This is an automated email from the ASF dual-hosted git repository.
rlevas pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new 087d4db [AMBARI-24141] Rolling restarts not working when Kerberos
Auto sign in is enabled for Ambari
087d4db is described below
commit 087d4db9b05dc1d4d24acd548c498ee797ec3068
Author: Robert Levas <[email protected]>
AuthorDate: Wed Jun 20 15:14:13 2018 -0400
[AMBARI-24141] Rolling restarts not working when Kerberos Auto sign in is
enabled for Ambari
* [AMBARI-24141] Rolling restarts not working when Kerberos Auto sign in is
enabled for Ambari
* [AMBARI-24141] Rolling restarts not working when Kerberos Auto sign in is
enabled for Ambari
---
.../AmbariLocalAuthenticationProvider.java | 7 +-
.../authentication/AmbariUserAuthentication.java | 37 +++++-----
.../security/authentication/AmbariUserDetails.java | 86 ++++++++++++++++++++++
.../jwt/AmbariJwtAuthenticationProvider.java | 10 +--
.../AmbariAuthToLocalUserDetailsService.java | 11 +--
.../pam/AmbariPamAuthenticationProvider.java | 6 +-
.../AmbariLdapAuthenticationProvider.java | 6 +-
.../AmbariUserAuthorizationFilter.java | 11 ++-
.../authorization/AuthorizationHelper.java | 12 +--
.../authorization/UserIdAuthentication.java | 24 ------
...erAuthenticationSourceResourceProviderTest.java | 8 +-
.../server/security/SecurityHelperImplTest.java | 3 +-
.../server/security/TestAuthenticationFactory.java | 78 +++++---------------
.../AmbariLocalAuthenticationProviderTest.java | 3 +-
.../jwt/AmbariJwtAuthenticationFilterTest.java | 39 ++++------
.../AmbariAuthToLocalUserDetailsServiceTest.java | 27 +++++--
.../authorization/AuthorizationHelperTest.java | 3 +-
17 files changed, 200 insertions(+), 171 deletions(-)
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariLocalAuthenticationProvider.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariLocalAuthenticationProvider.java
index 9403da3..b8958cd 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariLocalAuthenticationProvider.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariLocalAuthenticationProvider.java
@@ -20,7 +20,6 @@ package org.apache.ambari.server.security.authentication;
import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.orm.entities.UserAuthenticationEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
-import org.apache.ambari.server.security.authorization.User;
import org.apache.ambari.server.security.authorization.UserAuthenticationType;
import org.apache.ambari.server.security.authorization.Users;
import org.slf4j.Logger;
@@ -94,10 +93,8 @@ public class AmbariLocalAuthenticationProvider extends
AmbariAuthenticationProvi
}
}
- User user = new User(userEntity);
- Authentication auth = new AmbariUserAuthentication(password, user,
users.getUserAuthorities(userEntity));
- auth.setAuthenticated(true);
- return auth;
+ AmbariUserDetails userDetails = new
AmbariUserDetails(users.getUser(userEntity), password,
users.getUserAuthorities(userEntity));
+ return new AmbariUserAuthentication(password, userDetails, true);
}
}
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariUserAuthentication.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariUserAuthentication.java
index 163f13b..8646993 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariUserAuthentication.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariUserAuthentication.java
@@ -19,30 +19,32 @@ package org.apache.ambari.server.security.authentication;
import java.util.Collection;
-import org.apache.ambari.server.security.authorization.AmbariGrantedAuthority;
-import org.apache.ambari.server.security.authorization.User;
-import org.apache.ambari.server.security.authorization.UserIdAuthentication;
import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
import com.fasterxml.jackson.annotation.JsonIgnore;
-public class AmbariUserAuthentication implements Authentication,
UserIdAuthentication {
+public class AmbariUserAuthentication implements Authentication {
- private String serializedToken;
- private User user;
- private Collection<AmbariGrantedAuthority> userAuthorities;
- private boolean authenticated = false;
+ private final String serializedToken;
+ private final AmbariUserDetails userDetails;
- public AmbariUserAuthentication(String token, User user,
Collection<AmbariGrantedAuthority> userAuthorities) {
+ private boolean authenticated;
+
+ public AmbariUserAuthentication(String token, AmbariUserDetails userDetails)
{
+ this(token, userDetails, false);
+ }
+
+ public AmbariUserAuthentication(String token, AmbariUserDetails userDetails,
boolean authenticated) {
this.serializedToken = token;
- this.user = user;
- this.userAuthorities = userAuthorities;
+ this.userDetails = userDetails;
+ this.authenticated = authenticated;
}
@Override
@JsonIgnore
- public Collection<? extends AmbariGrantedAuthority> getAuthorities() {
- return userAuthorities;
+ public Collection<? extends GrantedAuthority> getAuthorities() {
+ return (userDetails == null) ? null : userDetails.getAuthorities();
}
@Override
@@ -56,8 +58,8 @@ public class AmbariUserAuthentication implements
Authentication, UserIdAuthentic
}
@Override
- public User getPrincipal() {
- return user;
+ public AmbariUserDetails getPrincipal() {
+ return userDetails;
}
@Override
@@ -72,11 +74,10 @@ public class AmbariUserAuthentication implements
Authentication, UserIdAuthentic
@Override
public String getName() {
- return user.getUserName();
+ return (userDetails == null) ? null : userDetails.getUsername();
}
- @Override
public Integer getUserId() {
- return user.getUserId();
+ return (userDetails == null) ? null : userDetails.getUserId();
}
}
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariUserDetails.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariUserDetails.java
new file mode 100644
index 0000000..e2c40d4
--- /dev/null
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariUserDetails.java
@@ -0,0 +1,86 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.security.authentication;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+
+import org.apache.ambari.server.security.authorization.User;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+/**
+ * AmbariUserDetails is an implementation of {@link UserDetails} that contains
information about
+ * an authenticated user needed specifically by Ambari. For example, the
user's <code>userId</code>.
+ * <p>
+ * Ideally instances of this class are used as the value returned by {@link
org.springframework.security.core.Authentication#getPrincipal()}
+ */
+public class AmbariUserDetails implements UserDetails {
+
+ private final User user;
+ private final String password;
+ private final Collection<? extends GrantedAuthority> grantedAuthorities;
+
+ public AmbariUserDetails(User user, String password, Collection<? extends
GrantedAuthority> grantedAuthorities) {
+ this.user = user;
+ this.password = password;
+ this.grantedAuthorities = (grantedAuthorities == null)
+ ? Collections.emptyList()
+ : Collections.unmodifiableCollection(new
ArrayList<>(grantedAuthorities));
+ }
+
+ @Override
+ public Collection<? extends GrantedAuthority> getAuthorities() {
+ return grantedAuthorities;
+ }
+
+ @Override
+ public String getPassword() {
+ return password;
+ }
+
+ @Override
+ public String getUsername() {
+ return (user == null) ? null : user.getUserName();
+ }
+
+ public Integer getUserId() {
+ return (user == null) ? null : user.getUserId();
+ }
+
+ @Override
+ public boolean isAccountNonExpired() {
+ return true;
+ }
+
+ @Override
+ public boolean isAccountNonLocked() {
+ return true;
+ }
+
+ @Override
+ public boolean isCredentialsNonExpired() {
+ return true;
+ }
+
+ @Override
+ public boolean isEnabled() {
+ return (user != null) && user.isActive();
+ }
+}
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/jwt/AmbariJwtAuthenticationProvider.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/jwt/AmbariJwtAuthenticationProvider.java
index aec09fa..1b80fd1 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/jwt/AmbariJwtAuthenticationProvider.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/jwt/AmbariJwtAuthenticationProvider.java
@@ -25,9 +25,9 @@ import
org.apache.ambari.server.security.authentication.AccountDisabledException
import
org.apache.ambari.server.security.authentication.AmbariAuthenticationException;
import
org.apache.ambari.server.security.authentication.AmbariAuthenticationProvider;
import
org.apache.ambari.server.security.authentication.AmbariUserAuthentication;
+import org.apache.ambari.server.security.authentication.AmbariUserDetails;
import
org.apache.ambari.server.security.authentication.TooManyLoginFailuresException;
import org.apache.ambari.server.security.authentication.UserNotFoundException;
-import org.apache.ambari.server.security.authorization.User;
import org.apache.ambari.server.security.authorization.UserAuthenticationType;
import org.apache.ambari.server.security.authorization.Users;
import org.slf4j.Logger;
@@ -80,7 +80,7 @@ public class AmbariJwtAuthenticationProvider extends
AmbariAuthenticationProvide
throw new UserNotFoundException(userName, "Cannot find user from JWT.
Please, ensure LDAP is configured and users are synced.");
}
- // If the user was found and allowed to log in, make sure that user is
allowed to authentcate using a JWT token.
+ // If the user was found and allowed to log in, make sure that user is
allowed to authenticate using a JWT token.
boolean authOK = false;
UserAuthenticationEntity authenticationEntity =
getAuthenticationEntity(userEntity, UserAuthenticationType.JWT);
if (authenticationEntity != null) {
@@ -118,10 +118,8 @@ public class AmbariJwtAuthenticationProvider extends
AmbariAuthenticationProvide
}
}
- User user = new User(userEntity);
- Authentication auth = new
AmbariUserAuthentication(authentication.getCredentials().toString(), user,
users.getUserAuthorities(userEntity));
- auth.setAuthenticated(true);
- return auth;
+ AmbariUserDetails userDetails = new
AmbariUserDetails(users.getUser(userEntity), null,
users.getUserAuthorities(userEntity));
+ return new
AmbariUserAuthentication(authentication.getCredentials().toString(),
userDetails, true);
} else {
// The user was not authenticated, fail
LOG.debug("Authentication failed: password does not match stored value:
{}", userName);
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/kerberos/AmbariAuthToLocalUserDetailsService.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/kerberos/AmbariAuthToLocalUserDetailsService.java
index d2e18fa..14c174a 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/kerberos/AmbariAuthToLocalUserDetailsService.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/kerberos/AmbariAuthToLocalUserDetailsService.java
@@ -28,8 +28,11 @@ import
org.apache.ambari.server.orm.entities.UserAuthenticationEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
import
org.apache.ambari.server.security.authentication.AccountDisabledException;
import
org.apache.ambari.server.security.authentication.AmbariAuthenticationException;
+import org.apache.ambari.server.security.authentication.AmbariUserDetails;
+import
org.apache.ambari.server.security.authentication.InvalidUsernamePasswordCombinationException;
import
org.apache.ambari.server.security.authentication.TooManyLoginFailuresException;
import org.apache.ambari.server.security.authentication.UserNotFoundException;
+import org.apache.ambari.server.security.authorization.User;
import org.apache.ambari.server.security.authorization.UserAuthenticationType;
import org.apache.ambari.server.security.authorization.Users;
import org.apache.commons.collections.CollectionUtils;
@@ -38,7 +41,6 @@ import
org.apache.hadoop.security.authentication.util.KerberosName;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
@@ -67,9 +69,8 @@ public class AmbariAuthToLocalUserDetailsService implements
UserDetailsService {
*
* @param configuration the Ambari configuration data
* @param users the Ambari users access object
- * @throws AmbariException if an error occurs parsing the user-provided
auth-to-local rules
*/
- AmbariAuthToLocalUserDetailsService(Configuration configuration, Users
users) throws AmbariException {
+ AmbariAuthToLocalUserDetailsService(Configuration configuration, Users
users) {
AmbariKerberosAuthenticationProperties properties =
configuration.getKerberosAuthenticationProperties();
String authToLocalRules = properties.getAuthToLocalRules();
@@ -198,10 +199,10 @@ public class AmbariAuthToLocalUserDetailsService
implements UserDetailsService {
throw e;
} else {
// Do not give away information about the existence or status of a user
- throw new AmbariAuthenticationException(username, "Unexpected error
due to missing JWT token", false);
+ throw new InvalidUsernamePasswordCombinationException(username, false,
e);
}
}
- return new User(username, "", users.getUserAuthorities(userEntity));
+ return new AmbariUserDetails(new User(userEntity), null,
users.getUserAuthorities(userEntity));
}
}
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/pam/AmbariPamAuthenticationProvider.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/pam/AmbariPamAuthenticationProvider.java
index ee6a39e..d92a5ca 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/pam/AmbariPamAuthenticationProvider.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/pam/AmbariPamAuthenticationProvider.java
@@ -33,6 +33,7 @@ import
org.apache.ambari.server.security.authentication.AccountDisabledException
import
org.apache.ambari.server.security.authentication.AmbariAuthenticationException;
import
org.apache.ambari.server.security.authentication.AmbariAuthenticationProvider;
import
org.apache.ambari.server.security.authentication.AmbariUserAuthentication;
+import org.apache.ambari.server.security.authentication.AmbariUserDetails;
import
org.apache.ambari.server.security.authentication.InvalidUsernamePasswordCombinationException;
import
org.apache.ambari.server.security.authentication.TooManyLoginFailuresException;
import org.apache.ambari.server.security.authorization.GroupType;
@@ -162,9 +163,8 @@ public class AmbariPamAuthenticationProvider extends
AmbariAuthenticationProvide
synchronizeGroups(unixUser, userEntity);
}
- Authentication authToken = new AmbariUserAuthentication(password,
users.getUser(userEntity), users.getUserAuthorities(userEntity));
- authToken.setAuthenticated(true);
- return authToken;
+ AmbariUserDetails userDetails = new
AmbariUserDetails(users.getUser(userEntity), null,
users.getUserAuthorities(userEntity));
+ return new AmbariUserAuthentication(password, userDetails, true);
}
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProvider.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProvider.java
index 7327e86..2f1c0dc 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProvider.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProvider.java
@@ -28,6 +28,7 @@ import org.apache.ambari.server.security.ClientSecurityType;
import
org.apache.ambari.server.security.authentication.AccountDisabledException;
import
org.apache.ambari.server.security.authentication.AmbariAuthenticationProvider;
import
org.apache.ambari.server.security.authentication.AmbariUserAuthentication;
+import org.apache.ambari.server.security.authentication.AmbariUserDetails;
import
org.apache.ambari.server.security.authentication.InvalidUsernamePasswordCombinationException;
import
org.apache.ambari.server.security.authentication.TooManyLoginFailuresException;
import org.apache.commons.collections.CollectionUtils;
@@ -108,9 +109,8 @@ public class AmbariLdapAuthenticationProvider extends
AmbariAuthenticationProvid
}
}
- Authentication authToken = new AmbariUserAuthentication(null,
users.getUser(userEntity), users.getUserAuthorities(userEntity));
- authToken.setAuthenticated(true);
- return authToken;
+ AmbariUserDetails userDetails = new
AmbariUserDetails(users.getUser(userEntity), null,
users.getUserAuthorities(userEntity));
+ return new AmbariUserAuthentication(null, userDetails, true);
}
} catch (AuthenticationException e) {
LOG.debug("Got exception during LDAP authentication attempt", e);
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariUserAuthorizationFilter.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariUserAuthorizationFilter.java
index 9cad29d..f252b0e 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariUserAuthorizationFilter.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariUserAuthorizationFilter.java
@@ -19,7 +19,6 @@
package org.apache.ambari.server.security.authorization;
import java.io.IOException;
-import java.util.Collection;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
@@ -33,6 +32,7 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.ambari.server.orm.entities.UserEntity;
import org.apache.ambari.server.scheduler.ExecutionScheduleManager;
import
org.apache.ambari.server.security.authentication.AmbariUserAuthentication;
+import org.apache.ambari.server.security.authentication.AmbariUserDetails;
import
org.apache.ambari.server.security.authorization.internal.InternalTokenClientFilter;
import
org.apache.ambari.server.security.authorization.internal.InternalTokenStorage;
import org.apache.commons.lang.math.NumberUtils;
@@ -77,15 +77,14 @@ public class AmbariUserAuthorizationFilter implements
Filter {
httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN,
"Authentication required");
httpResponse.flushBuffer();
return;
- } if (!userEntity.getActive()) {
+ }
+ if (!userEntity.getActive()) {
httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "User is
not active");
httpResponse.flushBuffer();
return;
} else {
- Collection<AmbariGrantedAuthority> userAuthorities =
users.getUserAuthorities(userEntity);
- User user = users.getUser(userEntity);
- AmbariUserAuthentication authentication = new
AmbariUserAuthentication(token, user, userAuthorities);
- authentication.setAuthenticated(true);
+ AmbariUserDetails userDetails = new
AmbariUserDetails(users.getUser(userEntity), null,
users.getUserAuthorities(userEntity));
+ AmbariUserAuthentication authentication = new
AmbariUserAuthentication(token, userDetails, true);
SecurityContextHolder.getContext().setAuthentication(authentication);
httpResponse.setHeader("User",
AuthorizationHelper.getAuthenticatedName());
}
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java
index a0b6029..2e2a70c 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java
@@ -29,6 +29,7 @@ import org.apache.ambari.server.orm.entities.PermissionEntity;
import org.apache.ambari.server.orm.entities.PrivilegeEntity;
import org.apache.ambari.server.orm.entities.ResourceEntity;
import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity;
+import org.apache.ambari.server.security.authentication.AmbariUserDetails;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
@@ -104,14 +105,13 @@ public class AuthorizationHelper {
SecurityContext securityContext = SecurityContextHolder.getContext();
Authentication authentication = securityContext.getAuthentication();
- UserIdAuthentication auth;
- if (authentication instanceof UserIdAuthentication) {
- auth = (UserIdAuthentication) authentication;
- } else {
- return -1;
+ Object principal = (authentication == null) ? null :
authentication.getPrincipal();
+
+ if (principal instanceof AmbariUserDetails) {
+ return ((AmbariUserDetails) principal).getUserId();
}
- return auth.getUserId();
+ return -1;
}
/**
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserIdAuthentication.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserIdAuthentication.java
deleted file mode 100644
index f813af5..0000000
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserIdAuthentication.java
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ambari.server.security.authorization;
-
-public interface UserIdAuthentication {
-
- Integer getUserId();
-}
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserAuthenticationSourceResourceProviderTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserAuthenticationSourceResourceProviderTest.java
index c1a5f54..fe1d4eb 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserAuthenticationSourceResourceProviderTest.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserAuthenticationSourceResourceProviderTest.java
@@ -45,10 +45,10 @@ import org.apache.ambari.server.orm.DBAccessor;
import org.apache.ambari.server.orm.entities.UserAuthenticationEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
import org.apache.ambari.server.security.TestAuthenticationFactory;
+import org.apache.ambari.server.security.authentication.AmbariUserDetails;
import org.apache.ambari.server.security.authorization.AuthorizationException;
import org.apache.ambari.server.security.authorization.AuthorizationHelper;
import org.apache.ambari.server.security.authorization.UserAuthenticationType;
-import org.apache.ambari.server.security.authorization.UserIdAuthentication;
import org.apache.ambari.server.security.authorization.Users;
import org.apache.ambari.server.stack.StackManagerFactory;
import org.apache.ambari.server.state.Clusters;
@@ -259,7 +259,7 @@ public class UserAuthenticationSourceResourceProviderTest
extends EasyMockSuppor
expect(users.getUserAuthenticationEntities((String)null,
null)).andReturn(entities.values()).once();
} else {
- expect(users.getUserAuthenticationEntities("User1",
null)).andReturn(entities.values()).once();
+ expect(users.getUserAuthenticationEntities("user1",
null)).andReturn(entities.values()).once();
}
replayAll();
@@ -345,7 +345,7 @@ public class UserAuthenticationSourceResourceProviderTest
extends EasyMockSuppor
UserEntity userEntity = createMock(UserEntity.class);
expect(userEntity.getAuthenticationEntities()).andReturn(userAuthenticationEntities).once();
if (isSelf) {
- expect(userEntity.getUserId()).andReturn(((UserIdAuthentication)
authentication).getUserId()).once();
+ expect(userEntity.getUserId()).andReturn(((AmbariUserDetails)
authentication.getPrincipal()).getUserId()).once();
} else {
expect(userEntity.getUserId()).andReturn(AuthorizationHelper.getAuthenticatedId()
+ 100).once();
}
@@ -369,7 +369,7 @@ public class UserAuthenticationSourceResourceProviderTest
extends EasyMockSuppor
properties.put(UserAuthenticationSourceResourceProvider.AUTHENTICATION_OLD_KEY_PROPERTY_ID,
"old_password");
properties.put(UserAuthenticationSourceResourceProvider.AUTHENTICATION_KEY_PROPERTY_ID,
"new_password");
- if(authenticationType != null) {
+ if (authenticationType != null) {
properties.put(UserAuthenticationSourceResourceProvider.AUTHENTICATION_AUTHENTICATION_TYPE_PROPERTY_ID,
authenticationType);
}
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/security/SecurityHelperImplTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/security/SecurityHelperImplTest.java
index 6757b78..cbe23d0 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/security/SecurityHelperImplTest.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/security/SecurityHelperImplTest.java
@@ -23,6 +23,7 @@ import java.util.Collection;
import org.apache.ambari.server.orm.entities.PrincipalEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
import
org.apache.ambari.server.security.authentication.AmbariUserAuthentication;
+import org.apache.ambari.server.security.authentication.AmbariUserDetails;
import org.apache.ambari.server.security.authorization.User;
import org.apache.ambari.server.security.authorization.UserName;
import org.junit.Assert;
@@ -47,7 +48,7 @@ public class SecurityHelperImplTest {
userEntity.setUserName(UserName.fromString("userName").toString());
userEntity.setUserId(1);
User user = new User(userEntity);
- Authentication auth = new AmbariUserAuthentication(null, user, null);
+ Authentication auth = new AmbariUserAuthentication(null, new
AmbariUserDetails(user, null, null));
ctx.setAuthentication(auth);
// Username is expected to be lowercase
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java
b/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java
index 65ea12b..f236743 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java
@@ -18,9 +18,9 @@
package org.apache.ambari.server.security;
-import java.util.Collection;
import java.util.Collections;
import java.util.EnumSet;
+import java.util.Set;
import org.apache.ambari.server.orm.entities.PermissionEntity;
import org.apache.ambari.server.orm.entities.PrincipalEntity;
@@ -28,10 +28,13 @@ import
org.apache.ambari.server.orm.entities.PrincipalTypeEntity;
import org.apache.ambari.server.orm.entities.PrivilegeEntity;
import org.apache.ambari.server.orm.entities.ResourceEntity;
import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
+import org.apache.ambari.server.orm.entities.UserEntity;
+import
org.apache.ambari.server.security.authentication.AmbariUserAuthentication;
+import org.apache.ambari.server.security.authentication.AmbariUserDetails;
import org.apache.ambari.server.security.authorization.AmbariGrantedAuthority;
import org.apache.ambari.server.security.authorization.ResourceType;
import org.apache.ambari.server.security.authorization.RoleAuthorization;
-import org.apache.ambari.server.security.authorization.UserIdAuthentication;
+import org.apache.ambari.server.security.authorization.User;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
@@ -41,7 +44,7 @@ public class TestAuthenticationFactory {
}
public static Authentication createAdministrator(String name) {
- return new TestAuthorization(1, name,
Collections.singleton(createAdministratorGrantedAuthority()));
+ return createAmbariUserAuthentication(1, name,
Collections.singleton(createAdministratorGrantedAuthority()));
}
public static Authentication createClusterAdministrator() {
@@ -53,11 +56,11 @@ public class TestAuthenticationFactory {
}
public static Authentication createClusterAdministrator(String name, Long
clusterResourceId) {
- return new TestAuthorization(1, name,
Collections.singleton(createClusterAdministratorGrantedAuthority(clusterResourceId)));
+ return createAmbariUserAuthentication(1, name,
Collections.singleton(createClusterAdministratorGrantedAuthority(clusterResourceId)));
}
public static Authentication createClusterOperator(String name, Long
clusterResourceId) {
- return new TestAuthorization(1, name,
Collections.singleton(createClusterOperatorGrantedAuthority(clusterResourceId)));
+ return createAmbariUserAuthentication(1, name,
Collections.singleton(createClusterOperatorGrantedAuthority(clusterResourceId)));
}
public static Authentication createServiceAdministrator() {
@@ -65,7 +68,7 @@ public class TestAuthenticationFactory {
}
public static Authentication createServiceAdministrator(String name, Long
clusterResourceId) {
- return new TestAuthorization(1, name,
Collections.singleton(createServiceAdministratorGrantedAuthority(clusterResourceId)));
+ return createAmbariUserAuthentication(1, name,
Collections.singleton(createServiceAdministratorGrantedAuthority(clusterResourceId)));
}
public static Authentication createServiceOperator() {
@@ -73,7 +76,7 @@ public class TestAuthenticationFactory {
}
public static Authentication createServiceOperator(String name, Long
clusterResourceId) {
- return new TestAuthorization(1, name,
Collections.singleton(createServiceOperatorGrantedAuthority(clusterResourceId)));
+ return createAmbariUserAuthentication(1, name,
Collections.singleton(createServiceOperatorGrantedAuthority(clusterResourceId)));
}
public static Authentication createClusterUser() {
@@ -81,7 +84,7 @@ public class TestAuthenticationFactory {
}
public static Authentication createClusterUser(String name, Long
clusterResourceId) {
- return new TestAuthorization(1, name,
Collections.singleton(createClusterUserGrantedAuthority(clusterResourceId)));
+ return createAmbariUserAuthentication(1, name,
Collections.singleton(createClusterUserGrantedAuthority(clusterResourceId)));
}
public static Authentication createViewUser(Long viewResourceId) {
@@ -89,7 +92,7 @@ public class TestAuthenticationFactory {
}
public static Authentication createViewUser(String name, Long
viewResourceId) {
- return new TestAuthorization(1, name,
Collections.singleton(createViewUserGrantedAuthority(viewResourceId)));
+ return createAmbariUserAuthentication(1, name,
Collections.singleton(createViewUserGrantedAuthority(viewResourceId)));
}
private static GrantedAuthority createAdministratorGrantedAuthority() {
@@ -402,56 +405,15 @@ public class TestAuthenticationFactory {
return principalTypeEntity;
}
+ private static Authentication createAmbariUserAuthentication(int userId,
String username, Set<GrantedAuthority> authorities) {
+ PrincipalEntity principal = new PrincipalEntity();
+ principal.setPrivileges(Collections.emptySet());
- private static class TestAuthorization implements Authentication,
UserIdAuthentication {
- private final Integer userId;
- private final String name;
- private final Collection<? extends GrantedAuthority> authorities;
+ UserEntity userEntity = new UserEntity();
+ userEntity.setUserId(userId);
+ userEntity.setUserName(username);
+ userEntity.setPrincipal(principal);
- private TestAuthorization(Integer userId, String name, Collection<?
extends GrantedAuthority> authorities) {
- this.userId = userId;
- this.name = name;
- this.authorities = authorities;
- }
-
- @Override
- public Collection<? extends GrantedAuthority> getAuthorities() {
- return authorities;
- }
-
- @Override
- public Object getCredentials() {
- return null;
- }
-
- @Override
- public Object getDetails() {
- return null;
- }
-
- @Override
- public Object getPrincipal() {
- return null;
- }
-
- @Override
- public boolean isAuthenticated() {
- return true;
- }
-
- @Override
- public void setAuthenticated(boolean isAuthenticated) throws
IllegalArgumentException {
-
- }
-
- @Override
- public String getName() {
- return name;
- }
-
- @Override
- public Integer getUserId() {
- return userId;
- }
+ return new AmbariUserAuthentication(null, new AmbariUserDetails(new
User(userEntity), null, authorities), true);
}
}
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/AmbariLocalAuthenticationProviderTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/AmbariLocalAuthenticationProviderTest.java
index b9bfb72..6290b73 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/AmbariLocalAuthenticationProviderTest.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/AmbariLocalAuthenticationProviderTest.java
@@ -84,7 +84,8 @@ public class AmbariLocalAuthenticationProviderTest extends
AbstractAuthenticatio
@Override
protected void validateAuthenticationResult(AmbariUserAuthentication result)
{
- assertEquals(1, (result.getPrincipal()).getUserId());
+ assertEquals((Integer) 1, result.getUserId());
+ assertEquals((Integer) 1, (result.getPrincipal()).getUserId());
}
}
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/jwt/AmbariJwtAuthenticationFilterTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/jwt/AmbariJwtAuthenticationFilterTest.java
index 2c88d9f..5668e49 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/jwt/AmbariJwtAuthenticationFilterTest.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/jwt/AmbariJwtAuthenticationFilterTest.java
@@ -46,13 +46,13 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.ambari.server.configuration.Configuration;
-import org.apache.ambari.server.orm.entities.PrincipalEntity;
import org.apache.ambari.server.orm.entities.UserAuthenticationEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
import org.apache.ambari.server.security.AmbariEntryPoint;
import
org.apache.ambari.server.security.authentication.AmbariAuthenticationEventHandler;
import
org.apache.ambari.server.security.authentication.AmbariAuthenticationException;
import
org.apache.ambari.server.security.authentication.AmbariAuthenticationFilter;
+import org.apache.ambari.server.security.authorization.User;
import org.apache.ambari.server.security.authorization.UserAuthenticationType;
import org.apache.ambari.server.security.authorization.Users;
import org.easymock.Capture;
@@ -126,12 +126,12 @@ public class AmbariJwtAuthenticationFilterTest extends
EasyMockSupport {
Calendar calendar = Calendar.getInstance();
calendar.setTimeInMillis(System.currentTimeMillis());
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
- .subject("test-user")
- .issuer("unit-test")
- .issueTime(calendar.getTime())
- .expirationTime(expirationTime)
- .audience(audience)
- .build();
+ .subject("test-user")
+ .issuer("unit-test")
+ .issueTime(calendar.getTime())
+ .expirationTime(expirationTime)
+ .audience(audience)
+ .build();
SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256),
claimsSet);
signedJWT.sign(signer);
@@ -151,12 +151,12 @@ public class AmbariJwtAuthenticationFilterTest extends
EasyMockSupport {
expirationTime.add(Calendar.DATE, -1);
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
- .subject("test-user")
- .issuer("unit-test")
- .issueTime(issueTime.getTime())
- .expirationTime(issueTime.getTime())
- .audience("test-audience-invalid")
- .build();
+ .subject("test-user")
+ .issuer("unit-test")
+ .issueTime(issueTime.getTime())
+ .expirationTime(issueTime.getTime())
+ .audience("test-audience-invalid")
+ .build();
SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256),
claimsSet);
signedJWT.sign(signer);
@@ -401,21 +401,14 @@ public class AmbariJwtAuthenticationFilterTest extends
EasyMockSupport {
expect(userAuthenticationEntity.getAuthenticationType()).andReturn(UserAuthenticationType.JWT).anyTimes();
expect(userAuthenticationEntity.getAuthenticationKey()).andReturn("").anyTimes();
- PrincipalEntity principal = createMock(PrincipalEntity.class);
-
expect(principal.getPrivileges()).andReturn(Collections.emptySet()).atLeastOnce();
-
UserEntity userEntity = createMock(UserEntity.class);
-
expect(userEntity.getAuthenticationEntities()).andReturn(Collections.singletonList(userAuthenticationEntity)).once();
- expect(userEntity.getActive()).andReturn(true).atLeastOnce();
- expect(userEntity.getUserId()).andReturn(1).atLeastOnce();
- expect(userEntity.getUserName()).andReturn("username").atLeastOnce();
- expect(userEntity.getCreateTime()).andReturn(new
Date().getTime()).atLeastOnce();
-
expect(userEntity.getMemberEntities()).andReturn(Collections.emptySet()).atLeastOnce();
expect(userEntity.getAuthenticationEntities()).andReturn(Collections.singletonList(userAuthenticationEntity)).atLeastOnce();
- expect(userEntity.getPrincipal()).andReturn(principal).atLeastOnce();
+
+ User user = createMock(User.class);
Users users = createMock(Users.class);
expect(users.getUserEntity("test-user")).andReturn(userEntity).once();
+ expect(users.getUser(userEntity)).andReturn(user).once();
expect(users.getUserAuthorities(userEntity)).andReturn(Collections.emptyList()).once();
users.validateLogin(userEntity, "test-user");
expectLastCall().once();
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/kerberos/AmbariAuthToLocalUserDetailsServiceTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/kerberos/AmbariAuthToLocalUserDetailsServiceTest.java
index 509909f..cd3ecab 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/kerberos/AmbariAuthToLocalUserDetailsServiceTest.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/kerberos/AmbariAuthToLocalUserDetailsServiceTest.java
@@ -25,8 +25,10 @@ import java.util.Collection;
import java.util.Collections;
import org.apache.ambari.server.configuration.Configuration;
+import org.apache.ambari.server.orm.entities.PrincipalEntity;
import org.apache.ambari.server.orm.entities.UserAuthenticationEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
+import org.apache.ambari.server.security.authentication.AmbariUserDetails;
import org.apache.ambari.server.security.authentication.UserNotFoundException;
import org.apache.ambari.server.security.authorization.AmbariGrantedAuthority;
import org.apache.ambari.server.security.authorization.UserAuthenticationType;
@@ -55,15 +57,23 @@ public class AmbariAuthToLocalUserDetailsServiceTest
extends EasyMockSupport {
Configuration configuration = createMock(Configuration.class);
expect(configuration.getKerberosAuthenticationProperties()).andReturn(properties).once();
+ PrincipalEntity principal = createMock(PrincipalEntity.class);
+
expect(principal.getPrivileges()).andReturn(Collections.emptySet()).atLeastOnce();
+
UserEntity userEntity = createMock(UserEntity.class);
+ expect(userEntity.getUserName()).andReturn("user1").atLeastOnce();
+ expect(userEntity.getUserId()).andReturn(1).atLeastOnce();
+
expect(userEntity.getCreateTime()).andReturn(System.currentTimeMillis()).atLeastOnce();
+ expect(userEntity.getActive()).andReturn(true).atLeastOnce();
+
expect(userEntity.getMemberEntities()).andReturn(Collections.emptySet()).atLeastOnce();
+
expect(userEntity.getAuthenticationEntities()).andReturn(Collections.emptyList()).atLeastOnce();
+ expect(userEntity.getPrincipal()).andReturn(principal).atLeastOnce();
UserAuthenticationEntity kerberosAuthenticationEntity =
createMock(UserAuthenticationEntity.class);
expect(kerberosAuthenticationEntity.getAuthenticationType()).andReturn(UserAuthenticationType.KERBEROS).anyTimes();
expect(kerberosAuthenticationEntity.getAuthenticationKey()).andReturn("[email protected]").anyTimes();
expect(kerberosAuthenticationEntity.getUser()).andReturn(userEntity).anyTimes();
- expect(userEntity.getUserName()).andReturn("user1").atLeastOnce();
-
Collection<AmbariGrantedAuthority> userAuthorities =
Collections.singletonList(createNiceMock(AmbariGrantedAuthority.class));
Users users = createMock(Users.class);
@@ -79,12 +89,15 @@ public class AmbariAuthToLocalUserDetailsServiceTest
extends EasyMockSupport {
UserDetails userDetails =
userdetailsService.loadUserByUsername("[email protected]");
- verifyAll();
-
Assert.assertNotNull(userDetails);
- Assert.assertEquals("user1", userDetails.getUsername());
- Assert.assertEquals(userAuthorities.size(),
userDetails.getAuthorities().size());
- Assert.assertEquals("", userDetails.getPassword());
+ Assert.assertTrue(userDetails instanceof AmbariUserDetails);
+
+ AmbariUserDetails ambariUserDetails = (AmbariUserDetails) userDetails;
+ Assert.assertEquals("user1", ambariUserDetails.getUsername());
+ Assert.assertEquals(Integer.valueOf(1), ambariUserDetails.getUserId());
+ Assert.assertEquals(userAuthorities.size(),
ambariUserDetails.getAuthorities().size());
+
+ verifyAll();
}
@Test(expected = UserNotFoundException.class)
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java
index be2b891..8ecef22 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java
@@ -46,6 +46,7 @@ import
org.apache.ambari.server.orm.entities.ResourceTypeEntity;
import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
import
org.apache.ambari.server.security.authentication.AmbariUserAuthentication;
+import org.apache.ambari.server.security.authentication.AmbariUserDetails;
import org.easymock.EasyMockRule;
import org.easymock.EasyMockSupport;
import org.easymock.Mock;
@@ -169,7 +170,7 @@ public class AuthorizationHelperTest extends
EasyMockSupport {
userEntity.setUserId(1);
userEntity.setPrincipal(principalEntity);
User user = new User(userEntity);
- Authentication auth = new AmbariUserAuthentication(null, user, null);
+ Authentication auth = new AmbariUserAuthentication(null, new
AmbariUserDetails(user, null, null));
SecurityContextHolder.getContext().setAuthentication(auth);
userId = AuthorizationHelper.getAuthenticatedId();
