http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java index 7ce97ce..922cadb 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java @@ -27,7 +27,6 @@ import org.apache.ambari.server.state.Host; import org.apache.ambari.server.state.SecurityState; import org.apache.ambari.server.state.ServiceComponentHost; import org.apache.commons.io.FileUtils; -import org.joda.time.DateTime; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -94,7 +93,7 @@ public class FinalizeKerberosServerAction extends KerberosServerAction { sch.setSecurityState(sch.getDesiredSecurityState()); ChangeSecurityStateKerberosAuditEvent auditEvent = ChangeSecurityStateKerberosAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withService(sch.getServiceName()) .withComponent(sch.getServiceComponentName()) .withHostName(sch.getHostName())
http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java index 6ff6069..90d9414 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java @@ -19,7 +19,6 @@ package org.apache.ambari.server.serveraction.kerberos; import com.google.inject.Inject; - import org.apache.ambari.server.AmbariException; import org.apache.ambari.server.actionmanager.HostRoleStatus; import org.apache.ambari.server.agent.CommandReport; http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/utils/RequestUtils.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/utils/RequestUtils.java b/ambari-server/src/main/java/org/apache/ambari/server/utils/RequestUtils.java index 7b90b80..0ac782f 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/utils/RequestUtils.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/utils/RequestUtils.java @@ -23,12 +23,22 @@ import java.util.Set; import javax.servlet.http.HttpServletRequest; import org.apache.ambari.server.api.services.Request; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; +/** + * The purpose of this helper is to get remote address from an HTTP request + */ public class RequestUtils { private static Set<String> headersToCheck= ImmutableSet.copyOf(Arrays.asList( "X-Forwarded-For", "Proxy-Client-IP", "WL-Proxy-Client-IP", "HTTP_CLIENT_IP", "HTTP_X_FORWARDED_FOR")); + /** + * Returns remote address + * @param request contains the details of http request + * @return + */ public static String getRemoteAddress(HttpServletRequest request) { String ip = null; for (String header : headersToCheck) { @@ -43,8 +53,36 @@ public class RequestUtils { return ip; } + /** + * Returns remote address by using {@link HttpServletRequest} from {@link RequestContextHolder} + * @return + */ + public static String getRemoteAddress() { + + if(hasValidRequest()) { + return getRemoteAddress(((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest()); + } + + return null; + } + + /** + * Checks whether ip address is null, empty or unknown + * @param ip + * @return + */ private static boolean isRemoteAddressUnknown(String ip) { return ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip); } + /** + * Checks if RequestContextHolder contains a valid HTTP request + * @return + */ + private static boolean hasValidRequest() { + return RequestContextHolder.getRequestAttributes() != null && + RequestContextHolder.getRequestAttributes() instanceof ServletRequestAttributes && + ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest() != null; + } + } http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml b/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml index b4fb1a7..842023d 100644 --- a/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml +++ b/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml @@ -50,5 +50,6 @@ <beans:bean id="ambariAuthenticationFilter" class="org.apache.ambari.server.security.authentication.AmbariAuthenticationFilter"> <beans:constructor-arg ref="authenticationManager"/> <beans:constructor-arg ref="auditLogger"/> + <beans:constructor-arg ref="permissionHelper"/> </beans:bean> </beans:beans> http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/test/java/org/apache/ambari/server/api/services/BaseServiceTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/api/services/BaseServiceTest.java b/ambari-server/src/test/java/org/apache/ambari/server/api/services/BaseServiceTest.java index ea4e5e3..26eb705 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/api/services/BaseServiceTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/api/services/BaseServiceTest.java @@ -25,8 +25,13 @@ import org.apache.ambari.server.api.services.serializers.ResultSerializer; import org.apache.ambari.server.audit.request.RequestAuditLogger; import org.easymock.Capture; import org.easymock.EasyMock; +import org.easymock.EasyMockRunner; +import org.easymock.Mock; +import org.easymock.MockType; +import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; +import org.junit.runner.RunWith; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.Response; @@ -48,6 +53,7 @@ import static org.junit.Assert.assertEquals; /** * Base class for service unit tests. */ +@RunWith(EasyMockRunner.class) public abstract class BaseServiceTest { protected ResourceInstance resourceInstance = createNiceMock(ResourceInstance.class); @@ -91,9 +97,12 @@ public abstract class BaseServiceTest { return serializer; } - @BeforeClass - public static void beforeClass() throws Exception { - BaseService.init(EasyMock.createNiceMock(RequestAuditLogger.class)); + @Mock(type = MockType.NICE) + public RequestAuditLogger requestAuditLogger; + + @Before + public void before() throws Exception { + BaseService.init(requestAuditLogger); } @Test http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/test/java/org/apache/ambari/server/audit/AccessUnauthorizedAuditEventTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/audit/AccessUnauthorizedAuditEventTest.java b/ambari-server/src/test/java/org/apache/ambari/server/audit/AccessUnauthorizedAuditEventTest.java index 94de686..70e4b64 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/audit/AccessUnauthorizedAuditEventTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/audit/AccessUnauthorizedAuditEventTest.java @@ -18,7 +18,6 @@ package org.apache.ambari.server.audit; import org.apache.ambari.server.audit.event.AccessUnauthorizedAuditEvent; -import org.joda.time.DateTime; import org.junit.Test; import nl.jqno.equalsverifier.EqualsVerifier; @@ -37,7 +36,7 @@ public class AccessUnauthorizedAuditEventTest { String testResourcePath = "/api/v1/hosts"; AccessUnauthorizedAuditEvent evnt = AccessUnauthorizedAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRemoteIp(testRemoteIp) .withUserName(testUserName) .withHttpMethodName(testHttpMethod) @@ -57,13 +56,13 @@ public class AccessUnauthorizedAuditEventTest { @Test public void testTimestamp() throws Exception { // Given - DateTime testTimestamp = DateTime.now(); + long testTimestamp = System.currentTimeMillis(); AccessUnauthorizedAuditEvent evnt = AccessUnauthorizedAuditEvent.builder() .withTimestamp(testTimestamp) .build(); // When - DateTime actualTimestamp = evnt.getTimestamp(); + long actualTimestamp = evnt.getTimestamp(); // Then assertThat(actualTimestamp, equalTo(testTimestamp)); http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/test/java/org/apache/ambari/server/audit/BufferedAuditLoggerTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/audit/BufferedAuditLoggerTest.java b/ambari-server/src/test/java/org/apache/ambari/server/audit/BufferedAuditLoggerTest.java index 1914ca9..445c339 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/audit/BufferedAuditLoggerTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/audit/BufferedAuditLoggerTest.java @@ -29,7 +29,6 @@ import org.easymock.EasyMock; import org.easymock.EasyMockRule; import org.easymock.Mock; import org.easymock.MockType; -import org.joda.time.DateTime; import org.junit.Before; import org.junit.Rule; import org.junit.Test; @@ -136,7 +135,7 @@ public class BufferedAuditLoggerTest { final AuditEvent event = OperationStatusAuditEvent.builder() .withStatus("IN PROGRESS") - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestId(reqId.toString()) .build(); http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginAuditEventTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginAuditEventTest.java b/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginAuditEventTest.java index 7536f3b..a146176 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginAuditEventTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginAuditEventTest.java @@ -25,7 +25,6 @@ import java.util.List; import java.util.Map; import org.apache.ambari.server.audit.event.LoginAuditEvent; -import org.joda.time.DateTime; import org.junit.Test; import nl.jqno.equalsverifier.EqualsVerifier; @@ -45,7 +44,7 @@ public class LoginAuditEventTest { roles.put("a", Arrays.asList("r1", "r2", "r3")); LoginAuditEvent evnt = LoginAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRemoteIp(testRemoteIp) .withUserName(testUserName) .withRoles(roles) @@ -75,7 +74,7 @@ public class LoginAuditEventTest { roles.put("a", Arrays.asList("r1", "r2", "r3")); LoginAuditEvent evnt = LoginAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRemoteIp(testRemoteIp) .withUserName(testUserName) .withRoles(roles) @@ -98,13 +97,13 @@ public class LoginAuditEventTest { @Test public void testTimestamp() throws Exception { // Given - DateTime testTimestamp = DateTime.now(); + long testTimestamp = System.currentTimeMillis(); LoginAuditEvent evnt = LoginAuditEvent.builder() .withTimestamp(testTimestamp) .build(); // When - DateTime actualTimestamp = evnt.getTimestamp(); + long actualTimestamp = evnt.getTimestamp(); // Then assertThat(actualTimestamp, equalTo(testTimestamp)); http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/test/java/org/apache/ambari/server/audit/LogoutAuditEventTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/audit/LogoutAuditEventTest.java b/ambari-server/src/test/java/org/apache/ambari/server/audit/LogoutAuditEventTest.java index ad4c8bc..7fb6fef 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/audit/LogoutAuditEventTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/audit/LogoutAuditEventTest.java @@ -20,7 +20,6 @@ package org.apache.ambari.server.audit; import nl.jqno.equalsverifier.EqualsVerifier; import org.apache.ambari.server.audit.event.LogoutAuditEvent; -import org.joda.time.DateTime; import org.junit.Test; import static org.hamcrest.core.IsEqual.equalTo; @@ -35,7 +34,7 @@ public class LogoutAuditEventTest { String testRemoteIp = "127.0.0.1"; LogoutAuditEvent evnt = LogoutAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRemoteIp(testRemoteIp) .withUserName(testUserName) .build(); @@ -54,13 +53,13 @@ public class LogoutAuditEventTest { @Test public void testTimestamp() throws Exception { // Given - DateTime testTimestamp = DateTime.now(); + long testTimestamp = System.currentTimeMillis(); LogoutAuditEvent evnt = LogoutAuditEvent.builder() .withTimestamp(testTimestamp) .build(); // When - DateTime actualTimestamp = evnt.getTimestamp(); + long actualTimestamp = evnt.getTimestamp(); // Then assertThat(actualTimestamp, equalTo(testTimestamp)); http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/test/java/org/apache/ambari/server/audit/OperationStatusAuditEventTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/audit/OperationStatusAuditEventTest.java b/ambari-server/src/test/java/org/apache/ambari/server/audit/OperationStatusAuditEventTest.java index 084fcab..0d2e710 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/audit/OperationStatusAuditEventTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/audit/OperationStatusAuditEventTest.java @@ -19,7 +19,6 @@ package org.apache.ambari.server.audit; import org.apache.ambari.server.audit.event.OperationStatusAuditEvent; -import org.joda.time.DateTime; import org.junit.Test; import nl.jqno.equalsverifier.EqualsVerifier; @@ -36,7 +35,7 @@ public class OperationStatusAuditEventTest { String testStatus = "IN PROGRESS"; OperationStatusAuditEvent evnt = OperationStatusAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestId(testRequestId.toString()) .withStatus(testStatus) .withRequestContext("Start Service") @@ -54,13 +53,13 @@ public class OperationStatusAuditEventTest { @Test public void testTimestamp() throws Exception { // Given - DateTime testTimestamp = DateTime.now(); + long testTimestamp = System.currentTimeMillis(); OperationStatusAuditEvent evnt = OperationStatusAuditEvent.builder() .withTimestamp(testTimestamp) .build(); // When - DateTime actualTimestamp = evnt.getTimestamp(); + long actualTimestamp = evnt.getTimestamp(); // Then assertThat(actualTimestamp, equalTo(testTimestamp)); http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/test/java/org/apache/ambari/server/audit/StartOperationRequestAuditEventTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/audit/StartOperationRequestAuditEventTest.java b/ambari-server/src/test/java/org/apache/ambari/server/audit/StartOperationRequestAuditEventTest.java index 9d33f5d..a2097d5 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/audit/StartOperationRequestAuditEventTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/audit/StartOperationRequestAuditEventTest.java @@ -19,7 +19,6 @@ package org.apache.ambari.server.audit; import org.apache.ambari.server.audit.event.LoginAuditEvent; import org.apache.ambari.server.audit.event.request.StartOperationRequestAuditEvent; -import org.joda.time.DateTime; import org.junit.Test; import nl.jqno.equalsverifier.EqualsVerifier; @@ -38,7 +37,7 @@ public class StartOperationRequestAuditEventTest { Long testRequestId = 100L; StartOperationRequestAuditEvent evnt = StartOperationRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRemoteIp(testRemoteIp) .withUserName(testUserName) .withOperation(testRequestDetails) @@ -58,13 +57,13 @@ public class StartOperationRequestAuditEventTest { @Test public void testTimestamp() throws Exception { // Given - DateTime testTimestamp = DateTime.now(); + long testTimestamp = System.currentTimeMillis(); StartOperationRequestAuditEvent evnt = StartOperationRequestAuditEvent.builder() .withTimestamp(testTimestamp) .build(); // When - DateTime actualTimestamp = evnt.getTimestamp(); + long actualTimestamp = evnt.getTimestamp(); // Then assertThat(actualTimestamp, equalTo(testTimestamp)); http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/test/java/org/apache/ambari/server/audit/request/AbstractBaseCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/audit/request/AbstractBaseCreator.java b/ambari-server/src/test/java/org/apache/ambari/server/audit/request/AbstractBaseCreator.java index b1fe72a..02ecb00 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/audit/request/AbstractBaseCreator.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/audit/request/AbstractBaseCreator.java @@ -21,7 +21,6 @@ package org.apache.ambari.server.audit.request; import org.apache.ambari.server.api.services.Request; import org.apache.ambari.server.api.services.Result; import org.apache.ambari.server.audit.event.AuditEvent; -import org.joda.time.DateTime; public abstract class AbstractBaseCreator implements RequestAuditEventCreator { @@ -33,8 +32,8 @@ public abstract class AbstractBaseCreator implements RequestAuditEventCreator { public AuditEvent createAuditEvent(final Request request, final Result result) { return new AuditEvent() { @Override - public DateTime getTimestamp() { - return DateTime.now(); + public Long getTimestamp() { + return System.currentTimeMillis(); } @Override http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationFilterTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationFilterTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationFilterTest.java index a415b4c..b4a5b8c 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationFilterTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationFilterTest.java @@ -30,6 +30,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.ambari.server.audit.event.AuditEvent; import org.apache.ambari.server.audit.AuditLogger; import org.apache.ambari.server.security.authorization.AuthorizationHelper; +import org.apache.ambari.server.security.authorization.PermissionHelper; import org.junit.runner.RunWith; import org.powermock.api.easymock.PowerMock; import org.powermock.core.classloader.annotations.PrepareForTest; @@ -55,10 +56,13 @@ public class AmbariAuthenticationFilterTest { private AuditLogger mockedAuditLogger; + private PermissionHelper permissionHelper; + @Before public void setUp() { mockedAuditLogger = createMock(AuditLogger.class); - underTest = new AmbariAuthenticationFilter(null, mockedAuditLogger); + permissionHelper = createMock(PermissionHelper.class); + underTest = new AmbariAuthenticationFilter(null, mockedAuditLogger, permissionHelper); } @Test @@ -90,7 +94,7 @@ public class AmbariAuthenticationFilterTest { Map<String, List<String>> roles = new HashMap<>(); roles.put("a", Arrays.asList("r1", "r2", "r3")); - expect(AuthorizationHelper.getPermissionLabels(authentication)) + expect(permissionHelper.getPermissionLabels(authentication)) .andReturn(roles); expect(AuthorizationHelper.getAuthorizationNames(authentication)) .andReturn(Arrays.asList("perm1", "perm2")); @@ -98,7 +102,7 @@ public class AmbariAuthenticationFilterTest { expect(authentication.getName()).andReturn("admin"); mockedAuditLogger.log(anyObject(AuditEvent.class)); expectLastCall().times(1); - replay(mockedAuditLogger, request, authentication); + replay(mockedAuditLogger, request, authentication, permissionHelper); PowerMock.replayAll(); // WHEN underTest.onSuccessfulAuthentication(request, response, authentication); http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java index 9678d8d..3dd6b0a 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java @@ -25,6 +25,8 @@ import com.google.inject.AbstractModule; import com.google.inject.Guice; import com.google.inject.Injector; import junit.framework.Assert; + +import org.apache.ambari.server.audit.AuditLogger; import org.apache.ambari.server.configuration.Configuration; import org.apache.ambari.server.orm.DBAccessor; import org.apache.ambari.server.orm.dao.UserDAO;
