You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by su...@apache.org on 2016/02/22 22:47:24 UTC
knox git commit: KNOX-669 Adding support for anonymous authentication
Repository: knox
Updated Branches:
refs/heads/master 2504be2fa -> 82539e402
KNOX-669 Adding support for anonymous authentication
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/82539e40
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/82539e40
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/82539e40
Branch: refs/heads/master
Commit: 82539e4024cdf3ed74f25d12705fc3b7a091efc2
Parents: 2504be2
Author: Sumit Gupta <su...@apache.org>
Authored: Mon Feb 22 16:46:22 2016 -0500
Committer: Sumit Gupta <su...@apache.org>
Committed: Mon Feb 22 16:46:22 2016 -0500
----------------------------------------------------------------------
gateway-provider-security-authc-anon/pom.xml | 72 ++++++++++++++++
.../AnonymousAuthDeploymentContributor.java | 65 +++++++++++++++
.../gateway/filter/AnonymousAuthFilter.java | 87 ++++++++++++++++++++
...gateway.deploy.ProviderDeploymentContributor | 19 +++++
.../AnonymousAuthDeploymentContributorTest.java | 44 ++++++++++
pom.xml | 6 ++
6 files changed, 293 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/82539e40/gateway-provider-security-authc-anon/pom.xml
----------------------------------------------------------------------
diff --git a/gateway-provider-security-authc-anon/pom.xml b/gateway-provider-security-authc-anon/pom.xml
new file mode 100755
index 0000000..cde18f1
--- /dev/null
+++ b/gateway-provider-security-authc-anon/pom.xml
@@ -0,0 +1,72 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.knox</groupId>
+ <artifactId>gateway</artifactId>
+ <version>0.9.0-SNAPSHOT</version>
+ </parent>
+ <artifactId>gateway-provider-security-authc-anon</artifactId>
+
+ <name>gateway-provider-security-authc-anon</name>
+ <description>An extension of the gateway that provides a pseudo subject and no auth</description>
+
+ <licenses>
+ <license>
+ <name>The Apache Software License, Version 2.0</name>
+ <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+ <distribution>repo</distribution>
+ </license>
+ </licenses>
+
+ <dependencies>
+ <dependency>
+ <groupId>${gateway-group}</groupId>
+ <artifactId>gateway-spi</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>${gateway-group}</groupId>
+ <artifactId>gateway-util-common</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.eclipse.jetty.orbit</groupId>
+ <artifactId>javax.servlet</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.easymock</groupId>
+ <artifactId>easymock</artifactId>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.knox</groupId>
+ <artifactId>gateway-test-utils</artifactId>
+ <scope>test</scope>
+ </dependency>
+
+ </dependencies>
+
+</project>
http://git-wip-us.apache.org/repos/asf/knox/blob/82539e40/gateway-provider-security-authc-anon/src/main/java/org/apache/hadoop/gateway/deploy/AnonymousAuthDeploymentContributor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-authc-anon/src/main/java/org/apache/hadoop/gateway/deploy/AnonymousAuthDeploymentContributor.java b/gateway-provider-security-authc-anon/src/main/java/org/apache/hadoop/gateway/deploy/AnonymousAuthDeploymentContributor.java
new file mode 100755
index 0000000..b49643d
--- /dev/null
+++ b/gateway-provider-security-authc-anon/src/main/java/org/apache/hadoop/gateway/deploy/AnonymousAuthDeploymentContributor.java
@@ -0,0 +1,65 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.deploy;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import org.apache.hadoop.gateway.descriptor.FilterParamDescriptor;
+import org.apache.hadoop.gateway.descriptor.ResourceDescriptor;
+import org.apache.hadoop.gateway.topology.Provider;
+import org.apache.hadoop.gateway.topology.Service;
+
+public class AnonymousAuthDeploymentContributor extends ProviderDeploymentContributorBase {
+
+ private static final String ROLE = "authentication";
+ private static final String NAME = "Anonymous";
+
+ private static final String FILTER_CLASSNAME = "org.apache.hadoop.gateway.filter.AnonymousAuthFilter";
+
+ @Override
+ public String getRole() {
+ return ROLE;
+ }
+
+ @Override
+ public String getName() {
+ return NAME;
+ }
+
+ @Override
+ public void initializeContribution(DeploymentContext context) {
+ super.initializeContribution(context);
+ }
+
+ @Override
+ public void contributeFilter(DeploymentContext context, Provider provider, Service service,
+ ResourceDescriptor resource, List<FilterParamDescriptor> params) {
+ // blindly add all the provider params as filter init params
+ if (params == null) {
+ params = new ArrayList<>();
+ }
+ Map<String, String> providerParams = provider.getParams();
+ for(Entry<String, String> entry : providerParams.entrySet()) {
+ params.add( resource.createFilterParam().name( entry.getKey().toLowerCase() ).value( entry.getValue() ) );
+ }
+ resource.addFilter().name( getName() ).role( getRole() ).impl(FILTER_CLASSNAME).params( params );
+ }
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/82539e40/gateway-provider-security-authc-anon/src/main/java/org/apache/hadoop/gateway/filter/AnonymousAuthFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-authc-anon/src/main/java/org/apache/hadoop/gateway/filter/AnonymousAuthFilter.java b/gateway-provider-security-authc-anon/src/main/java/org/apache/hadoop/gateway/filter/AnonymousAuthFilter.java
new file mode 100755
index 0000000..619e7e3
--- /dev/null
+++ b/gateway-provider-security-authc-anon/src/main/java/org/apache/hadoop/gateway/filter/AnonymousAuthFilter.java
@@ -0,0 +1,87 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.filter;
+
+import org.apache.hadoop.gateway.security.PrimaryPrincipal;
+
+import java.io.IOException;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+import javax.security.auth.Subject;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+public class AnonymousAuthFilter implements Filter {
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+
+ }
+
+ @Override
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
+ HttpServletRequest httpRequest = (HttpServletRequest)request;
+ String principal = httpRequest.getRemoteUser();
+ if (principal == null) {
+ principal = "anonymous";
+ }
+ Subject subject = new Subject();
+ subject.getPrincipals().add(new PrimaryPrincipal(principal));
+ continueWithEstablishedSecurityContext(subject, (HttpServletRequest)request, (HttpServletResponse)response, filterChain);
+ }
+
+ private void continueWithEstablishedSecurityContext(Subject subject, final HttpServletRequest request, final HttpServletResponse response, final FilterChain chain) throws IOException, ServletException {
+ try {
+ Subject.doAs(
+ subject,
+ new PrivilegedExceptionAction<Object>() {
+ @Override
+ public Object run() throws Exception {
+ chain.doFilter(request, response);
+ return null;
+ }
+ }
+ );
+ }
+ catch (PrivilegedActionException e) {
+ Throwable t = e.getCause();
+ if (t instanceof IOException) {
+ throw (IOException) t;
+ }
+ else if (t instanceof ServletException) {
+ throw (ServletException) t;
+ }
+ else {
+ throw new ServletException(t);
+ }
+ }
+ }
+
+
+ @Override
+ public void destroy() {
+
+ }
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/82539e40/gateway-provider-security-authc-anon/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
----------------------------------------------------------------------
diff --git a/gateway-provider-security-authc-anon/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor b/gateway-provider-security-authc-anon/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
new file mode 100755
index 0000000..99f1edf
--- /dev/null
+++ b/gateway-provider-security-authc-anon/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
@@ -0,0 +1,19 @@
+##########################################################################
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##########################################################################
+
+org.apache.hadoop.gateway.deploy.AnonymousAuthDeploymentContributor
http://git-wip-us.apache.org/repos/asf/knox/blob/82539e40/gateway-provider-security-authc-anon/src/test/java/org/apache/hadoop/gateway/deploy/AnonymousAuthDeploymentContributorTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-authc-anon/src/test/java/org/apache/hadoop/gateway/deploy/AnonymousAuthDeploymentContributorTest.java b/gateway-provider-security-authc-anon/src/test/java/org/apache/hadoop/gateway/deploy/AnonymousAuthDeploymentContributorTest.java
new file mode 100644
index 0000000..38e25a8
--- /dev/null
+++ b/gateway-provider-security-authc-anon/src/test/java/org/apache/hadoop/gateway/deploy/AnonymousAuthDeploymentContributorTest.java
@@ -0,0 +1,44 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * <p/>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p/>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.deploy;
+
+import org.junit.Test;
+
+import java.util.Iterator;
+import java.util.ServiceLoader;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.junit.Assert.fail;
+
+public class AnonymousAuthDeploymentContributorTest {
+
+ @Test
+ public void testServiceLoader() throws Exception {
+ ServiceLoader loader = ServiceLoader.load( ProviderDeploymentContributor.class );
+ Iterator iterator = loader.iterator();
+ assertThat( "Service iterator empty.", iterator.hasNext() );
+ while( iterator.hasNext() ) {
+ Object object = iterator.next();
+ if( object instanceof AnonymousAuthDeploymentContributor ) {
+ return;
+ }
+ }
+ fail( "Failed to find " + AnonymousAuthDeploymentContributor.class.getName() + " via service loader." );
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/82539e40/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index a70f436..c180475 100644
--- a/pom.xml
+++ b/pom.xml
@@ -60,6 +60,7 @@
<module>gateway-provider-security-shiro</module>
<module>gateway-provider-security-pac4j</module>
<module>gateway-provider-security-authz-acls</module>
+ <module>gateway-provider-security-authc-anon</module>
<module>gateway-provider-identity-assertion-common</module>
<module>gateway-provider-identity-assertion-concat</module>
<module>gateway-provider-identity-assertion-regex</module>
@@ -457,6 +458,11 @@
</dependency>
<dependency>
<groupId>${gateway-group}</groupId>
+ <artifactId>gateway-provider-security-authc-anon</artifactId>
+ <version>${gateway-version}</version>
+ </dependency>
+ <dependency>
+ <groupId>${gateway-group}</groupId>
<artifactId>gateway-provider-security-shiro</artifactId>
<version>${gateway-version}</version>
</dependency>