This is an automated email from the ASF dual-hosted git repository.
github-merge-queue[bot] pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/texera.git
The following commit(s) were added to refs/heads/main by this push:
new 770709b83d fix: Revert"fix: enforce @RolesAllowed on microservice
resources" (#5173)
770709b83d is described below
commit 770709b83d47fa7cd302ad5cb3ecf7a6546016de
Author: Matthew B. <[email protected]>
AuthorDate: Sat May 23 22:32:44 2026 -0700
fix: Revert"fix: enforce @RolesAllowed on microservice resources" (#5173)
Reverts apache/texera#5049
---
build.sbt | 2 +-
computing-unit-managing-service/build.sbt | 7 ---
.../service/ComputingUnitManagingService.scala | 29 ++++--------
.../ComputingUnitManagingServiceRunSpec.scala | 48 -------------------
.../org/apache/texera/service/ConfigService.scala | 4 --
.../texera/service/ConfigServiceRunSpec.scala | 55 ----------------------
workflow-compiling-service/LICENSE-binary | 3 --
workflow-compiling-service/build.sbt | 1 -
.../texera/service/WorkflowCompilingService.scala | 23 +--------
.../service/WorkflowCompilingServiceRunSpec.scala | 48 -------------------
10 files changed, 13 insertions(+), 207 deletions(-)
diff --git a/build.sbt b/build.sbt
index 8b38e2e009..b7b6b3cfb2 100644
--- a/build.sbt
+++ b/build.sbt
@@ -113,7 +113,7 @@ lazy val FileService = (project in file("file-service"))
lazy val WorkflowOperator = (project in
file("common/workflow-operator")).settings(asfLicensingSettingsWithVendored).dependsOn(WorkflowCore)
lazy val WorkflowCompilingService = (project in
file("workflow-compiling-service"))
- .dependsOn(WorkflowOperator, Auth, Config)
+ .dependsOn(WorkflowOperator, Config)
.settings(asfLicensingSettings)
.settings(
dependencyOverrides ++= Seq(
diff --git a/computing-unit-managing-service/build.sbt
b/computing-unit-managing-service/build.sbt
index 1c39a6b03d..3d385d33d3 100644
--- a/computing-unit-managing-service/build.sbt
+++ b/computing-unit-managing-service/build.sbt
@@ -34,13 +34,6 @@ Universal / mappings := AddMetaInfLicenseFiles.distMappings(
// Dependency Versions
val dropwizardVersion = "4.0.7"
-val mockitoVersion = "5.4.0"
-
-// Test Dependencies
-libraryDependencies ++= Seq(
- "org.scalatest" %% "scalatest" % "3.2.17" % Test,
- "org.mockito" % "mockito-core" % mockitoVersion % Test
-)
// Dependencies
libraryDependencies ++= Seq(
diff --git
a/computing-unit-managing-service/src/main/scala/org/apache/texera/service/ComputingUnitManagingService.scala
b/computing-unit-managing-service/src/main/scala/org/apache/texera/service/ComputingUnitManagingService.scala
index 6184cf545a..a15ced30a2 100644
---
a/computing-unit-managing-service/src/main/scala/org/apache/texera/service/ComputingUnitManagingService.scala
+++
b/computing-unit-managing-service/src/main/scala/org/apache/texera/service/ComputingUnitManagingService.scala
@@ -32,7 +32,6 @@ import org.apache.texera.service.resource.{
ComputingUnitManagingResource,
HealthCheckResource
}
-import org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature
import java.nio.file.Path
class ComputingUnitManagingService extends
Application[ComputingUnitManagingServiceConfiguration] {
@@ -54,16 +53,21 @@ class ComputingUnitManagingService extends
Application[ComputingUnitManagingServ
configuration: ComputingUnitManagingServiceConfiguration,
environment: Environment
): Unit = {
+ SqlServer.initConnection(
+ StorageConfig.jdbcUrl,
+ StorageConfig.jdbcUsername,
+ StorageConfig.jdbcPassword
+ )
// Register http resources
environment.jersey.setUrlPattern("/api/*")
environment.jersey.register(classOf[HealthCheckResource])
- ComputingUnitManagingService.registerAuthFeatures(environment)
+ // Register JWT authentication filter
+ environment.jersey.register(new AuthDynamicFeature(classOf[JwtAuthFilter]))
- SqlServer.initConnection(
- StorageConfig.jdbcUrl,
- StorageConfig.jdbcUsername,
- StorageConfig.jdbcPassword
+ // Enable @Auth annotation for injecting SessionUser
+ environment.jersey.register(
+ new
io.dropwizard.auth.AuthValueFactoryProvider.Binder(classOf[SessionUser])
)
environment.jersey().register(new ComputingUnitManagingResource)
@@ -75,19 +79,6 @@ class ComputingUnitManagingService extends
Application[ComputingUnitManagingServ
}
object ComputingUnitManagingService {
- // Registers JWT auth, @Auth injection, and @RolesAllowed enforcement.
- def registerAuthFeatures(environment: Environment): Unit = {
- // Register JWT authentication filter
- environment.jersey.register(new AuthDynamicFeature(classOf[JwtAuthFilter]))
-
- // Enable @Auth annotation for injecting SessionUser
- environment.jersey.register(
- new
io.dropwizard.auth.AuthValueFactoryProvider.Binder(classOf[SessionUser])
- )
-
- // Enforce @RolesAllowed annotations on resource methods
- environment.jersey.register(classOf[RolesAllowedDynamicFeature])
- }
def main(args: Array[String]): Unit = {
val configFilePath = Path
diff --git
a/computing-unit-managing-service/src/test/scala/org/apache/texera/service/ComputingUnitManagingServiceRunSpec.scala
b/computing-unit-managing-service/src/test/scala/org/apache/texera/service/ComputingUnitManagingServiceRunSpec.scala
deleted file mode 100644
index d27f5725ac..0000000000
---
a/computing-unit-managing-service/src/test/scala/org/apache/texera/service/ComputingUnitManagingServiceRunSpec.scala
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.texera.service
-
-import io.dropwizard.auth.{AuthDynamicFeature, AuthValueFactoryProvider}
-import io.dropwizard.core.setup.Environment
-import io.dropwizard.jersey.setup.JerseyEnvironment
-import org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature
-import org.mockito.Mockito.{mock, verify, when}
-import org.scalatest.flatspec.AnyFlatSpec
-import org.scalatest.matchers.should.Matchers
-
-class ComputingUnitManagingServiceRunSpec extends AnyFlatSpec with Matchers {
-
- // Verifies that the @RolesAllowed annotations on resource methods are
actually
- // enforced by Jersey, which requires RolesAllowedDynamicFeature,
AuthDynamicFeature,
- // and AuthValueFactoryProvider.Binder to be registered on the Jersey
environment.
- "ComputingUnitManagingService.registerAuthFeatures" should "register auth +
RolesAllowedDynamicFeature on the Jersey environment" in {
- val jersey = mock(classOf[JerseyEnvironment])
- val env = mock(classOf[Environment])
- when(env.jersey).thenReturn(jersey)
-
- ComputingUnitManagingService.registerAuthFeatures(env)
-
- verify(jersey).register(classOf[RolesAllowedDynamicFeature])
-
verify(jersey).register(org.mockito.ArgumentMatchers.any(classOf[AuthDynamicFeature]))
- verify(jersey).register(
-
org.mockito.ArgumentMatchers.any(classOf[AuthValueFactoryProvider.Binder[_]])
- )
- }
-}
diff --git
a/config-service/src/main/scala/org/apache/texera/service/ConfigService.scala
b/config-service/src/main/scala/org/apache/texera/service/ConfigService.scala
index 545aac494b..c787016c27 100644
---
a/config-service/src/main/scala/org/apache/texera/service/ConfigService.scala
+++
b/config-service/src/main/scala/org/apache/texera/service/ConfigService.scala
@@ -31,7 +31,6 @@ import org.apache.texera.config.DefaultsConfig
import org.apache.texera.dao.SqlServer
import org.apache.texera.service.resource.{ConfigResource, HealthCheckResource}
import org.eclipse.jetty.server.session.SessionHandler
-import org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature
import org.jooq.impl.DSL
import java.nio.file.Path
@@ -72,9 +71,6 @@ class ConfigService extends
Application[ConfigServiceConfiguration] with LazyLog
new
io.dropwizard.auth.AuthValueFactoryProvider.Binder(classOf[SessionUser])
)
- // Enforce @RolesAllowed annotations on resource methods
- environment.jersey.register(classOf[RolesAllowedDynamicFeature])
-
environment.jersey.register(new ConfigResource)
// Preload default.conf into site_setting tables
diff --git
a/config-service/src/test/scala/org/apache/texera/service/ConfigServiceRunSpec.scala
b/config-service/src/test/scala/org/apache/texera/service/ConfigServiceRunSpec.scala
deleted file mode 100644
index e3982e3775..0000000000
---
a/config-service/src/test/scala/org/apache/texera/service/ConfigServiceRunSpec.scala
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.texera.service
-
-import io.dropwizard.core.setup.Environment
-import io.dropwizard.jersey.setup.JerseyEnvironment
-import io.dropwizard.jetty.MutableServletContextHandler
-import io.dropwizard.jetty.setup.ServletEnvironment
-import org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature
-import org.mockito.Mockito.{mock, verify, when}
-import org.scalatest.flatspec.AnyFlatSpec
-import org.scalatest.matchers.should.Matchers
-
-class ConfigServiceRunSpec extends AnyFlatSpec with Matchers {
-
- // Verifies that the @RolesAllowed annotations on ConfigResource are actually
- // enforced by Jersey, which requires RolesAllowedDynamicFeature to be
- // registered on the Jersey environment.
- "ConfigService.run" should "register RolesAllowedDynamicFeature on the
Jersey environment" in {
- val jersey = mock(classOf[JerseyEnvironment])
- val servlets = mock(classOf[ServletEnvironment])
- val context = mock(classOf[MutableServletContextHandler])
- val env = mock(classOf[Environment])
- when(env.jersey).thenReturn(jersey)
- when(env.servlets).thenReturn(servlets)
- when(env.getApplicationContext).thenReturn(context)
-
- val service = new ConfigService
- // run() reaches into SqlServer near the end to preload defaults; that
throws
- // here because no real DB is wired up. By that point all Jersey
registrations
- // have already executed, so the verification below is still valid.
- intercept[Exception] {
- service.run(mock(classOf[ConfigServiceConfiguration]), env)
- }
-
- verify(jersey).register(classOf[RolesAllowedDynamicFeature])
- }
-}
diff --git a/workflow-compiling-service/LICENSE-binary
b/workflow-compiling-service/LICENSE-binary
index ed6a9e1d26..5b7548a4ed 100644
--- a/workflow-compiling-service/LICENSE-binary
+++ b/workflow-compiling-service/LICENSE-binary
@@ -281,7 +281,6 @@ Scala/Java jars:
- commons-pool.commons-pool-1.6.jar
- dev.failsafe.failsafe-3.3.2.jar
- io.airlift.aircompressor-0.27.jar
- - io.dropwizard.dropwizard-auth-4.0.7.jar
- io.dropwizard.dropwizard-configuration-4.0.7.jar
- io.dropwizard.dropwizard-core-4.0.7.jar
- io.dropwizard.dropwizard-health-4.0.7.jar
@@ -297,7 +296,6 @@ Scala/Java jars:
- io.dropwizard.dropwizard-validation-4.0.7.jar
- io.dropwizard.logback.logback-throttling-appender-1.4.2.jar
- io.dropwizard.metrics.metrics-annotation-4.2.25.jar
- - io.dropwizard.metrics.metrics-caffeine-4.2.25.jar
- io.dropwizard.metrics.metrics-core-4.2.25.jar
- io.dropwizard.metrics.metrics-healthchecks-4.2.25.jar
- io.dropwizard.metrics.metrics-jakarta-servlets-4.2.25.jar
@@ -421,7 +419,6 @@ Scala/Java jars:
- org.apache.yetus.audience-annotations-0.13.0.jar
- org.apache.zookeeper.zookeeper-3.5.6.jar
- org.apache.zookeeper.zookeeper-jute-3.5.6.jar
- - org.bitbucket.b_c.jose4j-0.9.6.jar
- org.eclipse.jetty.jetty-http-11.0.20.jar
- org.eclipse.jetty.jetty-io-11.0.20.jar
- org.eclipse.jetty.jetty-security-11.0.20.jar
diff --git a/workflow-compiling-service/build.sbt
b/workflow-compiling-service/build.sbt
index 95a6926992..9560751d00 100644
--- a/workflow-compiling-service/build.sbt
+++ b/workflow-compiling-service/build.sbt
@@ -84,6 +84,5 @@ libraryDependencies ++= Seq(
// Core Dependencies
libraryDependencies ++= Seq(
"io.dropwizard" % "dropwizard-core" % dropwizardVersion,
- "io.dropwizard" % "dropwizard-auth" % dropwizardVersion, // Dropwizard
Authentication module
"com.fasterxml.jackson.module" %% "jackson-module-scala" % "2.18.6"
)
diff --git
a/workflow-compiling-service/src/main/scala/org/apache/texera/service/WorkflowCompilingService.scala
b/workflow-compiling-service/src/main/scala/org/apache/texera/service/WorkflowCompilingService.scala
index 8dc573aaf8..40fb3a2dd8 100644
---
a/workflow-compiling-service/src/main/scala/org/apache/texera/service/WorkflowCompilingService.scala
+++
b/workflow-compiling-service/src/main/scala/org/apache/texera/service/WorkflowCompilingService.scala
@@ -20,17 +20,14 @@
package org.apache.texera.service
import com.fasterxml.jackson.module.scala.DefaultScalaModule
-import io.dropwizard.auth.AuthDynamicFeature
import io.dropwizard.configuration.{EnvironmentVariableSubstitutor,
SubstitutingSourceProvider}
import io.dropwizard.core.Application
import io.dropwizard.core.setup.{Bootstrap, Environment}
import org.apache.texera.amber.config.StorageConfig
import org.apache.texera.amber.util.ObjectMapperUtils
-import org.apache.texera.auth.{JwtAuthFilter, SessionUser}
import org.apache.texera.dao.SqlServer
import org.apache.texera.service.resource.{HealthCheckResource,
WorkflowCompilationResource}
import org.eclipse.jetty.servlet.FilterHolder
-import org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature
import java.nio.file.Path
@@ -56,16 +53,14 @@ class WorkflowCompilingService extends
Application[WorkflowCompilingServiceConfi
// serve backend at /api
environment.jersey.setUrlPattern("/api/*")
- environment.jersey.register(classOf[HealthCheckResource])
-
- WorkflowCompilingService.registerAuthFeatures(environment)
-
SqlServer.initConnection(
StorageConfig.jdbcUrl,
StorageConfig.jdbcUsername,
StorageConfig.jdbcPassword
)
+ environment.jersey.register(classOf[HealthCheckResource])
+
// register the compilation endpoint
environment.jersey.register(classOf[WorkflowCompilationResource])
@@ -95,20 +90,6 @@ class WorkflowCompilingService extends
Application[WorkflowCompilingServiceConfi
}
object WorkflowCompilingService {
- // Registers JWT auth, @Auth injection, and @RolesAllowed enforcement.
- def registerAuthFeatures(environment: Environment): Unit = {
- // Register JWT authentication filter
- environment.jersey.register(new AuthDynamicFeature(classOf[JwtAuthFilter]))
-
- // Enable @Auth annotation for injecting SessionUser
- environment.jersey.register(
- new
io.dropwizard.auth.AuthValueFactoryProvider.Binder(classOf[SessionUser])
- )
-
- // Enforce @RolesAllowed annotations on resource methods
- environment.jersey.register(classOf[RolesAllowedDynamicFeature])
- }
-
def main(args: Array[String]): Unit = {
// set the configuration file's path
val configFilePath = Path
diff --git
a/workflow-compiling-service/src/test/scala/org/apache/texera/service/WorkflowCompilingServiceRunSpec.scala
b/workflow-compiling-service/src/test/scala/org/apache/texera/service/WorkflowCompilingServiceRunSpec.scala
deleted file mode 100644
index ff5da1b561..0000000000
---
a/workflow-compiling-service/src/test/scala/org/apache/texera/service/WorkflowCompilingServiceRunSpec.scala
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.texera.service
-
-import io.dropwizard.auth.{AuthDynamicFeature, AuthValueFactoryProvider}
-import io.dropwizard.core.setup.Environment
-import io.dropwizard.jersey.setup.JerseyEnvironment
-import org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature
-import org.mockito.Mockito.{mock, verify, when}
-import org.scalatest.flatspec.AnyFlatSpec
-import org.scalatest.matchers.should.Matchers
-
-class WorkflowCompilingServiceRunSpec extends AnyFlatSpec with Matchers {
-
- // Verifies that the @RolesAllowed annotations on resource methods are
actually
- // enforced by Jersey, which requires RolesAllowedDynamicFeature,
AuthDynamicFeature,
- // and AuthValueFactoryProvider.Binder to be registered on the Jersey
environment.
- "WorkflowCompilingService.registerAuthFeatures" should "register auth +
RolesAllowedDynamicFeature on the Jersey environment" in {
- val jersey = mock(classOf[JerseyEnvironment])
- val env = mock(classOf[Environment])
- when(env.jersey).thenReturn(jersey)
-
- WorkflowCompilingService.registerAuthFeatures(env)
-
- verify(jersey).register(classOf[RolesAllowedDynamicFeature])
-
verify(jersey).register(org.mockito.ArgumentMatchers.any(classOf[AuthDynamicFeature]))
- verify(jersey).register(
-
org.mockito.ArgumentMatchers.any(classOf[AuthValueFactoryProvider.Binder[_]])
- )
- }
-}
