You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@drill.apache.org by Venki Korukanti <ve...@gmail.com> on 2015/09/14 19:42:27 UTC
Review Request 38359: DRILL-3201: Add authentication and
authorization to Drill Web client
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38359/
-----------------------------------------------------------
Review request for drill, Jacques Nadeau and Jason Altekruse.
Repository: drill-git
Description
-------
Use jetty's SecurityHandler (with FormAuthenticator and LoginService) to enforce authentication. Use jersey's annotations to enforece authorizations.
Diffs
-----
pom.xml 8d4b318f26c0d9723cc1bd8d842d38e8fa7f9cea
Diff: https://reviews.apache.org/r/38359/diff/
Testing
-------
Currently testing is manual. Rest based unittests are coming in DRILL-2965.
Thanks,
Venki Korukanti
Re: Review Request 38359: DRILL-3201: Add authentication and
authorization to Drill Web client
Posted by Jacques Nadeau <ja...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38359/#review113850
-----------------------------------------------------------
Ship it!
Ship It!
- Jacques Nadeau
On Jan. 11, 2016, 5:03 p.m., Venki Korukanti wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/38359/
> -----------------------------------------------------------
>
> (Updated Jan. 11, 2016, 5:03 p.m.)
>
>
> Review request for drill, Jacques Nadeau and Jason Altekruse.
>
>
> Repository: drill-git
>
>
> Description
> -------
>
> Use jetty's SecurityHandler (with FormAuthenticator and LoginService) to enforce authentication. Use jersey's annotations to enforece authorizations.
>
>
> Diffs
> -----
>
> distribution/src/resources/drill-override-example.conf 6dbab3d
> exec/java-exec/src/main/java/org/apache/drill/exec/ExecConstants.java 0198da8
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/DrillRestServer.java 7d2dfe8
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/DrillRoot.java 3e972b4
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/LogInLogOutResources.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/MetricsResources.java 28a292b
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/QueryResources.java 1978cd8
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/QueryWrapper.java 0ca8e74
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/StatusResources.java c99c49b
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/StorageResources.java 1cff961
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/ThreadsResources.java def5acb
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/ViewableWithPermissions.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/WebServer.java 802d5cd
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/AbstractDrillLoginService.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/AnonymousAuthenticator.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/AnonymousLoginService.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/AuthDynamicFeature.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillRestLoginService.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillUserPrincipal.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/profile/ProfileResources.java 6656bf6
> exec/java-exec/src/main/resources/drill-module.conf 6b5d9fe
> exec/java-exec/src/main/resources/rest/generic.ftl 9df2424
> exec/java-exec/src/main/resources/rest/login.ftl PRE-CREATION
> exec/java-exec/src/main/resources/rest/static/img/apache-drill-logo.png PRE-CREATION
>
> Diff: https://reviews.apache.org/r/38359/diff/
>
>
> Testing
> -------
>
> Currently testing is manual. Rest based unittests are coming in DRILL-2965.
>
>
> Thanks,
>
> Venki Korukanti
>
>
Re: Review Request 38359: DRILL-3201: Add authentication and
authorization to Drill Web client
Posted by Venki Korukanti <ve...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38359/
-----------------------------------------------------------
(Updated Jan. 11, 2016, 9:03 a.m.)
Review request for drill, Jacques Nadeau and Jason Altekruse.
Changes
-------
Added AuthDynamicFeature (implementation of DynamicFeature) to attach Auth check filters for resources that require user to be authenticated. Filter checks if the user is authentication, if not forwarded to the login page. Now only resource annotations define whether the resource needs user authentication or not along with privileges.
Also:
1) removed the SecurityConstraints in jetty layer.
2) renamed log/{in, out} resources to /login and /logout.
Repository: drill-git
Description
-------
Use jetty's SecurityHandler (with FormAuthenticator and LoginService) to enforce authentication. Use jersey's annotations to enforece authorizations.
Diffs (updated)
-----
distribution/src/resources/drill-override-example.conf 6dbab3d
exec/java-exec/src/main/java/org/apache/drill/exec/ExecConstants.java 0198da8
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/DrillRestServer.java 7d2dfe8
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/DrillRoot.java 3e972b4
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/LogInLogOutResources.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/MetricsResources.java 28a292b
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/QueryResources.java 1978cd8
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/QueryWrapper.java 0ca8e74
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/StatusResources.java c99c49b
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/StorageResources.java 1cff961
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/ThreadsResources.java def5acb
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/ViewableWithPermissions.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/WebServer.java 802d5cd
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/AbstractDrillLoginService.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/AnonymousAuthenticator.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/AnonymousLoginService.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/AuthDynamicFeature.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillRestLoginService.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillUserPrincipal.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/profile/ProfileResources.java 6656bf6
exec/java-exec/src/main/resources/drill-module.conf 6b5d9fe
exec/java-exec/src/main/resources/rest/generic.ftl 9df2424
exec/java-exec/src/main/resources/rest/login.ftl PRE-CREATION
exec/java-exec/src/main/resources/rest/static/img/apache-drill-logo.png PRE-CREATION
Diff: https://reviews.apache.org/r/38359/diff/
Testing
-------
Currently testing is manual. Rest based unittests are coming in DRILL-2965.
Thanks,
Venki Korukanti
Re: Review Request 38359: DRILL-3201: Add authentication and
authorization to Drill Web client
Posted by Venki Korukanti <ve...@gmail.com>.
> On Sept. 22, 2015, 8:41 a.m., Jacques Nadeau wrote:
> > exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/RestServerHelper.java, line 190
> > <https://reviews.apache.org/r/38359/diff/3-4/?file=1074935#file1074935line190>
> >
> > If you permissions annotations on the Login/Out resources, you shouldn't need this.
We still need the constraints here, because the decision whether the resource needs authentication or not is taken in SecurityHandler before the the request is even passed to the ServletContainer based on the given SecurityConstraints. SecurityHandler doesn't look at the annotations on jeresey resources. Jeresey uses the set SecurityContext to decides whether to allow the request to the resource or not based on the annotations on resource and user roles in SecurityContext in jeresey filter RolesAllowedDynamicFeature.
We could move the authentication filter into jeresey filter by implementing the ContainerRequestFilter/DynamicFeature, where we could look the annotations on the resource to decide whether it needs authentication or not. The problem I had here is there seems to no way to have form authentication using this model. Basically ContainerRequestFilter.filter receives a ContainerRequestContext which doesn't have any methods to forward the request to login page in case the credentials are needed or access to HttpSession. If the request already contains userName/Password in header (basic authentication), then this method is ok to use it, but in our case we are looking for form authentication.
One another approach I just thought of is we could auto generate SecurityConstraints by scanning resources in DrillRestServer. This avoids manually maintaining the SecurityConstraints. If you are ok, I can address this as an improvment in a separate JIRA.
> On Sept. 22, 2015, 8:41 a.m., Jacques Nadeau wrote:
> > exec/java-exec/src/main/resources/rest/log/login.ftl, line 13
> > <https://reviews.apache.org/r/38359/diff/4/?file=1075126#file1075126line13>
> >
> > Let's not create a separate file for the ui framework. We should share the existing framework we use everywhere else (via ftl include)
I will update the ViewablePermissions to add one more flag "showControls" to Model.
> On Sept. 22, 2015, 8:41 a.m., Jacques Nadeau wrote:
> > exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/LogInLogOutResources.java, line 35
> > <https://reviews.apache.org/r/38359/diff/4/?file=1075108#file1075108line35>
> >
> > can we make this /login
I was putting all login related resources under "/log" to avoid multiple security constraints for each login resource (i.e "/login/*, "/logout")
- Venki
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38359/#review99997
-----------------------------------------------------------
On Sept. 16, 2015, 12:06 a.m., Venki Korukanti wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/38359/
> -----------------------------------------------------------
>
> (Updated Sept. 16, 2015, 12:06 a.m.)
>
>
> Review request for drill, Jacques Nadeau and Jason Altekruse.
>
>
> Repository: drill-git
>
>
> Description
> -------
>
> Use jetty's SecurityHandler (with FormAuthenticator and LoginService) to enforce authentication. Use jersey's annotations to enforece authorizations.
>
>
> Diffs
> -----
>
> distribution/src/resources/drill-override-example.conf 805d6e9
> exec/java-exec/src/main/java/org/apache/drill/exec/ExecConstants.java 0f6a5bb
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/DrillRestServer.java 8c14587
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/DrillRoot.java 3e972b4
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/LogInLogOutResources.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/LogOutServlet.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/MetricsResources.java 28a292b
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/QueryResources.java 145a476
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/QueryWrapper.java ee31929
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/RestServerHelper.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/StatusResources.java c99c49b
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/StorageResources.java 49f387c
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/ThreadsResources.java def5acb
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/ViewableWithPermissions.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/AbstractDrillLoginService.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/AnonymousAuthenticator.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/AnonymousLoginService.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillRestLoginService.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillUserPrincipal.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/profile/ProfileResources.java 6656bf6
> exec/java-exec/src/main/resources/drill-module.conf dbe449a
> exec/java-exec/src/main/resources/rest/generic.ftl 9df2424
> exec/java-exec/src/main/resources/rest/log/login.ftl PRE-CREATION
> exec/java-exec/src/main/resources/rest/static/img/apache-drill-logo.png PRE-CREATION
>
> Diff: https://reviews.apache.org/r/38359/diff/
>
>
> Testing
> -------
>
> Currently testing is manual. Rest based unittests are coming in DRILL-2965.
>
>
> Thanks,
>
> Venki Korukanti
>
>
Re: Review Request 38359: DRILL-3201: Add authentication and
authorization to Drill Web client
Posted by Jacques Nadeau <ja...@gmail.com>.
> On Sept. 22, 2015, 3:41 p.m., Jacques Nadeau wrote:
> > exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/RestServerHelper.java, line 190
> > <https://reviews.apache.org/r/38359/diff/3-4/?file=1074935#file1074935line190>
> >
> > If you permissions annotations on the Login/Out resources, you shouldn't need this.
>
> Venki Korukanti wrote:
> We still need the constraints here, because the decision whether the resource needs authentication or not is taken in SecurityHandler before the the request is even passed to the ServletContainer based on the given SecurityConstraints. SecurityHandler doesn't look at the annotations on jeresey resources. Jeresey uses the set SecurityContext to decides whether to allow the request to the resource or not based on the annotations on resource and user roles in SecurityContext in jeresey filter RolesAllowedDynamicFeature.
>
> We could move the authentication filter into jeresey filter by implementing the ContainerRequestFilter/DynamicFeature, where we could look the annotations on the resource to decide whether it needs authentication or not. The problem I had here is there seems to no way to have form authentication using this model. Basically ContainerRequestFilter.filter receives a ContainerRequestContext which doesn't have any methods to forward the request to login page in case the credentials are needed or access to HttpSession. If the request already contains userName/Password in header (basic authentication), then this method is ok to use it, but in our case we are looking for form authentication.
>
> One another approach I just thought of is we could auto generate SecurityConstraints by scanning resources in DrillRestServer. This avoids manually maintaining the SecurityConstraints. If you are ok, I can address this as an improvment in a separate JIRA.
By implementing a filter level default block-everything policy, this basically means we can't take advantage of annotation based filtering. Is it possible to instead state a block all in Jersey (that only applies if another annotation doesn't override that default behavior)? This way we can continue to leverage annotation based security.
> On Sept. 22, 2015, 3:41 p.m., Jacques Nadeau wrote:
> > exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/LogInLogOutResources.java, line 35
> > <https://reviews.apache.org/r/38359/diff/4/?file=1075108#file1075108line35>
> >
> > can we make this /login
>
> Venki Korukanti wrote:
> I was putting all login related resources under "/log" to avoid multiple security constraints for each login resource (i.e "/login/*, "/logout")
I think we need to solve the dual security problem then we can avoid this complexity but make the urls user friendly.
- Jacques
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38359/#review99997
-----------------------------------------------------------
On Sept. 16, 2015, 7:06 a.m., Venki Korukanti wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/38359/
> -----------------------------------------------------------
>
> (Updated Sept. 16, 2015, 7:06 a.m.)
>
>
> Review request for drill, Jacques Nadeau and Jason Altekruse.
>
>
> Repository: drill-git
>
>
> Description
> -------
>
> Use jetty's SecurityHandler (with FormAuthenticator and LoginService) to enforce authentication. Use jersey's annotations to enforece authorizations.
>
>
> Diffs
> -----
>
> distribution/src/resources/drill-override-example.conf 805d6e9
> exec/java-exec/src/main/java/org/apache/drill/exec/ExecConstants.java 0f6a5bb
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/DrillRestServer.java 8c14587
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/DrillRoot.java 3e972b4
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/LogInLogOutResources.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/LogOutServlet.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/MetricsResources.java 28a292b
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/QueryResources.java 145a476
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/QueryWrapper.java ee31929
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/RestServerHelper.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/StatusResources.java c99c49b
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/StorageResources.java 49f387c
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/ThreadsResources.java def5acb
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/ViewableWithPermissions.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/AbstractDrillLoginService.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/AnonymousAuthenticator.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/AnonymousLoginService.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillRestLoginService.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillUserPrincipal.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/profile/ProfileResources.java 6656bf6
> exec/java-exec/src/main/resources/drill-module.conf dbe449a
> exec/java-exec/src/main/resources/rest/generic.ftl 9df2424
> exec/java-exec/src/main/resources/rest/log/login.ftl PRE-CREATION
> exec/java-exec/src/main/resources/rest/static/img/apache-drill-logo.png PRE-CREATION
>
> Diff: https://reviews.apache.org/r/38359/diff/
>
>
> Testing
> -------
>
> Currently testing is manual. Rest based unittests are coming in DRILL-2965.
>
>
> Thanks,
>
> Venki Korukanti
>
>
Re: Review Request 38359: DRILL-3201: Add authentication and
authorization to Drill Web client
Posted by Jacques Nadeau <ja...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38359/#review99997
-----------------------------------------------------------
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/RestServerHelper.java (line 185)
<https://reviews.apache.org/r/38359/#comment157067>
If you permissions annotations on the Login/Out resources, you shouldn't need this.
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/LogInLogOutResources.java (line 35)
<https://reviews.apache.org/r/38359/#comment157063>
can we make this /login
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/LogInLogOutResources.java (line 42)
<https://reviews.apache.org/r/38359/#comment157064>
how about /login/error
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/LogInLogOutResources.java (line 49)
<https://reviews.apache.org/r/38359/#comment157065>
/logout
exec/java-exec/src/main/resources/rest/log/login.ftl (line 13)
<https://reviews.apache.org/r/38359/#comment157066>
Let's not create a separate file for the ui framework. We should share the existing framework we use everywhere else (via ftl include)
- Jacques Nadeau
On Sept. 16, 2015, 7:06 a.m., Venki Korukanti wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/38359/
> -----------------------------------------------------------
>
> (Updated Sept. 16, 2015, 7:06 a.m.)
>
>
> Review request for drill, Jacques Nadeau and Jason Altekruse.
>
>
> Repository: drill-git
>
>
> Description
> -------
>
> Use jetty's SecurityHandler (with FormAuthenticator and LoginService) to enforce authentication. Use jersey's annotations to enforece authorizations.
>
>
> Diffs
> -----
>
> distribution/src/resources/drill-override-example.conf 805d6e9
> exec/java-exec/src/main/java/org/apache/drill/exec/ExecConstants.java 0f6a5bb
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/DrillRestServer.java 8c14587
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/DrillRoot.java 3e972b4
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/LogInLogOutResources.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/LogOutServlet.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/MetricsResources.java 28a292b
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/QueryResources.java 145a476
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/QueryWrapper.java ee31929
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/RestServerHelper.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/StatusResources.java c99c49b
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/StorageResources.java 49f387c
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/ThreadsResources.java def5acb
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/ViewableWithPermissions.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/AbstractDrillLoginService.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/AnonymousAuthenticator.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/AnonymousLoginService.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillRestLoginService.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillUserPrincipal.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/profile/ProfileResources.java 6656bf6
> exec/java-exec/src/main/resources/drill-module.conf dbe449a
> exec/java-exec/src/main/resources/rest/generic.ftl 9df2424
> exec/java-exec/src/main/resources/rest/log/login.ftl PRE-CREATION
> exec/java-exec/src/main/resources/rest/static/img/apache-drill-logo.png PRE-CREATION
>
> Diff: https://reviews.apache.org/r/38359/diff/
>
>
> Testing
> -------
>
> Currently testing is manual. Rest based unittests are coming in DRILL-2965.
>
>
> Thanks,
>
> Venki Korukanti
>
>
Re: Review Request 38359: DRILL-3201: Add authentication and
authorization to Drill Web client
Posted by Venki Korukanti <ve...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38359/
-----------------------------------------------------------
(Updated Sept. 16, 2015, 12:06 a.m.)
Review request for drill, Jacques Nadeau and Jason Altekruse.
Changes
-------
Refactored the login resources.
Repository: drill-git
Description
-------
Use jetty's SecurityHandler (with FormAuthenticator and LoginService) to enforce authentication. Use jersey's annotations to enforece authorizations.
Diffs (updated)
-----
distribution/src/resources/drill-override-example.conf 805d6e9
exec/java-exec/src/main/java/org/apache/drill/exec/ExecConstants.java 0f6a5bb
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/DrillRestServer.java 8c14587
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/DrillRoot.java 3e972b4
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/LogInLogOutResources.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/LogOutServlet.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/MetricsResources.java 28a292b
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/QueryResources.java 145a476
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/QueryWrapper.java ee31929
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/RestServerHelper.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/StatusResources.java c99c49b
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/StorageResources.java 49f387c
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/ThreadsResources.java def5acb
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/ViewableWithPermissions.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/AbstractDrillLoginService.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/AnonymousAuthenticator.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/AnonymousLoginService.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillRestLoginService.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillUserPrincipal.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/profile/ProfileResources.java 6656bf6
exec/java-exec/src/main/resources/drill-module.conf dbe449a
exec/java-exec/src/main/resources/rest/generic.ftl 9df2424
exec/java-exec/src/main/resources/rest/log/login.ftl PRE-CREATION
exec/java-exec/src/main/resources/rest/static/img/apache-drill-logo.png PRE-CREATION
Diff: https://reviews.apache.org/r/38359/diff/
Testing
-------
Currently testing is manual. Rest based unittests are coming in DRILL-2965.
Thanks,
Venki Korukanti
Re: Review Request 38359: DRILL-3201: Add authentication and
authorization to Drill Web client
Posted by Venki Korukanti <ve...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38359/
-----------------------------------------------------------
(Updated Sept. 15, 2015, 7:57 p.m.)
Review request for drill, Jacques Nadeau and Jason Altekruse.
Changes
-------
Addressed review comments.
Repository: drill-git
Description
-------
Use jetty's SecurityHandler (with FormAuthenticator and LoginService) to enforce authentication. Use jersey's annotations to enforece authorizations.
Diffs (updated)
-----
distribution/src/resources/drill-override-example.conf 805d6e9
exec/java-exec/src/main/java/org/apache/drill/exec/ExecConstants.java 0f6a5bb
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/DrillRestServer.java 8c14587
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/DrillRoot.java 3e972b4
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/LogOutServlet.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/MetricsResources.java 28a292b
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/QueryResources.java 145a476
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/QueryWrapper.java ee31929
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/RestServerHelper.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/StatusResources.java c99c49b
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/StorageResources.java 49f387c
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/ThreadsResources.java def5acb
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/ViewableWithPermissions.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/AbstractDrillLoginService.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/AnonymousAuthenticator.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/AnonymousLoginService.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillRestLoginService.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillUserPrincipal.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/profile/ProfileResources.java 6656bf6
exec/java-exec/src/main/resources/drill-module.conf dbe449a
exec/java-exec/src/main/resources/rest/generic.ftl 9df2424
exec/java-exec/src/main/resources/rest/static/img/apache-drill-logo.png PRE-CREATION
exec/java-exec/src/main/resources/rest/static/login.html PRE-CREATION
Diff: https://reviews.apache.org/r/38359/diff/
Testing
-------
Currently testing is manual. Rest based unittests are coming in DRILL-2965.
Thanks,
Venki Korukanti
Re: Review Request 38359: DRILL-3201: Add authentication and
authorization to Drill Web client
Posted by Jacques Nadeau <ja...@gmail.com>.
> On Sept. 15, 2015, 2 a.m., Jacques Nadeau wrote:
> > exec/java-exec/src/main/resources/rest/generic.ftl, line 59
> > <https://reviews.apache.org/r/38359/diff/2/?file=1072655#file1072655line59>
> >
> > You should leak authorization logic into the template. This should be constrained to the model. Along the following:
> >
> > boolean showStorage()
> > boolean showOptions()
> > boolean showLoginLogout()
That should say "You should not leak..."
- Jacques
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38359/#review98978
-----------------------------------------------------------
On Sept. 14, 2015, 5:43 p.m., Venki Korukanti wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/38359/
> -----------------------------------------------------------
>
> (Updated Sept. 14, 2015, 5:43 p.m.)
>
>
> Review request for drill, Jacques Nadeau and Jason Altekruse.
>
>
> Repository: drill-git
>
>
> Description
> -------
>
> Use jetty's SecurityHandler (with FormAuthenticator and LoginService) to enforce authentication. Use jersey's annotations to enforece authorizations.
>
>
> Diffs
> -----
>
> distribution/src/resources/drill-override-example.conf 805d6e9
> exec/java-exec/src/main/java/org/apache/drill/exec/ExecConstants.java 0f6a5bb
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/DrillRestServer.java 8c14587
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/DrillRoot.java 3e972b4
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/LogOutServlet.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/MetricsResources.java 28a292b
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/ModelWrapper.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/QueryResources.java 145a476
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/QueryWrapper.java ee31929
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/RestServerHelper.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/StatusResources.java c99c49b
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/StorageResources.java 49f387c
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/ThreadsResources.java def5acb
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/WebUserSession.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/AnonymousAuthenticator.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/AnonymousLoginService.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillRestLoginService.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillUserPrincipal.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/profile/ProfileResources.java 6656bf6
> exec/java-exec/src/main/resources/drill-module.conf dbe449a
> exec/java-exec/src/main/resources/rest/generic.ftl 9df2424
> exec/java-exec/src/main/resources/rest/index.ftl 99e9d8c
> exec/java-exec/src/main/resources/rest/options.ftl 7ba1250
> exec/java-exec/src/main/resources/rest/profile/list.ftl cf92ede
> exec/java-exec/src/main/resources/rest/profile/profile.ftl 47c7e06
> exec/java-exec/src/main/resources/rest/query/errorMessage.ftl dbdcc9e
> exec/java-exec/src/main/resources/rest/query/result.ftl 7fe52a4
> exec/java-exec/src/main/resources/rest/static/img/apache-drill-logo.png PRE-CREATION
> exec/java-exec/src/main/resources/rest/static/login.html PRE-CREATION
> exec/java-exec/src/main/resources/rest/status.ftl cafa523
> exec/java-exec/src/main/resources/rest/storage/list.ftl ef97561
> exec/java-exec/src/main/resources/rest/storage/update.ftl 2a276e1
> pom.xml c17e612
>
> Diff: https://reviews.apache.org/r/38359/diff/
>
>
> Testing
> -------
>
> Currently testing is manual. Rest based unittests are coming in DRILL-2965.
>
>
> Thanks,
>
> Venki Korukanti
>
>
Re: Review Request 38359: DRILL-3201: Add authentication and
authorization to Drill Web client
Posted by Venki Korukanti <ve...@gmail.com>.
> On Sept. 14, 2015, 7 p.m., Jacques Nadeau wrote:
> > exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/WebUserSession.java, line 31
> > <https://reviews.apache.org/r/38359/diff/2/?file=1072648#file1072648line31>
> >
> > Why do we have a WebUserSession and a principal? Shouldn't they be interconnected?
Initially I thought it would be better to keep the resources separate from the identity info which the Principal contains, but looking at again it seems to better if the DrillClient (additional property in WebUserSession) is part of the Principal.
> On Sept. 14, 2015, 7 p.m., Jacques Nadeau wrote:
> > exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillUserPrincipal.java, line 47
> > <https://reviews.apache.org/r/38359/diff/2/?file=1072652#file1072652line47>
> >
> > It seems wrong that we are holding onto this. Do we need to?
I kept this for two reasons:
1) We need the password to create the DrillClient later when are inserting the WebUserSession. Removed the WebUserSession and made the DrillClient part of the Principal itself. So now we don't need the password for this case.
2) LoginService has a method called validate which can be called with the UserIdentity returned from login() to see if the user is still valid. Thinking about now, it looks like we don't have to worry that a user credentials are valid or not after the login is successful. From JDBC/ODBC we don't recheck the credentials after the login. Also in Linux bases systems, users can still continue to function in logged in session even if the password has changed. Let me know your opinion on this.
> On Sept. 14, 2015, 7 p.m., Jacques Nadeau wrote:
> > exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/WebUserSession.java, line 42
> > <https://reviews.apache.org/r/38359/diff/2/?file=1072648#file1072648line42>
> >
> > What happens if a user happens to have the account named anonymous?
Fixed this by getting the auth method from SecurityContext.getAuthenticationScheme(). It is part of ViewableWithPermissions class now.
> On Sept. 14, 2015, 7 p.m., Jacques Nadeau wrote:
> > exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/StorageResources.java, line 94
> > <https://reviews.apache.org/r/38359/diff/2/?file=1072646#file1072646line94>
> >
> > Can you update all of these. Let's just create a ViewableWithPermissions or similar.
> >
> > Then we can create a Map<String, Object> as the object with "model" as the value we pass in. And the appropriate other values as booleans. This should work and allow everything else to be the same. See here for why I think it will work:
> >
> > https://github.com/jersey/jersey/blob/master/ext/mvc-freemarker/src/main/java/org/glassfish/jersey/server/mvc/freemarker/FreemarkerViewProcessor.java#L120
updated
- Venki
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38359/#review98978
-----------------------------------------------------------
On Sept. 14, 2015, 10:43 a.m., Venki Korukanti wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/38359/
> -----------------------------------------------------------
>
> (Updated Sept. 14, 2015, 10:43 a.m.)
>
>
> Review request for drill, Jacques Nadeau and Jason Altekruse.
>
>
> Repository: drill-git
>
>
> Description
> -------
>
> Use jetty's SecurityHandler (with FormAuthenticator and LoginService) to enforce authentication. Use jersey's annotations to enforece authorizations.
>
>
> Diffs
> -----
>
> distribution/src/resources/drill-override-example.conf 805d6e9
> exec/java-exec/src/main/java/org/apache/drill/exec/ExecConstants.java 0f6a5bb
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/DrillRestServer.java 8c14587
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/DrillRoot.java 3e972b4
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/LogOutServlet.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/MetricsResources.java 28a292b
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/ModelWrapper.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/QueryResources.java 145a476
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/QueryWrapper.java ee31929
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/RestServerHelper.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/StatusResources.java c99c49b
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/StorageResources.java 49f387c
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/ThreadsResources.java def5acb
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/WebUserSession.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/AnonymousAuthenticator.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/AnonymousLoginService.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillRestLoginService.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillUserPrincipal.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/profile/ProfileResources.java 6656bf6
> exec/java-exec/src/main/resources/drill-module.conf dbe449a
> exec/java-exec/src/main/resources/rest/generic.ftl 9df2424
> exec/java-exec/src/main/resources/rest/index.ftl 99e9d8c
> exec/java-exec/src/main/resources/rest/options.ftl 7ba1250
> exec/java-exec/src/main/resources/rest/profile/list.ftl cf92ede
> exec/java-exec/src/main/resources/rest/profile/profile.ftl 47c7e06
> exec/java-exec/src/main/resources/rest/query/errorMessage.ftl dbdcc9e
> exec/java-exec/src/main/resources/rest/query/result.ftl 7fe52a4
> exec/java-exec/src/main/resources/rest/static/img/apache-drill-logo.png PRE-CREATION
> exec/java-exec/src/main/resources/rest/static/login.html PRE-CREATION
> exec/java-exec/src/main/resources/rest/status.ftl cafa523
> exec/java-exec/src/main/resources/rest/storage/list.ftl ef97561
> exec/java-exec/src/main/resources/rest/storage/update.ftl 2a276e1
> pom.xml c17e612
>
> Diff: https://reviews.apache.org/r/38359/diff/
>
>
> Testing
> -------
>
> Currently testing is manual. Rest based unittests are coming in DRILL-2965.
>
>
> Thanks,
>
> Venki Korukanti
>
>
Re: Review Request 38359: DRILL-3201: Add authentication and
authorization to Drill Web client
Posted by Jacques Nadeau <ja...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38359/#review98978
-----------------------------------------------------------
Initial thoughts.
distribution/src/resources/drill-override-example.conf (line 86)
<https://reviews.apache.org/r/38359/#comment155767>
maybe rename session_max_idle_secs
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/StorageResources.java (line 73)
<https://reviews.apache.org/r/38359/#comment155762>
You can inject security context at the class level so you don't have to pass around so much.
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/StorageResources.java (line 91)
<https://reviews.apache.org/r/38359/#comment155763>
Can you update all of these. Let's just create a ViewableWithPermissions or similar.
Then we can create a Map<String, Object> as the object with "model" as the value we pass in. And the appropriate other values as booleans. This should work and allow everything else to be the same. See here for why I think it will work:
https://github.com/jersey/jersey/blob/master/ext/mvc-freemarker/src/main/java/org/glassfish/jersey/server/mvc/freemarker/FreemarkerViewProcessor.java#L120
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/ThreadsResources.java (line 31)
<https://reviews.apache.org/r/38359/#comment155764>
This seems like it should be ADMIN
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/WebUserSession.java (line 31)
<https://reviews.apache.org/r/38359/#comment155761>
Why do we have a WebUserSession and a principal? Shouldn't they be interconnected?
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/WebUserSession.java (line 42)
<https://reviews.apache.org/r/38359/#comment155754>
What happens if a user happens to have the account named anonymous?
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillUserPrincipal.java (line 47)
<https://reviews.apache.org/r/38359/#comment155760>
It seems wrong that we are holding onto this. Do we need to?
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/profile/ProfileResources.java (line 166)
<https://reviews.apache.org/r/38359/#comment155756>
encapsulate separately for each use
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/profile/ProfileResources.java (line 191)
<https://reviews.apache.org/r/38359/#comment155757>
I don't think the ModelWrapper makes sense. We should be specific about what we are passing and make it the model type. To me the generic approach leaks to much to the template when it isn't needed.
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/profile/ProfileResources.java (line 294)
<https://reviews.apache.org/r/38359/#comment155758>
Please encapsulate this as above. E.g. canRead and canManage (which probably delegate to the same underlying method). Right now you have this in numerous places.
I actually would suggest that you add this to the principal:
for example:
boolean isReadAllowed(Profile)
boolean isManageAllowed(Profile)
exec/java-exec/src/main/resources/rest/generic.ftl (line 59)
<https://reviews.apache.org/r/38359/#comment155765>
You should leak authorization logic into the template. This should be constrained to the model. Along the following:
boolean showStorage()
boolean showOptions()
boolean showLoginLogout()
pom.xml (line 167)
<https://reviews.apache.org/r/38359/#comment155766>
We should include apache headers in html.
- Jacques Nadeau
On Sept. 14, 2015, 5:43 p.m., Venki Korukanti wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/38359/
> -----------------------------------------------------------
>
> (Updated Sept. 14, 2015, 5:43 p.m.)
>
>
> Review request for drill, Jacques Nadeau and Jason Altekruse.
>
>
> Repository: drill-git
>
>
> Description
> -------
>
> Use jetty's SecurityHandler (with FormAuthenticator and LoginService) to enforce authentication. Use jersey's annotations to enforece authorizations.
>
>
> Diffs
> -----
>
> distribution/src/resources/drill-override-example.conf 805d6e9
> exec/java-exec/src/main/java/org/apache/drill/exec/ExecConstants.java 0f6a5bb
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/DrillRestServer.java 8c14587
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/DrillRoot.java 3e972b4
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/LogOutServlet.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/MetricsResources.java 28a292b
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/ModelWrapper.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/QueryResources.java 145a476
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/QueryWrapper.java ee31929
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/RestServerHelper.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/StatusResources.java c99c49b
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/StorageResources.java 49f387c
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/ThreadsResources.java def5acb
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/WebUserSession.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/AnonymousAuthenticator.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/AnonymousLoginService.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillRestLoginService.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillUserPrincipal.java PRE-CREATION
> exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/profile/ProfileResources.java 6656bf6
> exec/java-exec/src/main/resources/drill-module.conf dbe449a
> exec/java-exec/src/main/resources/rest/generic.ftl 9df2424
> exec/java-exec/src/main/resources/rest/index.ftl 99e9d8c
> exec/java-exec/src/main/resources/rest/options.ftl 7ba1250
> exec/java-exec/src/main/resources/rest/profile/list.ftl cf92ede
> exec/java-exec/src/main/resources/rest/profile/profile.ftl 47c7e06
> exec/java-exec/src/main/resources/rest/query/errorMessage.ftl dbdcc9e
> exec/java-exec/src/main/resources/rest/query/result.ftl 7fe52a4
> exec/java-exec/src/main/resources/rest/static/img/apache-drill-logo.png PRE-CREATION
> exec/java-exec/src/main/resources/rest/static/login.html PRE-CREATION
> exec/java-exec/src/main/resources/rest/status.ftl cafa523
> exec/java-exec/src/main/resources/rest/storage/list.ftl ef97561
> exec/java-exec/src/main/resources/rest/storage/update.ftl 2a276e1
> pom.xml c17e612
>
> Diff: https://reviews.apache.org/r/38359/diff/
>
>
> Testing
> -------
>
> Currently testing is manual. Rest based unittests are coming in DRILL-2965.
>
>
> Thanks,
>
> Venki Korukanti
>
>
Re: Review Request 38359: DRILL-3201: Add authentication and
authorization to Drill Web client
Posted by Venki Korukanti <ve...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38359/
-----------------------------------------------------------
(Updated Sept. 14, 2015, 10:43 a.m.)
Review request for drill, Jacques Nadeau and Jason Altekruse.
Repository: drill-git
Description
-------
Use jetty's SecurityHandler (with FormAuthenticator and LoginService) to enforce authentication. Use jersey's annotations to enforece authorizations.
Diffs (updated)
-----
distribution/src/resources/drill-override-example.conf 805d6e9
exec/java-exec/src/main/java/org/apache/drill/exec/ExecConstants.java 0f6a5bb
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/DrillRestServer.java 8c14587
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/DrillRoot.java 3e972b4
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/LogOutServlet.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/MetricsResources.java 28a292b
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/ModelWrapper.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/QueryResources.java 145a476
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/QueryWrapper.java ee31929
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/RestServerHelper.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/StatusResources.java c99c49b
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/StorageResources.java 49f387c
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/ThreadsResources.java def5acb
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/WebUserSession.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/AnonymousAuthenticator.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/AnonymousLoginService.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillRestLoginService.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/auth/DrillUserPrincipal.java PRE-CREATION
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/profile/ProfileResources.java 6656bf6
exec/java-exec/src/main/resources/drill-module.conf dbe449a
exec/java-exec/src/main/resources/rest/generic.ftl 9df2424
exec/java-exec/src/main/resources/rest/index.ftl 99e9d8c
exec/java-exec/src/main/resources/rest/options.ftl 7ba1250
exec/java-exec/src/main/resources/rest/profile/list.ftl cf92ede
exec/java-exec/src/main/resources/rest/profile/profile.ftl 47c7e06
exec/java-exec/src/main/resources/rest/query/errorMessage.ftl dbdcc9e
exec/java-exec/src/main/resources/rest/query/result.ftl 7fe52a4
exec/java-exec/src/main/resources/rest/static/img/apache-drill-logo.png PRE-CREATION
exec/java-exec/src/main/resources/rest/static/login.html PRE-CREATION
exec/java-exec/src/main/resources/rest/status.ftl cafa523
exec/java-exec/src/main/resources/rest/storage/list.ftl ef97561
exec/java-exec/src/main/resources/rest/storage/update.ftl 2a276e1
pom.xml c17e612
Diff: https://reviews.apache.org/r/38359/diff/
Testing
-------
Currently testing is manual. Rest based unittests are coming in DRILL-2965.
Thanks,
Venki Korukanti