You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@atlas.apache.org by ma...@apache.org on 2017/08/30 00:46:16 UTC
atlas git commit: ATLAS-2087: Allow Atlas server to bind on a
specific address
Repository: atlas
Updated Branches:
refs/heads/master f59284adb -> 42ccc44a9
ATLAS-2087: Allow Atlas server to bind on a specific address
Signed-off-by: Madhan Neethiraj <ma...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/atlas/repo
Commit: http://git-wip-us.apache.org/repos/asf/atlas/commit/42ccc44a
Tree: http://git-wip-us.apache.org/repos/asf/atlas/tree/42ccc44a
Diff: http://git-wip-us.apache.org/repos/asf/atlas/diff/42ccc44a
Branch: refs/heads/master
Commit: 42ccc44a9289274133528324eab02cff15ffb955
Parents: f59284a
Author: Richard Ding <sd...@us.ibm.com>
Authored: Tue Aug 29 15:51:08 2017 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Tue Aug 29 17:46:04 2017 -0700
----------------------------------------------------------------------
.../src/main/java/org/apache/atlas/Atlas.java | 32 +++++++++++++++++++-
.../atlas/web/service/EmbeddedServer.java | 17 ++++++-----
.../atlas/web/service/SecureEmbeddedServer.java | 4 +--
.../AtlasAuthenticationKerberosFilterTest.java | 2 +-
.../web/security/BaseSSLAndKerberosTest.java | 2 +-
.../org/apache/atlas/web/security/SSLTest.java | 2 +-
.../web/service/SecureEmbeddedServerTest.java | 3 +-
.../service/SecureEmbeddedServerTestBase.java | 9 ++++--
8 files changed, 54 insertions(+), 17 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/atlas/blob/42ccc44a/webapp/src/main/java/org/apache/atlas/Atlas.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/Atlas.java b/webapp/src/main/java/org/apache/atlas/Atlas.java
index e29254b..7cf6e3e 100755
--- a/webapp/src/main/java/org/apache/atlas/Atlas.java
+++ b/webapp/src/main/java/org/apache/atlas/Atlas.java
@@ -33,6 +33,10 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.bridge.SLF4JBridgeHandler;
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.NetworkInterface;
+import java.net.SocketException;
import java.util.Iterator;
/**
@@ -105,6 +109,17 @@ public final class Atlas {
setApplicationHome();
Configuration configuration = ApplicationProperties.get();
final String enableTLSFlag = configuration.getString(SecurityProperties.TLS_ENABLED);
+ final String appHost = configuration.getString(SecurityProperties.BIND_ADDRESS, EmbeddedServer.ATLAS_DEFAULT_BIND_ADDRESS);
+
+ if (!isLocalAddress(InetAddress.getByName(appHost))) {
+ String msg =
+ "Failed to start Atlas server. Address " + appHost
+ + " does not belong to this host. Correct configuration parameter: "
+ + SecurityProperties.BIND_ADDRESS;
+ LOG.error(msg);
+ throw new IOException(msg);
+ }
+
final int appPort = getApplicationPort(cmd, enableTLSFlag, configuration);
System.setProperty(AtlasConstants.SYSTEM_PROPERTY_APP_PORT, String.valueOf(appPort));
final boolean enableTLS = isTLSEnabled(enableTLSFlag, appPort);
@@ -112,7 +127,7 @@ public final class Atlas {
showStartupInfo(buildConfiguration, enableTLS, appPort);
- server = EmbeddedServer.newServer(appPort, appPath, enableTLS);
+ server = EmbeddedServer.newServer(appHost, appPort, appPath, enableTLS);
installLogBridge();
server.start();
@@ -164,6 +179,21 @@ public final class Atlas {
System.getProperty(SecurityProperties.TLS_ENABLED, (appPort % 1000) == 443 ? "true" : "false") : enableTLSFlag);
}
+ private static boolean isLocalAddress(InetAddress addr) {
+ // Check if the address is any local or loop back
+ boolean local = addr.isAnyLocalAddress() || addr.isLoopbackAddress();
+
+ // Check if the address is defined on any interface
+ if (!local) {
+ try {
+ local = NetworkInterface.getByInetAddress(addr) != null;
+ } catch (SocketException e) {
+ local = false;
+ }
+ }
+ return local;
+ }
+
private static void showStartupInfo(PropertiesConfiguration buildConfiguration, boolean enableTLS, int appPort) {
StringBuilder buffer = new StringBuilder();
buffer.append("\n############################################");
http://git-wip-us.apache.org/repos/asf/atlas/blob/42ccc44a/webapp/src/main/java/org/apache/atlas/web/service/EmbeddedServer.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/web/service/EmbeddedServer.java b/webapp/src/main/java/org/apache/atlas/web/service/EmbeddedServer.java
index 467571e..6985291 100755
--- a/webapp/src/main/java/org/apache/atlas/web/service/EmbeddedServer.java
+++ b/webapp/src/main/java/org/apache/atlas/web/service/EmbeddedServer.java
@@ -41,9 +41,11 @@ import java.util.concurrent.TimeUnit;
public class EmbeddedServer {
public static final Logger LOG = LoggerFactory.getLogger(EmbeddedServer.class);
+ public static final String ATLAS_DEFAULT_BIND_ADDRESS = "0.0.0.0";
+
protected final Server server;
- public EmbeddedServer(int port, String path) throws IOException {
+ public EmbeddedServer(String host, int port, String path) throws IOException {
int queueSize = AtlasConfiguration.WEBSERVER_QUEUE_SIZE.getInt();
LinkedBlockingQueue<Runnable> queue = new LinkedBlockingQueue<>(queueSize);
@@ -54,7 +56,7 @@ public class EmbeddedServer {
new ExecutorThreadPool(minThreads, maxThreads, keepAliveTime, TimeUnit.SECONDS, queue);
server = new Server(pool);
- Connector connector = getConnector(port);
+ Connector connector = getConnector(host, port);
server.addConnector(connector);
WebAppContext application = getWebAppContext(path);
@@ -69,15 +71,16 @@ public class EmbeddedServer {
return application;
}
- public static EmbeddedServer newServer(int port, String path, boolean secure) throws IOException {
+ public static EmbeddedServer newServer(String host, int port, String path, boolean secure)
+ throws IOException {
if (secure) {
- return new SecureEmbeddedServer(port, path);
+ return new SecureEmbeddedServer(host, port, path);
} else {
- return new EmbeddedServer(port, path);
+ return new EmbeddedServer(host, port, path);
}
}
- protected Connector getConnector(int port) throws IOException {
+ protected Connector getConnector(String host, int port) throws IOException {
HttpConfiguration http_config = new HttpConfiguration();
// this is to enable large header sizes when Kerberos is enabled with AD
final int bufferSize = AtlasConfiguration.WEBSERVER_REQUEST_BUFFER_SIZE.getInt();;
@@ -86,7 +89,7 @@ public class EmbeddedServer {
ServerConnector connector = new ServerConnector(server, new HttpConnectionFactory(http_config));
connector.setPort(port);
- connector.setHost("0.0.0.0");
+ connector.setHost(host);
return connector;
}
http://git-wip-us.apache.org/repos/asf/atlas/blob/42ccc44a/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java b/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
index fa02e9b..bd8ea1d 100755
--- a/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
+++ b/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
@@ -60,8 +60,8 @@ public class SecureEmbeddedServer extends EmbeddedServer {
private static final Logger LOG = LoggerFactory.getLogger(SecureEmbeddedServer.class);
- public SecureEmbeddedServer(int port, String path) throws IOException {
- super(port, path);
+ public SecureEmbeddedServer(String host, int port, String path) throws IOException {
+ super(host, port, path);
}
protected Connector getConnector(int port) throws IOException {
http://git-wip-us.apache.org/repos/asf/atlas/blob/42ccc44a/webapp/src/test/java/org/apache/atlas/web/filters/AtlasAuthenticationKerberosFilterTest.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/web/filters/AtlasAuthenticationKerberosFilterTest.java b/webapp/src/test/java/org/apache/atlas/web/filters/AtlasAuthenticationKerberosFilterTest.java
index 02a6fe4..5628b17 100644
--- a/webapp/src/test/java/org/apache/atlas/web/filters/AtlasAuthenticationKerberosFilterTest.java
+++ b/webapp/src/test/java/org/apache/atlas/web/filters/AtlasAuthenticationKerberosFilterTest.java
@@ -55,7 +55,7 @@ public class AtlasAuthenticationKerberosFilterTest extends BaseSecurityTest {
class TestEmbeddedServer extends EmbeddedServer {
public TestEmbeddedServer(int port, String path) throws IOException {
- super(port, path);
+ super(ATLAS_DEFAULT_BIND_ADDRESS, port, path);
}
Server getServer() {
http://git-wip-us.apache.org/repos/asf/atlas/blob/42ccc44a/webapp/src/test/java/org/apache/atlas/web/security/BaseSSLAndKerberosTest.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/web/security/BaseSSLAndKerberosTest.java b/webapp/src/test/java/org/apache/atlas/web/security/BaseSSLAndKerberosTest.java
index d46aa2f..f59b7a4 100644
--- a/webapp/src/test/java/org/apache/atlas/web/security/BaseSSLAndKerberosTest.java
+++ b/webapp/src/test/java/org/apache/atlas/web/security/BaseSSLAndKerberosTest.java
@@ -49,7 +49,7 @@ public class BaseSSLAndKerberosTest extends BaseSecurityTest {
class TestSecureEmbeddedServer extends SecureEmbeddedServer {
public TestSecureEmbeddedServer(int port, String path) throws IOException {
- super(port, path);
+ super(ATLAS_DEFAULT_BIND_ADDRESS, port, path);
}
public Server getServer() {
http://git-wip-us.apache.org/repos/asf/atlas/blob/42ccc44a/webapp/src/test/java/org/apache/atlas/web/security/SSLTest.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/web/security/SSLTest.java b/webapp/src/test/java/org/apache/atlas/web/security/SSLTest.java
index 95720fd..124a231 100755
--- a/webapp/src/test/java/org/apache/atlas/web/security/SSLTest.java
+++ b/webapp/src/test/java/org/apache/atlas/web/security/SSLTest.java
@@ -52,7 +52,7 @@ public class SSLTest extends BaseSSLAndKerberosTest {
class TestSecureEmbeddedServer extends SecureEmbeddedServer {
public TestSecureEmbeddedServer(int port, String path) throws IOException {
- super(port, path);
+ super(ATLAS_DEFAULT_BIND_ADDRESS, port, path);
}
public Server getServer() {
http://git-wip-us.apache.org/repos/asf/atlas/blob/42ccc44a/webapp/src/test/java/org/apache/atlas/web/service/SecureEmbeddedServerTest.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/web/service/SecureEmbeddedServerTest.java b/webapp/src/test/java/org/apache/atlas/web/service/SecureEmbeddedServerTest.java
index dc3b936..95c1233 100644
--- a/webapp/src/test/java/org/apache/atlas/web/service/SecureEmbeddedServerTest.java
+++ b/webapp/src/test/java/org/apache/atlas/web/service/SecureEmbeddedServerTest.java
@@ -49,7 +49,8 @@ public class SecureEmbeddedServerTest extends SecureEmbeddedServerTestBase {
ApplicationProperties.forceReload();
SecureEmbeddedServer secureEmbeddedServer = null;
try {
- secureEmbeddedServer = new SecureEmbeddedServer(21443, TestUtils.getWarPath()) {
+ secureEmbeddedServer = new SecureEmbeddedServer(ATLAS_DEFAULT_HOST_ADDRESS,
+ 21443, TestUtils.getWarPath()) {
@Override
protected PropertiesConfiguration getConfiguration() {
return configuration;
http://git-wip-us.apache.org/repos/asf/atlas/blob/42ccc44a/webapp/src/test/java/org/apache/atlas/web/service/SecureEmbeddedServerTestBase.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/web/service/SecureEmbeddedServerTestBase.java b/webapp/src/test/java/org/apache/atlas/web/service/SecureEmbeddedServerTestBase.java
index 41c3cb1..f8ed6fb 100755
--- a/webapp/src/test/java/org/apache/atlas/web/service/SecureEmbeddedServerTestBase.java
+++ b/webapp/src/test/java/org/apache/atlas/web/service/SecureEmbeddedServerTestBase.java
@@ -105,7 +105,8 @@ public class SecureEmbeddedServerTestBase {
originalConf = System.getProperty("atlas.conf");
System.clearProperty("atlas.conf");
ApplicationProperties.forceReload();
- secureEmbeddedServer = new SecureEmbeddedServer(securePort, TestUtils.getWarPath());
+ secureEmbeddedServer = new SecureEmbeddedServer(
+ EmbeddedServer.ATLAS_DEFAULT_BIND_ADDRESS, securePort, TestUtils.getWarPath());
secureEmbeddedServer.server.start();
Assert.fail("Should have thrown an exception");
@@ -132,7 +133,8 @@ public class SecureEmbeddedServerTestBase {
configuration.setProperty(CERT_STORES_CREDENTIAL_PROVIDER_PATH, providerUrl);
try {
- secureEmbeddedServer = new SecureEmbeddedServer(securePort, TestUtils.getWarPath()) {
+ secureEmbeddedServer = new SecureEmbeddedServer(
+ EmbeddedServer.ATLAS_DEFAULT_BIND_ADDRESS, securePort, TestUtils.getWarPath()) {
@Override
protected PropertiesConfiguration getConfiguration() {
return configuration;
@@ -159,7 +161,8 @@ public class SecureEmbeddedServerTestBase {
setupCredentials();
try {
- secureEmbeddedServer = new SecureEmbeddedServer(securePort, TestUtils.getWarPath()) {
+ secureEmbeddedServer = new SecureEmbeddedServer(
+ EmbeddedServer.ATLAS_DEFAULT_BIND_ADDRESS, securePort, TestUtils.getWarPath()) {
@Override
protected PropertiesConfiguration getConfiguration() {
return configuration;