronized void setAuthParams(Map<String, String> authParams) {
this.tenantDomain = authParams.get("tenantDomain");
this.tenantService = authParams.get("tenantService");
this.providerDomain = authParams.get("providerDomain");
@@ -188,7 +193,7 @@ public class AuthenticationAthenz implements Authentication, EncodedAuthenticati
throw new IllegalArgumentException(
"Unsupported media type or encoding format: " + urlConnection.getContentType());
}
- String keyData = CharStreams.toString(new InputStreamReader((InputStream) urlConnection.getContent()));
+ String keyData = CharStreams.toString(new InputStreamReader((InputStream) urlConnection.getContent(), Charset.defaultCharset()));
privateKey = Crypto.loadPrivateKey(keyData);
} catch (URISyntaxException e) {
throw new IllegalArgumentException("Invalid privateKey format", e);
diff --git a/pulsar-client-auth-athenz/src/test/resources/findbugsExclude.xml b/pulsar-client-auth-athenz/src/test/resources/findbugsExclude.xml
new file mode 100644
index 0000000..07f4609
--- /dev/null
+++ b/pulsar-client-auth-athenz/src/test/resources/findbugsExclude.xml
@@ -0,0 +1,22 @@
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+<FindBugsFilter>
+</FindBugsFilter>