This is an automated email from the ASF dual-hosted git repository. aglinxinyuan pushed a commit to branch revert-5049-fix/RolesAllowedUnenforced in repository https://gitbox.apache.org/repos/asf/texera.git
commit 9d29b71f6dc935102566b66dfd498e112dc2260e Author: Xinyuan Lin <[email protected]> AuthorDate: Sat May 23 20:43:07 2026 -0700 Revert "fix: enforce @RolesAllowed on microservice resources (#5049)" This reverts commit d1cf4ebde7f49346533e3c9506013f97c7fef88f. --- build.sbt | 2 +- computing-unit-managing-service/build.sbt | 7 --- .../service/ComputingUnitManagingService.scala | 29 ++++-------- .../ComputingUnitManagingServiceRunSpec.scala | 48 ------------------- .../org/apache/texera/service/ConfigService.scala | 4 -- .../texera/service/ConfigServiceRunSpec.scala | 55 ---------------------- workflow-compiling-service/LICENSE-binary | 3 -- workflow-compiling-service/build.sbt | 1 - .../texera/service/WorkflowCompilingService.scala | 23 +-------- .../service/WorkflowCompilingServiceRunSpec.scala | 48 ------------------- 10 files changed, 13 insertions(+), 207 deletions(-) diff --git a/build.sbt b/build.sbt index 8b38e2e009..b7b6b3cfb2 100644 --- a/build.sbt +++ b/build.sbt @@ -113,7 +113,7 @@ lazy val FileService = (project in file("file-service")) lazy val WorkflowOperator = (project in file("common/workflow-operator")).settings(asfLicensingSettingsWithVendored).dependsOn(WorkflowCore) lazy val WorkflowCompilingService = (project in file("workflow-compiling-service")) - .dependsOn(WorkflowOperator, Auth, Config) + .dependsOn(WorkflowOperator, Config) .settings(asfLicensingSettings) .settings( dependencyOverrides ++= Seq( diff --git a/computing-unit-managing-service/build.sbt b/computing-unit-managing-service/build.sbt index 1c39a6b03d..3d385d33d3 100644 --- a/computing-unit-managing-service/build.sbt +++ b/computing-unit-managing-service/build.sbt @@ -34,13 +34,6 @@ Universal / mappings := AddMetaInfLicenseFiles.distMappings( // Dependency Versions val dropwizardVersion = "4.0.7" -val mockitoVersion = "5.4.0" - -// Test Dependencies -libraryDependencies ++= Seq( - "org.scalatest" %% "scalatest" % "3.2.17" % Test, - "org.mockito" % "mockito-core" % mockitoVersion % Test -) // Dependencies libraryDependencies ++= Seq( diff --git a/computing-unit-managing-service/src/main/scala/org/apache/texera/service/ComputingUnitManagingService.scala b/computing-unit-managing-service/src/main/scala/org/apache/texera/service/ComputingUnitManagingService.scala index 6184cf545a..a15ced30a2 100644 --- a/computing-unit-managing-service/src/main/scala/org/apache/texera/service/ComputingUnitManagingService.scala +++ b/computing-unit-managing-service/src/main/scala/org/apache/texera/service/ComputingUnitManagingService.scala @@ -32,7 +32,6 @@ import org.apache.texera.service.resource.{ ComputingUnitManagingResource, HealthCheckResource } -import org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature import java.nio.file.Path class ComputingUnitManagingService extends Application[ComputingUnitManagingServiceConfiguration] { @@ -54,16 +53,21 @@ class ComputingUnitManagingService extends Application[ComputingUnitManagingServ configuration: ComputingUnitManagingServiceConfiguration, environment: Environment ): Unit = { + SqlServer.initConnection( + StorageConfig.jdbcUrl, + StorageConfig.jdbcUsername, + StorageConfig.jdbcPassword + ) // Register http resources environment.jersey.setUrlPattern("/api/*") environment.jersey.register(classOf[HealthCheckResource]) - ComputingUnitManagingService.registerAuthFeatures(environment) + // Register JWT authentication filter + environment.jersey.register(new AuthDynamicFeature(classOf[JwtAuthFilter])) - SqlServer.initConnection( - StorageConfig.jdbcUrl, - StorageConfig.jdbcUsername, - StorageConfig.jdbcPassword + // Enable @Auth annotation for injecting SessionUser + environment.jersey.register( + new io.dropwizard.auth.AuthValueFactoryProvider.Binder(classOf[SessionUser]) ) environment.jersey().register(new ComputingUnitManagingResource) @@ -75,19 +79,6 @@ class ComputingUnitManagingService extends Application[ComputingUnitManagingServ } object ComputingUnitManagingService { - // Registers JWT auth, @Auth injection, and @RolesAllowed enforcement. - def registerAuthFeatures(environment: Environment): Unit = { - // Register JWT authentication filter - environment.jersey.register(new AuthDynamicFeature(classOf[JwtAuthFilter])) - - // Enable @Auth annotation for injecting SessionUser - environment.jersey.register( - new io.dropwizard.auth.AuthValueFactoryProvider.Binder(classOf[SessionUser]) - ) - - // Enforce @RolesAllowed annotations on resource methods - environment.jersey.register(classOf[RolesAllowedDynamicFeature]) - } def main(args: Array[String]): Unit = { val configFilePath = Path diff --git a/computing-unit-managing-service/src/test/scala/org/apache/texera/service/ComputingUnitManagingServiceRunSpec.scala b/computing-unit-managing-service/src/test/scala/org/apache/texera/service/ComputingUnitManagingServiceRunSpec.scala deleted file mode 100644 index d27f5725ac..0000000000 --- a/computing-unit-managing-service/src/test/scala/org/apache/texera/service/ComputingUnitManagingServiceRunSpec.scala +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.texera.service - -import io.dropwizard.auth.{AuthDynamicFeature, AuthValueFactoryProvider} -import io.dropwizard.core.setup.Environment -import io.dropwizard.jersey.setup.JerseyEnvironment -import org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature -import org.mockito.Mockito.{mock, verify, when} -import org.scalatest.flatspec.AnyFlatSpec -import org.scalatest.matchers.should.Matchers - -class ComputingUnitManagingServiceRunSpec extends AnyFlatSpec with Matchers { - - // Verifies that the @RolesAllowed annotations on resource methods are actually - // enforced by Jersey, which requires RolesAllowedDynamicFeature, AuthDynamicFeature, - // and AuthValueFactoryProvider.Binder to be registered on the Jersey environment. - "ComputingUnitManagingService.registerAuthFeatures" should "register auth + RolesAllowedDynamicFeature on the Jersey environment" in { - val jersey = mock(classOf[JerseyEnvironment]) - val env = mock(classOf[Environment]) - when(env.jersey).thenReturn(jersey) - - ComputingUnitManagingService.registerAuthFeatures(env) - - verify(jersey).register(classOf[RolesAllowedDynamicFeature]) - verify(jersey).register(org.mockito.ArgumentMatchers.any(classOf[AuthDynamicFeature])) - verify(jersey).register( - org.mockito.ArgumentMatchers.any(classOf[AuthValueFactoryProvider.Binder[_]]) - ) - } -} diff --git a/config-service/src/main/scala/org/apache/texera/service/ConfigService.scala b/config-service/src/main/scala/org/apache/texera/service/ConfigService.scala index 545aac494b..c787016c27 100644 --- a/config-service/src/main/scala/org/apache/texera/service/ConfigService.scala +++ b/config-service/src/main/scala/org/apache/texera/service/ConfigService.scala @@ -31,7 +31,6 @@ import org.apache.texera.config.DefaultsConfig import org.apache.texera.dao.SqlServer import org.apache.texera.service.resource.{ConfigResource, HealthCheckResource} import org.eclipse.jetty.server.session.SessionHandler -import org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature import org.jooq.impl.DSL import java.nio.file.Path @@ -72,9 +71,6 @@ class ConfigService extends Application[ConfigServiceConfiguration] with LazyLog new io.dropwizard.auth.AuthValueFactoryProvider.Binder(classOf[SessionUser]) ) - // Enforce @RolesAllowed annotations on resource methods - environment.jersey.register(classOf[RolesAllowedDynamicFeature]) - environment.jersey.register(new ConfigResource) // Preload default.conf into site_setting tables diff --git a/config-service/src/test/scala/org/apache/texera/service/ConfigServiceRunSpec.scala b/config-service/src/test/scala/org/apache/texera/service/ConfigServiceRunSpec.scala deleted file mode 100644 index e3982e3775..0000000000 --- a/config-service/src/test/scala/org/apache/texera/service/ConfigServiceRunSpec.scala +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.texera.service - -import io.dropwizard.core.setup.Environment -import io.dropwizard.jersey.setup.JerseyEnvironment -import io.dropwizard.jetty.MutableServletContextHandler -import io.dropwizard.jetty.setup.ServletEnvironment -import org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature -import org.mockito.Mockito.{mock, verify, when} -import org.scalatest.flatspec.AnyFlatSpec -import org.scalatest.matchers.should.Matchers - -class ConfigServiceRunSpec extends AnyFlatSpec with Matchers { - - // Verifies that the @RolesAllowed annotations on ConfigResource are actually - // enforced by Jersey, which requires RolesAllowedDynamicFeature to be - // registered on the Jersey environment. - "ConfigService.run" should "register RolesAllowedDynamicFeature on the Jersey environment" in { - val jersey = mock(classOf[JerseyEnvironment]) - val servlets = mock(classOf[ServletEnvironment]) - val context = mock(classOf[MutableServletContextHandler]) - val env = mock(classOf[Environment]) - when(env.jersey).thenReturn(jersey) - when(env.servlets).thenReturn(servlets) - when(env.getApplicationContext).thenReturn(context) - - val service = new ConfigService - // run() reaches into SqlServer near the end to preload defaults; that throws - // here because no real DB is wired up. By that point all Jersey registrations - // have already executed, so the verification below is still valid. - intercept[Exception] { - service.run(mock(classOf[ConfigServiceConfiguration]), env) - } - - verify(jersey).register(classOf[RolesAllowedDynamicFeature]) - } -} diff --git a/workflow-compiling-service/LICENSE-binary b/workflow-compiling-service/LICENSE-binary index ed6a9e1d26..5b7548a4ed 100644 --- a/workflow-compiling-service/LICENSE-binary +++ b/workflow-compiling-service/LICENSE-binary @@ -281,7 +281,6 @@ Scala/Java jars: - commons-pool.commons-pool-1.6.jar - dev.failsafe.failsafe-3.3.2.jar - io.airlift.aircompressor-0.27.jar - - io.dropwizard.dropwizard-auth-4.0.7.jar - io.dropwizard.dropwizard-configuration-4.0.7.jar - io.dropwizard.dropwizard-core-4.0.7.jar - io.dropwizard.dropwizard-health-4.0.7.jar @@ -297,7 +296,6 @@ Scala/Java jars: - io.dropwizard.dropwizard-validation-4.0.7.jar - io.dropwizard.logback.logback-throttling-appender-1.4.2.jar - io.dropwizard.metrics.metrics-annotation-4.2.25.jar - - io.dropwizard.metrics.metrics-caffeine-4.2.25.jar - io.dropwizard.metrics.metrics-core-4.2.25.jar - io.dropwizard.metrics.metrics-healthchecks-4.2.25.jar - io.dropwizard.metrics.metrics-jakarta-servlets-4.2.25.jar @@ -421,7 +419,6 @@ Scala/Java jars: - org.apache.yetus.audience-annotations-0.13.0.jar - org.apache.zookeeper.zookeeper-3.5.6.jar - org.apache.zookeeper.zookeeper-jute-3.5.6.jar - - org.bitbucket.b_c.jose4j-0.9.6.jar - org.eclipse.jetty.jetty-http-11.0.20.jar - org.eclipse.jetty.jetty-io-11.0.20.jar - org.eclipse.jetty.jetty-security-11.0.20.jar diff --git a/workflow-compiling-service/build.sbt b/workflow-compiling-service/build.sbt index 95a6926992..9560751d00 100644 --- a/workflow-compiling-service/build.sbt +++ b/workflow-compiling-service/build.sbt @@ -84,6 +84,5 @@ libraryDependencies ++= Seq( // Core Dependencies libraryDependencies ++= Seq( "io.dropwizard" % "dropwizard-core" % dropwizardVersion, - "io.dropwizard" % "dropwizard-auth" % dropwizardVersion, // Dropwizard Authentication module "com.fasterxml.jackson.module" %% "jackson-module-scala" % "2.18.6" ) diff --git a/workflow-compiling-service/src/main/scala/org/apache/texera/service/WorkflowCompilingService.scala b/workflow-compiling-service/src/main/scala/org/apache/texera/service/WorkflowCompilingService.scala index 8dc573aaf8..40fb3a2dd8 100644 --- a/workflow-compiling-service/src/main/scala/org/apache/texera/service/WorkflowCompilingService.scala +++ b/workflow-compiling-service/src/main/scala/org/apache/texera/service/WorkflowCompilingService.scala @@ -20,17 +20,14 @@ package org.apache.texera.service import com.fasterxml.jackson.module.scala.DefaultScalaModule -import io.dropwizard.auth.AuthDynamicFeature import io.dropwizard.configuration.{EnvironmentVariableSubstitutor, SubstitutingSourceProvider} import io.dropwizard.core.Application import io.dropwizard.core.setup.{Bootstrap, Environment} import org.apache.texera.amber.config.StorageConfig import org.apache.texera.amber.util.ObjectMapperUtils -import org.apache.texera.auth.{JwtAuthFilter, SessionUser} import org.apache.texera.dao.SqlServer import org.apache.texera.service.resource.{HealthCheckResource, WorkflowCompilationResource} import org.eclipse.jetty.servlet.FilterHolder -import org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature import java.nio.file.Path @@ -56,16 +53,14 @@ class WorkflowCompilingService extends Application[WorkflowCompilingServiceConfi // serve backend at /api environment.jersey.setUrlPattern("/api/*") - environment.jersey.register(classOf[HealthCheckResource]) - - WorkflowCompilingService.registerAuthFeatures(environment) - SqlServer.initConnection( StorageConfig.jdbcUrl, StorageConfig.jdbcUsername, StorageConfig.jdbcPassword ) + environment.jersey.register(classOf[HealthCheckResource]) + // register the compilation endpoint environment.jersey.register(classOf[WorkflowCompilationResource]) @@ -95,20 +90,6 @@ class WorkflowCompilingService extends Application[WorkflowCompilingServiceConfi } object WorkflowCompilingService { - // Registers JWT auth, @Auth injection, and @RolesAllowed enforcement. - def registerAuthFeatures(environment: Environment): Unit = { - // Register JWT authentication filter - environment.jersey.register(new AuthDynamicFeature(classOf[JwtAuthFilter])) - - // Enable @Auth annotation for injecting SessionUser - environment.jersey.register( - new io.dropwizard.auth.AuthValueFactoryProvider.Binder(classOf[SessionUser]) - ) - - // Enforce @RolesAllowed annotations on resource methods - environment.jersey.register(classOf[RolesAllowedDynamicFeature]) - } - def main(args: Array[String]): Unit = { // set the configuration file's path val configFilePath = Path diff --git a/workflow-compiling-service/src/test/scala/org/apache/texera/service/WorkflowCompilingServiceRunSpec.scala b/workflow-compiling-service/src/test/scala/org/apache/texera/service/WorkflowCompilingServiceRunSpec.scala deleted file mode 100644 index ff5da1b561..0000000000 --- a/workflow-compiling-service/src/test/scala/org/apache/texera/service/WorkflowCompilingServiceRunSpec.scala +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.texera.service - -import io.dropwizard.auth.{AuthDynamicFeature, AuthValueFactoryProvider} -import io.dropwizard.core.setup.Environment -import io.dropwizard.jersey.setup.JerseyEnvironment -import org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature -import org.mockito.Mockito.{mock, verify, when} -import org.scalatest.flatspec.AnyFlatSpec -import org.scalatest.matchers.should.Matchers - -class WorkflowCompilingServiceRunSpec extends AnyFlatSpec with Matchers { - - // Verifies that the @RolesAllowed annotations on resource methods are actually - // enforced by Jersey, which requires RolesAllowedDynamicFeature, AuthDynamicFeature, - // and AuthValueFactoryProvider.Binder to be registered on the Jersey environment. - "WorkflowCompilingService.registerAuthFeatures" should "register auth + RolesAllowedDynamicFeature on the Jersey environment" in { - val jersey = mock(classOf[JerseyEnvironment]) - val env = mock(classOf[Environment]) - when(env.jersey).thenReturn(jersey) - - WorkflowCompilingService.registerAuthFeatures(env) - - verify(jersey).register(classOf[RolesAllowedDynamicFeature]) - verify(jersey).register(org.mockito.ArgumentMatchers.any(classOf[AuthDynamicFeature])) - verify(jersey).register( - org.mockito.ArgumentMatchers.any(classOf[AuthValueFactoryProvider.Binder[_]]) - ) - } -}
