You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@uima.apache.org by de...@apache.org on 2013/11/15 11:28:41 UTC
svn commit: r1542215 - in
/uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication:
DuccAsUser.java LinuxAuthenticationManager.java PamAuthenticate.java
UserAuthenticate.java
Author: degenaro
Date: Fri Nov 15 10:28:40 2013
New Revision: 1542215
URL: http://svn.apache.org/r1542215
Log:
UIMA-3421 DUCC webserver (WS) native Linux-based authentication mechanism, as plug-in via ducc.properties
Added:
uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/DuccAsUser.java
uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/PamAuthenticate.java
uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/UserAuthenticate.java
Modified:
uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/LinuxAuthenticationManager.java
Added: uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/DuccAsUser.java
URL: http://svn.apache.org/viewvc/uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/DuccAsUser.java?rev=1542215&view=auto
==============================================================================
--- uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/DuccAsUser.java (added)
+++ uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/DuccAsUser.java Fri Nov 15 10:28:40 2013
@@ -0,0 +1,101 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+*/
+package org.apache.uima.ducc.common.authentication;
+
+import java.io.BufferedReader;
+import java.io.InputStreamReader;
+import java.util.ArrayList;
+import java.util.Map;
+
+import org.apache.uima.ducc.common.utils.DuccPropertiesResolver;
+import org.apache.uima.ducc.common.utils.Utils;
+
+
+public class DuccAsUser {
+
+ public static String magicString = "1001 Command launching...";
+
+ public static String duckling(String user, String[] args, String[] argsMasked) {
+
+ StringBuffer retVal = new StringBuffer();
+
+ String c_launcher_path =
+ Utils.resolvePlaceholderIfExists(
+ System.getProperty("ducc.agent.launcher.ducc_spawn_path"),System.getProperties());
+
+ ArrayList<String> cmd = new ArrayList<String>();
+
+ cmd.add(c_launcher_path);
+
+ StringBuffer sbInfo = new StringBuffer();
+ StringBuffer sbDebug = new StringBuffer();
+ String prev = "";
+
+ for(int i=0; i<args.length; i++) {
+ String arg = args[i];
+ cmd.add(arg);
+ if(!arg.equals("-cp")) {
+ if(!prev.equals("-cp")) {
+ sbInfo.append(argsMasked[i]+" ");
+ }
+ }
+ sbDebug.append(argsMasked[i]+" ");
+ prev = arg;
+ }
+
+ ProcessBuilder pb = new ProcessBuilder(cmd);
+
+ Map<String, String> env = pb.environment();
+
+ env.put("JobId", "webserver");
+
+ String runmode = DuccPropertiesResolver.getInstance().getProperty(DuccPropertiesResolver.ducc_runmode);
+ if(runmode != null) {
+ if(runmode.equals("Test")) {
+ env.put("USER", user);
+ }
+ }
+
+ try {
+ Process process = pb.start();
+ String line;
+ BufferedReader bri = new BufferedReader(new InputStreamReader(process.getInputStream()));
+ BufferedReader bre = new BufferedReader(new InputStreamReader(process.getErrorStream()));
+ boolean trigger = true;
+ while ((line = bri.readLine()) != null) {
+ if(trigger) {
+ retVal.append(line+"\n");
+ }
+ if(line.startsWith(magicString)) {
+ trigger = true;
+ }
+ }
+ bri.close();
+ while ((line = bre.readLine()) != null) {
+ retVal.append(line);
+ }
+ bre.close();
+ process.waitFor();
+ }
+ catch(Exception e) {
+ }
+
+ return retVal.toString();
+ }
+}
Modified: uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/LinuxAuthenticationManager.java
URL: http://svn.apache.org/viewvc/uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/LinuxAuthenticationManager.java?rev=1542215&r1=1542214&r2=1542215&view=diff
==============================================================================
--- uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/LinuxAuthenticationManager.java (original)
+++ uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/LinuxAuthenticationManager.java Fri Nov 15 10:28:40 2013
@@ -18,12 +18,9 @@
*/
package org.apache.uima.ducc.common.authentication;
-import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.uima.ducc.common.utils.DuccPropertiesResolver;
-import org.jvnet.libpam.PAM;
-import org.jvnet.libpam.UnixUser;
public class LinuxAuthenticationManager implements IAuthenticationManager {
@@ -33,7 +30,7 @@ public class LinuxAuthenticationManager
private DuccPropertiesResolver duccPropertiesResolver = DuccPropertiesResolver.getInstance();
- private ConcurrentHashMap<String,Set<String>> userGroupsCache = new ConcurrentHashMap<String,Set<String>>();
+ private ConcurrentHashMap<String,String[]> userGroupsCache = new ConcurrentHashMap<String,String[]>();
public static IAuthenticationManager getInstance() {
return instance;
@@ -136,13 +133,29 @@ public class LinuxAuthenticationManager
if(ar.isSuccess()) {
ar = checkUserNotIncluded(userid);
if(ar.isSuccess()) {
- UnixUser u = new PAM("sshd").authenticate(userid, password);
- Set<String> groups = u.getGroups();
- if(groups != null) {
- userGroupsCache.put(userid, groups);
+ String[] args = { userid, password };
+ UserAuthenticate instance = new UserAuthenticate();
+ String result = instance.launch(args);
+ // success groups = [group1, group2]
+ if(result.startsWith("success")) {
+ result = result.trim();
+ result = result.replace("success groups =", "");
+ result = result.replace("[", "");
+ result = result.replace("]", "");
+ result = result.replace(" ", "");
+ String[] groups = result.split(",");
+ if(groups != null) {
+ userGroupsCache.put(userid, groups);
+ }
+ else {
+ userGroupsCache.remove(userid);
+ }
}
+ // failure pam_authenticate failed: Authentication failure
else {
- userGroupsCache.remove(userid);
+ ar.setFailure();
+ result = result.replace("failure pam", "pam");
+ ar.setReason(result);
}
}
}
@@ -163,7 +176,7 @@ public class LinuxAuthenticationManager
else {
String excludeString = transform(getProperty(DuccPropertiesResolver.ducc_authentication_groups_exclude));
if(excludeString.trim().length() > 0) {
- Set<String> userGroups = userGroupsCache.get(userid);
+ String[] userGroups = userGroupsCache.get(userid);
if(userGroups == null) {
retVal.setFailure();
retVal.setReason("userid has no groups?");
@@ -191,7 +204,7 @@ public class LinuxAuthenticationManager
else {
String includeString = transform(getProperty(DuccPropertiesResolver.ducc_authentication_groups_include));
if(includeString.trim().length() > 0) {
- Set<String> userGroups = userGroupsCache.get(userid);
+ String[] userGroups = userGroupsCache.get(userid);
if(userGroups == null) {
retVal.setFailure();
retVal.setReason("userid has no groups?");
Added: uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/PamAuthenticate.java
URL: http://svn.apache.org/viewvc/uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/PamAuthenticate.java?rev=1542215&view=auto
==============================================================================
--- uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/PamAuthenticate.java (added)
+++ uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/PamAuthenticate.java Fri Nov 15 10:28:40 2013
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+*/
+package org.apache.uima.ducc.common.authentication;
+
+import org.jvnet.libpam.PAM;
+import org.jvnet.libpam.UnixUser;
+
+public class PamAuthenticate {
+
+ private enum Result { success, failure };
+
+ private void info(Result result, String text) {
+ System.out.println(result.name()+" "+text);
+ }
+
+ private void launch(String[] args) {
+ try {
+ if(args == null) {
+ info(Result.failure, "args==null");
+ }
+ else if(args.length != 2) {
+ info(Result.failure, "args.length!=2");
+ }
+ else if(args[0] == null) {
+ info(Result.failure, "args[0]==null");
+ }
+ else if(args[1] == null) {
+ info(Result.failure, "args[1]==null");
+ }
+ else {
+ String userid = args[0];
+ String password = args[1];
+ UnixUser u = new PAM("sshd").authenticate(userid, password);
+ info(Result.success, "groups = "+u.getGroups().toString());
+ }
+
+ }
+ catch(Throwable t) {
+ info(Result.failure,t.getMessage());
+ //t.printStackTrace();
+ }
+ }
+
+ public static void main(String[] args) {
+ PamAuthenticate instance = new PamAuthenticate();
+ instance.launch(args);
+ }
+
+}
Added: uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/UserAuthenticate.java
URL: http://svn.apache.org/viewvc/uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/UserAuthenticate.java?rev=1542215&view=auto
==============================================================================
--- uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/UserAuthenticate.java (added)
+++ uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/authentication/UserAuthenticate.java Fri Nov 15 10:28:40 2013
@@ -0,0 +1,80 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+*/
+package org.apache.uima.ducc.common.authentication;
+
+import org.apache.uima.ducc.common.utils.DuccPropertiesResolver;
+
+public class UserAuthenticate {
+
+ private String failure = "failure";
+
+ public String launch(String[] args) {
+ String result = null;
+ try {
+ if(args == null) {
+ result = failure + " args==null";
+ }
+ else if(args.length != 2) {
+ result = failure + " args.length!=2";
+ }
+ else if(args[0] == null) {
+ result = failure + " args[0]==null";
+ }
+ else if(args[1] == null) {
+ result = failure + " args[1]==null";
+ }
+ else {
+ String userId = args[0];
+ String cp = System.getProperty("java.class.path");
+ String java = "/bin/java";
+ String jclass = "org.apache.uima.ducc.common.authentication.PamAuthenticate";
+ String jhome = System.getProperty("java.home");
+ StringBuffer mask = new StringBuffer();
+ for(int i=0; i<args[1].length(); i++) {
+ mask.append("x");
+ }
+ String[] arglist = { "-u", userId, "-q", "--", jhome+java, "-cp", cp, jclass, args[0], args[1] };
+ String[] masklist = { "-u", userId, "-q", "--", jhome+java, "-cp", cp, jclass, args[0], mask.toString() };
+ result = DuccAsUser.duckling(userId, arglist, masklist);
+ }
+ }
+ catch(Throwable t) {
+ result = failure+" "+t.getMessage();
+ }
+ return result;
+ }
+
+ public static void main(String[] args) {
+ String key = "DUCC_HOME";
+ String value = System.getenv(key);
+ if(value != null) {
+ System.setProperty(key, value);
+ }
+ DuccPropertiesResolver dpr = DuccPropertiesResolver.getInstance();
+ key = "ducc.agent.launcher.ducc_spawn_path";
+ value = dpr.getFileProperty("ducc.agent.launcher.ducc_spawn_path");
+ if(value != null) {
+ System.setProperty(key, value);
+ }
+ UserAuthenticate instance = new UserAuthenticate();
+ String result = instance.launch(args);
+ System.out.println(result);
+ }
+
+}