Repository: aurora Updated Branches: refs/heads/master e311dbee7 -> e34bf7c69
Remove redundant enable_api_security argument. Bugs closed: AURORA-1291 Reviewed at https://reviews.apache.org/r/33658/ Project: http://git-wip-us.apache.org/repos/asf/aurora/repo Commit: http://git-wip-us.apache.org/repos/asf/aurora/commit/e34bf7c6 Tree: http://git-wip-us.apache.org/repos/asf/aurora/tree/e34bf7c6 Diff: http://git-wip-us.apache.org/repos/asf/aurora/diff/e34bf7c6 Branch: refs/heads/master Commit: e34bf7c69c31438725714c27a2a0cbc75684ec15 Parents: e311dbe Author: Bill Farner <[email protected]> Authored: Wed Apr 29 14:25:29 2015 -0700 Committer: Bill Farner <[email protected]> Committed: Wed Apr 29 14:25:29 2015 -0700 ---------------------------------------------------------------------- docs/security.md | 25 ++++----------- .../upstart/aurora-scheduler-kerberos.conf | 1 - examples/vagrant/upstart/aurora-scheduler.conf | 2 +- .../http/api/security/ApiSecurityModule.java | 32 +++++++++++--------- .../scheduler/app/local/LocalSchedulerMain.java | 2 +- 5 files changed, 26 insertions(+), 36 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/aurora/blob/e34bf7c6/docs/security.md ---------------------------------------------------------------------- diff --git a/docs/security.md b/docs/security.md index db2e924..9b77781 100644 --- a/docs/security.md +++ b/docs/security.md @@ -20,18 +20,10 @@ existing infrastructure. # Enabling Security -By default, the Aurora scheduler will not authenticate users, and therefore is unsecured. -To enable security, the following scheduler command line argument must be set: - -``` --enable_api_security=true -``` - -This instructs the scheduler to use *a* security mechanism, but it does not -define *which*. There are two major components of security: [authentication -and authorization](http://en.wikipedia.org/wiki/Authentication#Authorization). A cluster -administrator may choose the approach used for each, and may also implement custom mechanisms -for either. Later sections describe the options available. +There are two major components of security: +[authentication and authorization](http://en.wikipedia.org/wiki/Authentication#Authorization). A +cluster administrator may choose the approach used for each, and may also implement custom +mechanisms for either. Later sections describe the options available. # Authentication @@ -52,7 +44,6 @@ considerations](http://tools.ietf.org/html/rfc2617#section-4). At a minimum you need to set 4 command-line flags on the scheduler: ``` --enable_api_security=true -http_authentication_mechanism=BASIC -shiro_realm_modules=org.apache.aurora.scheduler.http.api.security.IniShiroRealmModule -shiro_ini_path=path/to/security.ini @@ -94,7 +85,6 @@ No changes are required to `clusters.json`. At a minimum you need to set 6 command-line flags on the scheduler: ``` --enable_api_security=true -http_authentication_mechanism=NEGOTIATE -shiro_realm_modules=org.apache.aurora.scheduler.http.api.security.Kerberos5ShiroRealmModule,org.apache.aurora.scheduler.http.api.security.IniShiroRealmModule -kerberos_server_principal=HTTP/[email protected] @@ -117,7 +107,6 @@ What's going on here? First, Aurora must be configured to request Kerberos crede unauthenticated request. This is achieved by setting ``` --enable_api_security=true -http_authentication_mechanism=NEGOTIATE ``` @@ -187,7 +176,6 @@ are rapidly changing, or if your access control information already exists in an You can enable INI-based configuration with following scheduler command line arguments: ``` --enable_api_security=true -http_authentication_mechanism=BASIC -shiro_ini_path=path/to/security.ini ``` @@ -252,10 +240,10 @@ public class MyRealmModule extends AbstractModule { @Override public void configure() { Realm myRealm = new MyRealm(); - + Multibinder.newSetBinder(binder(), Realm.class).addBinding().toInstance(myRealm); } - + static class MyRealm implements Realm { // Realm implementation. } @@ -272,7 +260,6 @@ Relevant tickets: * [AURORA-1248](https://issues.apache.org/jira/browse/AURORA-1248): Client retries 4xx errors * [AURORA-1279](https://issues.apache.org/jira/browse/AURORA-1279): Remove kerberos-specific build targets * [AURORA-1290](https://issues.apache.org/jira/browse/AURORA-1290): Allow specifying a shorthand for "well-known" Module FQCNs -* [AURORA-1291](https://issues.apache.org/jira/browse/AURORA-1291): Collapse enable_api_security into http_authentication_mechanism * [AURORA-1293](https://issues.apache.org/jira/browse/AURORA-1291): Consider defining a JSON format in place of INI * [AURORA-1179](https://issues.apache.org/jira/browse/AURORA-1179): Supported hashed passwords in security.ini * [AURORA-1295](https://issues.apache.org/jira/browse/AURORA-1295): Support security for the ReadOnlyScheduler service http://git-wip-us.apache.org/repos/asf/aurora/blob/e34bf7c6/examples/vagrant/upstart/aurora-scheduler-kerberos.conf ---------------------------------------------------------------------- diff --git a/examples/vagrant/upstart/aurora-scheduler-kerberos.conf b/examples/vagrant/upstart/aurora-scheduler-kerberos.conf index ef502b7..4fd2bf6 100644 --- a/examples/vagrant/upstart/aurora-scheduler-kerberos.conf +++ b/examples/vagrant/upstart/aurora-scheduler-kerberos.conf @@ -48,7 +48,6 @@ exec bin/aurora-scheduler \ -vlog=INFO \ -logtostderr \ -allowed_container_types=MESOS,DOCKER \ - -enable_api_security=true \ -shiro_realm_modules=org.apache.aurora.scheduler.http.api.security.Kerberos5ShiroRealmModule,org.apache.aurora.scheduler.http.api.security.IniShiroRealmModule \ -shiro_ini_path=/home/vagrant/aurora/src/test/resources/org/apache/aurora/scheduler/http/api/security/shiro-example.ini \ -http_authentication_mechanism=NEGOTIATE \ http://git-wip-us.apache.org/repos/asf/aurora/blob/e34bf7c6/examples/vagrant/upstart/aurora-scheduler.conf ---------------------------------------------------------------------- diff --git a/examples/vagrant/upstart/aurora-scheduler.conf b/examples/vagrant/upstart/aurora-scheduler.conf index 82ad42f..cc4864c 100644 --- a/examples/vagrant/upstart/aurora-scheduler.conf +++ b/examples/vagrant/upstart/aurora-scheduler.conf @@ -41,5 +41,5 @@ exec bin/aurora-scheduler \ -vlog=INFO \ -logtostderr \ -allowed_container_types=MESOS,DOCKER \ - -enable_api_security=true \ + -http_authentication_mechanism=BASIC \ -shiro_ini_path=etc/shiro.example.ini http://git-wip-us.apache.org/repos/asf/aurora/blob/e34bf7c6/src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java b/src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java index ca8e23b..079ff5d 100644 --- a/src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java +++ b/src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java @@ -56,10 +56,6 @@ import static org.apache.aurora.scheduler.spi.Permissions.Domain.THRIFT_AURORA_S public class ApiSecurityModule extends ServletModule { public static final String HTTP_REALM_NAME = "Apache Aurora Scheduler"; - @CmdLine(name = "enable_api_security", - help = "Enable security for the Thrift API (beta).") - private static final Arg<Boolean> ENABLE_API_SECURITY = Arg.create(false); - @CmdLine(name = "shiro_realm_modules", help = "Guice modules for configuring Shiro Realms.") private static final Arg<Set<Module>> SHIRO_REALM_MODULE = Arg.<Set<Module>>create( @@ -73,7 +69,12 @@ public class ApiSecurityModule extends ServletModule { static final Matcher<Method> AURORA_ADMIN_SERVICE = GuiceUtils.interfaceMatcher(AuroraAdmin.Iface.class, true); - public static enum HttpAuthenticationMechanism { + public enum HttpAuthenticationMechanism { + /** + * No security. + */ + NONE, + /** * HTTP Basic Authentication, produces {@link org.apache.shiro.authc.UsernamePasswordToken}s. */ @@ -87,28 +88,31 @@ public class ApiSecurityModule extends ServletModule { @CmdLine(name = "http_authentication_mechanism", help = "HTTP Authentication mechanism to use.") private static final Arg<HttpAuthenticationMechanism> HTTP_AUTHENTICATION_MECHANISM = - Arg.create(HttpAuthenticationMechanism.BASIC); + Arg.create(HttpAuthenticationMechanism.NONE); - private final boolean enableApiSecurity; + private final HttpAuthenticationMechanism mechanism; private final Set<Module> shiroConfigurationModules; public ApiSecurityModule() { - this(ENABLE_API_SECURITY.get(), SHIRO_REALM_MODULE.get()); + this(HTTP_AUTHENTICATION_MECHANISM.get(), SHIRO_REALM_MODULE.get()); } @VisibleForTesting ApiSecurityModule(Module shiroConfigurationModule) { - this(true, ImmutableSet.of(shiroConfigurationModule)); + this(HttpAuthenticationMechanism.BASIC, ImmutableSet.of(shiroConfigurationModule)); } - private ApiSecurityModule(boolean enableApiSecurity, Set<Module> shiroConfigurationModules) { - this.enableApiSecurity = enableApiSecurity; + private ApiSecurityModule( + HttpAuthenticationMechanism mechanism, + Set<Module> shiroConfigurationModules) { + + this.mechanism = requireNonNull(mechanism); this.shiroConfigurationModules = requireNonNull(shiroConfigurationModules); } @Override protected void configureServlets() { - if (enableApiSecurity) { + if (mechanism != HttpAuthenticationMechanism.NONE) { doConfigureServlets(); } } @@ -125,7 +129,7 @@ public class ApiSecurityModule extends ServletModule { install(module); } - switch (HTTP_AUTHENTICATION_MECHANISM.get()) { + switch (mechanism) { case BASIC: addFilterChain("/**", ShiroWebModule.NO_SESSION_CREATION, @@ -139,7 +143,7 @@ public class ApiSecurityModule extends ServletModule { break; default: - addError("Unrecognized HTTP authentication mechanism."); + addError("Unrecognized HTTP authentication mechanism: " + mechanism); break; } } http://git-wip-us.apache.org/repos/asf/aurora/blob/e34bf7c6/src/test/java/org/apache/aurora/scheduler/app/local/LocalSchedulerMain.java ---------------------------------------------------------------------- diff --git a/src/test/java/org/apache/aurora/scheduler/app/local/LocalSchedulerMain.java b/src/test/java/org/apache/aurora/scheduler/app/local/LocalSchedulerMain.java index a91c4a2..7dc03b6 100644 --- a/src/test/java/org/apache/aurora/scheduler/app/local/LocalSchedulerMain.java +++ b/src/test/java/org/apache/aurora/scheduler/app/local/LocalSchedulerMain.java @@ -97,7 +97,7 @@ public class LocalSchedulerMain extends SchedulerMain { .add("-mesos_master_address=fake") .add("-thermos_executor_path=fake") .add("-http_port=8081") - .add("-enable_api_security=true") + .add("-http_authentication_mechanism=BASIC") .add("-shiro_ini_path=" + ResourceUtils.CLASSPATH_PREFIX + "org/apache/aurora/scheduler/http/api/security/shiro-example.ini")
