Repository: nutch Updated Branches: refs/heads/2.x 5a1afbaf7 -> 04eb5707e
NUTCH-2285 Digest Authentication support for Nutch 2.X REST API. Project: http://git-wip-us.apache.org/repos/asf/nutch/repo Commit: http://git-wip-us.apache.org/repos/asf/nutch/commit/04eb5707 Tree: http://git-wip-us.apache.org/repos/asf/nutch/tree/04eb5707 Diff: http://git-wip-us.apache.org/repos/asf/nutch/diff/04eb5707 Branch: refs/heads/2.x Commit: 04eb5707e47fc286bee4625a02d79be15c0d0a3e Parents: 5a1afba Author: Furkan KAMACI <[email protected]> Authored: Wed Jul 13 23:34:46 2016 +0300 Committer: Furkan KAMACI <[email protected]> Committed: Wed Jul 13 23:34:46 2016 +0300 ---------------------------------------------------------------------- conf/nutch-default.xml | 19 ++++--- src/java/org/apache/nutch/api/NutchServer.java | 59 +++++++++++++------- .../api/security/AuthenticationTypeEnum.java | 26 +++++++++ 3 files changed, 75 insertions(+), 29 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/nutch/blob/04eb5707/conf/nutch-default.xml ---------------------------------------------------------------------- diff --git a/conf/nutch-default.xml b/conf/nutch-default.xml index 1985dfc..a4fede2 100644 --- a/conf/nutch-default.xml +++ b/conf/nutch-default.xml @@ -1437,29 +1437,30 @@ <property> <name>restapi.auth</name> - <value>false</value> + <value>NONE</value> <description> - Whether to enable HTTP basic authentication for communicating with RESTAPI. + Configures authentication type for communicating with RESTAPI. Valid values are BASIC, DIGEST and NONE. + When no authentication type is defined NONE will be used as default which does not provide security. Use the restapi.auth.username and restapi.auth.password properties to configure - your credentials. + your credentials if security is used. </description> </property> <property> <name>restapi.auth.username</name> - <value>login</value> + <value>admin</value> <description> - Username for HTTP basic authentication. restapi.auth should be true to use this property. - "login" is used for username as default. + Username for REST API authentication. restapi.auth property should be set to either BASIC or DIGEST to use this property. + "nutch" is used for username as default. </description> </property> <property> <name>restapi.auth.password</name> - <value>secret</value> + <value>nutch</value> <description> - Password for HTTP basic authentication. restapi.auth should be true to use this property. - "secret" is used for password as default. + Password for REST API authentication. restapi.auth property should be set to either BASIC or DIGEST to use this property. + "nutch" is used for password as default. </description> </property> http://git-wip-us.apache.org/repos/asf/nutch/blob/04eb5707/src/java/org/apache/nutch/api/NutchServer.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/nutch/api/NutchServer.java b/src/java/org/apache/nutch/api/NutchServer.java index 6af991c..af948cd 100644 --- a/src/java/org/apache/nutch/api/NutchServer.java +++ b/src/java/org/apache/nutch/api/NutchServer.java @@ -43,6 +43,7 @@ import org.apache.nutch.api.resources.ConfigResource; import org.apache.nutch.api.resources.DbResource; import org.apache.nutch.api.resources.JobResource; import org.apache.nutch.api.resources.SeedResource; +import org.apache.nutch.api.security.AuthenticationTypeEnum; import org.restlet.Component; import org.restlet.Context; import org.restlet.data.ChallengeScheme; @@ -51,6 +52,7 @@ import org.restlet.data.Reference; import org.restlet.ext.jaxrs.JaxRsApplication; import org.restlet.resource.ClientResource; import org.restlet.security.ChallengeAuthenticator; +import org.restlet.ext.crypto.DigestAuthenticator; import org.restlet.security.MapVerifier; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -90,6 +92,10 @@ public class NutchServer extends Application { * 'INFO' however best attempts should always be made to specify a logging * level.<br> * {@link org.apache.nutch.api.NutchServer} can be run as secure. restapi.auth property + * should be set to BASIC or DIGEST at <code>nutch-site.xml</code> to enable HTTP basic authentication + * or digest authentication when communicating with RESTAPI. + * Use restapi.auth.username and restapi.auth.auth.password properties at <code>nutch-site.xml</code> to configure + * credentials when security is enabled with restapi.auth property. * should be set to true at <code>nutch-site.xml</code> to enable HTTP basic authentication * for communicating with RESTAPI. * Use the restapi.auth.username and restapi.auth.auth.password properties to configure @@ -116,28 +122,31 @@ public class NutchServer extends Application { application.setStatusService(new ErrorStatusService()); childContext.getAttributes().put(NUTCH_SERVER, this); - boolean isSecure = configManager.get(ConfigResource.DEFAULT).getBoolean("restapi.auth", false); - - if (!isSecure) { - // Attach the application. - component.getDefaultHost().attach(application); - return; + AuthenticationTypeEnum authenticationType = configManager.get(ConfigResource.DEFAULT).getEnum("restapi.auth", AuthenticationTypeEnum.NONE); + + switch (authenticationType) { + case NONE: + // Attach the application without security + component.getDefaultHost().attach(application); + break; + case BASIC: + ChallengeAuthenticator challengeGuard = new ChallengeAuthenticator(null, ChallengeScheme.HTTP_BASIC, "Nutch REST API Realm"); + challengeGuard.setVerifier(retrieveServerCredentials()); + challengeGuard.setNext(application); + // Attach the application with HTTP basic authentication security + component.getDefaultHost().attach(challengeGuard); + break; + case DIGEST: + DigestAuthenticator digestGuard = new DigestAuthenticator(null, "Nutch REST API Realm", "NutchSecretKey"); + digestGuard.setWrappedVerifier(retrieveServerCredentials()); + digestGuard.setNext(application); + // Attach the application with digest authentication security + component.getDefaultHost().attachDefault(digestGuard); + break; + default: + throw new IllegalStateException("Unsupported Server Security Type!"); } - // Guard the restlet with BASIC authentication. - ChallengeAuthenticator guard = new ChallengeAuthenticator(null, ChallengeScheme.HTTP_BASIC, "testRealm"); - // Instantiates a Verifier of identifier/secret couples based on a simple Map. - MapVerifier mapVerifier = new MapVerifier(); - - // Load a single static login/secret pair. - String username = configManager.get(ConfigResource.DEFAULT).get("restapi.auth.username", "login"); - String password = configManager.get(ConfigResource.DEFAULT).get("restapi.auth.password", "secret"); - - mapVerifier.getLocalSecrets().put(username, password.toCharArray()); - guard.setVerifier(mapVerifier); - guard.setNext(application); - - component.getDefaultHost().attach(guard); } @Override @@ -311,4 +320,14 @@ public class NutchServer extends Application { options.addOption(OptionBuilder.create(CMD_PORT)); return options; } + + private MapVerifier retrieveServerCredentials() { + MapVerifier mapVerifier = new MapVerifier(); + + String username = configManager.get(ConfigResource.DEFAULT).get("restapi.auth.username", "admin"); + String password = configManager.get(ConfigResource.DEFAULT).get("restapi.auth.password", "nutch"); + mapVerifier.getLocalSecrets().put(username, password.toCharArray()); + + return mapVerifier; + } } http://git-wip-us.apache.org/repos/asf/nutch/blob/04eb5707/src/java/org/apache/nutch/api/security/AuthenticationTypeEnum.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/nutch/api/security/AuthenticationTypeEnum.java b/src/java/org/apache/nutch/api/security/AuthenticationTypeEnum.java new file mode 100644 index 0000000..cfbffea --- /dev/null +++ b/src/java/org/apache/nutch/api/security/AuthenticationTypeEnum.java @@ -0,0 +1,26 @@ +/******************************************************************************* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + ******************************************************************************/ +package org.apache.nutch.api.security; + +/** + * Authentication enum which holds authentication types for NutchServer REST API. + */ +public enum AuthenticationTypeEnum { + BASIC, + DIGEST, + NONE +}
