You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zeppelin.apache.org by zj...@apache.org on 2019/03/12 07:20:15 UTC
[zeppelin] branch master updated: [ZEPPELIN-4048]. Rename
SecurityService to AuthenticationService
This is an automated email from the ASF dual-hosted git repository.
zjffdu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zeppelin.git
The following commit(s) were added to refs/heads/master by this push:
new 3c7f009 [ZEPPELIN-4048]. Rename SecurityService to AuthenticationService
3c7f009 is described below
commit 3c7f0093f4e49f76c9a10a6a759f7c693f6c7eb5
Author: Jeff Zhang <zj...@apache.org>
AuthorDate: Sun Mar 10 22:40:47 2019 +0800
[ZEPPELIN-4048]. Rename SecurityService to AuthenticationService
### What is this PR for?
This is a refactoring PR which rename `SecurityService` to `AuthenticationService`, I would also rename `NotebookAuthorization` to `AuthorizationService` in #3316
### What type of PR is it?
[Refactoring]
### Todos
* [ ] - Task
### What is the Jira issue?
* https://jira.apache.org/jira/browse/ZEPPELIN-4048
### How should this be tested?
* CI pass
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? No
* Does this needs documentation? No
Author: Jeff Zhang <zj...@apache.org>
Closes #3327 from zjffdu/ZEPPELIN-4048 and squashes the following commits:
82b45de60 [Jeff Zhang] [ZEPPELIN-4048]. Rename SecurityService to AuthenticationService
---
.../org/apache/zeppelin/rest/AbstractRestApi.java | 15 ++---
.../zeppelin/rest/ConfigurationsRestApi.java | 6 +-
.../apache/zeppelin/rest/CredentialRestApi.java | 16 ++---
.../apache/zeppelin/rest/InterpreterRestApi.java | 10 ++--
.../org/apache/zeppelin/rest/LoginRestApi.java | 20 +++----
.../apache/zeppelin/rest/NotebookRepoRestApi.java | 20 +++----
.../org/apache/zeppelin/rest/NotebookRestApi.java | 70 +++++++++++-----------
.../org/apache/zeppelin/rest/SecurityRestApi.java | 16 ++---
.../org/apache/zeppelin/server/ZeppelinServer.java | 14 ++---
...rityService.java => AuthenticationService.java} | 24 +++++++-
...tyService.java => NoAuthenticationService.java} | 8 +--
...ervice.java => ShiroAuthenticationService.java} | 38 ++++++------
.../zeppelin/rest/CredentialsRestApiTest.java | 11 ++--
...st.java => ShiroAuthenticationServiceTest.java} | 12 ++--
14 files changed, 148 insertions(+), 132 deletions(-)
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/AbstractRestApi.java b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/AbstractRestApi.java
index 1729be8..32cb6cc 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/AbstractRestApi.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/AbstractRestApi.java
@@ -21,24 +21,25 @@ import com.google.common.collect.Sets;
import java.io.IOException;
import java.util.Set;
import javax.ws.rs.WebApplicationException;
-import org.apache.zeppelin.service.SecurityService;
+
+import org.apache.zeppelin.service.AuthenticationService;
import org.apache.zeppelin.service.ServiceContext;
import org.apache.zeppelin.service.SimpleServiceCallback;
import org.apache.zeppelin.user.AuthenticationInfo;
public class AbstractRestApi {
- protected SecurityService securityService;
+ protected AuthenticationService authenticationService;
- protected AbstractRestApi(SecurityService securityService) {
- this.securityService = securityService;
+ protected AbstractRestApi(AuthenticationService authenticationService) {
+ this.authenticationService = authenticationService;
}
protected ServiceContext getServiceContext() {
- AuthenticationInfo authInfo = new AuthenticationInfo(securityService.getPrincipal());
+ AuthenticationInfo authInfo = new AuthenticationInfo(authenticationService.getPrincipal());
Set<String> userAndRoles = Sets.newHashSet();
- userAndRoles.add(securityService.getPrincipal());
- userAndRoles.addAll(securityService.getAssociatedRoles());
+ userAndRoles.add(authenticationService.getPrincipal());
+ userAndRoles.addAll(authenticationService.getAssociatedRoles());
return new ServiceContext(authInfo, userAndRoles);
}
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/ConfigurationsRestApi.java b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/ConfigurationsRestApi.java
index 06503f8..c3f9f63 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/ConfigurationsRestApi.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/ConfigurationsRestApi.java
@@ -29,7 +29,7 @@ import javax.ws.rs.core.Response.Status;
import org.apache.zeppelin.annotation.ZeppelinApi;
import org.apache.zeppelin.server.JsonResponse;
import org.apache.zeppelin.service.ConfigurationService;
-import org.apache.zeppelin.service.SecurityService;
+import org.apache.zeppelin.service.AuthenticationService;
/** Configurations Rest API Endpoint. */
@Path("/configurations")
@@ -41,8 +41,8 @@ public class ConfigurationsRestApi extends AbstractRestApi {
@Inject
public ConfigurationsRestApi(
- SecurityService securityService, ConfigurationService configurationService) {
- super(securityService);
+ AuthenticationService authenticationService, ConfigurationService configurationService) {
+ super(authenticationService);
this.configurationService = configurationService;
}
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/CredentialRestApi.java b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/CredentialRestApi.java
index b517ed6..d69349c 100755
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/CredentialRestApi.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/CredentialRestApi.java
@@ -33,7 +33,7 @@ import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import org.apache.zeppelin.server.JsonResponse;
-import org.apache.zeppelin.service.SecurityService;
+import org.apache.zeppelin.service.AuthenticationService;
import org.apache.zeppelin.user.Credentials;
import org.apache.zeppelin.user.UserCredentials;
import org.apache.zeppelin.user.UsernamePassword;
@@ -47,13 +47,13 @@ import org.slf4j.LoggerFactory;
public class CredentialRestApi {
Logger logger = LoggerFactory.getLogger(CredentialRestApi.class);
private Credentials credentials;
- private SecurityService securityService;
+ private AuthenticationService authenticationService;
private Gson gson = new Gson();
@Inject
- public CredentialRestApi(Credentials credentials, SecurityService securityService) {
+ public CredentialRestApi(Credentials credentials, AuthenticationService authenticationService) {
this.credentials = credentials;
- this.securityService = securityService;
+ this.authenticationService = authenticationService;
}
/**
@@ -78,7 +78,7 @@ public class CredentialRestApi {
return new JsonResponse(Status.BAD_REQUEST).build();
}
- String user = securityService.getPrincipal();
+ String user = authenticationService.getPrincipal();
logger.info("Update credentials for user {} entity {}", user, entity);
UserCredentials uc = credentials.getUserCredentials(user);
uc.putUsernamePassword(entity, new UsernamePassword(username, password));
@@ -94,7 +94,7 @@ public class CredentialRestApi {
*/
@GET
public Response getCredentials() throws IllegalArgumentException {
- String user = securityService.getPrincipal();
+ String user = authenticationService.getPrincipal();
logger.info("getCredentials credentials for user {} ", user);
UserCredentials uc = credentials.getUserCredentials(user);
return new JsonResponse<>(Status.OK, uc).build();
@@ -109,7 +109,7 @@ public class CredentialRestApi {
*/
@DELETE
public Response removeCredentials() throws IOException, IllegalArgumentException {
- String user = securityService.getPrincipal();
+ String user = authenticationService.getPrincipal();
logger.info("removeCredentials credentials for user {} ", user);
UserCredentials uc = credentials.removeUserCredentials(user);
if (uc == null) {
@@ -130,7 +130,7 @@ public class CredentialRestApi {
@Path("{entity}")
public Response removeCredentialEntity(@PathParam("entity") String entity)
throws IOException, IllegalArgumentException {
- String user = securityService.getPrincipal();
+ String user = authenticationService.getPrincipal();
logger.info("removeCredentialEntity for user {} entity {}", user, entity);
if (!credentials.removeCredentialEntity(user, entity)) {
return new JsonResponse(Status.NOT_FOUND).build();
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/InterpreterRestApi.java b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/InterpreterRestApi.java
index cd5032b..bba8fbf 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/InterpreterRestApi.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/InterpreterRestApi.java
@@ -34,8 +34,8 @@ import org.apache.zeppelin.rest.message.NewInterpreterSettingRequest;
import org.apache.zeppelin.rest.message.RestartInterpreterRequest;
import org.apache.zeppelin.rest.message.UpdateInterpreterSettingRequest;
import org.apache.zeppelin.server.JsonResponse;
+import org.apache.zeppelin.service.AuthenticationService;
import org.apache.zeppelin.service.InterpreterService;
-import org.apache.zeppelin.service.SecurityService;
import org.apache.zeppelin.service.ServiceContext;
import org.apache.zeppelin.service.SimpleServiceCallback;
import org.apache.zeppelin.socket.NotebookServer;
@@ -67,18 +67,18 @@ public class InterpreterRestApi {
private static final Logger logger = LoggerFactory.getLogger(InterpreterRestApi.class);
- private final SecurityService securityService;
+ private final AuthenticationService authenticationService;
private final InterpreterService interpreterService;
private final InterpreterSettingManager interpreterSettingManager;
private final NotebookServer notebookServer;
@Inject
public InterpreterRestApi(
- SecurityService securityService,
+ AuthenticationService authenticationService,
InterpreterService interpreterService,
InterpreterSettingManager interpreterSettingManager,
NotebookServer notebookWsServer) {
- this.securityService = securityService;
+ this.authenticationService = authenticationService;
this.interpreterService = interpreterService;
this.interpreterSettingManager = interpreterSettingManager;
this.notebookServer = notebookWsServer;
@@ -200,7 +200,7 @@ public class InterpreterRestApi {
if (null == noteId) {
interpreterSettingManager.close(settingId);
} else {
- interpreterSettingManager.restart(settingId, noteId, securityService.getPrincipal());
+ interpreterSettingManager.restart(settingId, noteId, authenticationService.getPrincipal());
}
} catch (InterpreterException e) {
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/LoginRestApi.java b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/LoginRestApi.java
index 66f17f7..c8fa859 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/LoginRestApi.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/LoginRestApi.java
@@ -50,7 +50,7 @@ import org.apache.zeppelin.realm.jwt.KnoxJwtRealm;
import org.apache.zeppelin.realm.kerberos.KerberosRealm;
import org.apache.zeppelin.realm.kerberos.KerberosToken;
import org.apache.zeppelin.server.JsonResponse;
-import org.apache.zeppelin.service.SecurityService;
+import org.apache.zeppelin.service.AuthenticationService;
import org.apache.zeppelin.ticket.TicketContainer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -65,13 +65,13 @@ public class LoginRestApi {
private static final Logger LOG = LoggerFactory.getLogger(LoginRestApi.class);
private static final Gson gson = new Gson();
private ZeppelinConfiguration zConf;
- private SecurityService securityService;
+ private AuthenticationService authenticationService;
@Inject
public LoginRestApi(Notebook notebook,
- SecurityService securityService) {
+ AuthenticationService authenticationService) {
this.zConf = notebook.getConf();
- this.securityService = securityService;
+ this.authenticationService = authenticationService;
}
@GET
@@ -126,7 +126,7 @@ public class LoginRestApi {
}
private KerberosRealm getKerberosRealm() {
- Collection realmsList = securityService.getRealmsList();
+ Collection realmsList = authenticationService.getRealmsList();
if (realmsList != null) {
for (Iterator<Realm> iterator = realmsList.iterator(); iterator.hasNext(); ) {
Realm realm = iterator.next();
@@ -143,7 +143,7 @@ public class LoginRestApi {
}
private KnoxJwtRealm getJTWRealm() {
- Collection realmsList = securityService.getRealmsList();
+ Collection realmsList = authenticationService.getRealmsList();
if (realmsList != null) {
for (Iterator<Realm> iterator = realmsList.iterator(); iterator.hasNext(); ) {
Realm realm = iterator.next();
@@ -160,7 +160,7 @@ public class LoginRestApi {
}
private boolean isKnoxSSOEnabled() {
- Collection realmsList = securityService.getRealmsList();
+ Collection realmsList = authenticationService.getRealmsList();
if (realmsList != null) {
for (Iterator<Realm> iterator = realmsList.iterator(); iterator.hasNext(); ) {
Realm realm = iterator.next();
@@ -181,8 +181,8 @@ public class LoginRestApi {
currentUser.getSession(true);
currentUser.login(token);
- Set<String> roles = securityService.getAssociatedRoles();
- String principal = securityService.getPrincipal();
+ Set<String> roles = authenticationService.getAssociatedRoles();
+ String principal = authenticationService.getPrincipal();
String ticket;
if ("anonymous".equals(principal)) {
ticket = "anonymous";
@@ -283,7 +283,7 @@ public class LoginRestApi {
private void logoutCurrentUser() {
Subject currentUser = org.apache.shiro.SecurityUtils.getSubject();
- TicketContainer.instance.removeTicket(securityService.getPrincipal());
+ TicketContainer.instance.removeTicket(authenticationService.getPrincipal());
currentUser.getSession().stop();
currentUser.logout();
}
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/NotebookRepoRestApi.java b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/NotebookRepoRestApi.java
index b676b80..a93a139 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/NotebookRepoRestApi.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/NotebookRepoRestApi.java
@@ -23,7 +23,7 @@ import com.google.gson.JsonSyntaxException;
import javax.inject.Inject;
import javax.inject.Singleton;
import org.apache.commons.lang.StringUtils;
-import org.apache.zeppelin.service.SecurityService;
+import org.apache.zeppelin.service.AuthenticationService;
import org.apache.zeppelin.service.ServiceContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -60,14 +60,14 @@ public class NotebookRepoRestApi {
private NotebookRepoSync noteRepos;
private NotebookServer notebookWsServer;
- private SecurityService securityService;
+ private AuthenticationService authenticationService;
@Inject
public NotebookRepoRestApi(NotebookRepoSync noteRepos, NotebookServer notebookWsServer,
- SecurityService securityService) {
+ AuthenticationService authenticationService) {
this.noteRepos = noteRepos;
this.notebookWsServer = notebookWsServer;
- this.securityService = securityService;
+ this.authenticationService = authenticationService;
}
/**
@@ -76,7 +76,7 @@ public class NotebookRepoRestApi {
@GET
@ZeppelinApi
public Response listRepoSettings() {
- AuthenticationInfo subject = new AuthenticationInfo(securityService.getPrincipal());
+ AuthenticationInfo subject = new AuthenticationInfo(authenticationService.getPrincipal());
LOG.info("Getting list of NoteRepo with Settings for user {}", subject.getUser());
List<NotebookRepoWithSettings> settings = noteRepos.getNotebookRepos(subject);
return new JsonResponse<>(Status.OK, "", settings).build();
@@ -89,7 +89,7 @@ public class NotebookRepoRestApi {
@Path("reload")
@ZeppelinApi
public Response refreshRepo(){
- AuthenticationInfo subject = new AuthenticationInfo(securityService.getPrincipal());
+ AuthenticationInfo subject = new AuthenticationInfo(authenticationService.getPrincipal());
LOG.info("Reloading notebook repository for user {}", subject.getUser());
try {
notebookWsServer.broadcastReloadedNoteList(null, getServiceContext());
@@ -100,10 +100,10 @@ public class NotebookRepoRestApi {
}
private ServiceContext getServiceContext() {
- AuthenticationInfo authInfo = new AuthenticationInfo(securityService.getPrincipal());
+ AuthenticationInfo authInfo = new AuthenticationInfo(authenticationService.getPrincipal());
Set<String> userAndRoles = Sets.newHashSet();
- userAndRoles.add(securityService.getPrincipal());
- userAndRoles.addAll(securityService.getAssociatedRoles());
+ userAndRoles.add(authenticationService.getPrincipal());
+ userAndRoles.addAll(authenticationService.getAssociatedRoles());
return new ServiceContext(authInfo, userAndRoles);
}
@@ -119,7 +119,7 @@ public class NotebookRepoRestApi {
if (StringUtils.isBlank(payload)) {
return new JsonResponse<>(Status.NOT_FOUND, "", Collections.emptyMap()).build();
}
- AuthenticationInfo subject = new AuthenticationInfo(securityService.getPrincipal());
+ AuthenticationInfo subject = new AuthenticationInfo(authenticationService.getPrincipal());
NotebookRepoSettingsRequest newSettings;
try {
newSettings = NotebookRepoSettingsRequest.fromJson(payload);
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/NotebookRestApi.java b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/NotebookRestApi.java
index 6f805c9..70f17c0 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/NotebookRestApi.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/NotebookRestApi.java
@@ -60,9 +60,9 @@ import org.apache.zeppelin.rest.message.RunParagraphWithParametersRequest;
import org.apache.zeppelin.rest.message.UpdateParagraphRequest;
import org.apache.zeppelin.search.SearchService;
import org.apache.zeppelin.server.JsonResponse;
+import org.apache.zeppelin.service.AuthenticationService;
import org.apache.zeppelin.service.JobManagerService;
import org.apache.zeppelin.service.NotebookService;
-import org.apache.zeppelin.service.SecurityService;
import org.apache.zeppelin.service.ServiceContext;
import org.apache.zeppelin.socket.NotebookServer;
import org.apache.zeppelin.user.AuthenticationInfo;
@@ -87,7 +87,7 @@ public class NotebookRestApi extends AbstractRestApi {
private NotebookAuthorization notebookAuthorization;
private NotebookService notebookService;
private JobManagerService jobManagerService;
- private SecurityService securityService;
+ private AuthenticationService authenticationService;
@Inject
public NotebookRestApi(
@@ -97,9 +97,9 @@ public class NotebookRestApi extends AbstractRestApi {
SearchService search,
NotebookAuthorization notebookAuthorization,
ZeppelinConfiguration zConf,
- SecurityService securityService,
+ AuthenticationService authenticationService,
JobManagerService jobManagerService) {
- super(securityService);
+ super(authenticationService);
this.notebook = notebook;
this.notebookServer = notebookServer;
this.notebookService = notebookService;
@@ -107,7 +107,7 @@ public class NotebookRestApi extends AbstractRestApi {
this.noteSearchService = search;
this.notebookAuthorization = notebookAuthorization;
this.zConf = zConf;
- this.securityService = securityService;
+ this.authenticationService = authenticationService;
}
/**
@@ -150,8 +150,8 @@ public class NotebookRestApi extends AbstractRestApi {
* Check if the current user is not authenticated(anonymous user) or not.
*/
private void checkIfUserIsAnon(String errorMsg) {
- boolean isAuthenticated = securityService.isAuthenticated();
- if (isAuthenticated && securityService.getPrincipal().equals("anonymous")) {
+ boolean isAuthenticated = authenticationService.isAuthenticated();
+ if (isAuthenticated && authenticationService.getPrincipal().equals("anonymous")) {
LOG.info("Anonymous user cannot set any permissions for this note.");
throw new ForbiddenException(errorMsg);
}
@@ -162,8 +162,8 @@ public class NotebookRestApi extends AbstractRestApi {
*/
private void checkIfUserIsOwner(String noteId, String errorMsg) {
Set<String> userAndRoles = Sets.newHashSet();
- userAndRoles.add(securityService.getPrincipal());
- userAndRoles.addAll(securityService.getAssociatedRoles());
+ userAndRoles.add(authenticationService.getPrincipal());
+ userAndRoles.addAll(authenticationService.getAssociatedRoles());
if (!notebookAuthorization.isOwner(userAndRoles, noteId)) {
throw new ForbiddenException(errorMsg);
}
@@ -174,8 +174,8 @@ public class NotebookRestApi extends AbstractRestApi {
*/
private void checkIfUserCanWrite(String noteId, String errorMsg) {
Set<String> userAndRoles = Sets.newHashSet();
- userAndRoles.add(securityService.getPrincipal());
- userAndRoles.addAll(securityService.getAssociatedRoles());
+ userAndRoles.add(authenticationService.getPrincipal());
+ userAndRoles.addAll(authenticationService.getAssociatedRoles());
if (!notebookAuthorization.hasWriteAuthorization(userAndRoles, noteId)) {
throw new ForbiddenException(errorMsg);
}
@@ -186,8 +186,8 @@ public class NotebookRestApi extends AbstractRestApi {
*/
private void checkIfUserCanRead(String noteId, String errorMsg) {
Set<String> userAndRoles = Sets.newHashSet();
- userAndRoles.add(securityService.getPrincipal());
- userAndRoles.addAll(securityService.getAssociatedRoles());
+ userAndRoles.add(authenticationService.getPrincipal());
+ userAndRoles.addAll(authenticationService.getAssociatedRoles());
if (!notebookAuthorization.hasReadAuthorization(userAndRoles, noteId)) {
throw new ForbiddenException(errorMsg);
}
@@ -198,8 +198,8 @@ public class NotebookRestApi extends AbstractRestApi {
*/
private void checkIfUserCanRun(String noteId, String errorMsg) {
Set<String> userAndRoles = Sets.newHashSet();
- userAndRoles.add(securityService.getPrincipal());
- userAndRoles.addAll(securityService.getAssociatedRoles());
+ userAndRoles.add(authenticationService.getPrincipal());
+ userAndRoles.addAll(authenticationService.getAssociatedRoles());
if (!notebookAuthorization.hasRunAuthorization(userAndRoles, noteId)) {
throw new ForbiddenException(errorMsg);
}
@@ -232,8 +232,8 @@ public class NotebookRestApi extends AbstractRestApi {
@ZeppelinApi
public Response putNotePermissions(@PathParam("noteId") String noteId, String req)
throws IOException {
- String principal = securityService.getPrincipal();
- Set<String> roles = securityService.getAssociatedRoles();
+ String principal = authenticationService.getPrincipal();
+ Set<String> roles = authenticationService.getAssociatedRoles();
HashSet<String> userAndRoles = new HashSet<>();
userAndRoles.add(principal);
userAndRoles.addAll(roles);
@@ -257,28 +257,28 @@ public class NotebookRestApi extends AbstractRestApi {
// Set readers, if runners, writers and owners is empty -> set to user requesting the change
if (readers != null && !readers.isEmpty()) {
if (runners.isEmpty()) {
- runners = Sets.newHashSet(securityService.getPrincipal());
+ runners = Sets.newHashSet(authenticationService.getPrincipal());
}
if (writers.isEmpty()) {
- writers = Sets.newHashSet(securityService.getPrincipal());
+ writers = Sets.newHashSet(authenticationService.getPrincipal());
}
if (owners.isEmpty()) {
- owners = Sets.newHashSet(securityService.getPrincipal());
+ owners = Sets.newHashSet(authenticationService.getPrincipal());
}
}
// Set runners, if writers and owners is empty -> set to user requesting the change
if (runners != null && !runners.isEmpty()) {
if (writers.isEmpty()) {
- writers = Sets.newHashSet(securityService.getPrincipal());
+ writers = Sets.newHashSet(authenticationService.getPrincipal());
}
if (owners.isEmpty()) {
- owners = Sets.newHashSet(securityService.getPrincipal());
+ owners = Sets.newHashSet(authenticationService.getPrincipal());
}
}
// Set writers, if owners is empty -> set to user requesting the change
if (writers != null && !writers.isEmpty()) {
if (owners.isEmpty()) {
- owners = Sets.newHashSet(securityService.getPrincipal());
+ owners = Sets.newHashSet(authenticationService.getPrincipal());
}
}
@@ -289,7 +289,7 @@ public class NotebookRestApi extends AbstractRestApi {
LOG.debug("After set permissions {} {} {} {}", notebookAuthorization.getOwners(noteId),
notebookAuthorization.getReaders(noteId), notebookAuthorization.getRunners(noteId),
notebookAuthorization.getWriters(noteId));
- AuthenticationInfo subject = new AuthenticationInfo(securityService.getPrincipal());
+ AuthenticationInfo subject = new AuthenticationInfo(authenticationService.getPrincipal());
notebook.saveNote(note, subject);
notebookServer.broadcastNote(note);
notebookServer.broadcastNoteList(subject, userAndRoles);
@@ -355,7 +355,7 @@ public class NotebookRestApi extends AbstractRestApi {
@POST
@ZeppelinApi
public Response createNote(String message) throws IOException {
- String user = securityService.getPrincipal();
+ String user = authenticationService.getPrincipal();
LOG.info("Create new note by JSON {}", message);
NewNoteRequest request = NewNoteRequest.fromJson(message);
Note note = notebookService.createNote(
@@ -363,7 +363,7 @@ public class NotebookRestApi extends AbstractRestApi {
zConf.getString(ZeppelinConfiguration.ConfVars.ZEPPELIN_INTERPRETER_GROUP_DEFAULT),
getServiceContext(),
new RestServiceCallback<>());
- AuthenticationInfo subject = new AuthenticationInfo(securityService.getPrincipal());
+ AuthenticationInfo subject = new AuthenticationInfo(authenticationService.getPrincipal());
if (request.getParagraphs() != null) {
for (NewParagraphRequest paragraphRequest : request.getParagraphs()) {
Paragraph p = note.addNewParagraph(subject);
@@ -418,7 +418,7 @@ public class NotebookRestApi extends AbstractRestApi {
if (request != null) {
newNoteName = request.getName();
}
- AuthenticationInfo subject = new AuthenticationInfo(securityService.getPrincipal());
+ AuthenticationInfo subject = new AuthenticationInfo(authenticationService.getPrincipal());
Note newNote = notebookService.cloneNote(noteId, newNoteName, getServiceContext(),
new RestServiceCallback<Note>(){
@Override
@@ -472,7 +472,7 @@ public class NotebookRestApi extends AbstractRestApi {
@ZeppelinApi
public Response insertParagraph(@PathParam("noteId") String noteId, String message)
throws IOException {
- String user = securityService.getPrincipal();
+ String user = authenticationService.getPrincipal();
LOG.info("insert paragraph {} {}", noteId, message);
Note note = notebook.getNote(noteId);
@@ -529,7 +529,7 @@ public class NotebookRestApi extends AbstractRestApi {
public Response updateParagraph(@PathParam("noteId") String noteId,
@PathParam("paragraphId") String paragraphId,
String message) throws IOException {
- String user = securityService.getPrincipal();
+ String user = authenticationService.getPrincipal();
LOG.info("{} will update paragraph {} {}", user, noteId, paragraphId);
Note note = notebook.getNote(noteId);
@@ -557,7 +557,7 @@ public class NotebookRestApi extends AbstractRestApi {
public Response updateParagraphConfig(@PathParam("noteId") String noteId,
@PathParam("paragraphId") String paragraphId,
String message) throws IOException {
- String user = securityService.getPrincipal();
+ String user = authenticationService.getPrincipal();
LOG.info("{} will update paragraph config {} {}", user, noteId, paragraphId);
Note note = notebook.getNote(noteId);
@@ -658,8 +658,8 @@ public class NotebookRestApi extends AbstractRestApi {
boolean blocking = waitToFinish == null || waitToFinish;
LOG.info("run note jobs {} waitToFinish: {}", noteId, blocking);
Note note = notebook.getNote(noteId);
- AuthenticationInfo subject = new AuthenticationInfo(securityService.getPrincipal());
- subject.setRoles(new LinkedList<>(securityService.getAssociatedRoles()));
+ AuthenticationInfo subject = new AuthenticationInfo(authenticationService.getPrincipal());
+ subject.setRoles(new LinkedList<>(authenticationService.getAssociatedRoles()));
checkIfNoteIsNotNull(note);
checkIfUserCanRun(noteId, "Insufficient privileges you cannot run job for this note");
@@ -993,8 +993,8 @@ public class NotebookRestApi extends AbstractRestApi {
@ZeppelinApi
public Response search(@QueryParam("q") String queryTerm) {
LOG.info("Searching notes for: {}", queryTerm);
- String principal = securityService.getPrincipal();
- Set<String> roles = securityService.getAssociatedRoles();
+ String principal = authenticationService.getPrincipal();
+ Set<String> roles = authenticationService.getAssociatedRoles();
HashSet<String> userAndRoles = new HashSet<>();
userAndRoles.add(principal);
userAndRoles.addAll(roles);
@@ -1024,7 +1024,7 @@ public class NotebookRestApi extends AbstractRestApi {
Map<String, Object> paramsForUpdating = request.getParams();
if (paramsForUpdating != null) {
paragraph.settings.getParams().putAll(paramsForUpdating);
- AuthenticationInfo subject = new AuthenticationInfo(securityService.getPrincipal());
+ AuthenticationInfo subject = new AuthenticationInfo(authenticationService.getPrincipal());
notebook.saveNote(note, subject);
}
}
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/SecurityRestApi.java b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/SecurityRestApi.java
index 7a08693..95d1e32 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/SecurityRestApi.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/SecurityRestApi.java
@@ -34,7 +34,7 @@ import org.apache.commons.lang3.StringUtils;
import org.apache.zeppelin.annotation.ZeppelinApi;
import org.apache.zeppelin.conf.ZeppelinConfiguration;
import org.apache.zeppelin.server.JsonResponse;
-import org.apache.zeppelin.service.SecurityService;
+import org.apache.zeppelin.service.AuthenticationService;
import org.apache.zeppelin.ticket.TicketContainer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -49,11 +49,11 @@ public class SecurityRestApi {
private static final Logger LOG = LoggerFactory.getLogger(SecurityRestApi.class);
private static final Gson gson = new Gson();
- private final SecurityService securityService;
+ private final AuthenticationService authenticationService;
@Inject
- public SecurityRestApi(SecurityService securityService) {
- this.securityService = securityService;
+ public SecurityRestApi(AuthenticationService authenticationService) {
+ this.authenticationService = authenticationService;
}
/**
@@ -69,8 +69,8 @@ public class SecurityRestApi {
@ZeppelinApi
public Response ticket() {
ZeppelinConfiguration conf = ZeppelinConfiguration.create();
- String principal = securityService.getPrincipal();
- Set<String> roles = securityService.getAssociatedRoles();
+ String principal = authenticationService.getPrincipal();
+ Set<String> roles = authenticationService.getAssociatedRoles();
JsonResponse response;
// ticket set to anonymous for anonymous user. Simplify testing.
String ticket;
@@ -102,8 +102,8 @@ public class SecurityRestApi {
public Response getUserList(@PathParam("searchText") final String searchText) {
final int numUsersToFetch = 5;
- List<String> usersList = securityService.getMatchedUsers(searchText, numUsersToFetch);
- List<String> rolesList = securityService.getMatchedRoles();
+ List<String> usersList = authenticationService.getMatchedUsers(searchText, numUsersToFetch);
+ List<String> rolesList = authenticationService.getMatchedRoles();
List<String> autoSuggestUserList = new ArrayList<>();
List<String> autoSuggestRoleList = new ArrayList<>();
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/server/ZeppelinServer.java b/zeppelin-server/src/main/java/org/apache/zeppelin/server/ZeppelinServer.java
index b9194ac..3f06916 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/server/ZeppelinServer.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/server/ZeppelinServer.java
@@ -50,14 +50,8 @@ import org.apache.zeppelin.notebook.repo.NotebookRepoSync;
import org.apache.zeppelin.rest.exception.WebApplicationExceptionMapper;
import org.apache.zeppelin.search.LuceneSearch;
import org.apache.zeppelin.search.SearchService;
-import org.apache.zeppelin.service.AdminService;
-import org.apache.zeppelin.service.ConfigurationService;
-import org.apache.zeppelin.service.InterpreterService;
-import org.apache.zeppelin.service.JobManagerService;
-import org.apache.zeppelin.service.NoSecurityService;
-import org.apache.zeppelin.service.NotebookService;
-import org.apache.zeppelin.service.SecurityService;
-import org.apache.zeppelin.service.ShiroSecurityService;
+import org.apache.zeppelin.service.*;
+import org.apache.zeppelin.service.AuthenticationService;
import org.apache.zeppelin.socket.NotebookServer;
import org.apache.zeppelin.user.Credentials;
import org.eclipse.jetty.http.HttpVersion;
@@ -145,10 +139,10 @@ public class ZeppelinServer extends ResourceConfig {
bind(notebookAuthorization).to(NotebookAuthorization.class);
// TODO(jl): Will make it more beautiful
if (!StringUtils.isBlank(conf.getShiroPath())) {
- bind(ShiroSecurityService.class).to(SecurityService.class).in(Singleton.class);
+ bind(ShiroAuthenticationService.class).to(AuthenticationService.class).in(Singleton.class);
} else {
// TODO(jl): Will be added more type
- bind(NoSecurityService.class).to(SecurityService.class).in(Singleton.class);
+ bind(NoAuthenticationService.class).to(AuthenticationService.class).in(Singleton.class);
}
bindAsContract(HeliumBundleFactory.class).in(Singleton.class);
bindAsContract(HeliumApplicationFactory.class).in(Singleton.class);
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/service/SecurityService.java b/zeppelin-server/src/main/java/org/apache/zeppelin/service/AuthenticationService.java
similarity index 72%
rename from zeppelin-server/src/main/java/org/apache/zeppelin/service/SecurityService.java
rename to zeppelin-server/src/main/java/org/apache/zeppelin/service/AuthenticationService.java
index 0f6ab95..a048a20 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/service/SecurityService.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/service/AuthenticationService.java
@@ -21,17 +21,39 @@ import java.util.Collection;
import java.util.List;
import java.util.Set;
-public interface SecurityService {
+/**
+ * Interface for Zeppelin Security.
+ * //TODO(zjffdu) rename it to AuthenticationService
+ */
+public interface AuthenticationService {
+ /**
+ * Get current principal/username.
+ * @return
+ */
String getPrincipal();
+ /**
+ * Get roles associated with current principal
+ * @return
+ */
Set<String> getAssociatedRoles();
Collection getRealmsList();
boolean isAuthenticated();
+ /**
+ * Used for user auto-completion
+ * @param searchText
+ * @param numUsersToFetch
+ * @return
+ */
List<String> getMatchedUsers(String searchText, int numUsersToFetch);
+ /**
+ * Used for role auto-completion
+ * @return
+ */
List<String> getMatchedRoles();
}
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/service/NoSecurityService.java b/zeppelin-server/src/main/java/org/apache/zeppelin/service/NoAuthenticationService.java
similarity index 87%
rename from zeppelin-server/src/main/java/org/apache/zeppelin/service/NoSecurityService.java
rename to zeppelin-server/src/main/java/org/apache/zeppelin/service/NoAuthenticationService.java
index 0413883..317ffad 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/service/NoSecurityService.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/service/NoAuthenticationService.java
@@ -27,13 +27,13 @@ import javax.inject.Inject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-public class NoSecurityService implements SecurityService {
- private static Logger logger = LoggerFactory.getLogger(NoSecurityService.class);
+public class NoAuthenticationService implements AuthenticationService {
+ private static Logger logger = LoggerFactory.getLogger(NoAuthenticationService.class);
private final String ANONYMOUS = "anonymous";
@Inject
- public NoSecurityService() {
- logger.info("NoSecurityService is initialized");
+ public NoAuthenticationService() {
+ logger.info("NoAuthenticationService is initialized");
}
@Override
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/service/ShiroSecurityService.java b/zeppelin-server/src/main/java/org/apache/zeppelin/service/ShiroAuthenticationService.java
similarity index 92%
rename from zeppelin-server/src/main/java/org/apache/zeppelin/service/ShiroSecurityService.java
rename to zeppelin-server/src/main/java/org/apache/zeppelin/service/ShiroAuthenticationService.java
index 07a2663..f768fd0 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/service/ShiroSecurityService.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/service/ShiroAuthenticationService.java
@@ -56,25 +56,27 @@ import org.apache.zeppelin.realm.LdapRealm;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-/** Tools for securing Zeppelin. */
-public class ShiroSecurityService implements SecurityService {
+/**
+ * AuthenticationService which use Apache Shiro.
+ */
+public class ShiroAuthenticationService implements AuthenticationService {
- private final Logger LOGGER = LoggerFactory.getLogger(ShiroSecurityService.class);
+ private final Logger LOGGER = LoggerFactory.getLogger(ShiroAuthenticationService.class);
- private final ZeppelinConfiguration zeppelinConfiguration;
+ private final ZeppelinConfiguration conf;
@Inject
- public ShiroSecurityService(ZeppelinConfiguration zeppelinConfiguration) throws Exception {
- LOGGER.info("NoSecurityService is initialized");
- this.zeppelinConfiguration = zeppelinConfiguration;
- if (zeppelinConfiguration.getShiroPath().length() > 0) {
+ public ShiroAuthenticationService(ZeppelinConfiguration conf) throws Exception {
+ LOGGER.info("ShiroAuthenticationService is initialized");
+ this.conf = conf;
+ if (conf.getShiroPath().length() > 0) {
try {
Collection<Realm> realms =
((DefaultWebSecurityManager) org.apache.shiro.SecurityUtils.getSecurityManager())
.getRealms();
if (realms.size() > 1) {
Boolean isIniRealmEnabled = false;
- for (Object realm : realms) {
+ for (Realm realm : realms) {
if (realm instanceof IniRealm && ((IniRealm) realm).getIni().get("users") != null) {
isIniRealmEnabled = true;
break;
@@ -87,7 +89,7 @@ public class ShiroSecurityService implements SecurityService {
}
}
} catch (UnavailableSecurityManagerException e) {
- LOGGER.error("Failed to initialise shiro configuraion", e);
+ LOGGER.error("Failed to initialise shiro configuration", e);
}
}
}
@@ -104,7 +106,7 @@ public class ShiroSecurityService implements SecurityService {
String principal;
if (subject.isAuthenticated()) {
principal = extractPrincipal(subject);
- if (zeppelinConfiguration.isUsernameForceLowerCase()) {
+ if (conf.isUsernameForceLowerCase()) {
LOGGER.debug("Converting principal name " + principal
+ " to lower case:" + principal.toLowerCase());
principal = principal.toLowerCase();
@@ -155,18 +157,18 @@ public class ShiroSecurityService implements SecurityService {
Collection<Realm> realmsList = (Collection<Realm>) getRealmsList();
if (realmsList != null) {
for (Realm realm : realmsList) {
- String name = realm.getClass().getName();
- LOGGER.debug("RealmClass.getName: " + name);
- if (name.equals("org.apache.shiro.realm.text.IniRealm")) {
+ String realClassName = realm.getClass().getName();
+ LOGGER.debug("RealmClass.getName: " + realClassName);
+ if (realClassName.equals("org.apache.shiro.realm.text.IniRealm")) {
usersList.addAll(getUserList((IniRealm) realm));
- } else if (name.equals("org.apache.zeppelin.realm.LdapGroupRealm")) {
+ } else if (realClassName.equals("org.apache.zeppelin.realm.LdapGroupRealm")) {
usersList.addAll(getUserList((JndiLdapRealm) realm, searchText, numUsersToFetch));
- } else if (name.equals("org.apache.zeppelin.realm.LdapRealm")) {
+ } else if (realClassName.equals("org.apache.zeppelin.realm.LdapRealm")) {
usersList.addAll(getUserList((LdapRealm) realm, searchText, numUsersToFetch));
- } else if (name.equals("org.apache.zeppelin.realm.ActiveDirectoryGroupRealm")) {
+ } else if (realClassName.equals("org.apache.zeppelin.realm.ActiveDirectoryGroupRealm")) {
usersList.addAll(
getUserList((ActiveDirectoryGroupRealm) realm, searchText, numUsersToFetch));
- } else if (name.equals("org.apache.shiro.realm.jdbc.JdbcRealm")) {
+ } else if (realClassName.equals("org.apache.shiro.realm.jdbc.JdbcRealm")) {
usersList.addAll(getUserList((JdbcRealm) realm));
}
}
diff --git a/zeppelin-server/src/test/java/org/apache/zeppelin/rest/CredentialsRestApiTest.java b/zeppelin-server/src/test/java/org/apache/zeppelin/rest/CredentialsRestApiTest.java
index 4e20eec..3af42a0 100644
--- a/zeppelin-server/src/test/java/org/apache/zeppelin/rest/CredentialsRestApiTest.java
+++ b/zeppelin-server/src/test/java/org/apache/zeppelin/rest/CredentialsRestApiTest.java
@@ -27,8 +27,9 @@ import java.nio.file.Files;
import java.util.Map;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
-import org.apache.zeppelin.service.NoSecurityService;
-import org.apache.zeppelin.service.SecurityService;
+
+import org.apache.zeppelin.service.AuthenticationService;
+import org.apache.zeppelin.service.NoAuthenticationService;
import org.apache.zeppelin.user.Credentials;
import org.apache.zeppelin.user.UserCredentials;
import org.junit.Before;
@@ -39,14 +40,14 @@ public class CredentialsRestApiTest {
private CredentialRestApi credentialRestApi;
private Credentials credentials;
- private SecurityService securityService;
+ private AuthenticationService authenticationService;
@Before
public void setUp() throws IOException {
credentials =
new Credentials(false, Files.createTempFile("credentials", "test").toString(), null);
- securityService = new NoSecurityService();
- credentialRestApi = new CredentialRestApi(credentials, securityService);
+ authenticationService = new NoAuthenticationService();
+ credentialRestApi = new CredentialRestApi(credentials, authenticationService);
}
@Test
diff --git a/zeppelin-server/src/test/java/org/apache/zeppelin/service/ShiroSecurityServiceTest.java b/zeppelin-server/src/test/java/org/apache/zeppelin/service/ShiroAuthenticationServiceTest.java
similarity index 91%
rename from zeppelin-server/src/test/java/org/apache/zeppelin/service/ShiroSecurityServiceTest.java
rename to zeppelin-server/src/test/java/org/apache/zeppelin/service/ShiroAuthenticationServiceTest.java
index d4267f7..00bf16f 100644
--- a/zeppelin-server/src/test/java/org/apache/zeppelin/service/ShiroSecurityServiceTest.java
+++ b/zeppelin-server/src/test/java/org/apache/zeppelin/service/ShiroAuthenticationServiceTest.java
@@ -24,14 +24,10 @@ import static org.mockito.Mockito.when;
import java.io.IOException;
import java.lang.reflect.Field;
import java.lang.reflect.Modifier;
-import java.net.InetAddress;
-import java.net.URISyntaxException;
-import java.net.UnknownHostException;
+
import org.apache.commons.configuration.ConfigurationException;
import org.apache.zeppelin.conf.ZeppelinConfiguration;
import org.apache.zeppelin.notebook.Notebook;
-import org.apache.zeppelin.server.ZeppelinServer;
-import org.apache.zeppelin.utils.TestUtils;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -44,17 +40,17 @@ import sun.security.acl.PrincipalImpl;
@RunWith(PowerMockRunner.class)
@PrepareForTest(org.apache.shiro.SecurityUtils.class)
-public class ShiroSecurityServiceTest {
+public class ShiroAuthenticationServiceTest {
@Mock
org.apache.shiro.subject.Subject subject;
- ShiroSecurityService shiroSecurityService;
+ ShiroAuthenticationService shiroSecurityService;
ZeppelinConfiguration zeppelinConfiguration;
@Before
public void setup() throws Exception {
zeppelinConfiguration = ZeppelinConfiguration.create();
- shiroSecurityService = new ShiroSecurityService(zeppelinConfiguration);
+ shiroSecurityService = new ShiroAuthenticationService(zeppelinConfiguration);
}
@Test