[inlong] branch master updated: [INLONG-5283][Manager] Add OpenAPI authentication option (default off) (#5284)

Sat, 30 Jul 2022 02:27:00 -0700 

This is an automated email from the ASF dual-hosted git repository.

healchow pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/inlong.git


The following commit(s) were added to refs/heads/master by this push:
     new 961a4338e [INLONG-5283][Manager] Add OpenAPI authentication option 
(default off) (#5284)
961a4338e is described below

commit 961a4338ef52d47c3b8998265bc80f0c9e27ca30
Author: woofyzhao <[email protected]>
AuthorDate: Sat Jul 30 17:26:48 2022 +0800

    [INLONG-5283][Manager] Add OpenAPI authentication option (default off) 
(#5284)
---
 inlong-agent/agent-core/src/test/resources/agent.properties  |  4 ++--
 .../agent-plugins/src/test/resources/agent.properties        |  4 ++--
 inlong-agent/conf/agent.properties                           |  4 ++--
 .../main/java/org/apache/inlong/common/util/BasicAuth.java   |  6 ++++++
 inlong-dataproxy/conf/common.properties                      |  4 ++--
 .../java/org/apache/inlong/dataproxy/config/AuthUtils.java   |  5 -----
 .../apache/inlong/manager/web/auth/impl/InlongShiroImpl.java | 12 ++++++++++--
 .../manager-web/src/main/resources/application.properties    |  3 +++
 .../manager-web/src/test/resources/application.properties    |  3 +++
 9 files changed, 30 insertions(+), 15 deletions(-)

diff --git a/inlong-agent/agent-core/src/test/resources/agent.properties 
b/inlong-agent/agent-core/src/test/resources/agent.properties
index ab67189a6..8515e7799 100755
--- a/inlong-agent/agent-core/src/test/resources/agent.properties
+++ b/inlong-agent/agent-core/src/test/resources/agent.properties
@@ -26,5 +26,5 @@ job.thread.running.core=10
 ############################
 agent.manager.vip.http.host=127.0.0.1
 agent.manager.vip.http.port=8083
-agent.manager.auth.secretId=test
-agent.manager.auth.secretKey=123456
+agent.manager.auth.secretId=
+agent.manager.auth.secretKey=
diff --git a/inlong-agent/agent-plugins/src/test/resources/agent.properties 
b/inlong-agent/agent-plugins/src/test/resources/agent.properties
index 9bdbc18b5..aedb395f8 100755
--- a/inlong-agent/agent-plugins/src/test/resources/agent.properties
+++ b/inlong-agent/agent-plugins/src/test/resources/agent.properties
@@ -23,5 +23,5 @@ job.thread.running.core=10
 agent.manager.vip.http.host=127.0.0.1
 agent.manager.vip.http.port=8083
 agent.fetcher.classname=org.apache.inlong.agent.plugin.fetcher.ManagerFetcher
-agent.manager.auth.secretId=test
-agent.manager.auth.secretKey=123456
\ No newline at end of file
+agent.manager.auth.secretId=
+agent.manager.auth.secretKey=
diff --git a/inlong-agent/conf/agent.properties 
b/inlong-agent/conf/agent.properties
index 519835c94..92e036ca4 100755
--- a/inlong-agent/conf/agent.properties
+++ b/inlong-agent/conf/agent.properties
@@ -106,8 +106,8 @@ agent.scheduled.snapshotreport=0 0/1 * * * ? *
 ############################
 agent.manager.vip.http.host=127.0.0.1
 agent.manager.vip.http.port=8083
-agent.manager.auth.secretId=admin
-agent.manager.auth.secretKey=87haw3VYTPqK5fK0
+agent.manager.auth.secretId=
+agent.manager.auth.secretKey=
 
 
 
diff --git 
a/inlong-common/src/main/java/org/apache/inlong/common/util/BasicAuth.java 
b/inlong-common/src/main/java/org/apache/inlong/common/util/BasicAuth.java
index 74e022020..882f1beb9 100644
--- a/inlong-common/src/main/java/org/apache/inlong/common/util/BasicAuth.java
+++ b/inlong-common/src/main/java/org/apache/inlong/common/util/BasicAuth.java
@@ -17,6 +17,8 @@
 
 package org.apache.inlong.common.util;
 
+import org.apache.commons.lang3.StringUtils;
+
 import java.nio.charset.StandardCharsets;
 import java.util.Base64;
 
@@ -29,11 +31,15 @@ public class BasicAuth {
     public static final String BASIC_AUTH_PREFIX = "Basic";
     public static final String BASIC_AUTH_SEPARATOR = " ";
     public static final String BASIC_AUTH_JOINER = ":";
+    public static final String BASIC_AUTH_EMPTY = "";
 
     /**
      * Generate http basic auth credential from configured secretId and 
secretKey
      */
     public static String genBasicAuthCredential(String secretId, String 
secretKey) {
+        if (StringUtils.isBlank(secretId) || StringUtils.isBlank(secretKey)) {
+            return BASIC_AUTH_EMPTY;
+        }
         String credential = String.join(BASIC_AUTH_JOINER, secretId, 
secretKey);
         return BASIC_AUTH_PREFIX + BASIC_AUTH_SEPARATOR + Base64.getEncoder()
                 .encodeToString(credential.getBytes(StandardCharsets.UTF_8));
diff --git a/inlong-dataproxy/conf/common.properties 
b/inlong-dataproxy/conf/common.properties
index 8ec3857dc..15cc48a4e 100644
--- a/inlong-dataproxy/conf/common.properties
+++ b/inlong-dataproxy/conf/common.properties
@@ -20,8 +20,8 @@
 cluster.id=1
 # manager open api address and auth key
 manager.hosts=127.0.0.1:8083
-manager.auth.secretId=admin
-manager.auth.secretKey=87haw3VYTPqK5fK0
+manager.auth.secretId=
+manager.auth.secretKey=
 # proxy cluster name
 proxy.cluster.name=default_dataproxy
 # check interval of local config (millisecond)
diff --git 
a/inlong-dataproxy/dataproxy-source/src/main/java/org/apache/inlong/dataproxy/config/AuthUtils.java
 
b/inlong-dataproxy/dataproxy-source/src/main/java/org/apache/inlong/dataproxy/config/AuthUtils.java
index 0008f1a04..83f4be01b 100644
--- 
a/inlong-dataproxy/dataproxy-source/src/main/java/org/apache/inlong/dataproxy/config/AuthUtils.java
+++ 
b/inlong-dataproxy/dataproxy-source/src/main/java/org/apache/inlong/dataproxy/config/AuthUtils.java
@@ -17,7 +17,6 @@
 
 package org.apache.inlong.dataproxy.config;
 
-import org.apache.commons.lang3.StringUtils;
 import org.apache.inlong.common.util.BasicAuth;
 import org.apache.inlong.dataproxy.consts.ConfigConstants;
 import org.slf4j.Logger;
@@ -36,10 +35,6 @@ public class AuthUtils {
         Map<String, String> properties = 
ConfigManager.getInstance().getCommonProperties();
         String secretId = 
properties.get(ConfigConstants.MANAGER_AUTH_SECRET_ID);
         String secretKey = 
properties.get(ConfigConstants.MANAGER_AUTH_SECRET_KEY);
-        if (StringUtils.isBlank(secretId) || StringUtils.isBlank(secretKey)) {
-            LOG.error("secretId or secretKey missing");
-            return null;
-        }
         return BasicAuth.genBasicAuthCredential(secretId, secretKey);
     }
 
diff --git 
a/inlong-manager/manager-web/src/main/java/org/apache/inlong/manager/web/auth/impl/InlongShiroImpl.java
 
b/inlong-manager/manager-web/src/main/java/org/apache/inlong/manager/web/auth/impl/InlongShiroImpl.java
index d1294e4f0..696bb052c 100644
--- 
a/inlong-manager/manager-web/src/main/java/org/apache/inlong/manager/web/auth/impl/InlongShiroImpl.java
+++ 
b/inlong-manager/manager-web/src/main/java/org/apache/inlong/manager/web/auth/impl/InlongShiroImpl.java
@@ -36,6 +36,7 @@ import org.apache.shiro.web.mgt.WebSecurityManager;
 import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
 import org.apache.shiro.web.session.mgt.WebSessionManager;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.stereotype.Component;
 
@@ -59,6 +60,9 @@ public class InlongShiroImpl implements InlongShiro {
     @Autowired
     private UserService userService;
 
+    @Value("${openapi.auth.enabled:false}")
+    private Boolean openAPIAuthEnabled;
+
     @Override
     public WebSecurityManager getWebSecurityManager() {
         return new DefaultWebSecurityManager();
@@ -93,7 +97,6 @@ public class InlongShiroImpl implements InlongShiro {
         // anon: can be accessed by anyone, authc: only authentication is 
successful can be accessed
         Map<String, Filter> filters = new LinkedHashMap<>();
         filters.put(FILTER_NAME_WEB, new AuthenticationFilter());
-        filters.put(FILTER_NAME_API, new OpenAPIFilter());
         shiroFilterFactoryBean.setFilters(filters);
         Map<String, String> pathDefinitions = new LinkedHashMap<>();
         // login, register request
@@ -107,7 +110,12 @@ public class InlongShiroImpl implements InlongShiro {
         pathDefinitions.put("/swagger-resources", "anon");
 
         // openapi
-        pathDefinitions.put("/openapi/**/*", FILTER_NAME_API);
+        if (openAPIAuthEnabled) {
+            filters.put(FILTER_NAME_API, new OpenAPIFilter());
+            pathDefinitions.put("/openapi/**/*", FILTER_NAME_API);
+        } else {
+            pathDefinitions.put("/openapi/**/*", "anon");
+        }
 
         // other web
         pathDefinitions.put("/**", FILTER_NAME_WEB);
diff --git 
a/inlong-manager/manager-web/src/main/resources/application.properties 
b/inlong-manager/manager-web/src/main/resources/application.properties
index 660bc4bce..1916b6d90 100644
--- a/inlong-manager/manager-web/src/main/resources/application.properties
+++ b/inlong-manager/manager-web/src/main/resources/application.properties
@@ -58,3 +58,6 @@ inlong.auth.type=default
 # Encryption config, the suffix of value must be the same as the version.
 inlong.encrypt.version=1
 inlong.encrypt.key.value1="I!N@L#O$N%G^"
+
+# clients (e.g. agent and dataproxy) must be authenticated by secretId and 
secretKey if turned on
+openapi.auth.enabled=false
diff --git 
a/inlong-manager/manager-web/src/test/resources/application.properties 
b/inlong-manager/manager-web/src/test/resources/application.properties
index 660bc4bce..1916b6d90 100644
--- a/inlong-manager/manager-web/src/test/resources/application.properties
+++ b/inlong-manager/manager-web/src/test/resources/application.properties
@@ -58,3 +58,6 @@ inlong.auth.type=default
 # Encryption config, the suffix of value must be the same as the version.
 inlong.encrypt.version=1
 inlong.encrypt.key.value1="I!N@L#O$N%G^"
+
+# clients (e.g. agent and dataproxy) must be authenticated by secretId and 
secretKey if turned on
+openapi.auth.enabled=false

Reply via email to