This is an automated email from the ASF dual-hosted git repository.
morningman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/master by this push:
new 119ea59c523 [feat](Authenticator) Pluginization of Authenticator
(#40113)
119ea59c523 is described below
commit 119ea59c523a5cd5200d0f1aca0e502de36dc1d0
Author: Calvin Kirs <[email protected]>
AuthorDate: Fri Sep 6 10:10:59 2024 +0800
[feat](Authenticator) Pluginization of Authenticator (#40113)
## abstract
introduces the pluginization of the Authenticator component, enabling
greater flexibility and modularity within the authentication system. By
refactoring the Authenticator into a pluggable SPI (Service Provider
Interface), we allow for custom authentication mechanisms to be
seamlessly integrated and managed.
## Key Changes
AuthenticatorFactory Interface:
This interface defines the create method, which is used to create an
Authenticator instance based on initialization properties, enabling
support for various authentication mechanisms.
The factoryIdentifier method provides an identifier for the factory,
allowing differentiation between various AuthenticatorFactory
implementations (e.g., LDAP, default).
Implemented Specific Authentication Factories:
We have implemented factories for different authentication mechanisms
(such as LDAP), providing the necessary configuration support for each.
## eg
In your Maven pom.xml, add the fe-core dependency:
```
<dependency>
<groupId>org.apache.doris</groupId>
<artifactId>fe-core</artifactId>
<version>1.2-SNAPSHOT</version>
<scope>provided</scope>
</dependency>
```
```
import org.apache.doris.common.ConfigBase;
public class LocalAuthenticatorFactory implements AuthenticatorFactory {
@Override
public LocalAuthenticator create(Properties initProps) {
return new LocalAuthenticator();
}
@Override
public String factoryIdentifier() {
return "local";
}
}
import java.util.HashMap;
import java.util.Map;
public class LocalAuthenticator implements Authenticator {
private Map<String, String> userStore = new HashMap<>();
public LocalAuthenticator() {
// Hardcoded usernames and passwords
userStore.put("user1", "password1");
userStore.put("user2", "password2");
userStore.put("admin", "adminpass");
}
@Override
public boolean authenticate(String username, String password) {
// Authenticate by checking the hardcoded user store
String storedPassword = userStore.get(username);
return storedPassword != null && storedPassword.equals(password);
}
}
```
To integrate with the SPI (Service Provider Interface) mechanism, we
created a file at
**src/main/resources/META-INF/services/org.apache.doris.mysql.authenticate.AuthenticatorFactory**
containing **org.example.LocalAuthenticatorFactory,** which allows the
system to dynamically load and utilize the LocalAuthenticatorFactory
implementation.
Your plugin needs to include all necessary dependencies, and it is
generally recommended to package them into an Uber JAR (also known as a
Fat JAR) to ensure that the plugin can run independently without
additional dependency management. Once packaged, this JAR can be placed
directly in the **fe/custom_lib** directory.
---
.../main/java/org/apache/doris/catalog/Env.java | 2 +-
.../doris/mysql/authenticate/AuthenticateType.java | 18 ++++++
...enticateType.java => AuthenticatorFactory.java} | 36 +++++------
.../mysql/authenticate/AuthenticatorManager.java | 69 ++++++++++++++++------
...eType.java => DefaultAuthenticatorFactory.java} | 29 +++------
.../mysql/authenticate/ldap/LdapAuthenticator.java | 9 +--
.../LdapAuthenticatorFactory.java} | 42 ++++++-------
...e.doris.mysql.authenticate.AuthenticatorFactory | 19 ++++++
8 files changed, 135 insertions(+), 89 deletions(-)
diff --git a/fe/fe-core/src/main/java/org/apache/doris/catalog/Env.java
b/fe/fe-core/src/main/java/org/apache/doris/catalog/Env.java
index 23ba86e53cd..35bf31ad3fc 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/catalog/Env.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/catalog/Env.java
@@ -743,7 +743,7 @@ public class Env {
this.auth = new Auth();
this.accessManager = new AccessControllerManager(auth);
- this.authenticatorManager = new
AuthenticatorManager(AuthenticateType.getAuthTypeConfig());
+ this.authenticatorManager = new
AuthenticatorManager(AuthenticateType.getAuthTypeConfigString());
this.domainResolver = new DomainResolver(auth);
this.metaContext = new MetaContext();
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticateType.java
b/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticateType.java
index 4281c19bba6..1f16c1f541b 100644
---
a/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticateType.java
+++
b/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticateType.java
@@ -40,4 +40,22 @@ public enum AuthenticateType {
return DEFAULT;
}
}
+
+ public static String getAuthTypeConfigString() {
+ String authType = Config.authentication_type.toLowerCase();
+
+ if (LdapConfig.ldap_authentication_enabled) {
+ return LDAP.name();
+ }
+
+ switch (authType) {
+ case "default":
+ return DEFAULT.toString();
+ case "ldap":
+ return LDAP.toString();
+ default:
+ return authType;
+ }
+ }
+
}
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticateType.java
b/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticatorFactory.java
similarity index 55%
copy from
fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticateType.java
copy to
fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticatorFactory.java
index 4281c19bba6..25ac87de4e7 100644
---
a/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticateType.java
+++
b/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticatorFactory.java
@@ -17,27 +17,21 @@
package org.apache.doris.mysql.authenticate;
-import org.apache.doris.common.Config;
-import org.apache.doris.common.LdapConfig;
+import java.util.Properties;
-public enum AuthenticateType {
- DEFAULT,
- LDAP;
+public interface AuthenticatorFactory {
+ /**
+ * Creates a new instance of Authenticator.
+ *
+ * @return an instance of Authenticator
+ */
+ Authenticator create(Properties initProps);
- public static AuthenticateType getAuthTypeConfig() {
- // Compatible with previously enabled ldap configuration
- if (LdapConfig.ldap_authentication_enabled) {
- return LDAP;
- }
- switch (Config.authentication_type.toLowerCase()) {
- case "default":
- return DEFAULT;
- case "ldap":
- return LDAP;
- // add other authentication system here
- // case otherAuthType:
- default:
- return DEFAULT;
- }
- }
+ /**
+ * Returns the identifier for the factory, such as "ldap" or "default".
+ *
+ * @return the factory identifier
+ */
+ String factoryIdentifier();
}
+
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticatorManager.java
b/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticatorManager.java
index c00828f82fa..68b6724b6d8 100644
---
a/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticatorManager.java
+++
b/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticatorManager.java
@@ -17,47 +17,67 @@
package org.apache.doris.mysql.authenticate;
+import org.apache.doris.common.EnvUtils;
import org.apache.doris.mysql.MysqlAuthPacket;
import org.apache.doris.mysql.MysqlChannel;
import org.apache.doris.mysql.MysqlHandshakePacket;
import org.apache.doris.mysql.MysqlProto;
import org.apache.doris.mysql.MysqlSerializer;
-import org.apache.doris.mysql.authenticate.ldap.LdapAuthenticator;
import org.apache.doris.mysql.authenticate.password.Password;
import org.apache.doris.qe.ConnectContext;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
+import java.io.File;
import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Paths;
import java.util.Optional;
+import java.util.Properties;
+import java.util.ServiceLoader;
public class AuthenticatorManager {
private static final Logger LOG =
LogManager.getLogger(AuthenticatorManager.class);
- private Authenticator defaultAuthenticator;
- private Authenticator authTypeAuthenticator;
+ private static volatile Authenticator defaultAuthenticator = null;
+ private static volatile Authenticator authTypeAuthenticator = null;
- public AuthenticatorManager(AuthenticateType type) {
- LOG.info("authenticate type: {}", type);
- this.defaultAuthenticator = new DefaultAuthenticator();
- switch (type) {
- case LDAP:
- this.authTypeAuthenticator = new LdapAuthenticator();
- break;
- case DEFAULT:
- default:
- this.authTypeAuthenticator = defaultAuthenticator;
- break;
+ public AuthenticatorManager(String type) {
+ LOG.info("Authenticate type: {}", type);
+
+ if (authTypeAuthenticator == null) {
+ synchronized (AuthenticatorManager.class) {
+ if (authTypeAuthenticator == null) {
+ try {
+ authTypeAuthenticator = loadFactoriesByName(type);
+ } catch (Exception e) {
+ LOG.warn("Failed to load authenticator by name: {},
using default authenticator", type, e);
+ authTypeAuthenticator = defaultAuthenticator;
+ }
+ }
+ }
+ }
+ }
+
+
+ private Authenticator loadFactoriesByName(String identifier) throws
Exception {
+ ServiceLoader<AuthenticatorFactory> loader =
ServiceLoader.load(AuthenticatorFactory.class);
+ for (AuthenticatorFactory factory : loader) {
+ LOG.info("Found Authenticator Plugin Factory: {}",
factory.factoryIdentifier());
+ if (factory.factoryIdentifier().equalsIgnoreCase(identifier)) {
+ return factory.create(loadConfigFile());
+ }
}
+ throw new RuntimeException("No AuthenticatorFactory found for
identifier: " + identifier);
}
public boolean authenticate(ConnectContext context,
- String userName,
- MysqlChannel channel,
- MysqlSerializer serializer,
- MysqlAuthPacket authPacket,
- MysqlHandshakePacket handshakePacket) throws IOException {
+ String userName,
+ MysqlChannel channel,
+ MysqlSerializer serializer,
+ MysqlAuthPacket authPacket,
+ MysqlHandshakePacket handshakePacket) throws
IOException {
Authenticator authenticator = chooseAuthenticator(userName);
Optional<Password> password = authenticator.getPasswordResolver()
.resolvePassword(context, channel, serializer, authPacket,
handshakePacket);
@@ -80,4 +100,15 @@ public class AuthenticatorManager {
private Authenticator chooseAuthenticator(String userName) {
return authTypeAuthenticator.canDeal(userName) ? authTypeAuthenticator
: defaultAuthenticator;
}
+
+ private static Properties loadConfigFile() throws Exception {
+ String configFilePath = EnvUtils.getDorisHome() +
"/conf/authenticate.conf";
+ if (new File(configFilePath).exists()) {
+ LOG.info("Loading authenticate configuration file: {}",
configFilePath);
+ Properties properties = new Properties();
+ properties.load(Files.newInputStream(Paths.get(configFilePath)));
+ return properties;
+ }
+ return new Properties();
+ }
}
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticateType.java
b/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/DefaultAuthenticatorFactory.java
similarity index 56%
copy from
fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticateType.java
copy to
fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/DefaultAuthenticatorFactory.java
index 4281c19bba6..5d073a8296a 100644
---
a/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticateType.java
+++
b/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/DefaultAuthenticatorFactory.java
@@ -17,27 +17,16 @@
package org.apache.doris.mysql.authenticate;
-import org.apache.doris.common.Config;
-import org.apache.doris.common.LdapConfig;
+import java.util.Properties;
-public enum AuthenticateType {
- DEFAULT,
- LDAP;
+public class DefaultAuthenticatorFactory implements AuthenticatorFactory {
+ @Override
+ public DefaultAuthenticator create(Properties initProps) {
+ return new DefaultAuthenticator();
+ }
- public static AuthenticateType getAuthTypeConfig() {
- // Compatible with previously enabled ldap configuration
- if (LdapConfig.ldap_authentication_enabled) {
- return LDAP;
- }
- switch (Config.authentication_type.toLowerCase()) {
- case "default":
- return DEFAULT;
- case "ldap":
- return LDAP;
- // add other authentication system here
- // case otherAuthType:
- default:
- return DEFAULT;
- }
+ @Override
+ public String factoryIdentifier() {
+ return "default";
}
}
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/ldap/LdapAuthenticator.java
b/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/ldap/LdapAuthenticator.java
index e37112372ce..cd9cef469d2 100644
---
a/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/ldap/LdapAuthenticator.java
+++
b/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/ldap/LdapAuthenticator.java
@@ -75,10 +75,11 @@ public class LdapAuthenticator implements Authenticator {
if (qualifiedUser.equals(Auth.ROOT_USER) ||
qualifiedUser.equals(Auth.ADMIN_USER)) {
return false;
}
- if
(!Env.getCurrentEnv().getAuth().getLdapManager().doesUserExist(qualifiedUser)) {
- return false;
- }
- return true;
+ // Fixme Note: LdapManager should be managed internally within the
Ldap plugin
+ // and not be placed inside the Env class. This ensures that
Ldap-related
+ // logic and dependencies are encapsulated within the plugin, promoting
+ // better modularity and maintainability.
+ return
Env.getCurrentEnv().getAuth().getLdapManager().doesUserExist(qualifiedUser);
}
/**
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticateType.java
b/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/ldap/LdapAuthenticatorFactory.java
similarity index 53%
copy from
fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticateType.java
copy to
fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/ldap/LdapAuthenticatorFactory.java
index 4281c19bba6..fba5c350d39 100644
---
a/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticateType.java
+++
b/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/ldap/LdapAuthenticatorFactory.java
@@ -15,29 +15,23 @@
// specific language governing permissions and limitations
// under the License.
-package org.apache.doris.mysql.authenticate;
-
-import org.apache.doris.common.Config;
-import org.apache.doris.common.LdapConfig;
-
-public enum AuthenticateType {
- DEFAULT,
- LDAP;
-
- public static AuthenticateType getAuthTypeConfig() {
- // Compatible with previously enabled ldap configuration
- if (LdapConfig.ldap_authentication_enabled) {
- return LDAP;
- }
- switch (Config.authentication_type.toLowerCase()) {
- case "default":
- return DEFAULT;
- case "ldap":
- return LDAP;
- // add other authentication system here
- // case otherAuthType:
- default:
- return DEFAULT;
- }
+package org.apache.doris.mysql.authenticate.ldap;
+
+import org.apache.doris.mysql.authenticate.AuthenticatorFactory;
+
+import java.util.Properties;
+
+public class LdapAuthenticatorFactory implements AuthenticatorFactory {
+
+
+ @Override
+ public LdapAuthenticator create(Properties initProps) {
+ return new LdapAuthenticator();
+ }
+
+ @Override
+ public String factoryIdentifier() {
+ return "ldap";
}
+
}
diff --git
a/fe/fe-core/src/main/resources/META-INF/services/org.apache.doris.mysql.authenticate.AuthenticatorFactory
b/fe/fe-core/src/main/resources/META-INF/services/org.apache.doris.mysql.authenticate.AuthenticatorFactory
new file mode 100644
index 00000000000..3a013ff7f32
--- /dev/null
+++
b/fe/fe-core/src/main/resources/META-INF/services/org.apache.doris.mysql.authenticate.AuthenticatorFactory
@@ -0,0 +1,19 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+org.apache.doris.mysql.authenticate.DefaultAuthenticatorFactory
+org.apache.doris.mysql.authenticate.ldap.LdapAuthenticatorFactory
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
