This is an automated email from the ASF dual-hosted git repository.
pinal pushed a commit to branch branch-2.0
in repository https://gitbox.apache.org/repos/asf/atlas.git
The following commit(s) were added to refs/heads/branch-2.0 by this push:
new 3dc469b ATLAS-4377 : Atlas - Upgrade Spring Security to
5.4.4+/5.3.8+/5.2.9+
3dc469b is described below
commit 3dc469b899902221c93d4bc0ae402fa57768f6c4
Author: chaitali borole <[email protected]>
AuthorDate: Wed Sep 1 12:12:25 2021 +0530
ATLAS-4377 : Atlas - Upgrade Spring Security to 5.4.4+/5.3.8+/5.2.9+
Signed-off-by: Pinal Shah <[email protected]>
---
addons/falcon-bridge-shim/pom.xml | 16 +++++
addons/falcon-bridge/pom.xml | 12 ++++
authorization/pom.xml | 1 +
.../atlas/utils/OnAtlasPropertyCondition.java | 22 ++++---
pom.xml | 75 ++++++----------------
repository/pom.xml | 2 +
.../apache/atlas/GraphTransactionInterceptor.java | 6 +-
test-tools/pom.xml | 4 ++
.../java/org/apache/atlas/web/dao/UserDao.java | 38 +++++++++--
.../java/org/apache/atlas/web/util/Servlets.java | 8 +--
webapp/src/main/webapp/WEB-INF/web.xml | 4 --
.../org/apache/atlas/web/security/UserDaoTest.java | 5 ++
webapp/src/test/webapp/WEB-INF/web.xml | 4 --
13 files changed, 109 insertions(+), 88 deletions(-)
diff --git a/addons/falcon-bridge-shim/pom.xml
b/addons/falcon-bridge-shim/pom.xml
index 171d08e..981e764 100755
--- a/addons/falcon-bridge-shim/pom.xml
+++ b/addons/falcon-bridge-shim/pom.xml
@@ -55,6 +55,22 @@
<groupId>org.mortbay.jetty</groupId>
<artifactId>servlet-api</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-beans</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-jms</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-tx</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-context</artifactId>
+ </exclusion>
</exclusions>
</dependency>
</dependencies>
diff --git a/addons/falcon-bridge/pom.xml b/addons/falcon-bridge/pom.xml
index 8bbcb54..a1c1972 100644
--- a/addons/falcon-bridge/pom.xml
+++ b/addons/falcon-bridge/pom.xml
@@ -70,6 +70,18 @@
<groupId>org.mortbay.jetty</groupId>
<artifactId>servlet-api</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-beans</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-jms</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-tx</artifactId>
+ </exclusion>
</exclusions>
</dependency>
diff --git a/authorization/pom.xml b/authorization/pom.xml
index 7dd76f6..177f2dd 100644
--- a/authorization/pom.xml
+++ b/authorization/pom.xml
@@ -54,6 +54,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
+ <version>${spring.security.version}</version>
</dependency>
<dependency>
diff --git
a/common/src/main/java/org/apache/atlas/utils/OnAtlasPropertyCondition.java
b/common/src/main/java/org/apache/atlas/utils/OnAtlasPropertyCondition.java
index ece6e37..7259036 100644
--- a/common/src/main/java/org/apache/atlas/utils/OnAtlasPropertyCondition.java
+++ b/common/src/main/java/org/apache/atlas/utils/OnAtlasPropertyCondition.java
@@ -27,7 +27,7 @@ import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Condition;
import org.springframework.context.annotation.ConditionContext;
import org.springframework.core.type.AnnotatedTypeMetadata;
-import
org.springframework.core.type.classreading.AnnotationMetadataReadingVisitor;
+import org.springframework.core.type.AnnotationMetadata;
public class OnAtlasPropertyCondition implements Condition {
private final Logger LOG =
LoggerFactory.getLogger(OnAtlasPropertyCondition.class);
@@ -37,16 +37,18 @@ public class OnAtlasPropertyCondition implements Condition {
boolean matches = false;
String propertyName = (String)
metadata.getAnnotationAttributes(ConditionalOnAtlasProperty.class.getName()).get("property");
boolean isDefault = (Boolean)
metadata.getAnnotationAttributes(ConditionalOnAtlasProperty.class.getName()).get("isDefault");
- String className = ((AnnotationMetadataReadingVisitor)
metadata).getClassName();
+ if (metadata instanceof AnnotatedTypeMetadata) {
+ String className = ((AnnotationMetadata) metadata).getClassName();
- try {
- Configuration configuration = ApplicationProperties.get();
- String configuredProperty = configuration.getString(propertyName);
- if (StringUtils.isNotEmpty(configuredProperty)) {
- matches = configuredProperty.equals(className);
- } else if (isDefault) matches = true;
- } catch (AtlasException e) {
- LOG.error("Unable to load atlas properties. Dependent bean
configuration may fail");
+ try {
+ Configuration configuration = ApplicationProperties.get();
+ String configuredProperty =
configuration.getString(propertyName);
+ if (StringUtils.isNotEmpty(configuredProperty)) {
+ matches = configuredProperty.equals(className);
+ } else if (isDefault) matches = true;
+ } catch (AtlasException e) {
+ LOG.error("Unable to load atlas properties. Dependent bean
configuration may fail");
+ }
}
return matches;
}
diff --git a/pom.xml b/pom.xml
index a2797b3..dfd06ab 100644
--- a/pom.xml
+++ b/pom.xml
@@ -760,8 +760,8 @@
<solr-test-framework.version>8.6.3</solr-test-framework.version>
<solr.version>8.6.3</solr.version>
<spray.version>1.3.1</spray.version>
- <spring.security.version>4.2.17.RELEASE</spring.security.version>
- <spring.version>4.3.29.RELEASE</spring.version>
+ <spring.security.version>5.5.1</spring.security.version>
+ <spring.version>5.3.8</spring.version>
<sqoop.version>1.4.6.2.3.99.0-195</sqoop.version>
<storm.version>2.1.0</storm.version>
<surefire.forkCount>2C</surefire.forkCount>
@@ -1073,6 +1073,22 @@
<scope>import</scope>
</dependency>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-framework-bom</artifactId>
+ <version>${spring.version}</version>
+ <type>pom</type>
+ <scope>import</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-bom</artifactId>
+ <version>${spring.security.version}</version>
+ <type>pom</type>
+ <scope>import</scope>
+ </dependency>
+
<!-- commons -->
<dependency>
<groupId>commons-configuration</groupId>
@@ -1347,61 +1363,6 @@
<version>${javax.servlet.version}</version>
</dependency>
- <!-- Spring -->
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-core</artifactId>
- <version>${spring.version}</version>
- </dependency>
-
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-web</artifactId>
- <version>${spring.version}</version>
- </dependency>
-
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-webmvc</artifactId>
- <version>${spring.version}</version>
- </dependency>
-
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-core</artifactId>
- <version>${spring.security.version}</version>
- </dependency>
-
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-web</artifactId>
- <version>${spring.security.version}</version>
- </dependency>
-
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-config</artifactId>
- <version>${spring.security.version}</version>
- </dependency>
-
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-ldap</artifactId>
- <version>${spring.security.version}</version>
- </dependency>
-
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-aop</artifactId>
- <version>${spring.version}</version>
- </dependency>
-
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-test</artifactId>
- <version>${spring.version}</version>
- </dependency>
-
<!-- atlas modules -->
<dependency>
<groupId>org.apache.atlas</groupId>
diff --git a/repository/pom.xml b/repository/pom.xml
index fa22f22..a5c563b 100755
--- a/repository/pom.xml
+++ b/repository/pom.xml
@@ -180,11 +180,13 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
+ <version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
+ <version>${spring.version}</version>
</dependency>
<dependency>
diff --git
a/repository/src/main/java/org/apache/atlas/GraphTransactionInterceptor.java
b/repository/src/main/java/org/apache/atlas/GraphTransactionInterceptor.java
index 343d00d..c8b7ff8 100644
--- a/repository/src/main/java/org/apache/atlas/GraphTransactionInterceptor.java
+++ b/repository/src/main/java/org/apache/atlas/GraphTransactionInterceptor.java
@@ -367,13 +367,13 @@ public class GraphTransactionInterceptor implements
MethodInterceptor {
}
};
- public void lockObject(final List<String> guids) {
+ public void lockObject(final List<?> guids) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> lockObject(): guids: {}", guids);
}
- Collections.sort(guids);
- for (String g : guids) {
+ Collections.sort((List<String>) guids);
+ for (String g : (List<String>) guids) {
lockObject(g);
}
}
diff --git a/test-tools/pom.xml b/test-tools/pom.xml
index 4e81b05..24bb504 100644
--- a/test-tools/pom.xml
+++ b/test-tools/pom.xml
@@ -56,6 +56,10 @@
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-slf4j-impl</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-1.2-api</artifactId>
+ </exclusion>
</exclusions>
</dependency>
diff --git a/webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java
b/webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java
index e16796f..cc23976 100644
--- a/webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java
+++ b/webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java
@@ -24,11 +24,13 @@ import java.io.IOException;
import java.util.ArrayList;
import java.util.Properties;
import java.util.List;
+import java.security.NoSuchAlgorithmException;
import javax.annotation.PostConstruct;
import org.apache.atlas.web.security.AtlasAuthenticationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.springframework.security.authentication.encoding.ShaPasswordEncoder;
+import org.springframework.security.crypto.codec.Hex;
+import org.springframework.security.crypto.codec.Utf8;
import org.springframework.stereotype.Repository;
import org.apache.atlas.ApplicationProperties;
import org.apache.atlas.AtlasException;
@@ -48,7 +50,6 @@ public class UserDao {
private static final Logger LOG = LoggerFactory.getLogger(UserDao.class);
private static final String
DEFAULT_USER_CREDENTIALS_PROPERTIES = "users-credentials.properties";
- private static final ShaPasswordEncoder sha256Encoder
= new ShaPasswordEncoder(256);
private static boolean v1ValidationEnabled = true;
private static boolean v2ValidationEnabled = true;
@@ -180,7 +181,7 @@ public class UserDao {
boolean ret = false;
try {
- String hash = sha256Encoder.encodePassword(password, salt);
+ String hash = encodePassword(password, salt);
ret = hash != null && hash.equals(encryptedPwd);
} catch (Throwable excp) {
@@ -233,4 +234,33 @@ public class UserDao {
throw new AtlasAuthenticationException("Exception while encoding
password.", ex);
}
}
-}
+
+ public static String encodePassword(String rawPass, Object salt) {
+ String saltedPass = mergePasswordAndSalt(rawPass, salt, false);
+ MessageDigest messageDigest = getMessageDigest();
+ byte[] digest = messageDigest.digest(Utf8.encode(saltedPass));
+
+ return new String(Hex.encode(digest));
+ }
+
+ protected static final MessageDigest getMessageDigest() throws
IllegalArgumentException {
+ try {
+ return MessageDigest.getInstance("SHA-256");
+ } catch (NoSuchAlgorithmException var2) {
+ throw new IllegalArgumentException("No such algorithm [SHA-256 ]");
+ }
+ }
+
+ protected static String mergePasswordAndSalt(String password, Object salt,
boolean strict) {
+ if (!StringUtils.hasText(password)) {
+ password = "";
+ }
+
+ if (strict && salt != null && (salt.toString().lastIndexOf("{") != -1
|| salt.toString().lastIndexOf("}") != -1)) {
+ throw new IllegalArgumentException("Cannot use { or } in
salt.toString()");
+ } else {
+ return StringUtils.hasText(salt.toString()) ? password + "{" +
salt.toString() + "}" : password;
+ }
+ }
+
+}
\ No newline at end of file
diff --git a/webapp/src/main/java/org/apache/atlas/web/util/Servlets.java
b/webapp/src/main/java/org/apache/atlas/web/util/Servlets.java
index 71eca2e..bc7e71b 100755
--- a/webapp/src/main/java/org/apache/atlas/web/util/Servlets.java
+++ b/webapp/src/main/java/org/apache/atlas/web/util/Servlets.java
@@ -214,12 +214,8 @@ public final class Servlets {
}
}
- public static String decodeQueryString(String query){
- try {
- return UriUtils.decode(query,"UTF-8");
+ public static String decodeQueryString(String query) {
+ return UriUtils.decode(query,"UTF-8");
- } catch (UnsupportedEncodingException e){
- return query;
- }
}
}
diff --git a/webapp/src/main/webapp/WEB-INF/web.xml
b/webapp/src/main/webapp/WEB-INF/web.xml
index 7fb56ef..7bc9319 100755
--- a/webapp/src/main/webapp/WEB-INF/web.xml
+++ b/webapp/src/main/webapp/WEB-INF/web.xml
@@ -98,10 +98,6 @@
</filter-mapping>
<listener>
-
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
- </listener>
-
- <listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
diff --git
a/webapp/src/test/java/org/apache/atlas/web/security/UserDaoTest.java
b/webapp/src/test/java/org/apache/atlas/web/security/UserDaoTest.java
index 519be80..1422799 100644
--- a/webapp/src/test/java/org/apache/atlas/web/security/UserDaoTest.java
+++ b/webapp/src/test/java/org/apache/atlas/web/security/UserDaoTest.java
@@ -65,4 +65,9 @@ public class UserDaoTest {
assertTrue(hadException);
}
+ @Test
+ public void testUserDaowithencodePassword() {
+ assertTrue(UserDao.checkEncrypted("admin",
"a4a88c0872bf652bb9ed803ece5fd6e82354838a9bf59ab4babb1dab322154e1", "admin"));
+ }
+
}
\ No newline at end of file
diff --git a/webapp/src/test/webapp/WEB-INF/web.xml
b/webapp/src/test/webapp/WEB-INF/web.xml
index 2388fbf..fd1d492 100755
--- a/webapp/src/test/webapp/WEB-INF/web.xml
+++ b/webapp/src/test/webapp/WEB-INF/web.xml
@@ -68,10 +68,6 @@
</filter-mapping>
<listener>
-
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
- </listener>
-
- <listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
