You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kylin.apache.org by sh...@apache.org on 2016/09/06 04:01:02 UTC
[1/2] kylin git commit: KYLIN-1962: minor,
fix Spring Security read Kylin properties
Repository: kylin
Updated Branches:
refs/heads/master 08f7ddab1 -> ae72c2570
KYLIN-1962: minor, fix Spring Security read Kylin properties
Signed-off-by: shaofengshi <sh...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/kylin/repo
Commit: http://git-wip-us.apache.org/repos/asf/kylin/commit/6c35c859
Tree: http://git-wip-us.apache.org/repos/asf/kylin/tree/6c35c859
Diff: http://git-wip-us.apache.org/repos/asf/kylin/diff/6c35c859
Branch: refs/heads/master
Commit: 6c35c8594c34e7401a5adb43f649b1ed62e18841
Parents: 08f7dda
Author: Yiming Liu <li...@gmail.com>
Authored: Tue Sep 6 00:57:19 2016 +0800
Committer: shaofengshi <sh...@apache.org>
Committed: Tue Sep 6 12:00:47 2016 +0800
----------------------------------------------------------------------
.../org/apache/kylin/common/KylinConfig.java | 38 ++++++++++----------
.../security/PasswordPlaceholderConfigurer.java | 20 +++++++++++
.../org/apache/kylin/tool/DiagnosisInfoCLI.java | 2 +-
3 files changed, 40 insertions(+), 20 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/kylin/blob/6c35c859/core-common/src/main/java/org/apache/kylin/common/KylinConfig.java
----------------------------------------------------------------------
diff --git a/core-common/src/main/java/org/apache/kylin/common/KylinConfig.java b/core-common/src/main/java/org/apache/kylin/common/KylinConfig.java
index 241170a..f134ad4 100644
--- a/core-common/src/main/java/org/apache/kylin/common/KylinConfig.java
+++ b/core-common/src/main/java/org/apache/kylin/common/KylinConfig.java
@@ -47,7 +47,7 @@ public class KylinConfig extends KylinConfigBase {
/** Kylin properties file name */
public static final String KYLIN_CONF_PROPERTIES_FILE = "kylin.properties";
- public static final String KYLIN_SECURITY_CONF_PROPERTIES_FILE = "kylin_account.properties";
+ public static final String KYLIN_ACCOUNT_CONF_PROPERTIES_FILE = "kylin_account.properties";
public static final String KYLIN_CONF = "KYLIN_CONF";
// static cached instances
@@ -205,11 +205,11 @@ public class KylinConfig extends KylinConfigBase {
return getKylinPropertiesFile(path);
}
- static File getKylinSecurityPropertiesFile() {
+ static File getKylinAccountPropertiesFile() {
String kylinConfHome = System.getProperty(KYLIN_CONF);
if (!StringUtils.isEmpty(kylinConfHome)) {
logger.info("Use KYLIN_CONF=" + kylinConfHome);
- return getKylinSecurityPropertiesFile(kylinConfHome);
+ return getKylinAccountPropertiesFile(kylinConfHome);
}
logger.warn("KYLIN_CONF property was not set, will seek KYLIN_HOME env variable");
@@ -219,10 +219,10 @@ public class KylinConfig extends KylinConfigBase {
throw new KylinConfigCannotInitException("Didn't find KYLIN_CONF or KYLIN_HOME, please set one of them");
String path = kylinHome + File.separator + "conf";
- return getKylinSecurityPropertiesFile(path);
+ return getKylinAccountPropertiesFile(path);
}
- private static Properties getKylinProperties() {
+ public static Properties getKylinProperties() {
File propFile = getKylinPropertiesFile();
if (propFile == null || !propFile.exists()) {
logger.error("fail to locate " + KYLIN_CONF_PROPERTIES_FILE);
@@ -243,22 +243,22 @@ public class KylinConfig extends KylinConfigBase {
conf.putAll(propOverride);
}
- File securityPropFile = getKylinSecurityPropertiesFile();
- if (securityPropFile.exists()) {
- FileInputStream ois = new FileInputStream(securityPropFile);
- Properties propSecurity = new Properties();
- propSecurity.load(ois);
+ File accountPropFile = getKylinAccountPropertiesFile();
+ if (accountPropFile.exists()) {
+ FileInputStream ois = new FileInputStream(accountPropFile);
+ Properties propAccount = new Properties();
+ propAccount.load(ois);
IOUtils.closeQuietly(ois);
- conf.putAll(propSecurity);
+ conf.putAll(propAccount);
}
- File securityPropOverrideFile = new File(securityPropFile.getParentFile(), securityPropFile.getName() + ".override");
- if (securityPropOverrideFile.exists()) {
- FileInputStream ois = new FileInputStream(securityPropOverrideFile);
- Properties propSecurityOverride = new Properties();
- propSecurityOverride.load(ois);
+ File accountPropOverrideFile = new File(accountPropFile.getParentFile(), accountPropFile.getName() + ".override");
+ if (accountPropOverrideFile.exists()) {
+ FileInputStream ois = new FileInputStream(accountPropOverrideFile);
+ Properties propAccountOverride = new Properties();
+ propAccountOverride.load(ois);
IOUtils.closeQuietly(ois);
- conf.putAll(propSecurityOverride);
+ conf.putAll(propAccountOverride);
}
} catch (IOException e) {
@@ -282,12 +282,12 @@ public class KylinConfig extends KylinConfigBase {
return new File(path, KYLIN_CONF_PROPERTIES_FILE);
}
- private static File getKylinSecurityPropertiesFile(String path) {
+ private static File getKylinAccountPropertiesFile(String path) {
if (path == null) {
return null;
}
- return new File(path, KYLIN_SECURITY_CONF_PROPERTIES_FILE);
+ return new File(path, KYLIN_ACCOUNT_CONF_PROPERTIES_FILE);
}
public static void setSandboxEnvIfPossible() {
http://git-wip-us.apache.org/repos/asf/kylin/blob/6c35c859/server-base/src/main/java/org/apache/kylin/rest/security/PasswordPlaceholderConfigurer.java
----------------------------------------------------------------------
diff --git a/server-base/src/main/java/org/apache/kylin/rest/security/PasswordPlaceholderConfigurer.java b/server-base/src/main/java/org/apache/kylin/rest/security/PasswordPlaceholderConfigurer.java
index 5381b14..092d73a 100644
--- a/server-base/src/main/java/org/apache/kylin/rest/security/PasswordPlaceholderConfigurer.java
+++ b/server-base/src/main/java/org/apache/kylin/rest/security/PasswordPlaceholderConfigurer.java
@@ -18,13 +18,21 @@
package org.apache.kylin.rest.security;
+import java.io.InputStream;
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.nio.charset.Charset;
import java.util.Properties;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.io.IOUtils;
+import org.apache.kylin.common.KylinConfig;
import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;
+import org.springframework.core.io.InputStreamResource;
+import org.springframework.core.io.Resource;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
/**
@@ -38,7 +46,19 @@ public class PasswordPlaceholderConfigurer extends PropertyPlaceholderConfigurer
*/
private static byte[] key = { 0x74, 0x68, 0x69, 0x73, 0x49, 0x73, 0x41, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b, 0x65, 0x79 };
+ /**
+ * The PasswordPlaceholderConfigurer will read Kylin properties as the Spring resource
+ */
public PasswordPlaceholderConfigurer() {
+ Resource[] resources = new Resource[1];
+ Properties prop = KylinConfig.getKylinProperties();
+ StringWriter writer = new StringWriter();
+ prop.list(new PrintWriter(writer));
+ String propString = writer.getBuffer().toString();
+ IOUtils.closeQuietly(writer);
+ InputStream is = IOUtils.toInputStream(propString, Charset.defaultCharset());
+ resources[0] = new InputStreamResource(is);
+ this.setLocations(resources);
}
public static String encrypt(String strToEncrypt) {
http://git-wip-us.apache.org/repos/asf/kylin/blob/6c35c859/tool/src/main/java/org/apache/kylin/tool/DiagnosisInfoCLI.java
----------------------------------------------------------------------
diff --git a/tool/src/main/java/org/apache/kylin/tool/DiagnosisInfoCLI.java b/tool/src/main/java/org/apache/kylin/tool/DiagnosisInfoCLI.java
index e77ac3b..f93aaf2 100644
--- a/tool/src/main/java/org/apache/kylin/tool/DiagnosisInfoCLI.java
+++ b/tool/src/main/java/org/apache/kylin/tool/DiagnosisInfoCLI.java
@@ -184,7 +184,7 @@ public class DiagnosisInfoCLI extends AbstractInfoExtractor {
File[] confFiles = srcConfDir.listFiles();
if (confFiles != null) {
for (File confFile : confFiles) {
- if (!KylinConfig.KYLIN_SECURITY_CONF_PROPERTIES_FILE.equals(confFile.getName())) {
+ if (!KylinConfig.KYLIN_ACCOUNT_CONF_PROPERTIES_FILE.equals(confFile.getName())) {
FileUtils.copyFileToDirectory(confFile, destConfDir);
}
}
[2/2] kylin git commit: KYLIN-1962 use one file by default
Posted by sh...@apache.org.
KYLIN-1962 use one file by default
Project: http://git-wip-us.apache.org/repos/asf/kylin/repo
Commit: http://git-wip-us.apache.org/repos/asf/kylin/commit/ae72c257
Tree: http://git-wip-us.apache.org/repos/asf/kylin/tree/ae72c257
Diff: http://git-wip-us.apache.org/repos/asf/kylin/diff/ae72c257
Branch: refs/heads/master
Commit: ae72c25705002f70df5996a4101acacbd6af7db6
Parents: 6c35c85
Author: shaofengshi <sh...@apache.org>
Authored: Tue Sep 6 10:40:24 2016 +0800
Committer: shaofengshi <sh...@apache.org>
Committed: Tue Sep 6 12:00:54 2016 +0800
----------------------------------------------------------------------
build/conf/kylin.properties | 41 ++++++++++++++++++-
build/conf/kylin_account.properties | 42 --------------------
.../test_case_data/sandbox/kylin.properties | 5 +++
.../sandbox/kylin_account.properties | 13 ------
4 files changed, 44 insertions(+), 57 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/kylin/blob/ae72c257/build/conf/kylin.properties
----------------------------------------------------------------------
diff --git a/build/conf/kylin.properties b/build/conf/kylin.properties
index c20488a..ed86bdb 100644
--- a/build/conf/kylin.properties
+++ b/build/conf/kylin.properties
@@ -84,9 +84,14 @@ kylin.job.run.as.remote.cmd=false
# Only necessary when kylin.job.run.as.remote.cmd=true
kylin.job.remote.cli.hostname=
-
kylin.job.remote.cli.port=22
+# Only necessary when kylin.job.run.as.remote.cmd=true
+kylin.job.remote.cli.username=
+
+# Only necessary when kylin.job.run.as.remote.cmd=true
+kylin.job.remote.cli.password=
+
# Used by test cases to prepare synthetic data for sample cube
kylin.job.remote.cli.working.dir=/tmp/kylin
@@ -146,11 +151,43 @@ kylin.query.cache.enabled=true
# with "testing" profile, user can use pre-defined name/pwd like KYLIN/ADMIN to login
kylin.security.profile=testing
+### SECURITY ###
+# Default roles and admin roles in LDAP, for ldap and saml
+acl.defaultRole=ROLE_ANALYST,ROLE_MODELER
+acl.adminRole=ROLE_ADMIN
+
+# LDAP authentication configuration
+ldap.server=ldap://ldap_server:389
+ldap.username=
+ldap.password=
+
+# LDAP user account directory;
+ldap.user.searchBase=
+ldap.user.searchPattern=
+ldap.user.groupSearchBase=
+
+# LDAP service account directory
+ldap.service.searchBase=
+ldap.service.searchPattern=
+ldap.service.groupSearchBase=
+
+## SAML configurations for SSO
+# SAML IDP metadata file location
+saml.metadata.file=classpath:sso_metadata.xml
+saml.metadata.entityBaseURL=https://hostname/kylin
+saml.context.scheme=https
+saml.context.serverName=hostname
+saml.context.serverPort=443
+saml.context.contextPath=/kylin
+
### MAIL ###
# If true, will send email notification;
mail.enabled=false
-
+mail.host=
+mail.username=
+mail.password=
+mail.sender=
### WEB ###
# Help info, format{name|displayName|link}, optional
http://git-wip-us.apache.org/repos/asf/kylin/blob/ae72c257/build/conf/kylin_account.properties
----------------------------------------------------------------------
diff --git a/build/conf/kylin_account.properties b/build/conf/kylin_account.properties
deleted file mode 100644
index e98c142..0000000
--- a/build/conf/kylin_account.properties
+++ /dev/null
@@ -1,42 +0,0 @@
-### JOB ###
-
-# Only necessary when kylin.job.run.as.remote.cmd=true
-kylin.job.remote.cli.username=
-
-# Only necessary when kylin.job.run.as.remote.cmd=true
-kylin.job.remote.cli.password=
-
-### SECURITY ###
-# Default roles and admin roles in LDAP, for ldap and saml
-acl.defaultRole=ROLE_ANALYST,ROLE_MODELER
-acl.adminRole=ROLE_ADMIN
-
-# LDAP authentication configuration
-ldap.server=ldap://ldap_server:389
-ldap.username=
-ldap.password=
-
-# LDAP user account directory;
-ldap.user.searchBase=
-ldap.user.searchPattern=
-ldap.user.groupSearchBase=
-
-# LDAP service account directory
-ldap.service.searchBase=
-ldap.service.searchPattern=
-ldap.service.groupSearchBase=
-
-# SAML configurations for SSO
-# SAML IDP metadata file location
-saml.metadata.file=classpath:sso_metadata.xml
-saml.metadata.entityBaseURL=https://hostname/kylin
-saml.context.scheme=https
-saml.context.serverName=hostname
-saml.context.serverPort=443
-saml.context.contextPath=/kylin
-
-### MAIL ###
-mail.host=
-mail.username=
-mail.password=
-mail.sender=
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/kylin/blob/ae72c257/examples/test_case_data/sandbox/kylin.properties
----------------------------------------------------------------------
diff --git a/examples/test_case_data/sandbox/kylin.properties b/examples/test_case_data/sandbox/kylin.properties
index a6f89df..1d1d9ba 100644
--- a/examples/test_case_data/sandbox/kylin.properties
+++ b/examples/test_case_data/sandbox/kylin.properties
@@ -67,6 +67,11 @@ kylin.job.run.as.remote.cmd=false
# Only necessary when kylin.job.run.as.remote.cmd=true
kylin.job.remote.cli.hostname=sandbox
+kylin.job.remote.cli.username=root
+
+# Only necessary when kylin.job.run.as.remote.cmd=true
+kylin.job.remote.cli.password=hadoop
+
# Used by test cases to prepare synthetic data for sample cube
kylin.job.remote.cli.working.dir=/tmp/kylin
http://git-wip-us.apache.org/repos/asf/kylin/blob/ae72c257/examples/test_case_data/sandbox/kylin_account.properties
----------------------------------------------------------------------
diff --git a/examples/test_case_data/sandbox/kylin_account.properties b/examples/test_case_data/sandbox/kylin_account.properties
deleted file mode 100644
index 0dfa5f7..0000000
--- a/examples/test_case_data/sandbox/kylin_account.properties
+++ /dev/null
@@ -1,13 +0,0 @@
-### JOB ###
-
-# Only necessary when kylin.job.run.as.remote.cmd=true
-kylin.job.remote.cli.username=root
-
-# Only necessary when kylin.job.run.as.remote.cmd=true
-kylin.job.remote.cli.password=hadoop
-
-### MAIL ###
-mail.host=
-mail.username=
-mail.password=
-mail.sender=