http://git-wip-us.apache.org/repos/asf/ambari/blob/f76c87a6/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java index 9cdde8f..35eb255 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java @@ -22,16 +22,15 @@ import java.util.Collection; import java.util.Collections; import java.util.HashMap; import java.util.HashSet; +import java.util.Iterator; import java.util.LinkedList; import java.util.List; import java.util.Map; import java.util.Set; -import javax.inject.Inject; import javax.persistence.EntityManager; import org.apache.ambari.server.AmbariException; -import org.apache.ambari.server.configuration.Configuration; import org.apache.ambari.server.hooks.HookContextFactory; import org.apache.ambari.server.hooks.HookService; import org.apache.ambari.server.orm.dao.GroupDAO; @@ -41,7 +40,7 @@ import org.apache.ambari.server.orm.dao.PrincipalDAO; import org.apache.ambari.server.orm.dao.PrincipalTypeDAO; import org.apache.ambari.server.orm.dao.PrivilegeDAO; import org.apache.ambari.server.orm.dao.ResourceDAO; -import org.apache.ambari.server.orm.dao.ResourceTypeDAO; +import org.apache.ambari.server.orm.dao.UserAuthenticationDAO; import org.apache.ambari.server.orm.dao.UserDAO; import org.apache.ambari.server.orm.entities.GroupEntity; import org.apache.ambari.server.orm.entities.MemberEntity; @@ -50,17 +49,16 @@ import org.apache.ambari.server.orm.entities.PrincipalEntity; import org.apache.ambari.server.orm.entities.PrincipalTypeEntity; import org.apache.ambari.server.orm.entities.PrivilegeEntity; import org.apache.ambari.server.orm.entities.ResourceTypeEntity; +import org.apache.ambari.server.orm.entities.UserAuthenticationEntity; import org.apache.ambari.server.orm.entities.UserEntity; import org.apache.ambari.server.security.ldap.LdapBatchDto; import org.apache.ambari.server.security.ldap.LdapUserGroupMemberDto; import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; -import org.springframework.security.core.context.SecurityContext; -import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.crypto.password.PasswordEncoder; +import com.google.inject.Inject; import com.google.inject.Provider; import com.google.inject.Singleton; import com.google.inject.persist.Transactional; @@ -74,31 +72,37 @@ public class Users { private static final Logger LOG = LoggerFactory.getLogger(Users.class); @Inject - Provider<EntityManager> entityManagerProvider; - @Inject - protected UserDAO userDAO; - @Inject - protected GroupDAO groupDAO; + private Provider<EntityManager> entityManagerProvider; + @Inject - protected MemberDAO memberDAO; + private UserDAO userDAO; + @Inject - protected PrincipalDAO principalDAO; + private UserAuthenticationDAO userAuthenticationDAO; + @Inject - protected PermissionDAO permissionDAO; + private GroupDAO groupDAO; + @Inject - protected PrivilegeDAO privilegeDAO; + private MemberDAO memberDAO; + @Inject - protected ResourceDAO resourceDAO; + private PrincipalDAO principalDAO; + @Inject - protected ResourceTypeDAO resourceTypeDAO; + private PermissionDAO permissionDAO; + @Inject - protected PrincipalTypeDAO principalTypeDAO; + private PrivilegeDAO privilegeDAO; + @Inject - protected PasswordEncoder passwordEncoder; + private ResourceDAO resourceDAO; + @Inject - protected Configuration configuration; + private PrincipalTypeDAO principalTypeDAO; + @Inject - private AmbariLdapAuthenticationProvider ldapAuthenticationProvider; + private PasswordEncoder passwordEncoder; @Inject private Provider<HookService> hookServiceProvider; @@ -117,52 +121,38 @@ public class Users { return users; } - /** - * This method works incorrectly, userName is not unique if users have different types - * - * @return One user. Priority is LOCAL -> LDAP -> JWT -> PAM - */ - @Deprecated - public User getAnyUser(String userName) { - UserEntity userEntity = userDAO.findSingleUserByName(userName); - return (null == userEntity) ? null : new User(userEntity); + public List<UserEntity> getAllUserEntities() { + return userDAO.findAll(); + } + + public UserEntity getUserEntity(String userName) { + return (userName == null) ? null : userDAO.findUserByName(userName); + } + + public UserEntity getUserEntity(Integer userId) { + return (userId == null) ? null : userDAO.findByPK(userId); } - public User getUser(String userName, UserType userType) { - UserEntity userEntity = userDAO.findUserByNameAndType(userName, userType); + public User getUser(UserEntity userEntity) { return (null == userEntity) ? null : new User(userEntity); } public User getUser(Integer userId) { - UserEntity userEntity = userDAO.findByPK(userId); - return (null == userEntity) ? null : new User(userEntity); + return getUser(getUserEntity(userId)); + } + + public User getUser(String userName) { + return getUser(getUserEntity(userName)); } /** - * Retrieves User then userName is unique in users DB. Will return null if there no user with provided userName or - * there are some users with provided userName but with different types. - * - * <p>User names in the future will likely be unique hence the deprecation.</p> + * Modifies password of local user * - * @param userName - * @return User if userName is unique in DB, null otherwise + * @throws AmbariException */ - @Deprecated - public User getUserIfUnique(String userName) { - List<UserEntity> userEntities = new ArrayList<>(); - UserEntity userEntity = userDAO.findUserByNameAndType(userName, UserType.LOCAL); - if (userEntity != null) { - userEntities.add(userEntity); - } - userEntity = userDAO.findUserByNameAndType(userName, UserType.LDAP); - if (userEntity != null) { - userEntities.add(userEntity); - } - userEntity = userDAO.findUserByNameAndType(userName, UserType.JWT); - if (userEntity != null) { - userEntities.add(userEntity); - } - return (userEntities.isEmpty() || userEntities.size() > 1) ? null : new User(userEntities.get(0)); + public synchronized void modifyPassword(String userName, String currentUserPassword, String newPassword) throws AmbariException, AuthorizationException { + UserEntity userEntity = userDAO.findUserByName(userName); + modifyPassword(userEntity, currentUserPassword, newPassword); } /** @@ -170,59 +160,58 @@ public class Users { * * @throws AmbariException */ - public synchronized void modifyPassword(String userName, String currentUserPassword, String newPassword) throws AmbariException { + public synchronized void modifyPassword(UserEntity userEntity, String currentUserPassword, String newPassword) throws AmbariException, AuthorizationException { - SecurityContext securityContext = SecurityContextHolder.getContext(); - String currentUserName = securityContext.getAuthentication().getName(); - if (currentUserName == null) { + String authenticatedUserName = AuthorizationHelper.getAuthenticatedName(); + if (authenticatedUserName == null) { throw new AmbariException("Authentication required. Please sign in."); } - UserEntity currentUserEntity = userDAO.findLocalUserByName(currentUserName); - - //Authenticate LDAP user - boolean isLdapUser = false; - if (currentUserEntity == null) { - currentUserEntity = userDAO.findLdapUserByName(currentUserName); - try { - ldapAuthenticationProvider.authenticate( - new UsernamePasswordAuthenticationToken(currentUserName, currentUserPassword)); - isLdapUser = true; - } catch (InvalidUsernamePasswordCombinationException ex) { - throw new AmbariException(ex.getMessage()); - } - } - - boolean isCurrentUserAdmin = false; - for (PrivilegeEntity privilegeEntity : currentUserEntity.getPrincipal().getPrivileges()) { - if (privilegeEntity.getPermission().getPermissionName().equals(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION_NAME)) { - isCurrentUserAdmin = true; - break; + if (userEntity != null) { + /* ************************************************** + * Ensure that the authenticated user can change the password for the subject user. at least one + * of the following must be true + * * The authenticate user is requesting to change his/her own password + * * The authenticated user has permissions to manage users + * ************************************************** */ + boolean isSelf = userEntity.getUserName().equalsIgnoreCase(authenticatedUserName); + if (!isSelf && !AuthorizationHelper.isAuthorized(ResourceType.AMBARI, null, RoleAuthorization.AMBARI_MANAGE_USERS)) { + throw new AuthorizationException("You are not authorized perform this operation"); } - } - UserEntity userEntity = userDAO.findLocalUserByName(userName); + List<UserAuthenticationEntity> authenticationEntities = userEntity.getAuthenticationEntities(); + UserAuthenticationEntity localAuthenticationEntity = null; - if ((userEntity != null) && (currentUserEntity != null)) { - if (!isCurrentUserAdmin && !userName.equals(currentUserName)) { - throw new AmbariException("You can't change password of another user"); + // Find the authentication entity for the local authentication type - only one should exist, if one exists at all. + for (UserAuthenticationEntity authenticationEntity : authenticationEntities) { + if (authenticationEntity.getAuthenticationType() == UserAuthenticationType.LOCAL) { + localAuthenticationEntity = authenticationEntity; + break; + } } - if ((isLdapUser && isCurrentUserAdmin) || (StringUtils.isNotEmpty(currentUserPassword) && - passwordEncoder.matches(currentUserPassword, currentUserEntity.getUserPassword()))) { - userEntity.setUserPassword(passwordEncoder.encode(newPassword)); - userDAO.merge(userEntity); - } else { + if (localAuthenticationEntity == null) { + // The user account does not have a local authentication record. Therefore there is no local + // password to change... + throw new AmbariException("An Ambari-specific password is not set for this user. The user's password cannot be changed at this time."); + } else if (isSelf && + (StringUtils.isEmpty(currentUserPassword) || !passwordEncoder.matches(currentUserPassword, localAuthenticationEntity.getAuthenticationKey()))) { + // The authenticated user is the same user as subject user and the correct current password + // was not supplied. throw new AmbariException("Wrong current password provided"); } - } else { - userEntity = userDAO.findLdapUserByName(userName); - if (userEntity != null) { - throw new AmbariException("Password of LDAP user cannot be modified"); - } else { - throw new AmbariException("User " + userName + " not found"); + // TODO: validate the new password... + if (StringUtils.isEmpty(newPassword)) { + throw new AmbariException("The new password does not meet the Ambari password requirements"); } + + // If we get here the authenticated user is authorized to change the password for the subject + // user and the correct current password was supplied (if required). + localAuthenticationEntity.setAuthenticationKey(passwordEncoder.encode(newPassword)); + userAuthenticationDAO.merge(localAuthenticationEntity); + } else { + throw new AmbariException("User not found"); } } @@ -230,32 +219,28 @@ public class Users { * Enables/disables user. * * @param userName user name + * @param active true if active; false if not active * @throws AmbariException if user does not exist */ public synchronized void setUserActive(String userName, boolean active) throws AmbariException { UserEntity userEntity = userDAO.findUserByName(userName); if (userEntity != null) { - userEntity.setActive(active); - userDAO.merge(userEntity); + setUserActive(userEntity, active); } else { throw new AmbariException("User " + userName + " doesn't exist"); } } /** - * Converts user to LDAP user. + * Enables/disables user. * - * @param userName user name + * @param userEntity the user + * @param active true if active; false if not active * @throws AmbariException if user does not exist */ - public synchronized void setUserLdap(String userName) throws AmbariException { - UserEntity userEntity = userDAO.findUserByName(userName); - if (userEntity != null) { - userEntity.setLdapUser(true); - userDAO.merge(userEntity); - } else { - throw new AmbariException("User " + userName + " doesn't exist"); - } + public synchronized void setUserActive(UserEntity userEntity, boolean active) throws AmbariException { + userEntity.setActive(active); + userDAO.merge(userEntity); } /** @@ -275,40 +260,45 @@ public class Users { } /** - * Creates new local user with provided userName and password. + * Creates new, active, user with provided userName, local username, and display name. * - * @param userName user name - * @param password password + * @param userName user name + * @param localUserName the local username to use; if <code>null</code> or empty, userName will be used + * @param displayName the name to display for presentation; if <code>null</code> or empty, userName will be used + * @return the new UserEntity * @throws AmbariException if user already exists */ - public void createUser(String userName, String password) throws AmbariException { - createUser(userName, password, UserType.LOCAL, true, false); + public UserEntity createUser(String userName, String localUserName, String displayName) throws AmbariException { + return createUser(userName, localUserName, displayName, true); } /** - * Creates new user with provided userName and password. + * Creates new, user with provided userName, local username, and display name. * - * @param userName user name - * @param password password - * @param userType user type - * @param active is user active - * @param admin is user admin + * @param userName user name + * @param localUserName the local username to use; if <code>null</code> or empty, userName will be used + * @param displayName the name to display for presentation; if <code>null</code> or empty, userName will be used + * @param active is user active + * @return the new UserEntity * @throws AmbariException if user already exists */ - public synchronized void createUser(String userName, String password, UserType userType, Boolean active, Boolean - admin) throws AmbariException { - // if user type is not provided, assume LOCAL since the default - // value of user_type in the users table is LOCAL - if (userType == null) { - throw new AmbariException("UserType not specified."); - } - - User existingUser = getAnyUser(userName); - if (existingUser != null) { - throw new AmbariException("User " + existingUser.getUserName() + " already exists with type " - + existingUser.getUserType()); + @Transactional + public synchronized UserEntity createUser(String userName, String localUserName, String displayName, Boolean active) throws AmbariException { + + String validatedUserName = UserName.fromString(userName).toString(); + String validatedDisplayName = (StringUtils.isEmpty(displayName)) + ? validatedUserName + : UserName.fromString(displayName).toString(); + String validatedLocalUserName = (StringUtils.isEmpty(localUserName)) + ? validatedUserName + : UserName.fromString(localUserName).toString(); + + // Ensure that the user does not already exist + if (userDAO.findUserByName(validatedUserName) != null) { + throw new AmbariException("User already exists"); } + // Create the PrincipalEntity - needed for assigning privileges/roles PrincipalTypeEntity principalTypeEntity = principalTypeDAO.findById(PrincipalTypeEntity.USER_PRINCIPAL_TYPE); if (principalTypeEntity == null) { principalTypeEntity = new PrincipalTypeEntity(); @@ -320,42 +310,62 @@ public class Users { principalEntity.setPrincipalType(principalTypeEntity); principalDAO.create(principalEntity); + // Create the new UserEntity Record UserEntity userEntity = new UserEntity(); - userEntity.setUserName(UserName.fromString(userName)); - if (userType == UserType.LOCAL) { - //passwords should be stored for local users only - userEntity.setUserPassword(passwordEncoder.encode(password)); - } + userEntity.setUserName(validatedUserName); + userEntity.setDisplayName(validatedDisplayName); + userEntity.setLocalUsername(validatedLocalUserName); + userEntity.setPrincipal(principalEntity); if (active != null) { userEntity.setActive(active); } - userEntity.setUserType(userType); - if (userType == UserType.LDAP) { - userEntity.setLdapUser(true); - } - userDAO.create(userEntity); - if (admin != null && admin) { - grantAdminPrivilege(userEntity.getUserId()); - } - // execute user initialization hook if required () - hookServiceProvider.get().execute(hookContextFactory.createUserHookContext(userName)); + hookServiceProvider.get().execute(hookContextFactory.createUserHookContext(validatedUserName)); + + return userEntity; } + + /** + * Removes a user from the Ambari database. + * <p> + * It is expected that the assoicated user authencation records are removed by this operation + * as well. + * + * @param user the user to remove + * @throws AmbariException + */ + @Transactional public synchronized void removeUser(User user) throws AmbariException { UserEntity userEntity = userDAO.findByPK(user.getUserId()); if (userEntity != null) { + removeUser(userEntity); + } else { + throw new AmbariException("User " + user + " doesn't exist"); + } + } + + /** + * Removes a user from the Ambari database. + * <p> + * It is expected that the assoicated user authencation records are removed by this operation + * as well. + * + * @param userEntity the user to remove + * @throws AmbariException + */ + @Transactional + public synchronized void removeUser(UserEntity userEntity) throws AmbariException { + if (userEntity != null) { if (!isUserCanBeRemoved(userEntity)) { throw new AmbariException("Could not remove user " + userEntity.getUserName() + ". System should have at least one administrator."); } userDAO.remove(userEntity); - } else { - throw new AmbariException("User " + user + " doesn't exist"); } } @@ -410,7 +420,7 @@ public class Users { * Creates new group with provided name & type */ @Transactional - public synchronized void createGroup(String groupName, GroupType groupType) { + public synchronized GroupEntity createGroup(String groupName, GroupType groupType) { // create an admin principal to represent this group PrincipalTypeEntity principalTypeEntity = principalTypeDAO.findById(PrincipalTypeEntity.GROUP_PRINCIPAL_TYPE); if (principalTypeEntity == null) { @@ -429,6 +439,7 @@ public class Users { groupEntity.setGroupType(groupType); groupDAO.create(groupEntity); + return groupEntity; } /** @@ -476,30 +487,66 @@ public class Users { } /** - * Grants AMBARI.ADMINISTRATOR privilege to provided user. + * Test the user for Ambari Admistrator privileges. + * + * @param userEntity the user to test + * @return true if the user has Ambari Administrator privileges; otherwise false + */ + public synchronized boolean hasAdminPrivilege(UserEntity userEntity) { + PrincipalEntity principalEntity = userEntity.getPrincipal(); + if (principalEntity != null) { + Set<PrivilegeEntity> roles = principalEntity.getPrivileges(); + if (roles != null) { + PermissionEntity adminPermission = permissionDAO.findAmbariAdminPermission(); + Integer adminPermissionId = (adminPermission == null) ? null : adminPermission.getId(); + + if (adminPermissionId != null) { + for (PrivilegeEntity privilegeEntity : roles) { + PermissionEntity rolePermission = privilegeEntity.getPermission(); + if ((rolePermission != null) && (adminPermissionId.equals(rolePermission.getId()))) { + return true; + } + } + } + } + } + + return false; + } + + /** + * Grants Ambari Administrator privilege to provided user. * * @param userId user id */ public synchronized void grantAdminPrivilege(Integer userId) { - final UserEntity user = userDAO.findByPK(userId); + grantAdminPrivilege(userDAO.findByPK(userId)); + } + + /** + * Grants Ambari Administrator privilege to provided user. + * + * @param userEntity the user + */ + public synchronized void grantAdminPrivilege(UserEntity userEntity) { final PrivilegeEntity adminPrivilege = new PrivilegeEntity(); adminPrivilege.setPermission(permissionDAO.findAmbariAdminPermission()); - adminPrivilege.setPrincipal(user.getPrincipal()); + adminPrivilege.setPrincipal(userEntity.getPrincipal()); adminPrivilege.setResource(resourceDAO.findAmbariResource()); - if (!user.getPrincipal().getPrivileges().contains(adminPrivilege)) { + if (!userEntity.getPrincipal().getPrivileges().contains(adminPrivilege)) { privilegeDAO.create(adminPrivilege); - user.getPrincipal().getPrivileges().add(adminPrivilege); - principalDAO.merge(user.getPrincipal()); //explicit merge for Derby support - userDAO.merge(user); + userEntity.getPrincipal().getPrivileges().add(adminPrivilege); + principalDAO.merge(userEntity.getPrincipal()); //explicit merge for Derby support + userDAO.merge(userEntity); } } /** * Grants privilege to provided group. * - * @param groupId group id - * @param resourceId resource id - * @param resourceType resource type + * @param groupId group id + * @param resourceId resource id + * @param resourceType resource type * @param permissionName permission name */ public synchronized void grantPrivilegeToGroup(Integer groupId, Long resourceId, ResourceType resourceType, String permissionName) { @@ -508,7 +555,7 @@ public class Users { ResourceTypeEntity resourceTypeEntity = new ResourceTypeEntity(); resourceTypeEntity.setId(resourceType.getId()); resourceTypeEntity.setName(resourceType.name()); - privilege.setPermission(permissionDAO.findPermissionByNameAndType(permissionName,resourceTypeEntity)); + privilege.setPermission(permissionDAO.findPermissionByNameAndType(permissionName, resourceTypeEntity)); privilege.setPrincipal(group.getPrincipal()); privilege.setResource(resourceDAO.findById(resourceId)); if (!group.getPrincipal().getPrivileges().contains(privilege)) { @@ -521,17 +568,25 @@ public class Users { } /** - * Revokes AMBARI.ADMINISTRATOR privilege from provided user. + * Revokes Ambari Administrator privileges from provided user. * * @param userId user id */ public synchronized void revokeAdminPrivilege(Integer userId) { - final UserEntity user = userDAO.findByPK(userId); - for (PrivilegeEntity privilege : user.getPrincipal().getPrivileges()) { + revokeAdminPrivilege(userDAO.findByPK(userId)); + } + + /** + * Revokes Ambari Administrator privileges from provided user. + * + * @param userEntity the user + */ + public synchronized void revokeAdminPrivilege(UserEntity userEntity) { + for (PrivilegeEntity privilege : userEntity.getPrincipal().getPrivileges()) { if (privilege.getPermission().getPermissionName().equals(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION_NAME)) { - user.getPrincipal().getPrivileges().remove(privilege); - principalDAO.merge(user.getPrincipal()); //explicit merge for Derby support - userDAO.merge(user); + userEntity.getPrincipal().getPrivileges().remove(privilege); + principalDAO.merge(userEntity.getPrincipal()); //explicit merge for Derby support + userDAO.merge(userEntity); privilegeDAO.remove(privilege); break; } @@ -552,9 +607,22 @@ public class Users { throw new AmbariException("User " + userName + " doesn't exist"); } - if (isUserInGroup(userEntity, groupEntity)) { - throw new AmbariException("User " + userName + " is already present in group " + groupName); - } else { + addMemberToGroup(groupEntity, userEntity); + } + + @Transactional + public synchronized void addMemberToGroup(GroupEntity groupEntity, UserEntity userEntity) + throws AmbariException { + + if (groupEntity == null) { + throw new NullPointerException(); + } + + if (userEntity == null) { + throw new NullPointerException(); + } + + if (!isUserInGroup(userEntity, groupEntity)) { final MemberEntity memberEntity = new MemberEntity(); memberEntity.setGroup(groupEntity); memberEntity.setUser(userEntity); @@ -580,6 +648,13 @@ public class Users { throw new AmbariException("User " + userName + " doesn't exist"); } + removeMemberFromGroup(groupEntity, userEntity); + } + + @Transactional + public synchronized void removeMemberFromGroup(GroupEntity groupEntity, UserEntity userEntity) + throws AmbariException { + if (isUserInGroup(userEntity, groupEntity)) { MemberEntity memberEntity = null; for (MemberEntity entity : userEntity.getMemberEntities()) { @@ -593,10 +668,7 @@ public class Users { userDAO.merge(userEntity); groupDAO.merge(groupEntity); memberDAO.remove(memberEntity); - } else { - throw new AmbariException("User " + userName + " is not present in group " + groupName); } - } /** @@ -632,6 +704,9 @@ public class Users { * * @param batchInfo DTO with batch information */ + // TODO: ************ + // TODO: This is to be revisited for AMBARI-21222 (Update LDAP sync process to work with improved user management facility) + // TODO: ************ public void processLdapSync(LdapBatchDto batchInfo) { final Map<String, UserEntity> allUsers = new HashMap<>(); final Map<String, GroupEntity> allGroups = new HashMap<>(); @@ -646,21 +721,38 @@ public class Users { allGroups.put(groupEntity.getGroupName(), groupEntity); } - final PrincipalTypeEntity userPrincipalType = principalTypeDAO - .ensurePrincipalTypeCreated(PrincipalTypeEntity.USER_PRINCIPAL_TYPE); final PrincipalTypeEntity groupPrincipalType = principalTypeDAO .ensurePrincipalTypeCreated(PrincipalTypeEntity.GROUP_PRINCIPAL_TYPE); - // remove users + /* ***** + * Remove users + * First remove the relevant LDAP entries for this user. + * If no more user authentication items exists for the user, then remove the user. + * ***** */ final Set<UserEntity> usersToRemove = new HashSet<>(); + final Set<UserAuthenticationEntity> authenticationEntitiesToRemove = new HashSet<>(); for (String userName : batchInfo.getUsersToBeRemoved()) { UserEntity userEntity = userDAO.findUserByName(userName); - if (userEntity == null) { - continue; + if (userEntity != null) { + List<UserAuthenticationEntity> authenticationEntities = userEntity.getAuthenticationEntities(); + Iterator<UserAuthenticationEntity> iterator = authenticationEntities.iterator(); + while (iterator.hasNext()) { + UserAuthenticationEntity authenticationEntity = iterator.next(); + + if (authenticationEntity.getAuthenticationType() == UserAuthenticationType.LDAP) { + // TODO: Determine if this is the _relevant_ LDAP authentication entry - for now there will only be one.. + authenticationEntitiesToRemove.add(authenticationEntity); + iterator.remove(); + } + } + + if (authenticationEntities.isEmpty()) { + allUsers.remove(userEntity.getUserName()); + usersToRemove.add(userEntity); + } } - allUsers.remove(userEntity.getUserName()); - usersToRemove.add(userEntity); } + userAuthenticationDAO.remove(authenticationEntitiesToRemove); userDAO.remove(usersToRemove); // remove groups @@ -672,21 +764,46 @@ public class Users { } groupDAO.remove(groupsToRemove); - // update users - final Set<UserEntity> usersToBecomeLdap = new HashSet<>(); + /* ***** + * Update users + * ***** */ + final Set<UserEntity> userEntitiesToUpdate = new HashSet<>(); for (String userName : batchInfo.getUsersToBecomeLdap()) { - UserEntity userEntity = userDAO.findLocalUserByName(userName); - if (userEntity == null) { - userEntity = userDAO.findLdapUserByName(userName); - if (userEntity == null) { - continue; + // Ensure the username is all lowercase + userName = userName.toLowerCase(); + + UserEntity userEntity = userDAO.findUserByName(userName); + if (userEntity != null) { + LOG.trace("Enabling LDAP authentication for the user account with the username {}.", userName); + List<UserAuthenticationEntity> authenticationEntities = userEntity.getAuthenticationEntities(); + boolean createNew = true; + + for (UserAuthenticationEntity authenticationEntity : authenticationEntities) { + if (authenticationEntity.getAuthenticationType() == UserAuthenticationType.LDAP) { + // TODO: check for the relevant LDAP entry... for now there will be only one. + LOG.debug("Found existing LDAP authentication record for the user account with the username {}.", userName); + createNew = false; + break; + } + } + + if (createNew) { + LOG.debug("Creating new LDAP authentication record for the user account with the username {}.", userName); + + UserAuthenticationEntity authenticationEntity = new UserAuthenticationEntity(); + authenticationEntity.setUser(userEntity); + authenticationEntity.setAuthenticationType(UserAuthenticationType.LDAP); + authenticationEntity.setAuthenticationKey("DN to be set"); + authenticationEntities.add(authenticationEntity); + + userEntity.setAuthenticationEntities(authenticationEntities); + userEntitiesToUpdate.add(userEntity); } + } else { + LOG.warn("Failed to find user account for {} while enabling LDAP authentication for the user.", userName); } - userEntity.setLdapUser(true); - allUsers.put(userEntity.getUserName(), userEntity); - usersToBecomeLdap.add(userEntity); } - userDAO.merge(usersToBecomeLdap); + userDAO.merge(userEntitiesToUpdate); // update groups final Set<GroupEntity> groupsToBecomeLdap = new HashSet<>(); @@ -701,21 +818,25 @@ public class Users { // prepare create principals final List<PrincipalEntity> principalsToCreate = new ArrayList<>(); - // prepare create users - final Set<UserEntity> usersToCreate = new HashSet<>(); + // Create users for (String userName : batchInfo.getUsersToBeCreated()) { - final PrincipalEntity principalEntity = new PrincipalEntity(); - principalEntity.setPrincipalType(userPrincipalType); - principalsToCreate.add(principalEntity); + UserEntity userEntity; - final UserEntity userEntity = new UserEntity(); - userEntity.setUserName(UserName.fromString(userName)); - userEntity.setUserPassword(""); - userEntity.setPrincipal(principalEntity); - userEntity.setLdapUser(true); + try { + userEntity = createUser(userName, userName, userName, true); + } catch (AmbariException e) { + LOG.error(String.format("Failed to create new user: %s", userName), e); + userEntity = null; + } - allUsers.put(userEntity.getUserName(), userEntity); - usersToCreate.add(userEntity); + if (userEntity != null) { + UserAuthenticationEntity authenticationEntity = new UserAuthenticationEntity(); + authenticationEntity.setUser(userEntity); + authenticationEntity.setAuthenticationType(UserAuthenticationType.LDAP); + authenticationEntity.setAuthenticationKey("DN to be set"); + userEntity.setAuthenticationEntities(Collections.singletonList(authenticationEntity)); + userDAO.merge(userEntity); + } } // prepare create groups @@ -734,9 +855,8 @@ public class Users { groupsToCreate.add(groupEntity); } - // create users and groups + // create groups principalDAO.create(principalsToCreate); - userDAO.create(usersToCreate); groupDAO.create(groupsToCreate); // create membership @@ -766,12 +886,6 @@ public class Users { // clear cached entities entityManagerProvider.get().getEntityManagerFactory().getCache().evictAll(); - - if (!usersToCreate.isEmpty()) { - // entry point in the hook logic - hookServiceProvider.get().execute(hookContextFactory.createBatchUserHookContext(getUsersToGroupMap(usersToCreate))); - } - } /** @@ -900,11 +1014,29 @@ public class Users { * granted View User access on that File View instance. * * @param userName the username for the relevant user - * @param userType the user type for the relevant user * @return the users collection of implicit and explicit granted authorities */ - public Collection<AmbariGrantedAuthority> getUserAuthorities(String userName, UserType userType) { - UserEntity userEntity = userDAO.findUserByNameAndType(userName, userType); + public Collection<AmbariGrantedAuthority> getUserAuthorities(String userName) { + return getUserAuthorities(getUserEntity(userName)); + } + + /** + * Gets the explicit and implicit authorities for the given user. + * <p> + * The explicit authorities are the authorities that have be explicitly set by assigning roles to + * a user. For example the Cluster Operator role on a given cluster gives that the ability to + * start and stop services in that cluster, among other privileges for that particular cluster. + * <p> + * The implicit authorities are the authorities that have been given to the roles themselves which + * in turn are granted to the users that have been assigned those roles. For example if the + * Cluster User role for a given cluster has been given View User access on a specified File View + * instance, then all users who have the Cluster User role for that cluster will implicitly be + * granted View User access on that File View instance. + * + * @param userEntity the relevant user + * @return the users collection of implicit and explicit granted authorities + */ + public Collection<AmbariGrantedAuthority> getUserAuthorities(UserEntity userEntity) { if (userEntity == null) { return Collections.emptyList(); } @@ -964,4 +1096,175 @@ public class Users { return implicitPrivileges; } + /** + * TODO: This is to be revisited for AMBARI-21217 (Update JWT Authentication process to work with improved user management facility) + * Adds the ability for a user to authenticate using a JWT token. + * <p> + * The key for this authentication mechanism is the username expected to be in the JWT token. + * + * @param userEntity the user + * @param key the relevant key + * @throws AmbariException + */ + public void addJWTAuthentication(UserEntity userEntity, String key) throws AmbariException { + addAuthentication(userEntity, UserAuthenticationType.JWT, key, new Validator() { + public void validate(UserEntity userEntity, String key) throws AmbariException { + List<UserAuthenticationEntity> authenticationEntities = userEntity.getAuthenticationEntities(); + + // Ensure only one UserAuthenticationEntity exists for JWT for the user... + for (UserAuthenticationEntity entity : authenticationEntities) { + if ((entity.getAuthenticationType() == UserAuthenticationType.JWT) && + ((key == null) ? (entity.getAuthenticationKey() == null) : key.equals(entity.getAuthenticationKey()))) { + throw new AmbariException("The authentication type already exists for this user"); + } + } + } + }); + } + + /** + * TODO: This is to be revisited for AMBARI-21223 (Update Kerberos Authentication process to work with improved user management facility) + * Adds the ability for a user to authenticate using a Kerberos token. + * + * @param userEntity the user + * @param principalName the user's principal name + * @throws AmbariException + */ + public void addKerberosAuthentication(UserEntity userEntity, String principalName) throws AmbariException { + addAuthentication(userEntity, UserAuthenticationType.KERBEROS, principalName, new Validator() { + public void validate(UserEntity userEntity, String key) throws AmbariException { + List<UserAuthenticationEntity> authenticationEntities = userEntity.getAuthenticationEntities(); + + // Ensure only one UserAuthenticationEntity exists for LOCAL for the user... + for (UserAuthenticationEntity entity : authenticationEntities) { + if ((entity.getAuthenticationType() == UserAuthenticationType.KERBEROS) && + ((key == null) ? (entity.getAuthenticationKey() == null) : key.equals(entity.getAuthenticationKey()))) { + throw new AmbariException("The authentication type already exists for this user"); + } + } + } + }); + } + + /** + * TODO: This is to be revisited for AMBARI-21220 (Update Local Authentication process to work with improved user management facility) + * Adds the ability for a user to authenticate using a password stored in Ambari's database + * <p> + * The supplied plaintext password will be encoded before storing. + * + * @param userEntity the user + * @param password the user's plaintext password + * @throws AmbariException + */ + public void addLocalAuthentication(UserEntity userEntity, String password) throws AmbariException { + + // Encode the password.. + String encodedPassword = passwordEncoder.encode(password); + + addAuthentication(userEntity, UserAuthenticationType.LOCAL, encodedPassword, new Validator() { + public void validate(UserEntity userEntity, String key) throws AmbariException { + List<UserAuthenticationEntity> authenticationEntities = userEntity.getAuthenticationEntities(); + + // Ensure only one UserAuthenticationEntity exists for LOCAL for the user... + for (UserAuthenticationEntity entity : authenticationEntities) { + if (entity.getAuthenticationType() == UserAuthenticationType.LOCAL) { + throw new AmbariException("The authentication type already exists for this user"); + } + } + } + }); + } + + /** + * TODO: This is to be revisited for AMBARI-21221 (Update Pam Authentication process to work with improved user management facility) + * Adds the ability for a user to authenticate using Pam + * + * @param userEntity the user + * @param userName the user's os-level username + * @throws AmbariException + */ + public void addPamAuthentication(UserEntity userEntity, String userName) throws AmbariException { + addAuthentication(userEntity, UserAuthenticationType.PAM, userName, new Validator() { + public void validate(UserEntity userEntity, String key) throws AmbariException { + List<UserAuthenticationEntity> authenticationEntities = userEntity.getAuthenticationEntities(); + + // Ensure only one UserAuthenticationEntity exists for PAM for the user... + for (UserAuthenticationEntity entity : authenticationEntities) { + if (entity.getAuthenticationType() == UserAuthenticationType.PAM) { + throw new AmbariException("The authentication type already exists for this user"); + } + } + } + }); + } + + /** + * TODO: This is to be revisited for AMBARI-21219 (Update LDAP Authentication process to work with improved user management facility) + * Adds the ability for a user to authenticate using a remote LDAP server + * + * @param userEntity the user + * @param dn the user's distinguished name + * @throws AmbariException + */ + public void addLdapAuthentication(UserEntity userEntity, String dn) throws AmbariException { + addAuthentication(userEntity, UserAuthenticationType.LDAP, dn, new Validator() { + public void validate(UserEntity userEntity, String key) throws AmbariException { + List<UserAuthenticationEntity> authenticationEntities = userEntity.getAuthenticationEntities(); + + // Ensure only one UserAuthenticationEntity exists for PAM for the user... + for (UserAuthenticationEntity entity : authenticationEntities) { + if ((entity.getAuthenticationType() == UserAuthenticationType.LDAP) && + ((key == null) ? (entity.getAuthenticationKey() == null) : key.equalsIgnoreCase(entity.getAuthenticationKey()))) { + throw new AmbariException("The authentication type already exists for this user"); + } + } + } + }); + } + + /** + * Worker to add a user authentication methods for a user. + * + * @param userEntity the user + * @param type the authentication type + * @param key the authentication type specific metadata + * @param validator the authentication type specific validator + * @throws AmbariException + */ + private void addAuthentication(UserEntity userEntity, UserAuthenticationType type, String key, Validator validator) throws AmbariException { + + if (userEntity == null) { + throw new AmbariException("Missing user"); + } + + validator.validate(userEntity, key); + + List<UserAuthenticationEntity> authenticationEntities = userEntity.getAuthenticationEntities(); + + UserAuthenticationEntity authenticationEntity = new UserAuthenticationEntity(); + authenticationEntity.setUser(userEntity); + authenticationEntity.setAuthenticationType(type); + authenticationEntity.setAuthenticationKey(key); + authenticationEntities.add(authenticationEntity); + + userEntity.setAuthenticationEntities(authenticationEntities); + userDAO.merge(userEntity); + } + + /** + * Validator is an interface to be implemented by authentication type specific validators to ensure + * new user authentication records meet the specific requirements for the relative authentication + * type. + */ + private interface Validator { + /** + * Valudate the authentication type specific key meets the requirments for the relative user + * authentication type. + * + * @param userEntity the user + * @param key the key (or metadata) + * @throws AmbariException + */ + void validate(UserEntity userEntity, String key) throws AmbariException; + } }
http://git-wip-us.apache.org/repos/asf/ambari/blob/f76c87a6/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/AmbariInternalAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/AmbariInternalAuthenticationProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/AmbariInternalAuthenticationProvider.java index 383e8fa..c57bdf1 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/AmbariInternalAuthenticationProvider.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/AmbariInternalAuthenticationProvider.java @@ -40,7 +40,7 @@ public class AmbariInternalAuthenticationProvider implements AuthenticationProvi if (internalTokenStorage.isValidInternalToken(token.getCredentials())) { token.setAuthenticated(true); } else { - throw new InvalidUsernamePasswordCombinationException(); + throw new InvalidUsernamePasswordCombinationException(null); } return token; } http://git-wip-us.apache.org/repos/asf/ambari/blob/f76c87a6/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/jwt/AuthenticationJwtUserNotFoundException.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/jwt/AuthenticationJwtUserNotFoundException.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/jwt/AuthenticationJwtUserNotFoundException.java deleted file mode 100644 index f18af10..0000000 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/jwt/AuthenticationJwtUserNotFoundException.java +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ambari.server.security.authorization.jwt; - -import org.springframework.security.core.AuthenticationException; - -/** - * AuthenticationJwtUserNotFoundException is an AuthenticationException implementation to be thrown - * when the user specified in a JTW token is not found in the Ambari user database. - */ -public class AuthenticationJwtUserNotFoundException extends AuthenticationException { - private final String username; - - public AuthenticationJwtUserNotFoundException(String username, String message) { - super(message); - this.username = username; - } - - public AuthenticationJwtUserNotFoundException(String username, String message, Throwable throwable) { - super(message, throwable); - this.username = username; - } - - public String getUsername() { - return username; - } -} http://git-wip-us.apache.org/repos/asf/ambari/blob/f76c87a6/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/jwt/JwtAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/jwt/JwtAuthenticationFilter.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/jwt/JwtAuthenticationFilter.java index e27afdb..3c3a446 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/jwt/JwtAuthenticationFilter.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/jwt/JwtAuthenticationFilter.java @@ -33,11 +33,14 @@ import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.ambari.server.AmbariException; import org.apache.ambari.server.configuration.Configuration; +import org.apache.ambari.server.orm.entities.UserAuthenticationEntity; +import org.apache.ambari.server.orm.entities.UserEntity; import org.apache.ambari.server.security.authentication.AmbariAuthenticationFilter; +import org.apache.ambari.server.security.authentication.UserNotFoundException; import org.apache.ambari.server.security.authorization.AmbariGrantedAuthority; -import org.apache.ambari.server.security.authorization.User; -import org.apache.ambari.server.security.authorization.UserType; +import org.apache.ambari.server.security.authorization.UserAuthenticationType; import org.apache.ambari.server.security.authorization.Users; import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; @@ -116,6 +119,9 @@ public class JwtAuthenticationFilter implements AmbariAuthenticationFilter { } + // TODO: ************ + // TODO: This is to be revisited for AMBARI-21217 (Update JWT Authentication process to work with improved user management facility) + // TODO: ************ @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { @@ -138,27 +144,50 @@ public class JwtAuthenticationFilter implements AmbariAuthenticationFilter { if (valid) { String userName = jwtToken.getJWTClaimsSet().getSubject(); - User user = users.getUser(userName, UserType.JWT); - //fixme temporary solution for LDAP username conflicts, auth ldap users via JWT - if (user == null) { - user = users.getUser(userName, UserType.LDAP); - } + UserEntity userEntity = users.getUserEntity(userName); - if (user == null) { - //TODO this is temporary check for conflicts, until /users API will change to use user_id instead of name as PK - User existingUser = users.getUser(userName, UserType.LOCAL); - if (existingUser != null) { - LOG.error("Access for JWT user [{}] restricted. Detected conflict with local user ", userName); + if (userEntity == null) { + //TODO we temporary expect that LDAP is configured to same server as JWT source + throw new UserNotFoundException(userName, "Cannot find user from JWT. Please, ensure LDAP is configured and users are synced."); + } else { + // Check to see if the user is allowed to authenticate using JWT or LDAP + Collection<UserAuthenticationEntity> authenticationEntities = userEntity.getAuthenticationEntities(); + boolean hasJWT = false; + boolean hasLDAP = false; + + if (authenticationEntities != null) { + for (UserAuthenticationEntity entity : authenticationEntities) { + if (entity.getAuthenticationType() == UserAuthenticationType.JWT) { + // TODO: possibly check the authentication key to see if it is relevant + hasJWT = true; + break; + } else if (entity.getAuthenticationType() == UserAuthenticationType.LDAP) { + hasLDAP = true; + } + } } - //TODO we temporary expect that LDAP is configured to same server as JWT source - throw new AuthenticationJwtUserNotFoundException(userName, "Cannot find user from JWT. Please, ensure LDAP is configured and users are synced."); + if(!hasJWT) { + if (hasLDAP) { + // TODO: Determine if LDAP users can authenticate using JWT + try { + users.addJWTAuthentication(userEntity, userName); + } catch (AmbariException e) { + LOG.error(String.format("Failed to add the JWT authentication method for %s: %s", userName, e.getLocalizedMessage()), e); + } + hasJWT = true; + } + } + + if (!hasJWT) { + throw new UserNotFoundException(userName, "User is not authorized to authenticate from JWT. Please, ensure LDAP is configured and users are synced."); + } } - Collection<AmbariGrantedAuthority> userAuthorities = - users.getUserAuthorities(user.getUserName(), user.getUserType()); + // If we made it this far, the user was found and is authorized to authenticate via JWT + Collection<AmbariGrantedAuthority> userAuthorities = users.getUserAuthorities(userEntity); - JwtAuthentication authentication = new JwtAuthentication(serializedJWT, user, userAuthorities); + JwtAuthentication authentication = new JwtAuthentication(serializedJWT, users.getUser(userEntity), userAuthorities); authentication.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(authentication); @@ -221,11 +250,7 @@ public class JwtAuthenticationFilter implements AmbariAuthenticationFilter { } //always try to authenticate in case of anonymous user - if (existingAuth instanceof AnonymousAuthenticationToken) { - return true; - } - - return false; + return (existingAuth instanceof AnonymousAuthenticationToken); } /** http://git-wip-us.apache.org/repos/asf/ambari/blob/f76c87a6/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java index f413c69..4e4b1b6 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java @@ -429,9 +429,10 @@ public class UpgradeCatalog240 extends AbstractUpgradeCatalog { String createdUserName = requestScheduleEntity.getCreateUser(); if (createdUserName != null) { - User user = users.getUserIfUnique(createdUserName); + // NOTE: This class is expected to go away in Ambari 3.0.0. Apache JIRA not available. + User user = users.getUser(createdUserName); - if (user != null && StringUtils.equals(user.getUserName(), createdUserName)) { + if (user != null && StringUtils.equalsIgnoreCase(user.getUserName(), createdUserName)) { requestScheduleEntity.setAuthenticatedUserId(user.getUserId()); requestScheduleDAO.merge(requestScheduleEntity); } http://git-wip-us.apache.org/repos/asf/ambari/blob/f76c87a6/ambari-server/src/main/resources/META-INF/persistence.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/META-INF/persistence.xml b/ambari-server/src/main/resources/META-INF/persistence.xml index e4045ef..fa8e8ab 100644 --- a/ambari-server/src/main/resources/META-INF/persistence.xml +++ b/ambari-server/src/main/resources/META-INF/persistence.xml @@ -74,6 +74,7 @@ <class>org.apache.ambari.server.orm.entities.UpgradeItemEntity</class> <class>org.apache.ambari.server.orm.entities.UpgradeHistoryEntity</class> <class>org.apache.ambari.server.orm.entities.UserEntity</class> + <class>org.apache.ambari.server.orm.entities.UserAuthenticationEntity</class> <class>org.apache.ambari.server.orm.entities.WidgetEntity</class> <class>org.apache.ambari.server.orm.entities.ViewEntity</class> <class>org.apache.ambari.server.orm.entities.ViewEntityEntity</class> http://git-wip-us.apache.org/repos/asf/ambari/blob/f76c87a6/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java b/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java index 1b8de79..2b78f79 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java @@ -44,7 +44,7 @@ import org.apache.ambari.server.configuration.Configuration.DatabaseType; import org.apache.ambari.server.controller.metrics.ThreadPoolEnabledPropertyProvider; import org.apache.ambari.server.security.authentication.kerberos.AmbariKerberosAuthenticationProperties; import org.apache.ambari.server.security.authorization.LdapServerProperties; -import org.apache.ambari.server.security.authorization.UserType; +import org.apache.ambari.server.security.authorization.UserAuthenticationType; import org.apache.ambari.server.state.services.MetricsRetrievalService; import org.apache.ambari.server.utils.StageUtils; import org.apache.commons.io.FileUtils; @@ -905,7 +905,7 @@ public class ConfigurationTest { Assert.assertEquals(keytabFile.getAbsolutePath(), kerberosAuthenticationProperties.getSpnegoKeytabFilePath()); Assert.assertEquals("spnego/principal@REALM", kerberosAuthenticationProperties.getSpnegoPrincipalName()); Assert.assertEquals("DEFAULT", kerberosAuthenticationProperties.getAuthToLocalRules()); - Assert.assertEquals(Arrays.asList(UserType.LDAP, UserType.LOCAL), kerberosAuthenticationProperties.getOrderedUserTypes()); + Assert.assertEquals(Arrays.asList(UserAuthenticationType.LDAP, UserAuthenticationType.LOCAL), kerberosAuthenticationProperties.getOrderedUserTypes()); } /** @@ -930,7 +930,7 @@ public class ConfigurationTest { Assert.assertEquals(keytabFile.getAbsolutePath(), kerberosAuthenticationProperties.getSpnegoKeytabFilePath()); Assert.assertEquals("HTTP/" + StageUtils.getHostName(), kerberosAuthenticationProperties.getSpnegoPrincipalName()); Assert.assertEquals("DEFAULT", kerberosAuthenticationProperties.getAuthToLocalRules()); - Assert.assertEquals(Collections.singletonList(UserType.LDAP), kerberosAuthenticationProperties.getOrderedUserTypes()); + Assert.assertEquals(Collections.singletonList(UserAuthenticationType.LDAP), kerberosAuthenticationProperties.getOrderedUserTypes()); } /** http://git-wip-us.apache.org/repos/asf/ambari/blob/f76c87a6/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java index 3215e72..c8eb6d6 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java @@ -4547,80 +4547,7 @@ public class AmbariManagementControllerTest { assertEquals("", response.getRequestContext()); } - private void createUser(String userName) throws Exception { - UserRequest request = new UserRequest(userName); - request.setPassword("password"); - controller.createUsers(new HashSet<>(Collections.singleton(request))); - } - - @Test - public void testCreateAndGetUsers() throws Exception { - createUser("user1"); - - Set<UserResponse> r = - controller.getUsers(Collections.singleton(new UserRequest("user1"))); - - Assert.assertEquals(1, r.size()); - UserResponse resp = r.iterator().next(); - Assert.assertEquals("user1", resp.getUsername()); - } - - @Test - public void testGetUsers() throws Exception { - String user1 = getUniqueName(); - String user2 = getUniqueName(); - String user3 = getUniqueName(); - List<String> users = Arrays.asList(user1, user2, user3); - - for (String user : users) { - createUser(user); - } - - UserRequest request = new UserRequest(null); - - Set<UserResponse> responses = controller.getUsers(Collections.singleton(request)); - - // other tests are making user requests, so let's make sure we have the 3 just made - List<String> contained = new ArrayList<>(); - for (UserResponse ur : responses) { - if (users.contains(ur.getUsername())) { - contained.add(ur.getUsername()); - } - } - - Assert.assertEquals(3, contained.size()); - } - - @SuppressWarnings("serial") - @Test - public void testUpdateUsers() throws Exception { - String user1 = getUniqueName(); - createUser(user1); - - UserRequest request = new UserRequest(user1); - - controller.updateUsers(Collections.singleton(request)); - } - - @SuppressWarnings("serial") - @Ignore - @Test - public void testDeleteUsers() throws Exception { - String user1 = getUniqueName(); - createUser(user1); - - UserRequest request = new UserRequest(user1); - controller.updateUsers(Collections.singleton(request)); - - request = new UserRequest(user1); - controller.deleteUsers(Collections.singleton(request)); - - Set<UserResponse> responses = controller.getUsers( - Collections.singleton(new UserRequest(null))); - - Assert.assertEquals(0, responses.size()); - } @Test public void testUpdateConfigForRunningService() throws Exception { http://git-wip-us.apache.org/repos/asf/ambari/blob/f76c87a6/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AbstractPrivilegeResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AbstractPrivilegeResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AbstractPrivilegeResourceProviderTest.java deleted file mode 100644 index 547bba5..0000000 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AbstractPrivilegeResourceProviderTest.java +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ambari.server.controller.internal; - -import org.apache.ambari.server.orm.dao.MemberDAO; -import org.apache.ambari.server.orm.dao.PrivilegeDAO; -import org.apache.ambari.server.security.authorization.Users; -import org.easymock.EasyMockSupport; - -class AbstractPrivilegeResourceProviderTest extends EasyMockSupport { - - static class TestUsers extends Users { - - void setPrivilegeDAO(PrivilegeDAO privilegeDAO) { - this.privilegeDAO = privilegeDAO; - } - - public void setMemberDAO(MemberDAO memberDAO) { - this.memberDAO = memberDAO; - } - } -} http://git-wip-us.apache.org/repos/asf/ambari/blob/f76c87a6/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ActiveWidgetLayoutResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ActiveWidgetLayoutResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ActiveWidgetLayoutResourceProviderTest.java index 4dc06b9..487c02a 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ActiveWidgetLayoutResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ActiveWidgetLayoutResourceProviderTest.java @@ -64,7 +64,6 @@ import org.apache.ambari.server.orm.entities.WidgetLayoutUserWidgetEntity; import org.apache.ambari.server.scheduler.ExecutionScheduler; import org.apache.ambari.server.security.TestAuthenticationFactory; import org.apache.ambari.server.security.authorization.AuthorizationException; -import org.apache.ambari.server.security.authorization.UserType; import org.apache.ambari.server.security.authorization.Users; import org.apache.ambari.server.security.encryption.CredentialStoreService; import org.apache.ambari.server.security.encryption.CredentialStoreServiceImpl; @@ -172,7 +171,7 @@ public class ActiveWidgetLayoutResourceProviderTest extends EasyMockSupport { UserEntity userEntity = createMockUserEntity(requestedUsername); UserDAO userDAO = injector.getInstance(UserDAO.class); - expect(userDAO.findSingleUserByName(requestedUsername)).andReturn(userEntity).atLeastOnce(); + expect(userDAO.findUserByName(requestedUsername)).andReturn(userEntity).atLeastOnce(); WidgetLayoutDAO widgetLayoutDAO = injector.getInstance(WidgetLayoutDAO.class); expect(widgetLayoutDAO.findById(1L)).andReturn(createMockWidgetLayout(1L, requestedUsername)).atLeastOnce(); @@ -368,7 +367,6 @@ public class ActiveWidgetLayoutResourceProviderTest extends EasyMockSupport { UserEntity userEntity = createMock(UserEntity.class); expect(userEntity.getUserId()).andReturn(username.hashCode()).anyTimes(); expect(userEntity.getUserName()).andReturn(username).anyTimes(); - expect(userEntity.getUserType()).andReturn(UserType.LOCAL).anyTimes(); expect(userEntity.getActiveWidgetLayouts()).andReturn("[{\"id\":\"1\"},{\"id\":\"2\"}]").anyTimes(); return userEntity; http://git-wip-us.apache.org/repos/asf/ambari/blob/f76c87a6/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/GroupPrivilegeResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/GroupPrivilegeResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/GroupPrivilegeResourceProviderTest.java index 36f6a1e..ea981e2 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/GroupPrivilegeResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/GroupPrivilegeResourceProviderTest.java @@ -27,6 +27,8 @@ import java.util.LinkedList; import java.util.List; import java.util.Set; +import javax.persistence.EntityManager; + import org.apache.ambari.server.controller.GroupPrivilegeResponse; import org.apache.ambari.server.controller.spi.Predicate; import org.apache.ambari.server.controller.spi.Request; @@ -34,6 +36,9 @@ import org.apache.ambari.server.controller.spi.Resource; import org.apache.ambari.server.controller.spi.SystemException; import org.apache.ambari.server.controller.utilities.PredicateBuilder; import org.apache.ambari.server.controller.utilities.PropertyHelper; +import org.apache.ambari.server.hooks.HookContextFactory; +import org.apache.ambari.server.hooks.HookService; +import org.apache.ambari.server.orm.DBAccessor; import org.apache.ambari.server.orm.dao.ClusterDAO; import org.apache.ambari.server.orm.dao.GroupDAO; import org.apache.ambari.server.orm.dao.PrivilegeDAO; @@ -52,16 +57,22 @@ import org.apache.ambari.server.security.TestAuthenticationFactory; import org.apache.ambari.server.security.authorization.AuthorizationException; import org.apache.ambari.server.security.authorization.ResourceType; import org.apache.ambari.server.security.authorization.Users; +import org.easymock.EasyMockSupport; import org.junit.Test; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.crypto.password.PasswordEncoder; + +import com.google.inject.AbstractModule; +import com.google.inject.Guice; +import com.google.inject.Injector; import junit.framework.Assert; /** * GroupPrivilegeResourceProvider tests. */ -public class GroupPrivilegeResourceProviderTest extends AbstractPrivilegeResourceProviderTest { +public class GroupPrivilegeResourceProviderTest extends EasyMockSupport{ @Test(expected = SystemException.class) public void testCreateResources() throws Exception { @@ -79,7 +90,7 @@ public class GroupPrivilegeResourceProviderTest extends AbstractPrivilegeResourc public void testGetResources_NonAdministrator() throws Exception { getResourcesTest(TestAuthenticationFactory.createClusterAdministrator("user1", 2L), "Group1"); } - + @Test(expected = SystemException.class) public void testUpdateResources() throws Exception { SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createClusterAdministrator("user1", 2L)); @@ -230,7 +241,7 @@ public class GroupPrivilegeResourceProviderTest extends AbstractPrivilegeResourc expect(groupEntity.getGroupName()).andReturn("group1").atLeastOnce(); ClusterDAO clusterDAO = createMock(ClusterDAO.class); - + ViewInstanceDAO viewInstanceDAO = createMock(ViewInstanceDAO.class); expect(viewInstanceDAO.findByResourceId(1L)).andReturn(viewInstanceEntity).atLeastOnce(); @@ -328,8 +339,31 @@ public class GroupPrivilegeResourceProviderTest extends AbstractPrivilegeResourc final ResourceTypeEntity resourceTypeEntity = createNiceMock(ResourceTypeEntity.class); final PrivilegeDAO privilegeDAO = createMock(PrivilegeDAO.class); - final TestUsers users = new TestUsers(); - users.setPrivilegeDAO(privilegeDAO); + final Injector injector = Guice.createInjector(new AbstractModule() { + @Override + protected void configure() { + bind(EntityManager.class).toInstance(createNiceMock(EntityManager.class)); + bind(DBAccessor.class).toInstance(createNiceMock(DBAccessor.class)); + bind(PasswordEncoder.class).toInstance(createNiceMock(PasswordEncoder.class)); + bind(HookService.class).toInstance(createMock(HookService.class)); + bind(HookContextFactory.class).toInstance(createMock(HookContextFactory.class)); + + bind(GroupDAO.class).toInstance(groupDAO); + bind(ClusterDAO.class).toInstance(clusterDAO); + bind(ViewInstanceDAO.class).toInstance(viewInstanceDAO); + bind(GroupEntity.class).toInstance(groupEntity); + bind(PrincipalEntity.class).toInstance(principalEntity); + bind(PrivilegeEntity.class).toInstance(privilegeEntity); + bind(PermissionEntity.class).toInstance(permissionEntity); + bind(PrincipalTypeEntity.class).toInstance(principalTypeEntity); + bind(ResourceEntity.class).toInstance(resourceEntity); + bind(ResourceTypeEntity.class).toInstance(resourceTypeEntity); + bind(PrivilegeDAO.class).toInstance(privilegeDAO); + } + } + ); + + final Users users = injector.getInstance(Users.class); List<PrincipalEntity> groupPrincipals = new LinkedList<>(); groupPrincipals.add(principalEntity); http://git-wip-us.apache.org/repos/asf/ambari/blob/f76c87a6/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java index 9ccbc11..499354f 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java @@ -28,6 +28,8 @@ import java.util.LinkedList; import java.util.List; import java.util.Set; +import javax.persistence.EntityManager; + import org.apache.ambari.server.controller.UserPrivilegeResponse; import org.apache.ambari.server.controller.spi.Predicate; import org.apache.ambari.server.controller.spi.Request; @@ -35,6 +37,9 @@ import org.apache.ambari.server.controller.spi.Resource; import org.apache.ambari.server.controller.spi.SystemException; import org.apache.ambari.server.controller.utilities.PredicateBuilder; import org.apache.ambari.server.controller.utilities.PropertyHelper; +import org.apache.ambari.server.hooks.HookContextFactory; +import org.apache.ambari.server.hooks.HookService; +import org.apache.ambari.server.orm.DBAccessor; import org.apache.ambari.server.orm.dao.ClusterDAO; import org.apache.ambari.server.orm.dao.GroupDAO; import org.apache.ambari.server.orm.dao.MemberDAO; @@ -56,16 +61,22 @@ import org.apache.ambari.server.security.TestAuthenticationFactory; import org.apache.ambari.server.security.authorization.AuthorizationException; import org.apache.ambari.server.security.authorization.ResourceType; import org.apache.ambari.server.security.authorization.Users; +import org.easymock.EasyMockSupport; import org.junit.Test; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.crypto.password.PasswordEncoder; + +import com.google.inject.AbstractModule; +import com.google.inject.Guice; +import com.google.inject.Injector; import junit.framework.Assert; /** * UserPrivilegeResourceProvider tests. */ -public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResourceProviderTest { +public class UserPrivilegeResourceProviderTest extends EasyMockSupport { @Test(expected = SystemException.class) public void testCreateResources() throws Exception { @@ -334,45 +345,56 @@ public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResource public void testToResource_SpecificVIEW_WithClusterInheritedPermission() throws Exception { SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createClusterAdministrator("jdoe", 2L)); - PrincipalTypeEntity rolePrincipalTypeEntity = createMock(PrincipalTypeEntity.class); + Injector injector = createInjector(); + + final UserPrivilegeResourceProvider resourceProvider = new UserPrivilegeResourceProvider(); + final UserDAO userDAO = injector.getInstance(UserDAO.class); + final GroupDAO groupDAO = injector.getInstance(GroupDAO.class); + final ClusterDAO clusterDAO = injector.getInstance(ClusterDAO.class); + final ViewInstanceDAO viewInstanceDAO = injector.getInstance(ViewInstanceDAO.class); + final PrivilegeDAO privilegeDAO = injector.getInstance(PrivilegeDAO.class); + final MemberDAO memberDAO = injector.getInstance(MemberDAO.class); + + + final PrincipalTypeEntity rolePrincipalTypeEntity = createMock(PrincipalTypeEntity.class); expect(rolePrincipalTypeEntity.getName()).andReturn("ROLE").atLeastOnce(); - PrincipalEntity rolePrincipalEntity = createMock(PrincipalEntity.class); + final PrincipalEntity rolePrincipalEntity = createMock(PrincipalEntity.class); expect(rolePrincipalEntity.getPrincipalType()).andReturn(rolePrincipalTypeEntity).atLeastOnce(); - PermissionEntity permissionEntity = createMock(PermissionEntity.class); + final PermissionEntity permissionEntity = createMock(PermissionEntity.class); expect(permissionEntity.getPrincipal()).andReturn(rolePrincipalEntity).atLeastOnce(); expect(permissionEntity.getPermissionName()).andReturn("CLUSTER.ADMINISTRATOR").atLeastOnce(); expect(permissionEntity.getPermissionLabel()).andReturn("Cluster Administrator").atLeastOnce(); - PrincipalTypeEntity principalTypeEntity = createMock(PrincipalTypeEntity.class); + final PrincipalTypeEntity principalTypeEntity = createMock(PrincipalTypeEntity.class); expect(principalTypeEntity.getName()).andReturn("USER").atLeastOnce(); - PrincipalEntity principalEntity = createMock(PrincipalEntity.class); + final PrincipalEntity principalEntity = createMock(PrincipalEntity.class); expect(principalEntity.getPrincipalType()).andReturn(principalTypeEntity).atLeastOnce(); - ViewEntity viewEntity = createMock(ViewEntity.class); + final ViewEntity viewEntity = createMock(ViewEntity.class); expect(viewEntity.getCommonName()).andReturn("TestView").atLeastOnce(); expect(viewEntity.getVersion()).andReturn("1.2.3.4").atLeastOnce(); - ResourceTypeEntity resourceTypeEntity = createMock(ResourceTypeEntity.class); + final ResourceTypeEntity resourceTypeEntity = createMock(ResourceTypeEntity.class); expect(resourceTypeEntity.getName()).andReturn("TestView{1.2.3.4}").atLeastOnce(); - ResourceEntity resourceEntity = createMock(ResourceEntity.class); + final ResourceEntity resourceEntity = createMock(ResourceEntity.class); expect(resourceEntity.getId()).andReturn(1L).anyTimes(); expect(resourceEntity.getResourceType()).andReturn(resourceTypeEntity).anyTimes(); - ViewInstanceEntity viewInstanceEntity = createMock(ViewInstanceEntity.class); + final ViewInstanceEntity viewInstanceEntity = createMock(ViewInstanceEntity.class); expect(viewInstanceEntity.getViewEntity()).andReturn(viewEntity).atLeastOnce(); expect(viewInstanceEntity.getName()).andReturn("Test View").atLeastOnce(); - PrivilegeEntity explicitPrivilegeEntity = createMock(PrivilegeEntity.class); + final PrivilegeEntity explicitPrivilegeEntity = createMock(PrivilegeEntity.class); expect(explicitPrivilegeEntity.getId()).andReturn(1).atLeastOnce(); expect(explicitPrivilegeEntity.getPermission()).andReturn(permissionEntity).atLeastOnce(); expect(explicitPrivilegeEntity.getPrincipal()).andReturn(principalEntity).atLeastOnce(); expect(explicitPrivilegeEntity.getResource()).andReturn(resourceEntity).atLeastOnce(); - PrivilegeEntity implicitPrivilegeEntity = createMock(PrivilegeEntity.class); + final PrivilegeEntity implicitPrivilegeEntity = createMock(PrivilegeEntity.class); expect(implicitPrivilegeEntity.getId()).andReturn(2).atLeastOnce(); expect(implicitPrivilegeEntity.getPermission()).andReturn(permissionEntity).atLeastOnce(); expect(implicitPrivilegeEntity.getPrincipal()).andReturn(rolePrincipalEntity).atLeastOnce(); @@ -382,23 +404,13 @@ public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResource expect(userEntity.getUserName()).andReturn("jdoe").atLeastOnce(); expect(userEntity.getPrincipal()).andReturn(principalEntity).atLeastOnce(); - ClusterDAO clusterDAO = createMock(ClusterDAO.class); - GroupDAO groupDAO = createMock(GroupDAO.class); - - ViewInstanceDAO viewInstanceDAO = createMock(ViewInstanceDAO.class); expect(viewInstanceDAO.findByResourceId(1L)).andReturn(viewInstanceEntity).atLeastOnce(); - final UserDAO userDAO = createNiceMock(UserDAO.class); - expect(userDAO.findLocalUserByName("jdoe")).andReturn(userEntity).anyTimes(); + expect(userDAO.findUserByName("jdoe")).andReturn(userEntity).anyTimes(); expect(userDAO.findUserByPrincipal(anyObject(PrincipalEntity.class))).andReturn(userEntity).anyTimes(); expect(userDAO.findAll()).andReturn(Collections.<UserEntity>emptyList()).anyTimes(); - final PrivilegeDAO privilegeDAO = createMock(PrivilegeDAO.class); - final MemberDAO memberDAO = createMock(MemberDAO.class); - - final TestUsers users = new TestUsers(); - users.setPrivilegeDAO(privilegeDAO); - users.setMemberDAO(memberDAO); + final Users users = injector.getInstance(Users.class); List<PrincipalEntity> rolePrincipals = new LinkedList<>(); rolePrincipals.add(rolePrincipalEntity); @@ -422,9 +434,9 @@ public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResource final Set<String> propertyIds = new HashSet<>(); propertyIds.add(UserPrivilegeResourceProvider.PRIVILEGE_USER_NAME_PROPERTY_ID); final Predicate predicate = new PredicateBuilder() - .property(UserPrivilegeResourceProvider.PRIVILEGE_USER_NAME_PROPERTY_ID) - .equals("jdoe") - .toPredicate(); + .property(UserPrivilegeResourceProvider.PRIVILEGE_USER_NAME_PROPERTY_ID) + .equals("jdoe") + .toPredicate(); TestAuthenticationFactory.createClusterAdministrator("jdoe", 2L); Request request = PropertyHelper.getReadRequest(propertyIds); @@ -443,11 +455,16 @@ public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResource // @SuppressWarnings("serial") private void getResourcesTest(Authentication authentication, String requestedUsername) throws Exception { + Injector injector = createInjector(); + final UserPrivilegeResourceProvider resourceProvider = new UserPrivilegeResourceProvider(); - final UserDAO userDAO = createNiceMock(UserDAO.class); - final GroupDAO groupDAO = createNiceMock(GroupDAO.class); - final ClusterDAO clusterDAO = createNiceMock(ClusterDAO.class); - final ViewInstanceDAO viewInstanceDAO = createNiceMock(ViewInstanceDAO.class); + final UserDAO userDAO = injector.getInstance(UserDAO.class); + final GroupDAO groupDAO = injector.getInstance(GroupDAO.class); + final ClusterDAO clusterDAO = injector.getInstance(ClusterDAO.class); + final ViewInstanceDAO viewInstanceDAO = injector.getInstance(ViewInstanceDAO.class); + final PrivilegeDAO privilegeDAO = injector.getInstance(PrivilegeDAO.class); + final MemberDAO memberDAO = injector.getInstance(MemberDAO.class); + final UserEntity userEntity = createNiceMock(UserEntity.class); final PrincipalEntity principalEntity = createNiceMock(PrincipalEntity.class); final PrivilegeEntity privilegeEntity = createNiceMock(PrivilegeEntity.class); @@ -455,12 +472,8 @@ public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResource final PrincipalTypeEntity principalTypeEntity = createNiceMock(PrincipalTypeEntity.class); final ResourceEntity resourceEntity = createNiceMock(ResourceEntity.class); final ResourceTypeEntity resourceTypeEntity = createNiceMock(ResourceTypeEntity.class); - final PrivilegeDAO privilegeDAO = createMock(PrivilegeDAO.class); - final MemberDAO memberDAO = createMock(MemberDAO.class); - final TestUsers users = new TestUsers(); - users.setPrivilegeDAO(privilegeDAO); - users.setMemberDAO(memberDAO); + final Users users = injector.getInstance(Users.class); List<PrincipalEntity> userPrincipals = new LinkedList<>(); userPrincipals.add(principalEntity); @@ -471,7 +484,7 @@ public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResource expect(memberDAO.findAllMembersByUser(userEntity)). andReturn(Collections.<MemberEntity>emptyList()) .atLeastOnce(); - expect(userDAO.findLocalUserByName(requestedUsername)).andReturn(userEntity).anyTimes(); + expect(userDAO.findUserByName(requestedUsername)).andReturn(userEntity).anyTimes(); expect(userDAO.findAll()).andReturn(Collections.<UserEntity>emptyList()).anyTimes(); expect(userEntity.getPrincipal()).andReturn(principalEntity).anyTimes(); expect(userEntity.getMemberEntities()).andReturn(Collections.<MemberEntity>emptySet()).anyTimes(); @@ -518,4 +531,24 @@ public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResource verifyAll(); } + private Injector createInjector() { + return Guice.createInjector(new AbstractModule() { + @Override + protected void configure() { + bind(EntityManager.class).toInstance(createNiceMock(EntityManager.class)); + bind(DBAccessor.class).toInstance(createNiceMock(DBAccessor.class)); + bind(PasswordEncoder.class).toInstance(createNiceMock(PasswordEncoder.class)); + bind(HookService.class).toInstance(createMock(HookService.class)); + bind(HookContextFactory.class).toInstance(createMock(HookContextFactory.class)); + + bind(UserDAO.class).toInstance(createNiceMock(UserDAO.class)); + bind(GroupDAO.class).toInstance(createNiceMock(GroupDAO.class)); + bind(ClusterDAO.class).toInstance(createNiceMock(ClusterDAO.class)); + bind(ViewInstanceDAO.class).toInstance(createNiceMock(ViewInstanceDAO.class)); + bind(PrivilegeDAO.class).toInstance(createMock(PrivilegeDAO.class)); + bind(MemberDAO.class).toInstance(createMock(MemberDAO.class)); + } + }); + } + }
