You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicecomb.apache.org by li...@apache.org on 2018/08/07 12:50:10 UTC
[incubator-servicecomb-java-chassis] 01/02: [SCB-788] public key
black/white add feature: choose server by version
This is an automated email from the ASF dual-hosted git repository.
liubao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-servicecomb-java-chassis.git
commit 2a942208261f1a0527d45f6db95bc3a15f78b6cb
Author: weichao666 <we...@huawei.com>
AuthorDate: Mon Jul 30 20:07:03 2018 +0800
[SCB-788] public key black/white add feature: choose server by version
---
.../authentication/provider/AccessController.java | 42 ++++++++--
.../authentication/TestAccessController.java | 97 +++++++++++++++++-----
.../store/src/main/resources/microservice.yaml | 5 +-
3 files changed, 115 insertions(+), 29 deletions(-)
diff --git a/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/provider/AccessController.java b/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/provider/AccessController.java
index 9d8ff1b..82145ae 100644
--- a/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/provider/AccessController.java
+++ b/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/provider/AccessController.java
@@ -16,9 +16,12 @@
*/
package org.apache.servicecomb.authentication.provider;
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
+import java.util.Map.Entry;
import org.apache.commons.lang3.StringUtils;
import org.apache.servicecomb.serviceregistry.api.registry.Microservice;
@@ -54,6 +57,8 @@ public class AccessController {
private static final String KEY_RULE_POSTFIX = ".rule";
+ private static final String TYPE_STRING_NAME = "java.lang.String";
+
private Map<String, ConfigurationItem> whiteList = new HashMap<>();
private Map<String, ConfigurationItem> blackList = new HashMap<>();
@@ -84,15 +89,40 @@ public class AccessController {
private boolean matchFound(Microservice microservice, Map<String, ConfigurationItem> ruleList) {
boolean matched = false;
for (ConfigurationItem item : ruleList.values()) {
- // TODO: Currently we only support property, not support tags. And we will support tags later.
if (ConfigurationItem.CATEGORY_PROPERTY.equals(item.category)) {
- // TODO: Currently we only support to configure serviceName. And we will support others later.
- if ("serviceName".equals(item.propertyName)) {
- if (isPatternMatch(microservice.getServiceName(), item.rule)) {
- matched = true;
- break;
+ // we support to configure properties, e.g. serviceName, appId, environment, alias, version and so on, also support key in properties.
+ Class<? extends Microservice> service = microservice.getClass();
+ for (Method method : service.getDeclaredMethods()) {
+ String methodName = method.getName();
+ if (!methodName.startsWith("get"))
+ continue;
+ if (!method.getGenericReturnType().getTypeName().equals(TYPE_STRING_NAME))
+ continue;
+ char[] charArray = methodName.toCharArray();
+ charArray[3] += 32;
+ String fieldName = String.valueOf(charArray, 3, charArray.length - 3);
+ if (fieldName.equals(item.propertyName)) {
+ Field field;
+ String fieldValue = null;
+ try {
+ field = service.getDeclaredField(fieldName);
+ field.setAccessible(true);
+ fieldValue = (String) field.get(microservice);
+ } catch (Exception e) {
+ LOG.error("get field by reflection failed, error message: {}", e.getMessage());
+ fieldValue = "";
+ }
+ if (isPatternMatch(fieldValue, item.rule))
+ return true;
}
}
+ Map<String, String> properties = microservice.getProperties();
+ for (Entry<String, String> entry : properties.entrySet()) {
+ if (!entry.getKey().equals(item.propertyName))
+ continue;
+ if (isPatternMatch(entry.getValue(), item.rule))
+ return true;
+ }
}
}
return matched;
diff --git a/handlers/handler-publickey-auth/src/test/java/org/apache/servicecomb/authentication/TestAccessController.java b/handlers/handler-publickey-auth/src/test/java/org/apache/servicecomb/authentication/TestAccessController.java
index c577449..e493e77 100644
--- a/handlers/handler-publickey-auth/src/test/java/org/apache/servicecomb/authentication/TestAccessController.java
+++ b/handlers/handler-publickey-auth/src/test/java/org/apache/servicecomb/authentication/TestAccessController.java
@@ -16,6 +16,9 @@
*/
package org.apache.servicecomb.authentication;
+import java.util.HashMap;
+import java.util.Map;
+
import org.apache.servicecomb.authentication.provider.AccessController;
import org.apache.servicecomb.foundation.common.utils.Log4jUtils;
import org.apache.servicecomb.foundation.test.scaffolding.config.ArchaiusUtils;
@@ -24,7 +27,6 @@ import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
-import org.mockito.Mockito;
public class TestAccessController {
@Before
@@ -38,65 +40,65 @@ public class TestAccessController {
}
@Test
- public void testIsValidOfWhite() {
+ public void testIsValidOfWhiteByServiceName() {
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.propertyName", "serviceName");
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.category", "property");
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.rule", "trust*");
AccessController controller = new AccessController();
- Microservice service = Mockito.mock(Microservice.class);
+ Microservice service = new Microservice();
- Mockito.when(service.getServiceName()).thenReturn("trustCustomer");
+ service.setServiceName("trustCustomer");
Assert.assertTrue(controller.isAllowed(service));
- Mockito.when(service.getServiceName()).thenReturn("nottrustCustomer");
+ service.setServiceName("nottrustCustomer");
Assert.assertTrue(!controller.isAllowed(service));
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.rule", "*trust");
- Mockito.when(service.getServiceName()).thenReturn("Customer_trust");
+ service.setServiceName("Customer_trust");
Assert.assertTrue(controller.isAllowed(service));
- Mockito.when(service.getServiceName()).thenReturn("Customer_trust_not");
+ service.setServiceName("Customer_trust_not");
Assert.assertTrue(!controller.isAllowed(service));
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.rule", "trust");
- Mockito.when(service.getServiceName()).thenReturn("trust");
+ service.setServiceName("trust");
Assert.assertTrue(controller.isAllowed(service));
- Mockito.when(service.getServiceName()).thenReturn("Customer_trust");
+ service.setServiceName("Customer_trust");
Assert.assertTrue(!controller.isAllowed(service));
}
@Test
- public void testIsValidOfBlack() {
+ public void testIsValidOfBlackByServiceName() {
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.propertyName", "serviceName");
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.category", "property");
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.rule", "trust*");
AccessController controller = new AccessController();
- Microservice service = Mockito.mock(Microservice.class);
+ Microservice service = new Microservice();
- Mockito.when(service.getServiceName()).thenReturn("trustCustomer");
+ service.setServiceName("trustCustomer");
Assert.assertTrue(!controller.isAllowed(service));
- Mockito.when(service.getServiceName()).thenReturn("nottrustCustomer");
+ service.setServiceName("nottrustCustomer");
Assert.assertTrue(controller.isAllowed(service));
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.rule", "*trust");
- Mockito.when(service.getServiceName()).thenReturn("Customer_trust");
+ service.setServiceName("Customer_trust");
Assert.assertTrue(!controller.isAllowed(service));
- Mockito.when(service.getServiceName()).thenReturn("Customer_trust_not");
+ service.setServiceName("Customer_trust_not");
Assert.assertTrue(controller.isAllowed(service));
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.rule", "trust");
- Mockito.when(service.getServiceName()).thenReturn("trust");
+ service.setServiceName("trust");
Assert.assertTrue(!controller.isAllowed(service));
- Mockito.when(service.getServiceName()).thenReturn("Customer_trust");
+ service.setServiceName("Customer_trust");
Assert.assertTrue(controller.isAllowed(service));
}
@Test
- public void testIsValidOfBlackAndWhite() {
+ public void testIsValidOfBlackAndWhiteByServiceName() {
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.propertyName", "serviceName");
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.category", "property");
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.rule", "trust*");
@@ -105,12 +107,65 @@ public class TestAccessController {
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.rule", "*hacker");
AccessController controller = new AccessController();
- Microservice service = Mockito.mock(Microservice.class);
+ Microservice service = new Microservice();
+
+ service.setServiceName("trustCustomer");
+ Assert.assertTrue(controller.isAllowed(service));
+
+ service.setServiceName("trustCustomerhacker");
+ Assert.assertTrue(!controller.isAllowed(service));
+ }
+
+ @Test
+ public void testIsValidOfBlackByProperties() {
+ ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.propertyName", "tag");
+ ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.category", "property");
+ ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.rule", "test");
+ AccessController controller = new AccessController();
+ Microservice service = new Microservice();
+ Map<String, String> map = new HashMap<>();
+ map.put("tag", "test");
+
+ service.setProperties(map);
+ Assert.assertTrue(!controller.isAllowed(service));
+
+ map.put("tag", "testa");
+ service.setProperties(map);
+ Assert.assertTrue(controller.isAllowed(service));
+ }
+
+ @Test
+ public void testIsValidOfWhiteByProperties() {
+ ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.propertyName", "tag");
+ ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.category", "property");
+ ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.rule", "test");
+ AccessController controller = new AccessController();
+ Microservice service = new Microservice();
+ Map<String, String> map = new HashMap<>();
+ map.put("tag", "test");
- Mockito.when(service.getServiceName()).thenReturn("trustCustomer");
+ service.setProperties(map);
Assert.assertTrue(controller.isAllowed(service));
- Mockito.when(service.getServiceName()).thenReturn("trustCustomerhacker");
+ map.put("tag", "testa");
+ service.setProperties(map);
+ Assert.assertTrue(!controller.isAllowed(service));
+ }
+
+ @Test
+ public void testIsValidOfBlackAndWhiteByServiceNameAndVersion() {
+ ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.propertyName", "serviceName");
+ ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.category", "property");
+ ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.rule", "trust*");
+ ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.propertyName", "version");
+ ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.category", "property");
+ ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.rule", "0.0.1");
+
+ AccessController controller = new AccessController();
+ Microservice service = new Microservice();
+ service.setServiceName("trustCustomer");
+ service.setVersion("0.0.1");
+
Assert.assertTrue(!controller.isAllowed(service));
}
}
diff --git a/samples/trust-sample/store/src/main/resources/microservice.yaml b/samples/trust-sample/store/src/main/resources/microservice.yaml
index 88bf72b..4358d42 100644
--- a/samples/trust-sample/store/src/main/resources/microservice.yaml
+++ b/samples/trust-sample/store/src/main/resources/microservice.yaml
@@ -38,8 +38,9 @@ servicecomb:
black:
list01:
category: property ## property, fixed value
- propertyName: serviceName ## property name
- rule: hacker ## property value match expression. only supports prefix match and postfix match and exactly match. e.g. hacker*, *hacker, hacker
+ propertyName: serviceName ## property name, e.g. serviceName, appId, environment, alias, version and so on, also support key in properties.
+ rule: hacker ## property value match expression.
+##if propertyName is serviceName, only supports prefix match and postfix match and exactly match. e.g. hacker*, *hacker, hacker
white:
list02:
category: property