http://git-wip-us.apache.org/repos/asf/ambari/blob/39c85bb8/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/model/User.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/model/User.java b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/model/User.java new file mode 100644 index 0000000..2bd0ed2 --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/model/User.java @@ -0,0 +1,167 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.ambari.logsearch.web.model; + +import java.util.Collection; +import java.util.List; + +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.userdetails.UserDetails; + +public class User implements UserDetails { + private static final long serialVersionUID = 1L; + + private String username; + private String password; + private String email; + private String firstName; + private String lastName; + + /* Spring Security fields*/ + private List<GrantedAuthority> authorities; + private boolean accountNonExpired = true; + private boolean accountNonLocked = true; + private boolean credentialsNonExpired = true; + private boolean enabled = true; + + public User(String userName2, String userPassword, List<GrantedAuthority> grantedAuths) { + this.username = userName2; + this.password = userPassword; + this.authorities = grantedAuths; + + } + + public User() { + // TODO Auto-generated constructor stub + } + + @Override + public String getUsername() { + return username; + } + + public void setUsername(String username) { + this.username = username; + } + + @Override + public String getPassword() { + return password; + } + + public void setPassword(String password) { + this.password = password; + } + + public String getFirstName() { + return firstName; + } + + public void setFirstName(String firstName) { + this.firstName = firstName; + } + + public String getLastName() { + return lastName; + } + + public void setLastName(String lastName) { + this.lastName = lastName; + } + + public String getEmail() { + return email; + } + + public void setEmail(String email) { + this.email = email; + } + + @Override + public Collection<? extends GrantedAuthority> getAuthorities() { + return this.authorities; + } + + public void setAuthorities(List<GrantedAuthority> authorities) { + this.authorities = authorities; + } + + + @Override + public boolean isAccountNonExpired() { + return this.accountNonExpired; + } + + public void setAccountNonExpired(boolean accountNonExpired) { + this.accountNonExpired = accountNonExpired; + } + + @Override + public boolean isAccountNonLocked() { + return this.accountNonLocked; + } + + public void setAccountNonLocked(boolean accountNonLocked) { + this.accountNonLocked = accountNonLocked; + } + + @Override + public boolean isCredentialsNonExpired() { + return this.credentialsNonExpired; + } + + public void setCredentialsNonExpired(boolean credentialsNonExpired) { + this.credentialsNonExpired = credentialsNonExpired; + } + + @Override + public boolean isEnabled() { + return this.enabled; + } + + public void setEnabled(boolean enabled) { + this.enabled = enabled; + } + + @Override + public String toString() { + StringBuilder builder = new StringBuilder(); + builder.append("User [username="); + builder.append(username); + builder.append(", email="); + builder.append(email); + builder.append(", firstName="); + builder.append(firstName); + builder.append(", lastName="); + builder.append(lastName); + builder.append(", authorities="); + builder.append(authorities); + builder.append(", accountNonExpired="); + builder.append(accountNonExpired); + builder.append(", accountNonLocked="); + builder.append(accountNonLocked); + builder.append(", credentialsNonExpired="); + builder.append(credentialsNonExpired); + builder.append(", enabled="); + builder.append(enabled); + builder.append("]"); + return builder.toString(); + } + +}
http://git-wip-us.apache.org/repos/asf/ambari/blob/39c85bb8/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LdapProperties.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LdapProperties.java b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LdapProperties.java new file mode 100644 index 0000000..2a1b4ee --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LdapProperties.java @@ -0,0 +1,365 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.ambari.logsearch.web.security; + +import org.apache.commons.lang.StringUtils; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +/** + * Describes LDAP Server connection parameters + */ +public class LdapProperties { + private String primaryUrl; + private String secondaryUrl; + private boolean useSsl; + private boolean anonymousBind; + private String managerDn; + private String managerPassword; + private String baseDN; + private String dnAttribute; + private String referralMethod; + + // LDAP group properties + private String groupBase; + private String groupObjectClass; + private String groupMembershipAttr; + private String groupNamingAttr; + private String adminGroupMappingRules; + private boolean groupMappingEnabled; + + // LDAP user properties + private String userBase; + private String userObjectClass; + private String usernameAttribute; + private String userSearchBase = ""; + + private String groupSearchFilter; + private static final String userSearchFilter = "({attribute}={0})"; + + public List<String> getLdapUrls() { + String protocol = useSsl ? "ldaps://" : "ldap://";; + + if (StringUtils.isEmpty(primaryUrl) || primaryUrl.equalsIgnoreCase("none")) { + return Collections.emptyList(); + } else { + List<String> list = new ArrayList<String>(); + list.add(protocol + primaryUrl); + if (!StringUtils.isEmpty(secondaryUrl)) { + list.add(protocol + secondaryUrl); + } + return list; + } + } + + public String getPrimaryUrl() { + return primaryUrl; + } + + public void setPrimaryUrl(String primaryUrl) { + this.primaryUrl = primaryUrl; + } + + public String getSecondaryUrl() { + return secondaryUrl; + } + + public void setSecondaryUrl(String secondaryUrl) { + this.secondaryUrl = secondaryUrl; + } + + public boolean isUseSsl() { + return useSsl; + } + + public void setUseSsl(boolean useSsl) { + this.useSsl = useSsl; + } + + public boolean isAnonymousBind() { + return anonymousBind; + } + + public void setAnonymousBind(boolean anonymousBind) { + this.anonymousBind = anonymousBind; + } + + public String getManagerDn() { + return managerDn; + } + + public void setManagerDn(String managerDn) { + this.managerDn = managerDn; + } + + public String getManagerPassword() { + return managerPassword; + } + + public void setManagerPassword(String managerPassword) { + this.managerPassword = managerPassword; + } + + public String getBaseDN() { + return baseDN; + } + + public void setBaseDN(String baseDN) { + this.baseDN = baseDN; + } + + public String getUserSearchBase() { + return userSearchBase; + } + + public void setUserSearchBase(String userSearchBase) { + this.userSearchBase = userSearchBase; + } + + public String getUserSearchFilter() { + return userSearchFilter.replace("{attribute}", usernameAttribute); + } + + public String getUsernameAttribute() { + return usernameAttribute; + } + + public void setUsernameAttribute(String usernameAttribute) { + this.usernameAttribute = usernameAttribute; + } + + public String getGroupBase() { + return groupBase; + } + + public void setGroupBase(String groupBase) { + this.groupBase = groupBase; + } + + public String getGroupObjectClass() { + return groupObjectClass; + } + + public void setGroupObjectClass(String groupObjectClass) { + this.groupObjectClass = groupObjectClass; + } + + public String getGroupMembershipAttr() { + return groupMembershipAttr; + } + + public void setGroupMembershipAttr(String groupMembershipAttr) { + this.groupMembershipAttr = groupMembershipAttr; + } + + public String getGroupNamingAttr() { + return groupNamingAttr; + } + + public void setGroupNamingAttr(String groupNamingAttr) { + this.groupNamingAttr = groupNamingAttr; + } + + public String getAdminGroupMappingRules() { + return adminGroupMappingRules; + } + + public void setAdminGroupMappingRules(String adminGroupMappingRules) { + this.adminGroupMappingRules = adminGroupMappingRules; + } + + public String getGroupSearchFilter() { + return groupSearchFilter; + } + + public void setGroupSearchFilter(String groupSearchFilter) { + this.groupSearchFilter = groupSearchFilter; + } + + public boolean isGroupMappingEnabled() { + return groupMappingEnabled; + } + + public void setGroupMappingEnabled(boolean groupMappingEnabled) { + this.groupMappingEnabled = groupMappingEnabled; + } + + public void setUserBase(String userBase) { + this.userBase = userBase; + } + + public void setUserObjectClass(String userObjectClass) { + this.userObjectClass = userObjectClass; + } + + public String getUserBase() { + return userBase; + } + + public String getUserObjectClass() { + return userObjectClass; + } + + public String getDnAttribute() { + return dnAttribute; + } + + public void setDnAttribute(String dnAttribute) { + this.dnAttribute = dnAttribute; + } + + public void setReferralMethod(String referralMethod) { + this.referralMethod = referralMethod; + } + + public String getReferralMethod() { + return referralMethod; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null || getClass() != obj.getClass()) + return false; + + LdapProperties that = (LdapProperties) obj; + + if (primaryUrl != null ? !primaryUrl.equals(that.primaryUrl) + : that.primaryUrl != null) + return false; + if (secondaryUrl != null ? !secondaryUrl.equals(that.secondaryUrl) + : that.secondaryUrl != null) + return false; + if (useSsl != that.useSsl) + return false; + if (anonymousBind != that.anonymousBind) + return false; + if (managerDn != null ? !managerDn.equals(that.managerDn) + : that.managerDn != null) + return false; + if (managerPassword != null ? !managerPassword + .equals(that.managerPassword) : that.managerPassword != null) + return false; + if (baseDN != null ? !baseDN.equals(that.baseDN) : that.baseDN != null) + return false; + if (userBase != null ? !userBase.equals(that.userBase) + : that.userBase != null) + return false; + if (userObjectClass != null ? !userObjectClass + .equals(that.userObjectClass) : that.userObjectClass != null) + return false; + if (usernameAttribute != null ? !usernameAttribute + .equals(that.usernameAttribute) + : that.usernameAttribute != null) + return false; + if (groupBase != null ? !groupBase.equals(that.groupBase) + : that.groupBase != null) + return false; + if (groupObjectClass != null ? !groupObjectClass + .equals(that.groupObjectClass) : that.groupObjectClass != null) + return false; + if (groupMembershipAttr != null ? !groupMembershipAttr + .equals(that.groupMembershipAttr) + : that.groupMembershipAttr != null) + return false; + if (groupNamingAttr != null ? !groupNamingAttr + .equals(that.groupNamingAttr) : that.groupNamingAttr != null) + return false; + if (adminGroupMappingRules != null ? !adminGroupMappingRules + .equals(that.adminGroupMappingRules) + : that.adminGroupMappingRules != null) + return false; + if (groupSearchFilter != null ? !groupSearchFilter + .equals(that.groupSearchFilter) + : that.groupSearchFilter != null) + return false; + if (dnAttribute != null ? !dnAttribute.equals(that.dnAttribute) + : that.dnAttribute != null) + return false; + if (referralMethod != null ? !referralMethod + .equals(that.referralMethod) : that.referralMethod != null) + return false; + + return true; + } + + @Override + public int hashCode() { + int result = primaryUrl != null ? primaryUrl.hashCode() : 0; + result = 31 * result + + (secondaryUrl != null ? secondaryUrl.hashCode() : 0); + result = 31 * result + (useSsl ? 1 : 0); + result = 31 * result + (anonymousBind ? 1 : 0); + result = 31 * result + (managerDn != null ? managerDn.hashCode() : 0); + result = 31 * result + + (managerPassword != null ? managerPassword.hashCode() : 0); + result = 31 * result + (baseDN != null ? baseDN.hashCode() : 0); + result = 31 * result + (userBase != null ? userBase.hashCode() : 0); + result = 31 * result + + (userObjectClass != null ? userObjectClass.hashCode() : 0); + result = 31 + * result + + (usernameAttribute != null ? usernameAttribute.hashCode() : 0); + result = 31 * result + (groupBase != null ? groupBase.hashCode() : 0); + result = 31 * result + + (groupObjectClass != null ? groupObjectClass.hashCode() : 0); + result = 31 + * result + + (groupMembershipAttr != null ? groupMembershipAttr.hashCode() + : 0); + result = 31 * result + + (groupNamingAttr != null ? groupNamingAttr.hashCode() : 0); + result = 31 + * result + + (adminGroupMappingRules != null ? adminGroupMappingRules + .hashCode() : 0); + result = 31 + * result + + (groupSearchFilter != null ? groupSearchFilter.hashCode() : 0); + result = 31 * result + + (dnAttribute != null ? dnAttribute.hashCode() : 0); + result = 31 * result + + (referralMethod != null ? referralMethod.hashCode() : 0); + return result; + } + + @Override + public String toString() { + return "LdapProperties [primaryUrl=" + primaryUrl + ", secondaryUrl=" + + secondaryUrl + ", useSsl=" + useSsl + ", anonymousBind=" + + anonymousBind + ", managerDn=" + managerDn + + ", managerPassword=" + managerPassword == null ? "null" + : "****" + ", baseDN=" + baseDN + ", dnAttribute=" + + dnAttribute + ", referralMethod=" + referralMethod + + ", groupBase=" + groupBase + ", groupObjectClass=" + + groupObjectClass + ", groupMembershipAttr=" + + groupMembershipAttr + ", groupNamingAttr=" + + groupNamingAttr + ", adminGroupMappingRules=" + + adminGroupMappingRules + ", groupMappingEnabled=" + + groupMappingEnabled + ", userBase=" + userBase + + ", userObjectClass=" + userObjectClass + + ", usernameAttribute=" + usernameAttribute + + ", userSearchBase=" + userSearchBase + + ", groupSearchFilter=" + groupSearchFilter + "]"; + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/39c85bb8/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LdapPropertyName.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LdapPropertyName.java b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LdapPropertyName.java new file mode 100644 index 0000000..370c94b --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LdapPropertyName.java @@ -0,0 +1,58 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.ambari.logsearch.web.security; + +public class LdapPropertyName { + + public static final String LDAP_USE_SSL_KEY = "authentication.ldap.useSSL"; + public static final String LDAP_PRIMARY_URL_KEY = "authentication.ldap.primaryUrl"; + public static final String LDAP_SECONDARY_URL_KEY = "authentication.ldap.secondaryUrl"; + public static final String LDAP_BASE_DN_KEY = "authentication.ldap.baseDn"; + public static final String LDAP_BIND_ANONYMOUSLY_KEY = "authentication.ldap.bindAnonymously"; + public static final String LDAP_MANAGER_DN_KEY = "authentication.ldap.managerDn"; + public static final String LDAP_MANAGER_PASSWORD_KEY = "authentication.ldap.managerPassword"; + public static final String LDAP_DN_ATTRIBUTE_KEY = "authentication.ldap.dnAttribute"; + public static final String LDAP_USERNAME_ATTRIBUTE_KEY = "authentication.ldap.usernameAttribute"; + public static final String LDAP_USER_BASE_KEY = "authentication.ldap.userBase"; + public static final String LDAP_USER_OBJECT_CLASS_KEY = "authentication.ldap.userObjectClass"; + public static final String LDAP_GROUP_BASE_KEY = "authentication.ldap.groupBase"; + public static final String LDAP_GROUP_OBJECT_CLASS_KEY = "authentication.ldap.groupObjectClass"; + public static final String LDAP_GROUP_NAMING_ATTR_KEY = "authentication.ldap.groupNamingAttr"; + public static final String LDAP_GROUP_MEMEBERSHIP_ATTR_KEY = "authentication.ldap.groupMembershipAttr"; + public static final String LDAP_ADMIN_GROUP_MAPPING_RULES_KEY = "authorization.ldap.adminGroupMappingRules"; + public static final String LDAP_GROUP_SEARCH_FILTER_KEY = "authorization.ldap.groupSearchFilter"; + public static final String LDAP_REFERRAL_KEY = "authentication.ldap.referral"; + + // default + public static final String LDAP_BIND_ANONYMOUSLY_DEFAULT = "true"; + public static final String LDAP_PRIMARY_URL_DEFAULT = "localhost:389"; + public static final String LDAP_BASE_DN_DEFAULT = "dc=example,dc=com"; + public static final String LDAP_USERNAME_ATTRIBUTE_DEFAULT = "uid"; + public static final String LDAP_DN_ATTRIBUTE_DEFAULT = "dn"; + public static final String LDAP_USER_BASE_DEFAULT = "ou=people,dc=example,dc=com"; + public static final String LDAP_USER_OBJECT_CLASS_DEFAULT = "person"; + public static final String LDAP_GROUP_BASE_DEFAULT = "ou=groups,dc=example,dc=com"; + public static final String LDAP_GROUP_OBJECT_CLASS_DEFAULT = "group"; + public static final String LDAP_GROUP_NAMING_ATTR_DEFAULT = "cn"; + public static final String LDAP_GROUP_MEMBERSHIP_ATTR_DEFAULT = "member"; + public static final String LDAP_ADMIN_GROUP_MAPPING_RULES_DEFAULT = "Logsearch Administrators"; + public static final String LDAP_GROUP_SEARCH_FILTER_DEFAULT = ""; + public static final String LDAP_REFERRAL_DEFAULT = "ignore"; + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/39c85bb8/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LdapUtil.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LdapUtil.java b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LdapUtil.java new file mode 100644 index 0000000..99940df --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LdapUtil.java @@ -0,0 +1,115 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.ambari.logsearch.web.security; + +import java.io.IOException; +import java.util.Properties; + +import org.apache.ambari.logsearch.util.PropertiesUtil; +import org.apache.ambari.logsearch.util.XMLPropertiesUtil; +import org.apache.log4j.Logger; +import org.springframework.core.io.ClassPathResource; + +public class LdapUtil { + + private static Logger logger = Logger.getLogger(LdapUtil.class); + + /** + * Gets parameters of LDAP server to connect to + * + * @return LdapServerProperties object representing connection parameters + */ + public static LdapProperties getLdapServerProperties(Properties properties) { + LdapProperties ldapServerProperties = new LdapProperties(); + + ldapServerProperties.setPrimaryUrl(properties.getProperty(LdapPropertyName.LDAP_PRIMARY_URL_KEY, + LdapPropertyName.LDAP_PRIMARY_URL_DEFAULT)); + ldapServerProperties.setSecondaryUrl(properties.getProperty(LdapPropertyName.LDAP_SECONDARY_URL_KEY)); + ldapServerProperties.setUseSsl("true".equalsIgnoreCase(properties + .getProperty(LdapPropertyName.LDAP_USE_SSL_KEY))); + ldapServerProperties.setAnonymousBind("true".equalsIgnoreCase(properties.getProperty( + LdapPropertyName.LDAP_BIND_ANONYMOUSLY_KEY, LdapPropertyName.LDAP_BIND_ANONYMOUSLY_DEFAULT))); + ldapServerProperties.setManagerDn(properties.getProperty(LdapPropertyName.LDAP_MANAGER_DN_KEY)); + String ldapPasswordProperty = properties.getProperty(LdapPropertyName.LDAP_MANAGER_PASSWORD_KEY); + // TODO read password from password file + ldapServerProperties.setManagerPassword(ldapPasswordProperty); + ldapServerProperties.setBaseDN(properties.getProperty(LdapPropertyName.LDAP_BASE_DN_KEY, + LdapPropertyName.LDAP_BASE_DN_DEFAULT)); + ldapServerProperties.setUsernameAttribute(properties.getProperty(LdapPropertyName.LDAP_USERNAME_ATTRIBUTE_KEY, + LdapPropertyName.LDAP_USERNAME_ATTRIBUTE_DEFAULT)); + + ldapServerProperties.setUserBase(properties.getProperty(LdapPropertyName.LDAP_USER_BASE_KEY, + LdapPropertyName.LDAP_USER_BASE_DEFAULT)); + ldapServerProperties.setUserObjectClass(properties.getProperty(LdapPropertyName.LDAP_USER_OBJECT_CLASS_KEY, + LdapPropertyName.LDAP_USER_OBJECT_CLASS_DEFAULT)); + ldapServerProperties.setDnAttribute(properties.getProperty(LdapPropertyName.LDAP_DN_ATTRIBUTE_KEY, + LdapPropertyName.LDAP_DN_ATTRIBUTE_DEFAULT)); + + ldapServerProperties.setGroupBase(properties.getProperty(LdapPropertyName.LDAP_GROUP_BASE_KEY, + LdapPropertyName.LDAP_GROUP_BASE_DEFAULT)); + ldapServerProperties.setGroupObjectClass(properties.getProperty(LdapPropertyName.LDAP_GROUP_OBJECT_CLASS_KEY, + LdapPropertyName.LDAP_GROUP_OBJECT_CLASS_DEFAULT)); + ldapServerProperties.setGroupMembershipAttr(properties.getProperty( + LdapPropertyName.LDAP_GROUP_MEMEBERSHIP_ATTR_KEY, LdapPropertyName.LDAP_GROUP_MEMBERSHIP_ATTR_DEFAULT)); + ldapServerProperties.setGroupNamingAttr(properties.getProperty(LdapPropertyName.LDAP_GROUP_NAMING_ATTR_KEY, + LdapPropertyName.LDAP_GROUP_NAMING_ATTR_DEFAULT)); + ldapServerProperties.setAdminGroupMappingRules(properties.getProperty( + LdapPropertyName.LDAP_ADMIN_GROUP_MAPPING_RULES_KEY, + LdapPropertyName.LDAP_ADMIN_GROUP_MAPPING_RULES_DEFAULT)); + ldapServerProperties.setGroupSearchFilter(properties.getProperty(LdapPropertyName.LDAP_GROUP_SEARCH_FILTER_KEY, + LdapPropertyName.LDAP_GROUP_SEARCH_FILTER_DEFAULT)); + ldapServerProperties.setReferralMethod(properties.getProperty(LdapPropertyName.LDAP_REFERRAL_KEY, + LdapPropertyName.LDAP_REFERRAL_DEFAULT)); + + if (properties.containsKey(LdapPropertyName.LDAP_GROUP_BASE_KEY) + || properties.containsKey(LdapPropertyName.LDAP_GROUP_OBJECT_CLASS_KEY) + || properties.containsKey(LdapPropertyName.LDAP_GROUP_MEMEBERSHIP_ATTR_KEY) + || properties.containsKey(LdapPropertyName.LDAP_GROUP_NAMING_ATTR_KEY) + || properties.containsKey(LdapPropertyName.LDAP_ADMIN_GROUP_MAPPING_RULES_KEY) + || properties.containsKey(LdapPropertyName.LDAP_GROUP_SEARCH_FILTER_KEY)) { + ldapServerProperties.setGroupMappingEnabled(true); + } + + return ldapServerProperties; + } + + /** + * @return + */ + public static LdapProperties loadLdapProperties() { + LdapProperties ldapServerProperties = null; + String ldapConfigFileName = PropertiesUtil.getProperty("logsearch.login.ldap.config", "logsearch-admin-site.xml"); + Properties props = null; + ClassPathResource resource = new ClassPathResource(ldapConfigFileName); + if (resource != null) { + try { + props = new Properties(); + new XMLPropertiesUtil().loadFromXml(props, resource.getInputStream()); + ldapServerProperties = getLdapServerProperties(props); + } catch (IOException e) { + logger.error("Ldap configudation file loading failed : " + e.getMessage()); + } + } + if (ldapServerProperties == null) { + logger.error("ldapServerProperties object is not created."); + } + return ldapServerProperties; + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/39c85bb8/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAbstractAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAbstractAuthenticationProvider.java b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAbstractAuthenticationProvider.java new file mode 100644 index 0000000..cc04821 --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAbstractAuthenticationProvider.java @@ -0,0 +1,88 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.ambari.logsearch.web.security; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.ambari.logsearch.util.PropertiesUtil; +import org.springframework.security.authentication.AuthenticationProvider; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; + +public abstract class LogsearchAbstractAuthenticationProvider implements AuthenticationProvider { + + private static String AUTH_METHOD_PROP_START_WITH = "logsearch.auth."; + + protected enum AUTH_METHOD { + LDAP, FILE, SIMPLE + } + + ; + + + @Override + public boolean supports(Class<?> authentication) { + return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication); + } + + /** + * @param authentication + * @return + */ + public Authentication getAuthenticationWithGrantedAuthority(Authentication authentication) { + UsernamePasswordAuthenticationToken result = null; + if (authentication != null && authentication.isAuthenticated()) { + final List<GrantedAuthority> grantedAuths = getAuthorities(authentication.getName().toString()); + final UserDetails userDetails = new User(authentication.getName().toString(), authentication + .getCredentials().toString(), grantedAuths); + result = new UsernamePasswordAuthenticationToken(userDetails, authentication.getCredentials(), grantedAuths); + result.setDetails(authentication.getDetails()); + return result; + } + return authentication; + } + + /** + * @param username + * @return + */ + protected List<GrantedAuthority> getAuthorities(String username) { + final List<GrantedAuthority> grantedAuths = new ArrayList<>(); + grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER")); + return grantedAuths; + } + + public boolean isEnable(AUTH_METHOD method) { + String methodName = method.name().toLowerCase(); + String property = AUTH_METHOD_PROP_START_WITH + methodName + ".enable"; + boolean isEnable = PropertiesUtil.getBooleanProperty(property, false); + return isEnable; + } + + public boolean isEnable() { + //default is disabled + return false; + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/39c85bb8/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAuthenticationProvider.java b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAuthenticationProvider.java new file mode 100644 index 0000000..453db61 --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAuthenticationProvider.java @@ -0,0 +1,141 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.ambari.logsearch.web.security; + +import java.util.HashMap; + +import org.apache.ambari.logsearch.dao.UserDao; +import org.apache.ambari.logsearch.util.JSONUtil; +import org.apache.log4j.Logger; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.web.authentication.WebAuthenticationDetails; +import org.springframework.stereotype.Component; + +@Component +public class LogsearchAuthenticationProvider extends + LogsearchAbstractAuthenticationProvider { + private static final Logger logger = Logger + .getLogger(LogsearchAuthenticationProvider.class); + private static Logger auditLogger = Logger + .getLogger("org.apache.ambari.logsearch.audit"); + + @Autowired + UserDao userDao; + + @Autowired + LogsearchLdapAuthenticationProvider ldapAuthenticationProvider; + + @Autowired + LogsearchFileAuthenticationProvider fileAuthenticationProvider; + + @Autowired + LogsearchSimpleAuthenticationProvider simpleAuthenticationProvider; + + @Autowired + JSONUtil jsonUtil; + + @Autowired + private UserDetailsService userService; + + @Override + public Authentication authenticate(Authentication authentication) + throws AuthenticationException { + logger.info("Authenticating user:" + authentication.getName() + + ", userDetail=" + authentication.toString()); + Authentication inAuthentication = authentication; + AuthenticationException authException = null; + HashMap<String, Object> auditRecord = new HashMap<String, Object>(); + auditRecord.put("user", authentication.getName()); + auditRecord.put("principal", authentication.getPrincipal().toString()); + auditRecord.put("auth_class", authentication.getClass().getName()); + logger.info("authentication.class=" + + authentication.getClass().getName()); + if (inAuthentication instanceof UsernamePasswordAuthenticationToken) { + UsernamePasswordAuthenticationToken authClass = (UsernamePasswordAuthenticationToken) inAuthentication; + Object details = authClass.getDetails(); + if (details instanceof WebAuthenticationDetails) { + WebAuthenticationDetails webAuthentication = (WebAuthenticationDetails) details; + auditRecord.put("remote_ip", + webAuthentication.getRemoteAddress()); + auditRecord.put("session", webAuthentication.getSessionId()); + } + } + boolean isSuccess = false; + try { + for (AUTH_METHOD authMethod : AUTH_METHOD.values()) { + try { + authentication = doAuth(authentication, authMethod); + if (authentication != null + && authentication.isAuthenticated()) { + logger.info("Authenticated using method=" + + authMethod.name() + ", user=" + + authentication.getName()); + auditRecord.put("result", "allowed"); + isSuccess = true; + auditRecord.put("authType", authMethod.name()); + return authentication; + } + } catch (AuthenticationException ex) { + if (authException == null) { + // Let's save the first one + authException = ex; + } + } + } + auditRecord.put("result", "denied"); + logger.warn("Authentication failed for user=" + + inAuthentication.getName() + ", userDetail=" + + inAuthentication.toString()); + if (authException != null) { + auditRecord.put("reason", authException.getMessage()); + throw authException; + } + return authentication; + } finally { + String jsonStr = jsonUtil.mapToJSON(auditRecord); + if (isSuccess) { + auditLogger.info(jsonStr); + } else { + auditLogger.warn(jsonStr); + } + } + } + + /** + * @param authentication + * @param authMethod + * @return + */ + public Authentication doAuth(Authentication authentication, AUTH_METHOD authMethod) { + if (authMethod.equals(AUTH_METHOD.LDAP) && ldapAuthenticationProvider.isEnable()) { + authentication = ldapAuthenticationProvider.authenticate(authentication); + } else if (authMethod.equals(AUTH_METHOD.FILE) && fileAuthenticationProvider.isEnable()) { + authentication = fileAuthenticationProvider.authenticate(authentication); + } else if (authMethod.equals(AUTH_METHOD.SIMPLE) && simpleAuthenticationProvider.isEnable()) { + authentication = simpleAuthenticationProvider.authenticate(authentication); + } else { + logger.error("Invalid authentication method :" + authMethod.name()); + } + return authentication; + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/39c85bb8/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchFileAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchFileAuthenticationProvider.java b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchFileAuthenticationProvider.java new file mode 100644 index 0000000..91cc556 --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchFileAuthenticationProvider.java @@ -0,0 +1,89 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.ambari.logsearch.web.security; + +import java.util.Collection; + +import org.apache.ambari.logsearch.dao.UserDao; +import org.apache.ambari.logsearch.util.StringUtil; +import org.apache.commons.lang.StringEscapeUtils; +import org.apache.log4j.Logger; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.authentication.BadCredentialsException; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.stereotype.Component; + +@Component +public class LogsearchFileAuthenticationProvider extends LogsearchAbstractAuthenticationProvider { + + private static Logger logger = Logger.getLogger(LogsearchFileAuthenticationProvider.class); + + @Autowired + UserDao userDao; + + @Autowired + StringUtil stringUtil; + + @Autowired + private UserDetailsService userDetailsService; + + @Override + public Authentication authenticate(Authentication authentication) throws AuthenticationException { + String username = authentication.getName(); + String password = (String) authentication.getCredentials(); + if (stringUtil.isEmpty(username)) { + throw new BadCredentialsException("Username can't be null or empty."); + } + if (stringUtil.isEmpty(password)) { + throw new BadCredentialsException("Password can't be null or empty."); + } + // html unescape + password = StringEscapeUtils.unescapeHtml(password); + username = StringEscapeUtils.unescapeHtml(username); + + UserDetails user = userDetailsService.loadUserByUsername(username); + if (user == null) { + logger.error("Username not found."); + throw new BadCredentialsException("User not found."); + } + if (password == null || password.isEmpty()) { + logger.error("Password can't be null or empty."); + throw new BadCredentialsException("Password can't be null or empty."); + } + + String encPassword = userDao.encryptPassword(username, password); + if (!encPassword.equals(user.getPassword())) { + logger.error("Wrong password for user=" + username); + throw new BadCredentialsException("Wrong password"); + } + Collection<? extends GrantedAuthority> authorities = user.getAuthorities(); + authentication = new UsernamePasswordAuthenticationToken(username, encPassword, authorities); + return authentication; + } + + @Override + public boolean isEnable() { + return isEnable(AUTH_METHOD.FILE); + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/39c85bb8/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchLdapAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchLdapAuthenticationProvider.java b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchLdapAuthenticationProvider.java new file mode 100644 index 0000000..9d9f7e4 --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchLdapAuthenticationProvider.java @@ -0,0 +1,175 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.ambari.logsearch.web.security; + +import java.util.List; + +import org.apache.log4j.Logger; +import org.springframework.ldap.CommunicationException; +import org.springframework.ldap.core.support.LdapContextSource; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.security.ldap.authentication.LdapAuthenticationProvider; +import org.springframework.security.ldap.search.FilterBasedLdapUserSearch; +import org.springframework.stereotype.Component; + +@Component +public class LogsearchLdapAuthenticationProvider extends + LogsearchAbstractAuthenticationProvider { + + private static Logger logger = Logger + .getLogger(LogsearchLdapAuthenticationProvider.class); + + private static LdapProperties ldapServerProperties = null; + private static LdapAuthenticationProvider ldapAuthProvider = null; + private String logStatement = ""; + + public LogsearchLdapAuthenticationProvider() { + logger.debug("Creating object of ldap auth provider "); + if (this.isEnable()) { + ldapAuthProvider = loadLdapAuthenticationProvider(); + } else { + logger.info("Ldap auth is disabled"); + } + } + + @Override + public Authentication authenticate(Authentication authentication) + throws AuthenticationException { + try { + LdapAuthenticationProvider authProvider = loadLdapAuthenticationProvider(); + if (authProvider != null) { + return authProvider.authenticate(authentication); + } else { + return authentication; + } + } catch (AuthenticationException e) { + logger.info("Got exception during LDAP authentication attempt", e); + // Try to help in troubleshooting + Throwable cause = e.getCause(); + if (cause != null) { + if ((cause != e) + && (cause instanceof org.springframework.ldap.AuthenticationException)) { + logger.warn( + "Looks like LDAP manager credentials (that are used for " + + "connecting to LDAP server) are invalid.", + e); + } + } + } catch (CommunicationException e) { + logger.error(e); + } catch (Exception e) { + logger.error(e, e.getCause()); + } + if (authentication != null && !authentication.isAuthenticated()) { + logger.warn("Ldap authentication failed. username=" + + authentication.getName() + ", details=" + + authentication.getDetails()); + } + return authentication; + } + + /** + * Reloads LDAP Context Source and depending objects if properties were + * changed + * + * @return corresponding LDAP authentication provider + */ + LdapAuthenticationProvider loadLdapAuthenticationProvider() { + if (reloadLdapServerProperties()) { + logger.info("LDAP Properties changed - rebuilding Context"); + LdapContextSource springSecurityContextSource = new LdapContextSource(); + List<String> ldapUrls = ldapServerProperties.getLdapUrls(); + logStatement = "ldapUrls=" + ldapUrls; + if (ldapUrls == null || ldapUrls.size() == 0) { + logger.info("LDAP URL is empty. So won't initialize LDAP provider"); + return null; + } + + springSecurityContextSource.setUrls(ldapUrls + .toArray(new String[ldapUrls.size()])); + springSecurityContextSource.setBase(ldapServerProperties + .getBaseDN()); + logStatement = logStatement + ", baseDN=" + + ldapServerProperties.getBaseDN(); + + if (!ldapServerProperties.isAnonymousBind()) { + springSecurityContextSource.setUserDn(ldapServerProperties + .getManagerDn()); + logStatement = logStatement + ", managerDN=" + + ldapServerProperties.getManagerDn(); + springSecurityContextSource.setPassword(ldapServerProperties + .getManagerPassword()); + } + + try { + springSecurityContextSource.afterPropertiesSet(); + } catch (Exception e) { + logger.error("LDAP Context Source not loaded ", e); + throw new UsernameNotFoundException( + "LDAP Context Source not loaded. ldapDetails=" + + logStatement, e); + } + + String userSearchBase = ldapServerProperties.getUserSearchBase(); + logStatement = logStatement + ", userSearchBase=" + userSearchBase; + String userSearchFilter = ldapServerProperties + .getUserSearchFilter(); + logStatement = logStatement + ", userSearchFilter=" + + userSearchFilter; + + logger.info("LDAP properties=" + logStatement); + FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch( + userSearchBase, userSearchFilter, + springSecurityContextSource); + + LogsearchLdapBindAuthenticator bindAuthenticator = new LogsearchLdapBindAuthenticator( + springSecurityContextSource, ldapServerProperties); + bindAuthenticator.setUserSearch(userSearch); + + LdapAuthenticationProvider authenticationProvider = new LdapAuthenticationProvider( + bindAuthenticator); + ldapAuthProvider = authenticationProvider; + + } + return ldapAuthProvider; + } + + /** + * Reloads LDAP Server properties from configuration + * + * @return true if properties were reloaded + */ + private boolean reloadLdapServerProperties() { + LdapProperties properties = LdapUtil.loadLdapProperties(); + if (!properties.equals(ldapServerProperties)) { + logger.info("Reloading properties"); + ldapServerProperties = properties; + return true; + } + return false; + } + + @Override + public boolean isEnable() { + return isEnable(AUTH_METHOD.LDAP); + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/39c85bb8/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchLdapBindAuthenticator.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchLdapBindAuthenticator.java b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchLdapBindAuthenticator.java new file mode 100644 index 0000000..f9207b1 --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchLdapBindAuthenticator.java @@ -0,0 +1,108 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.ambari.logsearch.web.security; + +import org.apache.log4j.Logger; +import org.springframework.ldap.core.DirContextOperations; +import org.springframework.ldap.core.support.BaseLdapPathContextSource; +import org.springframework.security.core.Authentication; +import org.springframework.security.ldap.authentication.BindAuthenticator; + +public class LogsearchLdapBindAuthenticator extends BindAuthenticator { + private static Logger logger = Logger + .getLogger(LogsearchLdapBindAuthenticator.class); + + LdapProperties ldapServerProperties; + + public LogsearchLdapBindAuthenticator( + BaseLdapPathContextSource contextSource, + LdapProperties ldapServerProperties) { + super(contextSource); + this.ldapServerProperties = ldapServerProperties; + logger.info("LDAP properties=" + ldapServerProperties); + } + + @Override + public DirContextOperations authenticate(Authentication authentication) { + + DirContextOperations user = super.authenticate(authentication); + + return setAmbariAdminAttr(user); + } + + /** + * Checks whether user is a member of ambari administrators group in LDAP. + * If yes, sets user's ambari_admin attribute to true + * + * @param user + * @return + */ + private DirContextOperations setAmbariAdminAttr(DirContextOperations user) { + String baseDn = ldapServerProperties.getBaseDN().toLowerCase(); + String groupBase = ldapServerProperties.getGroupBase().toLowerCase(); + String groupObjectClass = ldapServerProperties.getGroupObjectClass(); + String groupMembershipAttr = ldapServerProperties + .getGroupMembershipAttr(); + String adminGroupMappingRules = ldapServerProperties + .getAdminGroupMappingRules(); + final String groupNamingAttribute = ldapServerProperties + .getGroupNamingAttr(); + String groupSearchFilter = ldapServerProperties.getGroupSearchFilter(); + + // If groupBase is set incorrectly or isn't set - search in BaseDn + int indexOfBaseDn = groupBase.indexOf(baseDn); + groupBase = indexOfBaseDn <= 0 ? "" : groupBase.substring(0, + indexOfBaseDn - 1); + + StringBuilder filterBuilder = new StringBuilder(); + + filterBuilder.append("(&("); + filterBuilder.append(groupMembershipAttr); + filterBuilder.append("="); + filterBuilder.append(user.getNameInNamespace());// DN + + if ((groupSearchFilter == null) || groupSearchFilter.equals("")) { + // If groupSearchFilter is not specified, build it from other + // authorization + // group properties + filterBuilder.append(")(objectclass="); + filterBuilder.append(groupObjectClass); + filterBuilder.append(")(|"); + String[] adminGroupMappingRegexs = adminGroupMappingRules + .split(","); + for (String adminGroupMappingRegex : adminGroupMappingRegexs) { + filterBuilder.append("("); + filterBuilder.append(groupNamingAttribute); + filterBuilder.append("="); + filterBuilder.append(adminGroupMappingRegex); + filterBuilder.append(")"); + } + filterBuilder.append(")"); + } else { + filterBuilder.append(")"); + filterBuilder.append(groupSearchFilter); + } + filterBuilder.append(")"); + + logger.info("filter=" + filterBuilder); + // TODO: Filter is not used anywhere + return user; + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/39c85bb8/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchSimpleAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchSimpleAuthenticationProvider.java b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchSimpleAuthenticationProvider.java new file mode 100644 index 0000000..88e41d2 --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchSimpleAuthenticationProvider.java @@ -0,0 +1,71 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.ambari.logsearch.web.security; + +import org.apache.ambari.logsearch.util.StringUtil; +import org.apache.ambari.logsearch.web.model.User; +import org.apache.commons.lang.StringEscapeUtils; +import org.apache.log4j.Logger; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.authentication.BadCredentialsException; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.AuthenticationException; +import org.springframework.stereotype.Component; + +@Component +public class LogsearchSimpleAuthenticationProvider extends LogsearchAbstractAuthenticationProvider { + + private static Logger logger = Logger.getLogger(LogsearchSimpleAuthenticationProvider.class); + + @Autowired + StringUtil stringUtil; + + @Override + public Authentication authenticate(Authentication authentication) throws AuthenticationException { + String username = authentication.getName(); + String password = (String) authentication.getCredentials(); + username = StringEscapeUtils.unescapeHtml(username); + if (stringUtil.isEmpty(username)) { + throw new BadCredentialsException("Username can't be null or empty."); + } + User user = new User(); + user.setUsername(username); + authentication = new UsernamePasswordAuthenticationToken(username, password, getAuthorities(username)); + return authentication; + } + + @Override + public boolean isEnable(AUTH_METHOD method) { + boolean ldapEnabled = super.isEnable(AUTH_METHOD.LDAP); + boolean fileEnabled = super.isEnable(AUTH_METHOD.FILE); + boolean simpleEnabled = super.isEnable(method); + if (!ldapEnabled && !fileEnabled && simpleEnabled) { + // simple is enabled only when rest two are disabled and simple is enable + return true; + } else { + return false; + } + } + + @Override + public boolean isEnable() { + return this.isEnable(AUTH_METHOD.SIMPLE); + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/39c85bb8/ambari-logsearch/ambari-logsearch-portal/src/main/resources/HadoopServiceConfig.json ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/resources/HadoopServiceConfig.json b/ambari-logsearch/ambari-logsearch-portal/src/main/resources/HadoopServiceConfig.json new file mode 100644 index 0000000..829839f --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-portal/src/main/resources/HadoopServiceConfig.json @@ -0,0 +1,407 @@ +{ + "service":{ + "accumulo":{ + "label":"Accumulo", + "components":[ + { + "name":"accumulo_gc" + }, + { + "name":"accumulo_master" + }, + { + "name":"accumulo_monitor" + }, + { + "name":"accumulo_tracer" + }, + { + "name":"accumulo_tserver" + } + + ], + "dependencies":[ + + ] + + }, + "atlas":{ + "label":"Atlas", + "components":[ + { + "name":"atlas_app" + } + + ], + "dependencies":[ + + ] + + }, + "ambari":{ + "label":"Ambari", + "components":[ + { + "name":"ambari_agent" + }, + { + "name":"ambari_server" + } + + ], + "dependencies":[ + + ] + + }, + "ams":{ + "label":"AMS", + "components":[ + { + "name":"ams_hbase_master" + }, + { + "name":"ams_hbase_regionserver" + }, + { + "name":"ams_collector" + } + + ], + "dependencies":[ + + ] + + }, + "falcon":{ + "label":"Falcon", + "components":[ + { + "name":"falcon_app" + } + + ], + "dependencies":[ + + ] + + }, + "hbase":{ + "label":"HBase", + "components":[ + { + "name":"hbase_master" + }, + { + "name":"hbase_regionserver" + } + + ], + "dependencies":[ + { + "service":"hdfs", + "components":[ + "hdfs_namenode" + ] + + } + + ] + + }, + "hdfs":{ + "label":"HDFS", + "components":[ + { + "name":"hdfs_datanode" + }, + { + "name":"hdfs_namenode" + }, + { + "name":"hdfs_journalnode" + }, + { + "name":"hdfs_secondarynamenode" + }, + { + "name":"hdfs_zkfc" + }, + { + "name":"hdfs_audit", + "rowtype":"audit" + } + + ], + "dependencies":[ + + ] + + }, + "hive":{ + "label":"Hive", + "components":[ + { + "name":"hive_hiveserver2" + }, + { + "name":"hive_metastore" + } + + ], + "dependencies":[ + { + "service":"hdfs", + "components":[ + "hdfs_namenode" + ] + + } + + ] + + }, + "kafka":{ + "label":"Kafka", + "components":[ + { + "name":"kafka_controller" + }, + { + "name":"kafka_request" + }, + { + "name":"kafka_logcleaner" + }, + { + "name":"kafka_server" + }, + { + "name":"kafka_statechange" + } + + ], + "dependencies":[ + { + "service":"zookeeper", + "components":[ + "zookeeper" + ] + + } + + ] + + }, + "knox":{ + "label":"Knox", + "components":[ + { + "name":"knox_gateway" + }, + { + "name":"knox_cli" + }, + { + "name":"knox_ldap" + } + + ], + "dependencies":[ + + ] + + }, + "mapred":{ + "label":"MapReduce", + "components":[ + { + "name":"mapred_historyserver" + } + + ], + "dependencies":[ + + ] + + }, + "logsearch":{ + "label":"Logsearch", + "components":[ + { + "name":"logsearch_app" + }, + { + "name":"logsearch_feeder" + }, + { + "name":"logsearch_perf" + } + + ], + "dependencies":[ + + ] + + }, + "ranger":{ + "label":"Ranger", + "components":[ + { + "name":"ranger_admin" + }, + { + "name":"ranger_dbpatch" + }, + { + "name":"ranger_kms" + }, + { + "name":"ranger_usersync" + } + + ], + "dependencies":[ + { + "service":"hdfs", + "required":"optional", + "components":[ + "hdfs_namenode" + ] + + }, + { + "service":"hbase", + "required":"optional", + "components":[ + "hbase_master", + "hbase_regionserver" + ] + + }, + { + "service":"hive", + "required":"optional", + "components":[ + "hive_hiveserver2" + ] + + }, + { + "service":"kafka", + "required":"optional", + "components":[ + "kafka_ranger" + ] + + }, + { + "service":"knox", + "required":"optional", + "components":[ + "knox_gateway" + ] + + }, + { + "service":"storm", + "required":"optional", + "components":[ + "storm_supervisor" + ] + + }, + { + "service":"yarn", + "required":"optional", + "components":[ + "yarn_resourcemanager" + ] + + } + + ] + + }, + "oozie":{ + "label":"Oozie", + "components":[ + { + "name":"oozie_app" + } + + ], + "dependencies":[ + + ] + + }, + "yarn":{ + "label":"YARN", + "components":[ + { + "name":"yarn_nodemanager" + }, + { + "name":"yarn_resourcemanager" + }, + { + "name":"yarn_timelineserver" + }, + { + "name":"yarn_historyserver" + }, + { + "name":"yarn_jobsummary" + } + + ], + "dependencies":[ + + ] + + }, + "storm":{ + "label":"Storm", + "components":[ + { + "name":"storm_drpc" + }, + { + "name":"storm_logviewer" + }, + { + "name":"storm_nimbus" + }, + { + "name":"storm_supervisor" + }, + { + "name":"storm_ui" + }, + { + "name":"storm_worker" + } + + ], + "dependencies":[ + + ] + + }, + "zookeeper":{ + "label":"ZooKeeper", + "components":[ + { + "name":"zookeeper" + } + + ], + "dependencies":[ + + ] + + } + + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/39c85bb8/ambari-logsearch/ambari-logsearch-portal/src/main/resources/default.properties ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/resources/default.properties b/ambari-logsearch/ambari-logsearch-portal/src/main/resources/default.properties new file mode 100644 index 0000000..7ce120e --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-portal/src/main/resources/default.properties @@ -0,0 +1,44 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#Service Logs Field Names +solr.servicelogs.fields=logtime,level,event_count,ip,type,path,file,line_number,host,log_message,method,id + +#Exclude Column List for Service Logs +servicelogs.exclude.columnlist=tags,text,message,seq_num + +#Exclude Column List for Ranger Audits +auditlog.exclude.columnlist=tags,tags_str + +#Value Mapping for Audit Fields +#Example FieldName=ValueOfUI:ValueOfSolr +result=Allowed:1,Denied:0 + +#Column Mapping +#Example CoulumnInSolr:ColumnInUI +#For Service Logs +servicelog.column.mapping=bundle_id:Bundle Id,thread_name:Thread,log_emessage:message + +#For Audit Logs +auditlog.column.mapping=access:Access Type,reqUser:User,enforcer:Access Enfocer,ip:Client IP + +#login method +logsearch.auth.file.enable=true +logsearch.auth.ldap.enable=false +logsearch.auth.simple.enable=false + +#login config +logsearch.login.credentials.file=user_pass.json +logsearch.login.ldap.config=logsearch-admin-site.xml http://git-wip-us.apache.org/repos/asf/ambari/blob/39c85bb8/ambari-logsearch/ambari-logsearch-portal/src/main/resources/log4j.xml ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/resources/log4j.xml b/ambari-logsearch/ambari-logsearch-portal/src/main/resources/log4j.xml new file mode 100644 index 0000000..02207df --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-portal/src/main/resources/log4j.xml @@ -0,0 +1,85 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor + license agreements. See the NOTICE file distributed with this work for additional + information regarding copyright ownership. The ASF licenses this file to + You under the Apache License, Version 2.0 (the "License"); you may not use + this file except in compliance with the License. You may obtain a copy of + the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required + by applicable law or agreed to in writing, software distributed under the + License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS + OF ANY KIND, either express or implied. See the License for the specific + language governing permissions and limitations under the License. --> +<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd"> +<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/";> + <appender name="console" class="org.apache.log4j.ConsoleAppender"> + <param name="Target" value="System.out" /> + <layout class="org.apache.log4j.PatternLayout"> + <param name="ConversionPattern" value="%d [%t] %-5p %C{6} (%F:%L) - %m%n" /> + </layout> + </appender> + + <appender name="rolling_file" class="org.apache.log4j.RollingFileAppender"> + <param name="file" value="logs/logsearch-app.log" /> + <param name="Threshold" value="info" /> + <param name="append" value="true" /> + <param name="maxFileSize" value="10MB" /> + <param name="maxBackupIndex" value="10" /> + <layout class="org.apache.log4j.PatternLayout"> + <param name="ConversionPattern" value="%d [%t] %-5p %C{6} (%F:%L) - %m%n" /> + </layout> + </appender> + + <appender name="audit_rolling_file" class="org.apache.log4j.RollingFileAppender"> + <param name="file" value="logs/logsearch-audit.log" /> + <param name="Threshold" value="info" /> + <param name="append" value="true" /> + <param name="maxFileSize" value="10MB" /> + <param name="maxBackupIndex" value="10" /> + <layout class="org.apache.log4j.PatternLayout"> + <param name="ConversionPattern" value="%d [%t] %-5p %C{6} (%F:%L) - %m%n" /> + </layout> + </appender> + + <appender name="performance_analyzer" class="org.apache.log4j.RollingFileAppender"> + <param name="file" value="logs/logsearch-performance.log" /> + <param name="Threshold" value="info" /> + <param name="append" value="true" /> + <param name="maxFileSize" value="10MB" /> + <param name="maxBackupIndex" value="10" /> + + <layout class="org.apache.log4j.PatternLayout"> + <param name="ConversionPattern" value="%d [%t] %-5p %C{6} (%F:%L) - %m%n" /> + </layout> + </appender> + + <!-- Logs to suppress BEGIN --> + <category name="org.apache.solr.common.cloud.ZkStateReader" additivity="false"> + <priority value="error" /> + <appender-ref ref="console" /> + </category> + <!-- Logs to suppress END --> + + <logger name="org.apache.ambari.logsearch.audit" + additivity="true"> + <priority value="info" /> + <appender-ref ref="audit_rolling_file" /> + </logger> + + <logger name="org.apache.ambari.logsearch.performance" + additivity="false"> + <priority value="info" /> + <appender-ref ref="performance_analyzer" /> + </logger> + + <logger name="org.apache.ambari.logsearch" additivity="false"> + <priority value="info" /> + <!-- <appender-ref ref="console" /> --> + <appender-ref ref="rolling_file" /> + </logger> + + <root> + <level value="warn" /> + <!-- <appender-ref ref="console" /> --> + <appender-ref ref="rolling_file" /> + </root> +</log4j:configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/39c85bb8/ambari-logsearch/ambari-logsearch-portal/src/main/resources/log4j.xml.j2 ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/resources/log4j.xml.j2 b/ambari-logsearch/ambari-logsearch-portal/src/main/resources/log4j.xml.j2 new file mode 100644 index 0000000..3b6eac9 --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-portal/src/main/resources/log4j.xml.j2 @@ -0,0 +1,82 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor + license agreements. See the NOTICE file distributed with this work for additional + information regarding copyright ownership. The ASF licenses this file to + You under the Apache License, Version 2.0 (the "License"); you may not use + this file except in compliance with the License. You may obtain a copy of + the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required + by applicable law or agreed to in writing, software distributed under the + License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS + OF ANY KIND, either express or implied. See the License for the specific + language governing permissions and limitations under the License. --> +<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd"> +<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/";> + <appender name="console" class="org.apache.log4j.ConsoleAppender"> + <param name="Target" value="System.out" /> + <layout class="org.apache.log4j.PatternLayout"> + <param name="ConversionPattern" value="%d [%t] %-5p %C{6} (%F:%L) - %m%n" /> + </layout> + </appender> + + <appender name="rolling_file" class="org.apache.log4j.RollingFileAppender"> + <param name="file" value="{{logsearch_log_dir}}/logsearch.log" /> + <param name="Threshold" value="info" /> + <param name="append" value="true" /> + <param name="maxFileSize" value="10MB" /> + <param name="maxBackupIndex" value="10" /> + <layout class="org.apache.log4j.PatternLayout"> + <param name="ConversionPattern" value="%d [%t] %-5p %C{6} (%F:%L) - %m%n" /> + </layout> + </appender> + + <appender name="audit_rolling_file" class="org.apache.log4j.RollingFileAppender"> + <param name="file" value="{{logsearch_log_dir}}/logsearch-audit.log" /> + <param name="Threshold" value="info" /> + <param name="append" value="true" /> + <param name="maxFileSize" value="10MB" /> + <param name="maxBackupIndex" value="10" /> + <layout class="org.apache.log4j.PatternLayout"> + <param name="ConversionPattern" value="%d [%t] %-5p %C{6} (%F:%L) - %m%n" /> + </layout> + </appender> + + <appender name="performance_analyzer" class="org.apache.log4j.RollingFileAppender"> + <param name="file" value="{{logsearch_log_dir}}/logsearch-performance.log" /> + <param name="Threshold" value="info" /> + <param name="append" value="true" /> + <param name="maxFileSize" value="10MB" /> + <param name="maxBackupIndex" value="10" /> + + <layout class="org.apache.log4j.PatternLayout"> + <param name="ConversionPattern" value="%d [%t] %-5p %C{6} (%F:%L) - %m%n" /> + </layout> + </appender> + + <!-- Logs to suppress BEGIN --> + <category name="org.apache.solr.common.cloud.ZkStateReader" additivity="false"> + <priority value="error" /> + </category> + <!-- Logs to suppress END --> + + <logger name="org.apache.ambari.logsearch.audit" + additivity="true"> + <priority value="info" /> + <appender-ref ref="audit_rolling_file" /> + </logger> + + <logger name="org.apache.ambari.logsearch.performance" + additivity="false"> + <appender-ref ref="performance_analyzer" /> + </logger> + + <logger name="org.apache.ambari.logsearch" additivity="false"> + <!-- <appender-ref ref="console" /> --> + <appender-ref ref="rolling_file" /> + </logger> + + <root> + <level value="info" /> + <!-- <appender-ref ref="console" /> --> + <appender-ref ref="rolling_file" /> + </root> +</log4j:configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/39c85bb8/ambari-logsearch/ambari-logsearch-portal/src/main/resources/logsearch-admin-site.xml ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/resources/logsearch-admin-site.xml b/ambari-logsearch/ambari-logsearch-portal/src/main/resources/logsearch-admin-site.xml new file mode 100644 index 0000000..049172a --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-portal/src/main/resources/logsearch-admin-site.xml @@ -0,0 +1,116 @@ +<!-- Licensed under the Apache License, Version 2.0 (the "License"); you + may not use this file except in compliance with the License. You may obtain + a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless + required by applicable law or agreed to in writing, software distributed + under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES + OR CONDITIONS OF ANY KIND, either express or implied. See the License for + the specific language governing permissions and limitations under the License. + See accompanying LICENSE file. --> + + +<configuration> + <property> + <name>authentication.ldap.primaryUrl</name> + <value></value> + <display-name></display-name> + <description>The hostname and port for the LDAP or AD server. Example: my.ldap.server:389</description> + </property> + <property> + <name>authentication.ldap.useSSL</name> + <value>false</value> + <display-name></display-name> + <description>If true, use SSL when connecting to the LDAP or AD server.</description> + </property> + <property> + <name>authentication.ldap.baseDn</name> + <value>dc=example,dc=com</value> + <display-name></display-name> + <description>The root Distinguished Name to search in the directory for users. Example: ou=people,dc=hadoop,dc=apache,dc=org</description> + </property> + <property> + <name>authentication.ldap.bindAnonymously</name> + <value>false</value> + <display-name></display-name> + <description>If true, bind to the LDAP or AD server anonymously</description> + </property> + <property> + <name>authentication.ldap.managerDn</name> + <value>cn=Manager,dc=example,dc=com</value> + <display-name></display-name> + <description>If Bind anonymous is set to false, the Distinguished Name (âDNâ) for the manager. + Example: uid=hdfs,ou=people,dc=hadoop,dc=apache,dc=org</description> + </property> + <property> + <name>authentication.ldap.managerPassword</name> + <value></value> + <display-name></display-name> + <property-type>PASSWORD</property-type> + <description>If Bind anonymous is set to false, the password for the manager</description> + </property> + <property> + <name>authentication.ldap.dnAttribute</name> + <value>dn</value> + <display-name></display-name> + <description></description> + </property> + <property> + <name>authentication.ldap.usernameAttribute</name> + <value>uid</value> + <display-name></display-name> + <description>The attribute for username. Example: uid</description> + </property> + <property> + <name>authentication.ldap.userBase</name> + <value>ou=people,dc=example,dc=com</value> + <display-name></display-name> + <description></description> + </property> + <property> + <name>authentication.ldap.userObjectClass</name> + <value>person</value> + <display-name></display-name> + <description>The object class that is used for users. Example: organizationalPerson</description> + </property> + <property> + <name>authentication.ldap.groupBase</name> + <value>ou=groups,dc=example,dc=com"</value> + <display-name></display-name> + <description></description> + </property> + <property> + <name>authentication.ldap.groupObjectClass</name> + <value>group</value> + <display-name></display-name> + <description>The object class that is used for groups. Example: groupOfUniqueNames</description> + </property> + <property> + <name>authentication.ldap.groupNamingAttr</name> + <value>cn</value> + <display-name></display-name> + <description>The attribute for group name.</description> + </property> + <property> + <name>authentication.ldap.groupMembershipAttr</name> + <value>member</value> + <display-name></display-name> + <description>The attribute for group membership. Example: uniqueMember</description> + </property> + <property> + <name>authorization.ldap.adminGroupMappingRules</name> + <value>Logsearch Administrators</value> + <display-name></display-name> + <description></description> + </property> + <property> + <name>authorization.ldap.groupSearchFilter</name> + <value></value> + <display-name></display-name> + <description></description> + </property> + <property> + <name>authentication.ldap.referral</name> + <value>ignore</value> + <display-name></display-name> + <description>Determines if LDAP referrals should be followed, or ignored.</description> + </property> +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/39c85bb8/ambari-logsearch/ambari-logsearch-portal/src/main/resources/logsearch.properties ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/resources/logsearch.properties b/ambari-logsearch/ambari-logsearch-portal/src/main/resources/logsearch.properties new file mode 100755 index 0000000..44f3bfd --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-portal/src/main/resources/logsearch.properties @@ -0,0 +1,36 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +solr.url= + +#Solr Core +solr.core.logs=hadoop_logs +#solr.core.logs=ranger_audits +solr.core.history=history +solr.service_logs.split_interval_mins=none +solr.service_logs.shards=1 +solr.service_logs.replication_factor=1 + +#If set, metrics will be sent to Ambari +#metrics.collector.hosts=example.com +metrics.collector.hosts= + +#Audit log solr url +auditlog.solr.url= +#auditlog.solr.core.logs=ranger_audits +auditlog.solr.core.logs=ranger_audits +solr.audit_logs.split_interval_mins=none +solr.audit_logs.shards=1 +solr.audit_logs.replication_factor=1 http://git-wip-us.apache.org/repos/asf/ambari/blob/39c85bb8/ambari-logsearch/ambari-logsearch-portal/src/main/resources/logsearch.properties.j2 ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/resources/logsearch.properties.j2 b/ambari-logsearch/ambari-logsearch-portal/src/main/resources/logsearch.properties.j2 new file mode 100755 index 0000000..ffe9e0c --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-portal/src/main/resources/logsearch.properties.j2 @@ -0,0 +1,33 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +solr.zkhosts={{zookeeper_quorum}}{{logsearch_solr_znode}} +solr.core.logs={{logsearch_collection_service_logs}} + +solr.service_logs.split_interval_mins={{service_logs_collection_splits_interval_mins}} +solr.service_logs.shards={{logsearch_numshards}} +solr.service_logs.replication_factor={{logsearch_repfactor}} + +solr.core.history={{solr_collection_history}} + +#Audit logs +auditlog.solr.zkhosts={{solr_audit_logs_zk_quorum}}{{solr_audit_logs_zk_node}} +auditlog.solr.core.logs={{logsearch_solr_collection_audit_logs}} +auditlog.solr.url={{solr_audit_logs_url}} + +solr.audit_logs.split_interval_mins={{audit_logs_collection_splits_interval_mins}} +solr.audit_logs.shards={{logsearch_numshards}} +solr.audit_logs.replication_factor={{logsearch_repfactor}} + http://git-wip-us.apache.org/repos/asf/ambari/blob/39c85bb8/ambari-logsearch/ambari-logsearch-portal/src/main/resources/user_pass.json ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/resources/user_pass.json b/ambari-logsearch/ambari-logsearch-portal/src/main/resources/user_pass.json new file mode 100644 index 0000000..97a7f45 --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-portal/src/main/resources/user_pass.json @@ -0,0 +1,8 @@ +{ + "users": [{ + "name": "Logsearch Admin", + "username": "admin", + "password": "admin", + "en_password": "" + }] +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/39c85bb8/ambari-logsearch/ambari-logsearch-portal/src/main/scripts/add_config_set.sh ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/scripts/add_config_set.sh b/ambari-logsearch/ambari-logsearch-portal/src/main/scripts/add_config_set.sh new file mode 100755 index 0000000..e9d3106 --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-portal/src/main/scripts/add_config_set.sh @@ -0,0 +1,43 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +if [ $# -ne 4 ]; then + echo "Usage: $0 <solr_home> <zk_host_with_path> <config_name> <config_folder>" + echo "Example: $0 /opt/solr MY_ZKHOST/solr hadoop_logs `dirname $0`/configsets/hadoop_logs" + exit 1 +fi + +curr_dir=`pwd` +cd `dirname $0`; script_dir=`pwd`; cd $curr_dir + + +solr_home=$1 +zk_host=$2 +config_name=$3 +config_folder=$4 + +tmp_folder=/tmp/solr_config_${config_name}_$USER +rm -rf $tmp_folder + +$solr_home/server/scripts/cloud-scripts/zkcli.sh -zkhost $zk_host -cmd downconfig -confdir $tmp_folder -confname $config_name > /dev/null 2>&1 + +if [ -d $tmp_folder ]; then + echo "Config $config_name already existing. Will not add to zookeeper" +else + echo "Adding config to $config_name to $zk_host" + $solr_home/server/scripts/cloud-scripts/zkcli.sh -zkhost $zk_host -cmd upconfig -confdir $config_folder -confname $config_name + echo "Added config to $config_name to $zk_host" +fi http://git-wip-us.apache.org/repos/asf/ambari/blob/39c85bb8/ambari-logsearch/ambari-logsearch-portal/src/main/scripts/create_collections.sh ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/scripts/create_collections.sh b/ambari-logsearch/ambari-logsearch-portal/src/main/scripts/create_collections.sh new file mode 100755 index 0000000..be728aa --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-portal/src/main/scripts/create_collections.sh @@ -0,0 +1,37 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +if [ $# -ne 4 ]; then + echo "Usage: $0 <solr_home> <number of shards> <number of replications> [configset folder]" + exit 1 +fi + +curr_dir=`pwd` +cd `dirname $0`; script_dir=`pwd`; cd $curr_dir + + +solr_home=$1 +shards=$2 +replications=$3 + +configsets_folder=$4 +if [ "$configsets_folder" = "" ]; then + configsets_folder=${script_dir}/solr_configsets +fi + +${solr_home}/bin/solr create -c hadoop_logs -d ${configsets_folder}/hadoop_logs/conf -s ${shards} -rf ${replications} +${solr_home}/bin/solr create -c history -d ${configsets_folder}/history/conf -s 1 -rf ${shards} +${solr_home}/bin/solr create -c audit_logs -d ${configsets_folder}/audit_logs/conf -s ${shards} -rf ${replications}
