You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ma...@apache.org on 2012/09/20 02:27:05 UTC
svn commit: r1387826 [3/3] - in /incubator/ambari/branches/AMBARI-666: ./
ambari-agent/src/main/puppet/ ambari-agent/src/main/puppet/manifestloader/
ambari-agent/src/main/puppet/modules/
ambari-agent/src/main/puppet/modules/configgenerator/ ambari-agen...
Modified: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java?rev=1387826&r1=1387825&r2=1387826&view=diff
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java (original)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java Thu Sep 20 00:27:02 2012
@@ -19,85 +19,168 @@
package org.apache.ambari.server.controller;
-import java.io.IOException;
-
-import org.apache.ambari.server.agent.HeartBeatHandler;
+import com.google.inject.Guice;
+import com.google.inject.Inject;
+import com.google.inject.Injector;
+import com.google.inject.Singleton;
+import com.google.inject.persist.jpa.JpaPersistModule;
+import com.sun.jersey.spi.container.servlet.ServletContainer;
+import org.apache.ambari.server.configuration.Configuration;
+import org.apache.ambari.server.orm.GuiceJpaInitializer;
+import org.apache.ambari.server.security.CertificateManager;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.mortbay.jetty.Server;
+import org.mortbay.jetty.security.SslSocketConnector;
import org.mortbay.jetty.servlet.Context;
import org.mortbay.jetty.servlet.DefaultServlet;
import org.mortbay.jetty.servlet.ServletHolder;
+import org.mortbay.jetty.webapp.WebAppContext;
+import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
+import org.springframework.context.support.ClassPathXmlApplicationContext;
+import org.springframework.web.context.WebApplicationContext;
+import org.springframework.web.context.support.GenericWebApplicationContext;
-import com.google.inject.Guice;
-import com.google.inject.Injector;
-import com.google.inject.Singleton;
-import com.sun.jersey.spi.container.servlet.ServletContainer;
+import java.io.File;
+import java.io.IOException;
+import java.net.URL;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
@Singleton
public class AmbariServer {
- private static Log LOG = LogFactory.getLog(AmbariServer.class);
- public static int CLIENT_PORT = 4080;
- private Server server = null;
- public volatile boolean running = true; // true while controller runs
-
- public void run() {
- server = new Server(CLIENT_PORT);
-
- try {
- Context root = new Context(server, "/", Context.SESSIONS);
- ServletHolder rootServlet = root.addServlet(DefaultServlet.class, "/");
- rootServlet.setInitOrder(1);
-
- ServletHolder sh = new ServletHolder(ServletContainer.class);
- sh.setInitParameter("com.sun.jersey.config.property.resourceConfigClass",
- "com.sun.jersey.api.core.PackagesResourceConfig");
- sh.setInitParameter("com.sun.jersey.config.property.packages",
- "org.apache.ambari.server.api.rest");
- root.addServlet(sh, "/api/*");
- sh.setInitOrder(2);
-
- ServletHolder agent = new ServletHolder(ServletContainer.class);
- agent.setInitParameter("com.sun.jersey.config.property.resourceConfigClass",
- "com.sun.jersey.api.core.PackagesResourceConfig");
- agent.setInitParameter("com.sun.jersey.config.property.packages",
- "org.apache.ambari.server.agent.rest");
- root.addServlet(agent, "/agent/*");
- agent.setInitOrder(3);
-
- server.setStopAtShutdown(true);
-
- /*
- * Start the server after controller state is recovered.
- */
- server.start();
- LOG.info("Started Server");
- server.join();
- LOG.info("Joined the Server");
- } catch (Exception e) {
- LOG.error("Error in the server", e);
-
- }
- }
-
- public void stop() throws Exception {
- try {
- server.stop();
- } catch (Exception e) {
- LOG.error("Error stopping the server", e);
- }
- }
-
- public static void main(String[] args) throws IOException {
- Injector injector = Guice.createInjector(new ControllerModule());
- try {
- LOG.info("Getting the controller");
- AmbariServer server = injector.getInstance(AmbariServer.class);
- if (server != null) {
- server.run();
- }
- } catch(Throwable t) {
- LOG.error("Failed to run the Ambari Server", t);
- }
- }
+ public static final String PERSISTENCE_PROVIDER = "ambari-postgres";
+ private static Log LOG = LogFactory.getLog(AmbariServer.class);
+ public static int CLIENT_PORT = 4080;
+ public static int CLIENT_SECURED_PORT = 8443;
+ private Server server = null;
+ public volatile boolean running = true; // true while controller runs
+
+ final String WEB_APP_DIR = "webapp";
+ final URL warUrl = this.getClass().getClassLoader().getResource(WEB_APP_DIR);
+ final String warUrlString = warUrl.toExternalForm();
+ final String CONTEXT_PATH = "/";
+ final String SPRING_CONTEXT_LOCATION = "classpath:/webapp/WEB-INF/spring-security.xml";
+
+ @Inject
+ Configuration configs;
+ @Inject
+ CertificateManager certMan;
+ @Inject
+ Injector injector;
+
+ public void run() {
+ server = new Server(CLIENT_PORT);
+
+ try {
+ ClassPathXmlApplicationContext parentSpringAppContext = new ClassPathXmlApplicationContext();
+ parentSpringAppContext.refresh();
+ ConfigurableListableBeanFactory factory = parentSpringAppContext.getBeanFactory();
+ factory.registerSingleton("guiceInjector", injector); //Spring Security xml config depends on this Bean
+
+ String[] contextLocations = {SPRING_CONTEXT_LOCATION};
+ ClassPathXmlApplicationContext springAppContext = new ClassPathXmlApplicationContext(contextLocations, parentSpringAppContext);
+
+ WebAppContext webAppContext = new WebAppContext(warUrlString, CONTEXT_PATH);
+
+ GenericWebApplicationContext springWebAppContext = new GenericWebApplicationContext();
+ springWebAppContext.setServletContext(webAppContext.getServletContext());
+ springWebAppContext.setParent(springAppContext);
+
+ webAppContext.getServletContext().setAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE, springWebAppContext);
+
+ server.setHandler(webAppContext);
+
+ certMan.initRootCert();
+ Context root =
+// new Context(webAppContext, "/", Context.SESSIONS);
+ webAppContext;
+
+ ServletHolder rootServlet = root.addServlet(DefaultServlet.class, "/");
+ rootServlet.setInitOrder(1);
+
+
+ //Secured connector for 2-way auth
+ SslSocketConnector sslConnector = new SslSocketConnector();
+ sslConnector.setPort(CLIENT_SECURED_PORT);
+
+ Map<String, String> configsMap = configs.getConfigsMap();
+ String keystore = configsMap.get(Configuration.SRVR_KSTR_DIR_KEY) + File.separator + configsMap.get(Configuration.KSTR_NAME_KEY);
+ String srvrCrtPass = configsMap.get(Configuration.SRVR_CRT_PASS_KEY);
+
+ sslConnector.setKeystore(keystore);
+ sslConnector.setTruststore(keystore);
+ sslConnector.setPassword(srvrCrtPass);
+ sslConnector.setKeyPassword(srvrCrtPass);
+ sslConnector.setTrustPassword(srvrCrtPass);
+ sslConnector.setKeystoreType("PKCS12");
+ sslConnector.setTruststoreType("PKCS12");
+ sslConnector.setNeedClientAuth(true);
+
+ server.addConnector(sslConnector);
+
+ ServletHolder sh = new ServletHolder(ServletContainer.class);
+ sh.setInitParameter("com.sun.jersey.config.property.resourceConfigClass",
+ "com.sun.jersey.api.core.PackagesResourceConfig");
+ sh.setInitParameter("com.sun.jersey.config.property.packages",
+ "org.apache.ambari.server.api.rest");
+ root.addServlet(sh, "/api/*");
+ sh.setInitOrder(2);
+
+ ServletHolder agent = new ServletHolder(ServletContainer.class);
+ agent.setInitParameter("com.sun.jersey.config.property.resourceConfigClass",
+ "com.sun.jersey.api.core.PackagesResourceConfig");
+ agent.setInitParameter("com.sun.jersey.config.property.packages",
+ "org.apache.ambari.server.agent.rest");
+ root.addServlet(agent, "/agent/*");
+ agent.setInitOrder(3);
+
+ ServletHolder cert = new ServletHolder(ServletContainer.class);
+ cert.setInitParameter("com.sun.jersey.config.property.resourceConfigClass",
+ "com.sun.jersey.api.core.PackagesResourceConfig");
+ cert.setInitParameter("com.sun.jersey.config.property.packages",
+ "org.apache.ambari.server.security.unsecured.rest");
+ root.addServlet(cert, "/cert/*");
+ cert.setInitOrder(4);
+
+ server.setStopAtShutdown(true);
+
+ springAppContext.start();
+ /*
+ * Start the server after controller state is recovered.
+ */
+ server.start();
+ LOG.info("Started Server");
+ server.join();
+ LOG.info("Joined the Server");
+ } catch (Exception e) {
+ LOG.error("Error in the server", e);
+ }
+ }
+
+ public void stop() throws Exception {
+ try {
+ server.stop();
+ } catch (Exception e) {
+ LOG.error("Error stopping the server", e);
+ }
+ }
+
+ public static void main(String[] args) throws IOException {
+ Injector injector = Guice.createInjector(new ControllerModule(), new JpaPersistModule(PERSISTENCE_PROVIDER));
+
+ try {
+ LOG.info("Getting the controller");
+ AmbariServer server = injector.getInstance(AmbariServer.class);
+ CertificateManager certMan = injector.getInstance(CertificateManager.class);
+ injector.getInstance(GuiceJpaInitializer.class);
+ certMan.initRootCert();
+ if (server != null) {
+ server.run();
+ }
+ } catch (Throwable t) {
+ LOG.error("Failed to run the Ambari Server", t);
+ }
+ }
}
Modified: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java?rev=1387826&r1=1387825&r2=1387826&view=diff
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java (original)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java Thu Sep 20 00:27:02 2012
@@ -17,6 +17,7 @@
*/
package org.apache.ambari.server.controller;
import org.apache.ambari.server.agent.rest.AgentResource;
+import org.apache.ambari.server.security.unsecured.rest.CertificateDownload;
import com.google.inject.AbstractModule;
@@ -29,5 +30,6 @@ public class ControllerModule extends Ab
@Override
protected void configure() {
requestStaticInjection(AgentResource.class);
+ requestStaticInjection(CertificateDownload.class);
}
}
Added: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleDAO.java
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleDAO.java?rev=1387826&view=auto
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleDAO.java (added)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleDAO.java Thu Sep 20 00:27:02 2012
@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.orm.dao;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import com.google.inject.persist.Transactional;
+import org.apache.ambari.server.orm.entities.RoleEntity;
+
+import javax.persistence.EntityManager;
+
+public class RoleDAO {
+
+ @Inject
+ Provider<EntityManager> entityManagerProvider;
+
+ public RoleEntity findByName(String roleName) {
+ return entityManagerProvider.get().find(RoleEntity.class, roleName);
+ }
+
+ public void create(RoleEntity roleName) {
+ entityManagerProvider.get().persist(roleName);
+ }
+
+ @Transactional
+ public RoleEntity merge(RoleEntity roleName) {
+ return entityManagerProvider.get().merge(roleName);
+ }
+
+ @Transactional
+ public void remove(RoleEntity roleName) {
+ entityManagerProvider.get().remove(roleName);
+ }
+
+ @Transactional
+ public void removeByName(String roleName) {
+ remove(findByName(roleName));
+ }
+
+}
Added: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/UserDAO.java
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/UserDAO.java?rev=1387826&view=auto
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/UserDAO.java (added)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/UserDAO.java Thu Sep 20 00:27:02 2012
@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.orm.dao;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import com.google.inject.persist.Transactional;
+import org.apache.ambari.server.orm.entities.UserEntity;
+
+import javax.persistence.EntityManager;
+
+public class UserDAO {
+
+ @Inject
+ Provider<EntityManager> entityManagerProvider;
+
+ public UserEntity findByName(String userName) {
+ return entityManagerProvider.get().find(UserEntity.class, userName);
+ }
+
+ public void create(UserEntity userName) {
+ entityManagerProvider.get().persist(userName);
+ }
+
+ @Transactional
+ public UserEntity merge(UserEntity userName) {
+ return entityManagerProvider.get().merge(userName);
+ }
+
+ @Transactional
+ public void remove(UserEntity userName) {
+ entityManagerProvider.get().remove(userName);
+ }
+
+ @Transactional
+ public void removeByName(String userName) {
+ remove(findByName(userName));
+ }
+
+}
Added: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/RoleEntity.java
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/RoleEntity.java?rev=1387826&view=auto
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/RoleEntity.java (added)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/RoleEntity.java Thu Sep 20 00:27:02 2012
@@ -0,0 +1,51 @@
+package org.apache.ambari.server.orm.entities;
+
+import javax.persistence.Entity;
+import javax.persistence.Id;
+import javax.persistence.ManyToMany;
+import java.util.Set;
+
+@javax.persistence.Table(name = "roles", schema = "ambari", catalog = "")
+@Entity
+public class RoleEntity {
+
+ private String roleName;
+
+ @javax.persistence.Column(name = "role_name")
+ @Id
+ public String getRoleName() {
+ return roleName;
+ }
+
+ public void setRoleName(String roleName) {
+ this.roleName = roleName;
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (o == null || getClass() != o.getClass()) return false;
+
+ RoleEntity that = (RoleEntity) o;
+
+ if (roleName != null ? !roleName.equals(that.roleName) : that.roleName != null) return false;
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ return roleName != null ? roleName.hashCode() : 0;
+ }
+
+ private Set<UserEntity> userEntities;
+
+ @ManyToMany(mappedBy = "roleEntities")
+ public Set<UserEntity> getUserEntities() {
+ return userEntities;
+ }
+
+ public void setUserEntities(Set<UserEntity> userEntities) {
+ this.userEntities = userEntities;
+ }
+}
Added: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/UserEntity.java
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/UserEntity.java?rev=1387826&view=auto
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/UserEntity.java (added)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/UserEntity.java Thu Sep 20 00:27:02 2012
@@ -0,0 +1,94 @@
+package org.apache.ambari.server.orm.entities;
+
+import javax.persistence.*;
+import java.sql.Timestamp;
+import java.util.Set;
+
+@javax.persistence.Table(name = "users", schema = "ambari", catalog = "")
+@Entity
+public class UserEntity {
+
+ private String userName;
+
+ @javax.persistence.Column(name = "user_name")
+ @Id
+ public String getUserName() {
+ return userName;
+ }
+
+ public void setUserName(String userName) {
+ this.userName = userName;
+ }
+
+ private String userPassword;
+
+ @javax.persistence.Column(name = "user_password")
+ @Basic
+ public String getUserPassword() {
+ return userPassword;
+ }
+
+ public void setUserPassword(String userPassword) {
+ this.userPassword = userPassword;
+ }
+
+ private Boolean ldapUser;
+
+ @javax.persistence.Column(name = "ldap_user")
+ @Basic
+ public Boolean getLdapUser() {
+ return ldapUser;
+ }
+
+ public void setLdapUser(Boolean ldapUser) {
+ this.ldapUser = ldapUser;
+ }
+
+ private Timestamp createTime;
+
+ @javax.persistence.Column(name = "create_time")
+ @Basic
+ public Timestamp getCreateTime() {
+ return createTime;
+ }
+
+ public void setCreateTime(Timestamp createTime) {
+ this.createTime = createTime;
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (o == null || getClass() != o.getClass()) return false;
+
+ UserEntity that = (UserEntity) o;
+
+ if (createTime != null ? !createTime.equals(that.createTime) : that.createTime != null) return false;
+ if (ldapUser != null ? !ldapUser.equals(that.ldapUser) : that.ldapUser != null) return false;
+ if (userName != null ? !userName.equals(that.userName) : that.userName != null) return false;
+ if (userPassword != null ? !userPassword.equals(that.userPassword) : that.userPassword != null) return false;
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ int result = userName != null ? userName.hashCode() : 0;
+ result = 31 * result + (userPassword != null ? userPassword.hashCode() : 0);
+ result = 31 * result + (ldapUser != null ? ldapUser.hashCode() : 0);
+ result = 31 * result + (createTime != null ? createTime.hashCode() : 0);
+ return result;
+ }
+
+ private Set<RoleEntity> roleEntities;
+
+ @javax.persistence.JoinTable(name = "user_roles", catalog = "", schema = "ambari", joinColumns = {@JoinColumn(name = "user_name")}, inverseJoinColumns = {@JoinColumn(name = "user_name")})
+ @ManyToMany
+ public Set<RoleEntity> getRoleEntities() {
+ return roleEntities;
+ }
+
+ public void setRoleEntities(Set<RoleEntity> roleEntities) {
+ this.roleEntities = roleEntities;
+ }
+}
Added: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariUserDetailsService.java
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariUserDetailsService.java?rev=1387826&view=auto
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariUserDetailsService.java (added)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariUserDetailsService.java Thu Sep 20 00:27:02 2012
@@ -0,0 +1,96 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.security;
+
+import com.google.inject.Inject;
+import com.google.inject.Injector;
+import org.apache.ambari.server.configuration.Configuration;
+import org.apache.ambari.server.orm.dao.UserDAO;
+import org.apache.ambari.server.orm.entities.RoleEntity;
+import org.apache.ambari.server.orm.entities.UserEntity;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class AmbariUserDetailsService implements UserDetailsService {
+ private static final Logger log = LoggerFactory.getLogger(AmbariUserDetailsService.class);
+
+ Injector injector;
+ Configuration configuration;
+ UserDAO userDAO;
+
+
+ @Inject
+ public AmbariUserDetailsService(Injector injector, Configuration configuration, UserDAO userDAO) {
+ this.injector = injector;
+ this.configuration = configuration;
+ this.userDAO = userDAO;
+ }
+
+ /**
+ * Loads Spring Security UserDetails from identity storage according to Configuration
+ * @param username username
+ * @return UserDetails
+ * @throws UsernameNotFoundException when user not found or have empty roles
+ */
+ @Override
+ public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+ log.info("Loading user by name: " + username);
+
+ UserEntity user = null;
+ try {
+ user = userDAO.findByName(username);
+ } catch (Exception e) {
+ System.err.println(e);
+ }
+
+ if (isLdapEnabled() && (user == null || user.getLdapUser())) {
+ //TODO implement LDAP
+ }
+
+ if (user == null) {
+ log.info("user not found ");
+ throw new UsernameNotFoundException("Username " + username + " not found");
+ }else if (user.getRoleEntities().isEmpty()) {
+ System.err.println("no roles ex");
+ throw new UsernameNotFoundException("Username " + username + " has no roles");
+ }
+
+ List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(user.getRoleEntities().size());
+
+ System.err.println("Authorities number = " + user.getRoleEntities().size());
+ for (RoleEntity roleEntity : user.getRoleEntities()) {
+ authorities.add(new SimpleGrantedAuthority(roleEntity.getRoleName().toUpperCase()));
+ }
+
+ return new User(user.getUserName(), user.getUserPassword(), authorities);
+ }
+
+ private boolean isLdapEnabled() {
+ return ClientSecurityType.fromString(configuration.getConfigsMap().get(Configuration.CLIENT_SECURITY_KEY)) == ClientSecurityType.LDAP;
+ }
+
+}
Added: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/CertificateManager.java
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/CertificateManager.java?rev=1387826&view=auto
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/CertificateManager.java (added)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/CertificateManager.java Thu Sep 20 00:27:02 2012
@@ -0,0 +1,164 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.security;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.text.MessageFormat;
+import java.util.Map;
+
+import org.apache.ambari.server.configuration.Configuration;
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import com.google.inject.Inject;
+import com.google.inject.Singleton;
+
+/**
+ * Ambari security.
+ * Manages server and agent certificates
+ */
+@Singleton
+public class CertificateManager {
+
+ @Inject Configuration configs;
+
+ private static final Log LOG = LogFactory.getLog(CertificateManager.class);
+
+
+ private static final String GEN_SRVR_KEY = "openssl genrsa -des3 -passout pass:{0} -out {1}/{2} 4096 ";
+ private static final String GEN_SRVR_REQ = "openssl req -passin pass:{0} -new -key {1}/{2} -out {1}/{3} -batch";
+ private static final String SIGN_SRVR_CRT = "openssl x509 -passin pass:{0} -req -days 365 -in {1}/{3} -signkey {1}/{2} -out {1}/{3} \n";
+ private static final String EXPRT_KSTR = "openssl pkcs12 -export -in {1}/{3} -inkey {1}/{2} -certfile {1}/{3} -out {1}/{4} -password pass:{0} -passin pass:{0} \n";
+
+ /**
+ * Verify that root certificate exists, generate it otherwise.
+ */
+ public void initRootCert() {
+ LOG.info("Initialization of root certificate");
+
+ boolean certExists = isCertExists();
+
+ LOG.info("Certificate exists:" + certExists);
+
+ if (!certExists) {
+ generateServerCertificate();
+ }
+ }
+
+ /**
+ * Checks root certificate state.
+ * @return "true" if certificate exists
+ */
+ private boolean isCertExists() {
+
+ Map<String, String> configsMap = configs.getConfigsMap();
+ String srvrKstrDir = configsMap.get(Configuration.SRVR_KSTR_DIR_KEY);
+ String srvrCrtName = configsMap.get(Configuration.SRVR_CRT_NAME_KEY);
+ File certFile = new File(srvrKstrDir + File.separator + srvrCrtName);
+
+ return certFile.exists();
+ }
+
+
+ /**
+ * Runs os command
+ */
+ private void runCommand(String command) {
+
+ String line = null;
+ Process process = null;
+ try {
+ process = Runtime.getRuntime().exec(command);
+ BufferedReader br = new BufferedReader(new InputStreamReader(process.getInputStream()));
+
+ while ((line = br.readLine()) != null) {
+ LOG.info(line);
+ }
+
+ try {
+ process.waitFor();
+ }
+ catch (InterruptedException e) {
+ e.printStackTrace();
+ }
+ }
+ catch (IOException e){
+ e.printStackTrace();
+ }
+
+ }
+
+ private void generateServerCertificate() {
+ LOG.info("Generation of server certificate");
+
+ Map<String, String> configsMap = configs.getConfigsMap();
+ String srvrKstrDir = configsMap.get(Configuration.SRVR_KSTR_DIR_KEY);
+ String srvrCrtName = configsMap.get(Configuration.SRVR_CRT_NAME_KEY);
+ String srvrKeyName = configsMap.get(Configuration.SRVR_KEY_NAME_KEY);
+ String kstrName = configsMap.get(Configuration.KSTR_NAME_KEY);
+ String srvrCrtPass = configsMap.get(Configuration.SRVR_CRT_PASS_KEY);
+
+ Object[] scriptArgs = {srvrCrtPass, srvrKstrDir, srvrKeyName,
+ srvrCrtName, kstrName};
+
+ String command = MessageFormat.format(GEN_SRVR_KEY,scriptArgs);
+
+ LOG.info("Executing command:" + command);
+
+ runCommand(command);
+
+ command = MessageFormat.format(GEN_SRVR_REQ,scriptArgs);
+
+ LOG.info("Executing command:" + command);
+
+ runCommand(command);
+
+ command = MessageFormat.format(SIGN_SRVR_CRT,scriptArgs);
+
+ LOG.info("Executing command:" + command);
+
+ runCommand(command);
+
+ command = MessageFormat.format(EXPRT_KSTR,scriptArgs);
+
+ LOG.info("Executing command:" + command);
+
+ runCommand(command);
+
+ }
+
+ /**
+ * Returns server certificate content
+ * @return string with server certificate content
+ */
+ public String getServerCert() {
+ Map<String, String> configsMap = configs.getConfigsMap();
+ File certFile = new File(configsMap.get(Configuration.SRVR_KSTR_DIR_KEY) + File.separator + configsMap.get(Configuration.SRVR_CRT_NAME_KEY));
+ String srvrCrtContent = null;
+ try {
+ srvrCrtContent = FileUtils.readFileToString(certFile);
+ } catch (IOException e) {
+ LOG.error(e.getMessage());
+ }
+ return srvrCrtContent;
+ }
+}
Added: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java?rev=1387826&view=auto
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java (added)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java Thu Sep 20 00:27:02 2012
@@ -0,0 +1,26 @@
+package org.apache.ambari.server.security;
+
+public enum ClientSecurityType {
+ LOCAL("local"),
+ LDAP("ldap");
+
+ private String value;
+ ClientSecurityType(String value) {
+ this.value = value;
+ }
+
+ public static ClientSecurityType fromString(String value) {
+ for (ClientSecurityType securityType : ClientSecurityType.values()) {
+ if (securityType.toString().equals(value)) {
+ return securityType;
+ }
+ }
+ return null;
+ }
+
+
+ @Override
+ public String toString() {
+ return value;
+ }
+}
Added: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/unsecured/rest/CertificateDownload.java
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/unsecured/rest/CertificateDownload.java?rev=1387826&view=auto
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/unsecured/rest/CertificateDownload.java (added)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/unsecured/rest/CertificateDownload.java Thu Sep 20 00:27:02 2012
@@ -0,0 +1,47 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.security.unsecured.rest;
+
+
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+
+import org.apache.ambari.server.security.CertificateManager;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import com.google.inject.Inject;
+
+@Path("/ca")
+public class CertificateDownload {
+ private static Log LOG = LogFactory.getLog(CertificateDownload.class);
+ private static CertificateManager certMan;
+
+ @Inject
+ static void init(CertificateManager instance) {
+ certMan = instance;
+ }
+
+ @GET
+ @Produces({MediaType.TEXT_PLAIN})
+ public String downloadSrvrCrt() {
+ return certMan.getServerCert();
+ }
+}
Modified: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/META-INF/persistence.xml
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/META-INF/persistence.xml?rev=1387826&r1=1387825&r2=1387826&view=diff
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/META-INF/persistence.xml (original)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/META-INF/persistence.xml Thu Sep 20 00:27:02 2012
@@ -33,9 +33,11 @@
<class>org.apache.ambari.server.orm.entities.ServiceConfigEntity</class>
<class>org.apache.ambari.server.orm.entities.ServiceDesiredStateEntity</class>
<class>org.apache.ambari.server.orm.entities.ServiceStateEntity</class>
+ <class>org.apache.ambari.server.orm.entities.RoleEntity</class>
+ <class>org.apache.ambari.server.orm.entities.UserEntity</class>
<properties>
- <property name="javax.persistence.jdbc.url" value="jdbc:postgresql://localhost/ambari"/>
+ <property name="javax.persistence.jdbc.url" value="jdbc:postgresql://localhost/postgres"/>
<property name="javax.persistence.jdbc.driver" value="org.postgresql.Driver"/>
<property name="javax.persistence.jdbc.user" value="ambari-server"/>
<property name="javax.persistence.jdbc.password" value="bigdata"/>
@@ -58,6 +60,8 @@
<class>org.apache.ambari.server.orm.entities.ServiceConfigEntity</class>
<class>org.apache.ambari.server.orm.entities.ServiceDesiredStateEntity</class>
<class>org.apache.ambari.server.orm.entities.ServiceStateEntity</class>
+ <class>org.apache.ambari.server.orm.entities.RoleEntity</class>
+ <class>org.apache.ambari.server.orm.entities.UserEntity</class>
<properties>
<property name="javax.persistence.jdbc.url" value="jdbc:derby:memory:myDB;create=true"/>
Added: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/pass.txt
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/pass.txt?rev=1387826&view=auto
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/pass.txt (added)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/pass.txt Thu Sep 20 00:27:02 2012
@@ -0,0 +1 @@
+QWERTYUIO
Added: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/users.ldif
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/users.ldif?rev=1387826&view=auto
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/users.ldif (added)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/users.ldif Thu Sep 20 00:27:02 2012
@@ -0,0 +1,35 @@
+dn: ou=groups,dc=ambari,dc=apache,dc=org
+objectclass:top
+objectclass:organizationalUnit
+ou: groups
+
+dn: ou=people,dc=ambari,dc=apache,dc=org
+objectclass:top
+objectclass:organizationalUnit
+ou: people
+
+dn: uid=allowedUser,ou=people,dc=ambari,dc=apache,dc=org
+objectclass:top
+objectclass:person
+objectclass:organizationalPerson
+objectclass:inetOrgPerson
+cn: CraigWalls
+sn: Walls
+uid: allowedUser
+userPassword:password
+
+dn: uid=deniedUser,ou=people,dc=ambari,dc=apache,dc=org
+objectclass:top
+objectclass:person
+objectclass:organizationalPerson
+objectclass:inetOrgPerson
+cn: JohnSmith
+sn: Smith
+uid: deniedUser
+userPassword:password
+
+dn: cn=admin,ou=groups,dc=ambari,dc=apache,dc=org
+objectclass:top
+objectclass:groupOfNames
+cn: admin
+member: uid=allowedUser,ou=people,dc=ambari,dc=apache,dc=org
Added: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml?rev=1387826&view=auto
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml (added)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml Thu Sep 20 00:27:02 2012
@@ -0,0 +1,52 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<beans:beans xmlns="http://www.springframework.org/schema/security"
+ xmlns:beans="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+ http://www.springframework.org/schema/security
+ http://www.springframework.org/schema/security/spring-security-3.1.xsd">
+
+ <http use-expressions="true" auto-config="true"
+ disable-url-rewriting="true"
+ >
+ <http-basic/>
+ <intercept-url pattern="/api/*" access="hasRole('ADMIN')"/>
+ <intercept-url pattern="/**" access="isAuthenticated()"/>
+ </http>
+
+ <!--<ldap-server id="ldapServer" root="dc=ambari,dc=apache,dc=org"/>-->
+
+ <authentication-manager>
+
+ <authentication-provider user-service-ref="ambariUserService">
+
+ </authentication-provider>
+
+ </authentication-manager>
+
+ <beans:bean id="ambariUserService"
+ class="org.springframework.security.core.userdetails.UserDetailsService"
+ factory-bean="guiceInjector"
+ factory-method="getInstance"
+ lazy-init="true">
+ <beans:constructor-arg type="java.lang.Class" value="org.apache.ambari.server.security.AmbariUserDetailsService"/>
+ </beans:bean>
+
+
+</beans:beans>
\ No newline at end of file
Added: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/webapp/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/webapp/WEB-INF/web.xml?rev=1387826&view=auto
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/webapp/WEB-INF/web.xml (added)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/webapp/WEB-INF/web.xml Thu Sep 20 00:27:02 2012
@@ -0,0 +1,33 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
+
+ <display-name>Ambari-web</display-name>
+
+ <filter>
+ <filter-name>springSecurityFilterChain</filter-name>
+ <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+ </filter>
+
+ <filter-mapping>
+ <filter-name>springSecurityFilterChain</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+</web-app>
\ No newline at end of file
Added: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/webapp/index.html
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/webapp/index.html?rev=1387826&view=auto
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/webapp/index.html (added)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/webapp/index.html Thu Sep 20 00:27:02 2012
@@ -0,0 +1,26 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+ <title>AMBARI TEST PAGE</title>
+</head>
+<body>
+<h1>AMBARI TEST PAGE</h1>
+</body>
+</html>
\ No newline at end of file