This is an automated email from the ASF dual-hosted git repository. pinal pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/atlas.git
The following commit(s) were added to refs/heads/master by this push: new 953f65b ATLAS-4377 : Atlas - Upgrade Spring Security to 5.4.4+/5.3.8+/5.2.9+ 953f65b is described below commit 953f65b9c421432ebbf755214769b074d0847bae Author: chaitali borole <chaitali.bor...@cloudera.com> AuthorDate: Wed Sep 1 12:12:25 2021 +0530 ATLAS-4377 : Atlas - Upgrade Spring Security to 5.4.4+/5.3.8+/5.2.9+ Signed-off-by: Pinal Shah <pinal.s...@freestoneinfotech.com> --- addons/falcon-bridge-shim/pom.xml | 16 +++++ addons/falcon-bridge/pom.xml | 12 ++++ authorization/pom.xml | 1 + .../atlas/utils/OnAtlasPropertyCondition.java | 22 ++++--- pom.xml | 75 ++++++---------------- repository/pom.xml | 2 + .../apache/atlas/GraphTransactionInterceptor.java | 6 +- test-tools/pom.xml | 4 ++ .../java/org/apache/atlas/web/dao/UserDao.java | 38 +++++++++-- .../java/org/apache/atlas/web/util/Servlets.java | 8 +-- webapp/src/main/webapp/WEB-INF/web.xml | 4 -- .../org/apache/atlas/web/security/UserDaoTest.java | 5 ++ webapp/src/test/webapp/WEB-INF/web.xml | 4 -- 13 files changed, 109 insertions(+), 88 deletions(-) diff --git a/addons/falcon-bridge-shim/pom.xml b/addons/falcon-bridge-shim/pom.xml index 02da049..c554e89 100755 --- a/addons/falcon-bridge-shim/pom.xml +++ b/addons/falcon-bridge-shim/pom.xml @@ -55,6 +55,22 @@ <groupId>org.mortbay.jetty</groupId> <artifactId>servlet-api</artifactId> </exclusion> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring-beans</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring-jms</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring-tx</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring-context</artifactId> + </exclusion> </exclusions> </dependency> </dependencies> diff --git a/addons/falcon-bridge/pom.xml b/addons/falcon-bridge/pom.xml index e0d2f3b..de22fa5 100644 --- a/addons/falcon-bridge/pom.xml +++ b/addons/falcon-bridge/pom.xml @@ -70,6 +70,18 @@ <groupId>org.mortbay.jetty</groupId> <artifactId>servlet-api</artifactId> </exclusion> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring-beans</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring-jms</artifactId> + </exclusion> + <exclusion> + <groupId>org.springframework</groupId> + <artifactId>spring-tx</artifactId> + </exclusion> </exclusions> </dependency> diff --git a/authorization/pom.xml b/authorization/pom.xml index 8e5a85d..7a11084 100644 --- a/authorization/pom.xml +++ b/authorization/pom.xml @@ -54,6 +54,7 @@ <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-core</artifactId> + <version>${spring.security.version}</version> </dependency> <dependency> diff --git a/common/src/main/java/org/apache/atlas/utils/OnAtlasPropertyCondition.java b/common/src/main/java/org/apache/atlas/utils/OnAtlasPropertyCondition.java index ece6e37..7259036 100644 --- a/common/src/main/java/org/apache/atlas/utils/OnAtlasPropertyCondition.java +++ b/common/src/main/java/org/apache/atlas/utils/OnAtlasPropertyCondition.java @@ -27,7 +27,7 @@ import org.slf4j.LoggerFactory; import org.springframework.context.annotation.Condition; import org.springframework.context.annotation.ConditionContext; import org.springframework.core.type.AnnotatedTypeMetadata; -import org.springframework.core.type.classreading.AnnotationMetadataReadingVisitor; +import org.springframework.core.type.AnnotationMetadata; public class OnAtlasPropertyCondition implements Condition { private final Logger LOG = LoggerFactory.getLogger(OnAtlasPropertyCondition.class); @@ -37,16 +37,18 @@ public class OnAtlasPropertyCondition implements Condition { boolean matches = false; String propertyName = (String) metadata.getAnnotationAttributes(ConditionalOnAtlasProperty.class.getName()).get("property"); boolean isDefault = (Boolean) metadata.getAnnotationAttributes(ConditionalOnAtlasProperty.class.getName()).get("isDefault"); - String className = ((AnnotationMetadataReadingVisitor) metadata).getClassName(); + if (metadata instanceof AnnotatedTypeMetadata) { + String className = ((AnnotationMetadata) metadata).getClassName(); - try { - Configuration configuration = ApplicationProperties.get(); - String configuredProperty = configuration.getString(propertyName); - if (StringUtils.isNotEmpty(configuredProperty)) { - matches = configuredProperty.equals(className); - } else if (isDefault) matches = true; - } catch (AtlasException e) { - LOG.error("Unable to load atlas properties. Dependent bean configuration may fail"); + try { + Configuration configuration = ApplicationProperties.get(); + String configuredProperty = configuration.getString(propertyName); + if (StringUtils.isNotEmpty(configuredProperty)) { + matches = configuredProperty.equals(className); + } else if (isDefault) matches = true; + } catch (AtlasException e) { + LOG.error("Unable to load atlas properties. Dependent bean configuration may fail"); + } } return matches; } diff --git a/pom.xml b/pom.xml index 263b3e1..a3f30e8 100644 --- a/pom.xml +++ b/pom.xml @@ -760,8 +760,8 @@ <solr-test-framework.version>8.6.3</solr-test-framework.version> <solr.version>8.6.3</solr.version> <spray.version>1.3.1</spray.version> - <spring.security.version>4.2.17.RELEASE</spring.security.version> - <spring.version>4.3.29.RELEASE</spring.version> + <spring.security.version>5.5.1</spring.security.version> + <spring.version>5.3.8</spring.version> <sqoop.version>1.4.6.2.3.99.0-195</sqoop.version> <storm.version>2.1.0</storm.version> <surefire.forkCount>2C</surefire.forkCount> @@ -1073,6 +1073,22 @@ <scope>import</scope> </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-framework-bom</artifactId> + <version>${spring.version}</version> + <type>pom</type> + <scope>import</scope> + </dependency> + + <dependency> + <groupId>org.springframework.security</groupId> + <artifactId>spring-security-bom</artifactId> + <version>${spring.security.version}</version> + <type>pom</type> + <scope>import</scope> + </dependency> + <!-- commons --> <dependency> <groupId>commons-configuration</groupId> @@ -1347,61 +1363,6 @@ <version>${javax.servlet.version}</version> </dependency> - <!-- Spring --> - <dependency> - <groupId>org.springframework</groupId> - <artifactId>spring-core</artifactId> - <version>${spring.version}</version> - </dependency> - - <dependency> - <groupId>org.springframework</groupId> - <artifactId>spring-web</artifactId> - <version>${spring.version}</version> - </dependency> - - <dependency> - <groupId>org.springframework</groupId> - <artifactId>spring-webmvc</artifactId> - <version>${spring.version}</version> - </dependency> - - <dependency> - <groupId>org.springframework.security</groupId> - <artifactId>spring-security-core</artifactId> - <version>${spring.security.version}</version> - </dependency> - - <dependency> - <groupId>org.springframework.security</groupId> - <artifactId>spring-security-web</artifactId> - <version>${spring.security.version}</version> - </dependency> - - <dependency> - <groupId>org.springframework.security</groupId> - <artifactId>spring-security-config</artifactId> - <version>${spring.security.version}</version> - </dependency> - - <dependency> - <groupId>org.springframework.security</groupId> - <artifactId>spring-security-ldap</artifactId> - <version>${spring.security.version}</version> - </dependency> - - <dependency> - <groupId>org.springframework</groupId> - <artifactId>spring-aop</artifactId> - <version>${spring.version}</version> - </dependency> - - <dependency> - <groupId>org.springframework</groupId> - <artifactId>spring-test</artifactId> - <version>${spring.version}</version> - </dependency> - <!-- atlas modules --> <dependency> <groupId>org.apache.atlas</groupId> diff --git a/repository/pom.xml b/repository/pom.xml index bf34efe..1607d9a 100755 --- a/repository/pom.xml +++ b/repository/pom.xml @@ -180,11 +180,13 @@ <dependency> <groupId>org.springframework</groupId> <artifactId>spring-aop</artifactId> + <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-test</artifactId> + <version>${spring.version}</version> </dependency> <dependency> diff --git a/repository/src/main/java/org/apache/atlas/GraphTransactionInterceptor.java b/repository/src/main/java/org/apache/atlas/GraphTransactionInterceptor.java index 343d00d..c8b7ff8 100644 --- a/repository/src/main/java/org/apache/atlas/GraphTransactionInterceptor.java +++ b/repository/src/main/java/org/apache/atlas/GraphTransactionInterceptor.java @@ -367,13 +367,13 @@ public class GraphTransactionInterceptor implements MethodInterceptor { } }; - public void lockObject(final List<String> guids) { + public void lockObject(final List<?> guids) { if (LOG.isDebugEnabled()) { LOG.debug("==> lockObject(): guids: {}", guids); } - Collections.sort(guids); - for (String g : guids) { + Collections.sort((List<String>) guids); + for (String g : (List<String>) guids) { lockObject(g); } } diff --git a/test-tools/pom.xml b/test-tools/pom.xml index c861ea6..991fa14 100644 --- a/test-tools/pom.xml +++ b/test-tools/pom.xml @@ -56,6 +56,10 @@ <groupId>org.apache.logging.log4j</groupId> <artifactId>log4j-slf4j-impl</artifactId> </exclusion> + <exclusion> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-1.2-api</artifactId> + </exclusion> </exclusions> </dependency> diff --git a/webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java b/webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java index e16796f..cc23976 100644 --- a/webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java +++ b/webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java @@ -24,11 +24,13 @@ import java.io.IOException; import java.util.ArrayList; import java.util.Properties; import java.util.List; +import java.security.NoSuchAlgorithmException; import javax.annotation.PostConstruct; import org.apache.atlas.web.security.AtlasAuthenticationException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.security.authentication.encoding.ShaPasswordEncoder; +import org.springframework.security.crypto.codec.Hex; +import org.springframework.security.crypto.codec.Utf8; import org.springframework.stereotype.Repository; import org.apache.atlas.ApplicationProperties; import org.apache.atlas.AtlasException; @@ -48,7 +50,6 @@ public class UserDao { private static final Logger LOG = LoggerFactory.getLogger(UserDao.class); private static final String DEFAULT_USER_CREDENTIALS_PROPERTIES = "users-credentials.properties"; - private static final ShaPasswordEncoder sha256Encoder = new ShaPasswordEncoder(256); private static boolean v1ValidationEnabled = true; private static boolean v2ValidationEnabled = true; @@ -180,7 +181,7 @@ public class UserDao { boolean ret = false; try { - String hash = sha256Encoder.encodePassword(password, salt); + String hash = encodePassword(password, salt); ret = hash != null && hash.equals(encryptedPwd); } catch (Throwable excp) { @@ -233,4 +234,33 @@ public class UserDao { throw new AtlasAuthenticationException("Exception while encoding password.", ex); } } -} + + public static String encodePassword(String rawPass, Object salt) { + String saltedPass = mergePasswordAndSalt(rawPass, salt, false); + MessageDigest messageDigest = getMessageDigest(); + byte[] digest = messageDigest.digest(Utf8.encode(saltedPass)); + + return new String(Hex.encode(digest)); + } + + protected static final MessageDigest getMessageDigest() throws IllegalArgumentException { + try { + return MessageDigest.getInstance("SHA-256"); + } catch (NoSuchAlgorithmException var2) { + throw new IllegalArgumentException("No such algorithm [SHA-256 ]"); + } + } + + protected static String mergePasswordAndSalt(String password, Object salt, boolean strict) { + if (!StringUtils.hasText(password)) { + password = ""; + } + + if (strict && salt != null && (salt.toString().lastIndexOf("{") != -1 || salt.toString().lastIndexOf("}") != -1)) { + throw new IllegalArgumentException("Cannot use { or } in salt.toString()"); + } else { + return StringUtils.hasText(salt.toString()) ? password + "{" + salt.toString() + "}" : password; + } + } + +} \ No newline at end of file diff --git a/webapp/src/main/java/org/apache/atlas/web/util/Servlets.java b/webapp/src/main/java/org/apache/atlas/web/util/Servlets.java index 71eca2e..bc7e71b 100755 --- a/webapp/src/main/java/org/apache/atlas/web/util/Servlets.java +++ b/webapp/src/main/java/org/apache/atlas/web/util/Servlets.java @@ -214,12 +214,8 @@ public final class Servlets { } } - public static String decodeQueryString(String query){ - try { - return UriUtils.decode(query,"UTF-8"); + public static String decodeQueryString(String query) { + return UriUtils.decode(query,"UTF-8"); - } catch (UnsupportedEncodingException e){ - return query; - } } } diff --git a/webapp/src/main/webapp/WEB-INF/web.xml b/webapp/src/main/webapp/WEB-INF/web.xml index 7fb56ef..7bc9319 100755 --- a/webapp/src/main/webapp/WEB-INF/web.xml +++ b/webapp/src/main/webapp/WEB-INF/web.xml @@ -98,10 +98,6 @@ </filter-mapping> <listener> - <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class> - </listener> - - <listener> <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class> </listener> diff --git a/webapp/src/test/java/org/apache/atlas/web/security/UserDaoTest.java b/webapp/src/test/java/org/apache/atlas/web/security/UserDaoTest.java index 519be80..1422799 100644 --- a/webapp/src/test/java/org/apache/atlas/web/security/UserDaoTest.java +++ b/webapp/src/test/java/org/apache/atlas/web/security/UserDaoTest.java @@ -65,4 +65,9 @@ public class UserDaoTest { assertTrue(hadException); } + @Test + public void testUserDaowithencodePassword() { + assertTrue(UserDao.checkEncrypted("admin", "a4a88c0872bf652bb9ed803ece5fd6e82354838a9bf59ab4babb1dab322154e1", "admin")); + } + } \ No newline at end of file diff --git a/webapp/src/test/webapp/WEB-INF/web.xml b/webapp/src/test/webapp/WEB-INF/web.xml index 2388fbf..fd1d492 100755 --- a/webapp/src/test/webapp/WEB-INF/web.xml +++ b/webapp/src/test/webapp/WEB-INF/web.xml @@ -68,10 +68,6 @@ </filter-mapping> <listener> - <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class> - </listener> - - <listener> <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class> </listener>