This is an automated email from the ASF dual-hosted git repository.
hapylestat pushed a commit to branch branch-2.7
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/branch-2.7 by this push:
new d8eed41 AMBARI-25485. Change authentication method from get to post.
(#3182) (dvitiiuk via dgrinenko)
d8eed41 is described below
commit d8eed413d7329aba624cc6b5d35f3c677d68964a
Author: dvitiiuk <[email protected]>
AuthorDate: Tue Jun 30 19:00:58 2020 +0300
AMBARI-25485. Change authentication method from get to post. (#3182)
(dvitiiuk via dgrinenko)
---
.../api/resources/AuthResourceDefinition.java | 49 +++++++++++++
.../api/resources/ResourceInstanceFactoryImpl.java | 4 +
.../server/api/services/users/AuthService.java | 85 ++++++++++++++++++++++
.../controller/AuthRequestCreateAuthSwagger.java | 27 +++++++
.../ambari/server/controller/ControllerModule.java | 2 +
.../server/controller/ResourceProviderFactory.java | 3 +
.../AbstractControllerResourceProvider.java | 2 +
.../controller/internal/AuthResourceProvider.java | 80 ++++++++++++++++++++
.../ambari/server/controller/spi/Resource.java | 4 +-
.../authorization/AmbariAuthorizationFilter.java | 5 ++
10 files changed, 260 insertions(+), 1 deletion(-)
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/api/resources/AuthResourceDefinition.java
b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/AuthResourceDefinition.java
new file mode 100644
index 0000000..387b2d1
--- /dev/null
+++
b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/AuthResourceDefinition.java
@@ -0,0 +1,49 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.api.resources;
+
+import java.util.Collections;
+import java.util.Set;
+
+import org.apache.ambari.server.controller.spi.Resource;
+
+/**
+ * Auth Resource Definition
+ */
+public class AuthResourceDefinition extends BaseResourceDefinition {
+
+ public AuthResourceDefinition() {
+ super(Resource.Type.Auth);
+ }
+
+ @Override
+ public String getPluralName() {
+ return "auths";
+ }
+
+ @Override
+ public String getSingularName() {
+ return "auth";
+ }
+
+ @Override
+ public Set<SubResourceDefinition> getSubResourceDefinitions() {
+ return Collections.emptySet();
+ }
+
+}
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImpl.java
b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImpl.java
index 4133383..ed905a0 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImpl.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImpl.java
@@ -481,6 +481,10 @@ public class ResourceInstanceFactoryImpl implements
ResourceInstanceFactory {
resourceDefinition = new RemoteClusterResourceDefinition();
break;
+ case Auth:
+ resourceDefinition = new AuthResourceDefinition();
+ break;
+
default:
throw new IllegalArgumentException("Unsupported resource type: " +
type);
}
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/api/services/users/AuthService.java
b/ambari-server/src/main/java/org/apache/ambari/server/api/services/users/AuthService.java
new file mode 100644
index 0000000..f46cfd2
--- /dev/null
+++
b/ambari-server/src/main/java/org/apache/ambari/server/api/services/users/AuthService.java
@@ -0,0 +1,85 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.api.services.users;
+
+import java.util.Collections;
+
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriInfo;
+
+import org.apache.ambari.server.api.resources.ResourceInstance;
+import org.apache.ambari.server.api.services.BaseService;
+import org.apache.ambari.server.api.services.Request;
+import org.apache.ambari.server.controller.spi.Resource;
+import org.apache.http.HttpStatus;
+
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiImplicitParam;
+import io.swagger.annotations.ApiImplicitParams;
+import io.swagger.annotations.ApiOperation;
+import io.swagger.annotations.ApiResponse;
+import io.swagger.annotations.ApiResponses;
+
+/**
+ * Service responsible for auth requests.
+ */
+@Path("/auth")
+@Api(value = "Auth", description = "Endpoint for authentication operations")
+public class AuthService extends BaseService {
+
+ private static final String AUTH_USERS_REQUEST_TYPE =
"org.apache.ambari.server.controller.AuthRequestCreateAuthSwagger";
+
+ /**
+ * Is used as auth request.
+ * Handles: POST /auth
+ *
+ * @param headers http headers
+ * @param ui uri info
+ * @return information regarding the requested user and related info
+ */
+ @POST
+ @Produces("text/plain")
+ @ApiOperation(value = "User authorization request")
+ @ApiImplicitParams({
+ @ApiImplicitParam(dataType = AUTH_USERS_REQUEST_TYPE, paramType =
PARAM_TYPE_BODY, allowMultiple = true)
+ })
+ @ApiResponses({
+ @ApiResponse(code = HttpStatus.SC_BAD_REQUEST, message =
MSG_INVALID_ARGUMENTS),
+ @ApiResponse(code = HttpStatus.SC_NOT_FOUND, message =
MSG_RESOURCE_NOT_FOUND),
+ @ApiResponse(code = HttpStatus.SC_UNAUTHORIZED, message =
MSG_NOT_AUTHENTICATED),
+ @ApiResponse(code = HttpStatus.SC_FORBIDDEN, message =
MSG_PERMISSION_DENIED),
+ @ApiResponse(code = HttpStatus.SC_INTERNAL_SERVER_ERROR, message =
MSG_SERVER_ERROR),
+ })
+ public Response getUsersViaPost(String body, @Context HttpHeaders headers,
@Context UriInfo ui) {
+ return handleRequest(headers, body, ui, Request.Type.POST,
createAuthResource());
+ }
+
+ /**
+ * Create an auth resource instance.
+ *
+ * @return an auth resource instance
+ */
+ private ResourceInstance createAuthResource() {
+ return createResource(Resource.Type.Auth, Collections.EMPTY_MAP);
+ }
+}
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/AuthRequestCreateAuthSwagger.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/AuthRequestCreateAuthSwagger.java
new file mode 100644
index 0000000..553f8b2
--- /dev/null
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/AuthRequestCreateAuthSwagger.java
@@ -0,0 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.controller;
+
+/**
+ * Interface to help correct Swagger documentation generation.
+ * Class is empty because not input/output fields are assumed.
+ */
+public interface AuthRequestCreateAuthSwagger extends ApiModel {
+
+}
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java
index 8da770a..13c9ca6 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java
@@ -63,6 +63,7 @@ import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.configuration.Configuration.ConnectionPoolType;
import org.apache.ambari.server.configuration.Configuration.DatabaseType;
import
org.apache.ambari.server.controller.internal.AlertTargetResourceProvider;
+import org.apache.ambari.server.controller.internal.AuthResourceProvider;
import
org.apache.ambari.server.controller.internal.ClusterStackVersionResourceProvider;
import org.apache.ambari.server.controller.internal.ComponentResourceProvider;
import org.apache.ambari.server.controller.internal.CredentialResourceProvider;
@@ -475,6 +476,7 @@ public class ControllerModule extends AbstractModule {
.implement(ResourceProvider.class, Names.named("alertTarget"),
AlertTargetResourceProvider.class)
.implement(ResourceProvider.class, Names.named("viewInstance"),
ViewInstanceResourceProvider.class)
.implement(ResourceProvider.class,
Names.named("rootServiceHostComponentConfiguration"),
RootServiceComponentConfigurationResourceProvider.class)
+ .implement(ResourceProvider.class, Names.named("auth"),
AuthResourceProvider.class)
.build(ResourceProviderFactory.class));
install(new FactoryModuleBuilder().implement(
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/ResourceProviderFactory.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/ResourceProviderFactory.java
index 5849212..830366a 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/ResourceProviderFactory.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/ResourceProviderFactory.java
@@ -47,6 +47,9 @@ public interface ResourceProviderFactory {
@Named("user")
ResourceProvider getUserResourceProvider(AmbariManagementController
managementController);
+ @Named("auth")
+ ResourceProvider getAuthResourceProvider(AmbariManagementController
managementController);
+
@Named("userAuthenticationSource")
ResourceProvider getUserAuthenticationSourceResourceProvider();
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java
index 15006b0..132bc72 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java
@@ -243,6 +243,8 @@ public abstract class AbstractControllerResourceProvider
extends AbstractAuthori
return resourceProviderFactory.getAlertTargetResourceProvider();
case ViewInstance:
return resourceProviderFactory.getViewInstanceResourceProvider();
+ case Auth:
+ return
resourceProviderFactory.getAuthResourceProvider(managementController);
default:
throw new IllegalArgumentException("Unknown type " + type);
}
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AuthResourceProvider.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AuthResourceProvider.java
new file mode 100644
index 0000000..5a1ed68
--- /dev/null
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AuthResourceProvider.java
@@ -0,0 +1,80 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.controller.internal;
+
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.apache.ambari.server.controller.AmbariManagementController;
+import org.apache.ambari.server.controller.spi.NoSuchParentResourceException;
+import org.apache.ambari.server.controller.spi.Predicate;
+import org.apache.ambari.server.controller.spi.Request;
+import org.apache.ambari.server.controller.spi.RequestStatus;
+import org.apache.ambari.server.controller.spi.Resource;
+import org.apache.ambari.server.controller.spi.ResourceAlreadyExistsException;
+import org.apache.ambari.server.controller.spi.ResourcePredicateEvaluator;
+import org.apache.ambari.server.controller.spi.SystemException;
+import org.apache.ambari.server.controller.spi.UnsupportedPropertyException;
+
+import com.google.inject.assistedinject.Assisted;
+import com.google.inject.assistedinject.AssistedInject;
+
+/**
+ * Resource provider for auth resources.
+ */
+public class AuthResourceProvider extends AbstractControllerResourceProvider
implements ResourcePredicateEvaluator {
+
+ /**
+ * Create a new resource provider for the given management controller.
+ */
+ @AssistedInject
+ AuthResourceProvider(@Assisted AmbariManagementController
managementController) {
+ super(Resource.Type.Auth, Collections.emptySet(), Collections.emptyMap(),
managementController);
+ }
+
+ @Override
+ public RequestStatus createResourcesAuthorized(Request request)
+ throws SystemException,
+ UnsupportedPropertyException,
+ ResourceAlreadyExistsException,
+ NoSuchParentResourceException {
+
+ // do nothing
+ return getRequestStatus(null);
+ }
+
+ /**
+ * ResourcePredicateEvaluator implementation. If property type is
Auth/user_name,
+ * we do a case insensitive comparison so that we can return the retrieved
+ * username when it differs only in case with respect to the requested
username.
+ *
+ * @param predicate the predicate
+ * @param resource the resource
+ * @return
+ */
+ @Override
+ public boolean evaluate(Predicate predicate, Resource resource) {
+ return true;
+ }
+
+ @Override
+ protected Set<String> getPKPropertyIds() {
+ return new HashSet<>();
+ }
+}
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/spi/Resource.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/spi/Resource.java
index c669d20..fb3d23b 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/spi/Resource.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/spi/Resource.java
@@ -162,7 +162,8 @@ public interface Resource {
VersionDefinition,
ClusterKerberosDescriptor,
LoggingQuery,
- RemoteCluster;
+ RemoteCluster,
+ Auth;
/**
* Get the {@link Type} that corresponds to this InternalType.
@@ -286,6 +287,7 @@ public interface Resource {
public static final Type ClusterKerberosDescriptor =
InternalType.ClusterKerberosDescriptor.getType();
public static final Type LoggingQuery =
InternalType.LoggingQuery.getType();
public static final Type RemoteCluster =
InternalType.RemoteCluster.getType();
+ public static final Type Auth = InternalType.Auth.getType();
/**
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
index 29b3e4f..4376881 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
@@ -75,6 +75,7 @@ public class AmbariAuthorizationFilter implements Filter {
private static final String API_WIDGET_PATTERN = API_VERSION_PREFIX +
"/clusters/.*?/widgets.*";
private static final String API_CLUSTERS_ALL_PATTERN = API_VERSION_PREFIX +
"/clusters.*";
private static final String API_VIEWS_ALL_PATTERN = API_VERSION_PREFIX +
"/views.*";
+ private static final String API_AUTH_PATTERN = API_VERSION_PREFIX + "/auth";
private static final String API_PERSIST_ALL_PATTERN = API_VERSION_PREFIX +
"/persist.*";
private static final String API_LDAP_SYNC_EVENTS_ALL_PATTERN =
API_VERSION_PREFIX + "/ldap_sync_events.*";
private static final String API_CREDENTIALS_ALL_PATTERN = API_VERSION_PREFIX
+ "/clusters/.*?/credentials.*";
@@ -250,6 +251,10 @@ public class AmbariAuthorizationFilter implements Filter {
authorized = true;
break;
}
+ } else if (requestURI.matches(API_AUTH_PATTERN) &&
"POST".equalsIgnoreCase(httpRequest.getMethod())) {
+ // all are able to login
+ authorized = true;
+ break;
}
}
}
