You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicecomb.apache.org by li...@apache.org on 2018/08/07 12:50:10 UTC
[incubator-servicecomb-java-chassis] 01/02: [SCB-788] public key black/white add feature: choose server by version

This is an automated email from the ASF dual-hosted git repository.

liubao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-servicecomb-java-chassis.git

commit 2a942208261f1a0527d45f6db95bc3a15f78b6cb
Author: weichao666 <we...@huawei.com>
AuthorDate: Mon Jul 30 20:07:03 2018 +0800

    [SCB-788] public key black/white add feature: choose server by version
---
 .../authentication/provider/AccessController.java  | 42 ++++++++--
 .../authentication/TestAccessController.java       | 97 +++++++++++++++++-----
 .../store/src/main/resources/microservice.yaml     |  5 +-
 3 files changed, 115 insertions(+), 29 deletions(-)

diff --git a/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/provider/AccessController.java b/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/provider/AccessController.java
index 9d8ff1b..82145ae 100644
--- a/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/provider/AccessController.java
+++ b/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/provider/AccessController.java
@@ -16,9 +16,12 @@
  */
 package org.apache.servicecomb.authentication.provider;
 
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.Map;
+import java.util.Map.Entry;
 
 import org.apache.commons.lang3.StringUtils;
 import org.apache.servicecomb.serviceregistry.api.registry.Microservice;
@@ -54,6 +57,8 @@ public class AccessController {
 
   private static final String KEY_RULE_POSTFIX = ".rule";
 
+  private static final String TYPE_STRING_NAME = "java.lang.String";
+
   private Map<String, ConfigurationItem> whiteList = new HashMap<>();
 
   private Map<String, ConfigurationItem> blackList = new HashMap<>();
@@ -84,15 +89,40 @@ public class AccessController {
   private boolean matchFound(Microservice microservice, Map<String, ConfigurationItem> ruleList) {
     boolean matched = false;
     for (ConfigurationItem item : ruleList.values()) {
-      // TODO: Currently we only support property, not support tags. And we will support tags later.
       if (ConfigurationItem.CATEGORY_PROPERTY.equals(item.category)) {
-        // TODO: Currently we only support to configure serviceName. And we will support others later.
-        if ("serviceName".equals(item.propertyName)) {
-          if (isPatternMatch(microservice.getServiceName(), item.rule)) {
-            matched = true;
-            break;
+        // we support to configure properties, e.g. serviceName, appId, environment, alias, version and so on, also support key in properties.
+        Class<? extends Microservice> service = microservice.getClass();
+        for (Method method : service.getDeclaredMethods()) {
+          String methodName = method.getName();
+          if (!methodName.startsWith("get"))
+            continue;
+          if (!method.getGenericReturnType().getTypeName().equals(TYPE_STRING_NAME))
+            continue;
+          char[] charArray = methodName.toCharArray();
+          charArray[3] += 32;
+          String fieldName = String.valueOf(charArray, 3, charArray.length - 3);
+          if (fieldName.equals(item.propertyName)) {
+            Field field;
+            String fieldValue = null;
+            try {
+              field = service.getDeclaredField(fieldName);
+              field.setAccessible(true);
+              fieldValue = (String) field.get(microservice);
+            } catch (Exception e) {
+              LOG.error("get field by reflection failed, error message: {}", e.getMessage());
+              fieldValue = "";
+            }
+            if (isPatternMatch(fieldValue, item.rule))
+              return true;
           }
         }
+        Map<String, String> properties = microservice.getProperties();
+        for (Entry<String, String> entry : properties.entrySet()) {
+          if (!entry.getKey().equals(item.propertyName))
+            continue;
+          if (isPatternMatch(entry.getValue(), item.rule))
+            return true;
+        }
       }
     }
     return matched;
diff --git a/handlers/handler-publickey-auth/src/test/java/org/apache/servicecomb/authentication/TestAccessController.java b/handlers/handler-publickey-auth/src/test/java/org/apache/servicecomb/authentication/TestAccessController.java
index c577449..e493e77 100644
--- a/handlers/handler-publickey-auth/src/test/java/org/apache/servicecomb/authentication/TestAccessController.java
+++ b/handlers/handler-publickey-auth/src/test/java/org/apache/servicecomb/authentication/TestAccessController.java
@@ -16,6 +16,9 @@
  */
 package org.apache.servicecomb.authentication;
 
+import java.util.HashMap;
+import java.util.Map;
+
 import org.apache.servicecomb.authentication.provider.AccessController;
 import org.apache.servicecomb.foundation.common.utils.Log4jUtils;
 import org.apache.servicecomb.foundation.test.scaffolding.config.ArchaiusUtils;
@@ -24,7 +27,6 @@ import org.junit.After;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
-import org.mockito.Mockito;
 
 public class TestAccessController {
   @Before
@@ -38,65 +40,65 @@ public class TestAccessController {
   }
 
   @Test
-  public void testIsValidOfWhite() {
+  public void testIsValidOfWhiteByServiceName() {
     ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.propertyName", "serviceName");
     ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.category", "property");
     ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.rule", "trust*");
     AccessController controller = new AccessController();
-    Microservice service = Mockito.mock(Microservice.class);
+    Microservice service = new Microservice();
 
-    Mockito.when(service.getServiceName()).thenReturn("trustCustomer");
+    service.setServiceName("trustCustomer");
     Assert.assertTrue(controller.isAllowed(service));
 
-    Mockito.when(service.getServiceName()).thenReturn("nottrustCustomer");
+    service.setServiceName("nottrustCustomer");
     Assert.assertTrue(!controller.isAllowed(service));
 
     ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.rule", "*trust");
-    Mockito.when(service.getServiceName()).thenReturn("Customer_trust");
+    service.setServiceName("Customer_trust");
     Assert.assertTrue(controller.isAllowed(service));
 
-    Mockito.when(service.getServiceName()).thenReturn("Customer_trust_not");
+    service.setServiceName("Customer_trust_not");
     Assert.assertTrue(!controller.isAllowed(service));
 
     ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.rule", "trust");
-    Mockito.when(service.getServiceName()).thenReturn("trust");
+    service.setServiceName("trust");
     Assert.assertTrue(controller.isAllowed(service));
 
-    Mockito.when(service.getServiceName()).thenReturn("Customer_trust");
+    service.setServiceName("Customer_trust");
     Assert.assertTrue(!controller.isAllowed(service));
   }
 
   @Test
-  public void testIsValidOfBlack() {
+  public void testIsValidOfBlackByServiceName() {
     ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.propertyName", "serviceName");
     ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.category", "property");
     ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.rule", "trust*");
     AccessController controller = new AccessController();
-    Microservice service = Mockito.mock(Microservice.class);
+    Microservice service = new Microservice();
 
-    Mockito.when(service.getServiceName()).thenReturn("trustCustomer");
+    service.setServiceName("trustCustomer");
     Assert.assertTrue(!controller.isAllowed(service));
 
-    Mockito.when(service.getServiceName()).thenReturn("nottrustCustomer");
+    service.setServiceName("nottrustCustomer");
     Assert.assertTrue(controller.isAllowed(service));
 
     ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.rule", "*trust");
-    Mockito.when(service.getServiceName()).thenReturn("Customer_trust");
+    service.setServiceName("Customer_trust");
     Assert.assertTrue(!controller.isAllowed(service));
 
-    Mockito.when(service.getServiceName()).thenReturn("Customer_trust_not");
+    service.setServiceName("Customer_trust_not");
     Assert.assertTrue(controller.isAllowed(service));
 
     ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.rule", "trust");
-    Mockito.when(service.getServiceName()).thenReturn("trust");
+    service.setServiceName("trust");
     Assert.assertTrue(!controller.isAllowed(service));
 
-    Mockito.when(service.getServiceName()).thenReturn("Customer_trust");
+    service.setServiceName("Customer_trust");
     Assert.assertTrue(controller.isAllowed(service));
   }
 
   @Test
-  public void testIsValidOfBlackAndWhite() {
+  public void testIsValidOfBlackAndWhiteByServiceName() {
     ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.propertyName", "serviceName");
     ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.category", "property");
     ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.rule", "trust*");
@@ -105,12 +107,65 @@ public class TestAccessController {
     ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.rule", "*hacker");
 
     AccessController controller = new AccessController();
-    Microservice service = Mockito.mock(Microservice.class);
+    Microservice service = new Microservice();
+
+    service.setServiceName("trustCustomer");
+    Assert.assertTrue(controller.isAllowed(service));
+
+    service.setServiceName("trustCustomerhacker");
+    Assert.assertTrue(!controller.isAllowed(service));
+  }
+
+  @Test
+  public void testIsValidOfBlackByProperties() {
+    ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.propertyName", "tag");
+    ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.category", "property");
+    ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.rule", "test");
+    AccessController controller = new AccessController();
+    Microservice service = new Microservice();
+    Map<String, String> map = new HashMap<>();
+    map.put("tag", "test");
+
+    service.setProperties(map);
+    Assert.assertTrue(!controller.isAllowed(service));
+
+    map.put("tag", "testa");
+    service.setProperties(map);
+    Assert.assertTrue(controller.isAllowed(service));
+  }
+
+  @Test
+  public void testIsValidOfWhiteByProperties() {
+    ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.propertyName", "tag");
+    ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.category", "property");
+    ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.rule", "test");
+    AccessController controller = new AccessController();
+    Microservice service = new Microservice();
+    Map<String, String> map = new HashMap<>();
+    map.put("tag", "test");
 
-    Mockito.when(service.getServiceName()).thenReturn("trustCustomer");
+    service.setProperties(map);
     Assert.assertTrue(controller.isAllowed(service));
 
-    Mockito.when(service.getServiceName()).thenReturn("trustCustomerhacker");
+    map.put("tag", "testa");
+    service.setProperties(map);
+    Assert.assertTrue(!controller.isAllowed(service));
+  }
+
+  @Test
+  public void testIsValidOfBlackAndWhiteByServiceNameAndVersion() {
+    ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.propertyName", "serviceName");
+    ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.category", "property");
+    ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.rule", "trust*");
+    ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.propertyName", "version");
+    ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.category", "property");
+    ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.rule", "0.0.1");
+
+    AccessController controller = new AccessController();
+    Microservice service = new Microservice();
+    service.setServiceName("trustCustomer");
+    service.setVersion("0.0.1");
+
     Assert.assertTrue(!controller.isAllowed(service));
   }
 }
diff --git a/samples/trust-sample/store/src/main/resources/microservice.yaml b/samples/trust-sample/store/src/main/resources/microservice.yaml
index 88bf72b..4358d42 100644
--- a/samples/trust-sample/store/src/main/resources/microservice.yaml
+++ b/samples/trust-sample/store/src/main/resources/microservice.yaml
@@ -38,8 +38,9 @@ servicecomb:
       black:
         list01:
           category: property ## property, fixed value
-          propertyName: serviceName ## property name
-          rule: hacker ## property value match expression. only supports prefix match and postfix match and exactly match. e.g. hacker*, *hacker, hacker
+          propertyName: serviceName ## property name, e.g. serviceName, appId, environment, alias, version and so on, also support key in properties.
+          rule: hacker ## property value match expression. 
+##if propertyName is serviceName, only supports prefix match and postfix match and exactly match. e.g. hacker*, *hacker, hacker
       white:
         list02:
           category: property