This is an automated email from the ASF dual-hosted git repository.
morrysnow pushed a commit to branch branch-3.1
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/branch-3.1 by this push:
new 156d1ac99c4 branch-3.1: [feat](Authenticator) Pluginization of
Authenticator #40113 #40750 (#52481)
156d1ac99c4 is described below
commit 156d1ac99c4107498004d32614140fb0fdb030f8
Author: Calvin Kirs <[email protected]>
AuthorDate: Tue Jul 1 14:15:56 2025 +0800
branch-3.1: [feat](Authenticator) Pluginization of Authenticator #40113
#40750 (#52481)
Cherry-picked from #40113 #40750
---
.../main/java/org/apache/doris/catalog/Env.java | 2 +-
.../doris/mysql/authenticate/AuthenticateType.java | 18 ++++++
...enticateType.java => AuthenticatorFactory.java} | 36 +++++------
.../mysql/authenticate/AuthenticatorManager.java | 69 ++++++++++++++++------
...eType.java => DefaultAuthenticatorFactory.java} | 29 +++------
.../mysql/authenticate/ldap/LdapAuthenticator.java | 9 +--
.../LdapAuthenticatorFactory.java} | 42 ++++++-------
...e.doris.mysql.authenticate.AuthenticatorFactory | 19 ++++++
8 files changed, 135 insertions(+), 89 deletions(-)
diff --git a/fe/fe-core/src/main/java/org/apache/doris/catalog/Env.java
b/fe/fe-core/src/main/java/org/apache/doris/catalog/Env.java
index cac9162f293..a6f150d1949 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/catalog/Env.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/catalog/Env.java
@@ -761,7 +761,7 @@ public class Env {
this.auth = new Auth();
this.accessManager = new AccessControllerManager(auth);
- this.authenticatorManager = new
AuthenticatorManager(AuthenticateType.getAuthTypeConfig());
+ this.authenticatorManager = new
AuthenticatorManager(AuthenticateType.getAuthTypeConfigString());
this.domainResolver = new DomainResolver(auth);
this.metaContext = new MetaContext();
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticateType.java
b/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticateType.java
index 4281c19bba6..1f16c1f541b 100644
---
a/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticateType.java
+++
b/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticateType.java
@@ -40,4 +40,22 @@ public enum AuthenticateType {
return DEFAULT;
}
}
+
+ public static String getAuthTypeConfigString() {
+ String authType = Config.authentication_type.toLowerCase();
+
+ if (LdapConfig.ldap_authentication_enabled) {
+ return LDAP.name();
+ }
+
+ switch (authType) {
+ case "default":
+ return DEFAULT.toString();
+ case "ldap":
+ return LDAP.toString();
+ default:
+ return authType;
+ }
+ }
+
}
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticateType.java
b/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticatorFactory.java
similarity index 55%
copy from
fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticateType.java
copy to
fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticatorFactory.java
index 4281c19bba6..25ac87de4e7 100644
---
a/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticateType.java
+++
b/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticatorFactory.java
@@ -17,27 +17,21 @@
package org.apache.doris.mysql.authenticate;
-import org.apache.doris.common.Config;
-import org.apache.doris.common.LdapConfig;
+import java.util.Properties;
-public enum AuthenticateType {
- DEFAULT,
- LDAP;
+public interface AuthenticatorFactory {
+ /**
+ * Creates a new instance of Authenticator.
+ *
+ * @return an instance of Authenticator
+ */
+ Authenticator create(Properties initProps);
- public static AuthenticateType getAuthTypeConfig() {
- // Compatible with previously enabled ldap configuration
- if (LdapConfig.ldap_authentication_enabled) {
- return LDAP;
- }
- switch (Config.authentication_type.toLowerCase()) {
- case "default":
- return DEFAULT;
- case "ldap":
- return LDAP;
- // add other authentication system here
- // case otherAuthType:
- default:
- return DEFAULT;
- }
- }
+ /**
+ * Returns the identifier for the factory, such as "ldap" or "default".
+ *
+ * @return the factory identifier
+ */
+ String factoryIdentifier();
}
+
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticatorManager.java
b/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticatorManager.java
index c00828f82fa..343134fb8fd 100644
---
a/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticatorManager.java
+++
b/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticatorManager.java
@@ -17,47 +17,67 @@
package org.apache.doris.mysql.authenticate;
+import org.apache.doris.common.EnvUtils;
import org.apache.doris.mysql.MysqlAuthPacket;
import org.apache.doris.mysql.MysqlChannel;
import org.apache.doris.mysql.MysqlHandshakePacket;
import org.apache.doris.mysql.MysqlProto;
import org.apache.doris.mysql.MysqlSerializer;
-import org.apache.doris.mysql.authenticate.ldap.LdapAuthenticator;
import org.apache.doris.mysql.authenticate.password.Password;
import org.apache.doris.qe.ConnectContext;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
+import java.io.File;
import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Paths;
import java.util.Optional;
+import java.util.Properties;
+import java.util.ServiceLoader;
public class AuthenticatorManager {
private static final Logger LOG =
LogManager.getLogger(AuthenticatorManager.class);
- private Authenticator defaultAuthenticator;
- private Authenticator authTypeAuthenticator;
+ private static volatile Authenticator defaultAuthenticator = null;
+ private static volatile Authenticator authTypeAuthenticator = null;
- public AuthenticatorManager(AuthenticateType type) {
- LOG.info("authenticate type: {}", type);
- this.defaultAuthenticator = new DefaultAuthenticator();
- switch (type) {
- case LDAP:
- this.authTypeAuthenticator = new LdapAuthenticator();
- break;
- case DEFAULT:
- default:
- this.authTypeAuthenticator = defaultAuthenticator;
- break;
+ public AuthenticatorManager(String type) {
+ LOG.info("Authenticate type: {}", type);
+ defaultAuthenticator = new DefaultAuthenticator();
+ if (authTypeAuthenticator == null) {
+ synchronized (AuthenticatorManager.class) {
+ if (authTypeAuthenticator == null) {
+ try {
+ authTypeAuthenticator = loadFactoriesByName(type);
+ } catch (Exception e) {
+ LOG.warn("Failed to load authenticator by name: {},
using default authenticator", type, e);
+ authTypeAuthenticator = defaultAuthenticator;
+ }
+ }
+ }
}
}
+
+ private Authenticator loadFactoriesByName(String identifier) throws
Exception {
+ ServiceLoader<AuthenticatorFactory> loader =
ServiceLoader.load(AuthenticatorFactory.class);
+ for (AuthenticatorFactory factory : loader) {
+ LOG.info("Found Authenticator Plugin Factory: {}",
factory.factoryIdentifier());
+ if (factory.factoryIdentifier().equalsIgnoreCase(identifier)) {
+ return factory.create(loadConfigFile());
+ }
+ }
+ throw new RuntimeException("No AuthenticatorFactory found for
identifier: " + identifier);
+ }
+
public boolean authenticate(ConnectContext context,
- String userName,
- MysqlChannel channel,
- MysqlSerializer serializer,
- MysqlAuthPacket authPacket,
- MysqlHandshakePacket handshakePacket) throws IOException {
+ String userName,
+ MysqlChannel channel,
+ MysqlSerializer serializer,
+ MysqlAuthPacket authPacket,
+ MysqlHandshakePacket handshakePacket) throws
IOException {
Authenticator authenticator = chooseAuthenticator(userName);
Optional<Password> password = authenticator.getPasswordResolver()
.resolvePassword(context, channel, serializer, authPacket,
handshakePacket);
@@ -80,4 +100,15 @@ public class AuthenticatorManager {
private Authenticator chooseAuthenticator(String userName) {
return authTypeAuthenticator.canDeal(userName) ? authTypeAuthenticator
: defaultAuthenticator;
}
+
+ private static Properties loadConfigFile() throws Exception {
+ String configFilePath = EnvUtils.getDorisHome() +
"/conf/authenticate.conf";
+ if (new File(configFilePath).exists()) {
+ LOG.info("Loading authenticate configuration file: {}",
configFilePath);
+ Properties properties = new Properties();
+ properties.load(Files.newInputStream(Paths.get(configFilePath)));
+ return properties;
+ }
+ return new Properties();
+ }
}
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticateType.java
b/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/DefaultAuthenticatorFactory.java
similarity index 56%
copy from
fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticateType.java
copy to
fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/DefaultAuthenticatorFactory.java
index 4281c19bba6..5d073a8296a 100644
---
a/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticateType.java
+++
b/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/DefaultAuthenticatorFactory.java
@@ -17,27 +17,16 @@
package org.apache.doris.mysql.authenticate;
-import org.apache.doris.common.Config;
-import org.apache.doris.common.LdapConfig;
+import java.util.Properties;
-public enum AuthenticateType {
- DEFAULT,
- LDAP;
+public class DefaultAuthenticatorFactory implements AuthenticatorFactory {
+ @Override
+ public DefaultAuthenticator create(Properties initProps) {
+ return new DefaultAuthenticator();
+ }
- public static AuthenticateType getAuthTypeConfig() {
- // Compatible with previously enabled ldap configuration
- if (LdapConfig.ldap_authentication_enabled) {
- return LDAP;
- }
- switch (Config.authentication_type.toLowerCase()) {
- case "default":
- return DEFAULT;
- case "ldap":
- return LDAP;
- // add other authentication system here
- // case otherAuthType:
- default:
- return DEFAULT;
- }
+ @Override
+ public String factoryIdentifier() {
+ return "default";
}
}
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/ldap/LdapAuthenticator.java
b/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/ldap/LdapAuthenticator.java
index e37112372ce..cd9cef469d2 100644
---
a/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/ldap/LdapAuthenticator.java
+++
b/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/ldap/LdapAuthenticator.java
@@ -75,10 +75,11 @@ public class LdapAuthenticator implements Authenticator {
if (qualifiedUser.equals(Auth.ROOT_USER) ||
qualifiedUser.equals(Auth.ADMIN_USER)) {
return false;
}
- if
(!Env.getCurrentEnv().getAuth().getLdapManager().doesUserExist(qualifiedUser)) {
- return false;
- }
- return true;
+ // Fixme Note: LdapManager should be managed internally within the
Ldap plugin
+ // and not be placed inside the Env class. This ensures that
Ldap-related
+ // logic and dependencies are encapsulated within the plugin, promoting
+ // better modularity and maintainability.
+ return
Env.getCurrentEnv().getAuth().getLdapManager().doesUserExist(qualifiedUser);
}
/**
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticateType.java
b/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/ldap/LdapAuthenticatorFactory.java
similarity index 53%
copy from
fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticateType.java
copy to
fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/ldap/LdapAuthenticatorFactory.java
index 4281c19bba6..fba5c350d39 100644
---
a/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/AuthenticateType.java
+++
b/fe/fe-core/src/main/java/org/apache/doris/mysql/authenticate/ldap/LdapAuthenticatorFactory.java
@@ -15,29 +15,23 @@
// specific language governing permissions and limitations
// under the License.
-package org.apache.doris.mysql.authenticate;
-
-import org.apache.doris.common.Config;
-import org.apache.doris.common.LdapConfig;
-
-public enum AuthenticateType {
- DEFAULT,
- LDAP;
-
- public static AuthenticateType getAuthTypeConfig() {
- // Compatible with previously enabled ldap configuration
- if (LdapConfig.ldap_authentication_enabled) {
- return LDAP;
- }
- switch (Config.authentication_type.toLowerCase()) {
- case "default":
- return DEFAULT;
- case "ldap":
- return LDAP;
- // add other authentication system here
- // case otherAuthType:
- default:
- return DEFAULT;
- }
+package org.apache.doris.mysql.authenticate.ldap;
+
+import org.apache.doris.mysql.authenticate.AuthenticatorFactory;
+
+import java.util.Properties;
+
+public class LdapAuthenticatorFactory implements AuthenticatorFactory {
+
+
+ @Override
+ public LdapAuthenticator create(Properties initProps) {
+ return new LdapAuthenticator();
+ }
+
+ @Override
+ public String factoryIdentifier() {
+ return "ldap";
}
+
}
diff --git
a/fe/fe-core/src/main/resources/META-INF/services/org.apache.doris.mysql.authenticate.AuthenticatorFactory
b/fe/fe-core/src/main/resources/META-INF/services/org.apache.doris.mysql.authenticate.AuthenticatorFactory
new file mode 100644
index 00000000000..3a013ff7f32
--- /dev/null
+++
b/fe/fe-core/src/main/resources/META-INF/services/org.apache.doris.mysql.authenticate.AuthenticatorFactory
@@ -0,0 +1,19 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+org.apache.doris.mysql.authenticate.DefaultAuthenticatorFactory
+org.apache.doris.mysql.authenticate.ldap.LdapAuthenticatorFactory
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
