Merge branch 'tp32' Conflicts: docs/src/reference/gremlin-applications.asciidoc gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/HttpChannelizer.java gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/WebSocketChannelizer.java gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/HttpBasicAuthenticationHandler.java gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java
Project: http://git-wip-us.apache.org/repos/asf/tinkerpop/repo Commit: http://git-wip-us.apache.org/repos/asf/tinkerpop/commit/960fdc11 Tree: http://git-wip-us.apache.org/repos/asf/tinkerpop/tree/960fdc11 Diff: http://git-wip-us.apache.org/repos/asf/tinkerpop/diff/960fdc11 Branch: refs/heads/master Commit: 960fdc11399590280522189b08727e90cd9b629a Parents: 4b9c283 021831e Author: Stephen Mallette <sp...@genoprime.com> Authored: Mon Apr 10 15:40:46 2017 -0400 Committer: Stephen Mallette <sp...@genoprime.com> Committed: Mon Apr 10 15:40:46 2017 -0400 ---------------------------------------------------------------------- CHANGELOG.asciidoc | 3 ++ .../src/reference/gremlin-applications.asciidoc | 7 ++-- .../upgrade/release-3.2.x-incubating.asciidoc | 10 ++++++ .../driver/gremlin-server-modern-secure-py.yaml | 2 +- .../conf/gremlin-server-rest-secure.yaml | 4 +-- gremlin-server/conf/gremlin-server-secure.yaml | 4 +-- .../gremlin/server/AbstractChannelizer.java | 25 ++++++++++++-- .../tinkerpop/gremlin/server/Settings.java | 18 +++++++++- .../gremlin/server/channel/HttpChannelizer.java | 15 +++++++- .../server/channel/WebSocketChannelizer.java | 16 +++++++-- .../handler/AbstractAuthenticationHandler.java | 35 +++++++++++++++++++ .../handler/HttpBasicAuthenticationHandler.java | 5 ++- .../handler/SaslAuthenticationHandler.java | 5 ++- .../server/GremlinServerHttpIntegrateTest.java | 36 ++++++++++++++++++++ 14 files changed, 164 insertions(+), 21 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/CHANGELOG.asciidoc ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/docs/src/reference/gremlin-applications.asciidoc ---------------------------------------------------------------------- diff --cc docs/src/reference/gremlin-applications.asciidoc index 318f2df,851ef36..ba66f08 --- a/docs/src/reference/gremlin-applications.asciidoc +++ b/docs/src/reference/gremlin-applications.asciidoc @@@ -1124,9 -1072,9 +1124,10 @@@ The following table describes the vario [width="100%",cols="3,10,^2",options="header"] |========================================================= |Key |Description |Default - |authentication.className |The fully qualified classname of an `Authenticator` implementation to use. If this setting is not present, then authentication is effectively disabled. |`AllowAllAuthenticator` - |authentication.enableAuditLog |The available authenticators can issue audit logging messages, binding the authenticated user to his remote socket address and binding requests with a gremlin query to the remote socket address. For privacy reasons, the default value of this setting is false. The audit logging messages are logged at the INFO level via the `audit.org.apache.tinkerpop.gremlin.server` logger, which can be configured using the log4j.properties file. |false + |authentication.authenticator |The fully qualified classname of an `Authenticator` implementation to use. If this setting is not present, then authentication is effectively disabled. |`AllowAllAuthenticator` + |authentication.authenticationHandler | The fully qualified classname of an `AbstractAuthenticationHandler` implementation to use. If this setting is not present, but the `authentication.authenticator` is, it will use that authenticator with the default `AbstractAuthenticationHandler` implementation for the specified `Channelizer` |_none_ |authentication.config |A `Map` of configuration settings to be passes to the `Authenticator` when it is constructed. The settings available are dependent on the implementation. |_none_ ++|authentication.enableAuditLog |The available authenticators can issue audit logging messages, binding the authenticated user to his remote socket address and binding requests with a gremlin query to the remote socket address. For privacy reasons, the default value of this setting is false. The audit logging messages are logged at the INFO level via the `audit.org.apache.tinkerpop.gremlin.server` logger, which can be configured using the log4j.properties file. |false |channelizer |The fully qualified classname of the `Channelizer` implementation to use. A `Channelizer` is a "channel initializer" which Gremlin Server uses to define the type of processing pipeline to use. By allowing different `Channelizer` implementations, Gremlin Server can support different communication protocols (e.g. Websockets, Java NIO, etc.). |`WebSocketChannelizer` |graphs |A `Map` of `Graph` configuration files where the key of the `Map` becomes the name to which the `Graph` will be bound and the value is the file name of a `Graph` configuration file. |_none_ |gremlinPool |The number of "Gremlin" threads available to execute actual scripts in a `ScriptEngine`. This pool represents the workers available to handle blocking operations in Gremlin Server. When set to `0`, Gremlin Server will use the value provided by `Runtime.availableProcessors()`. |0 http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/docs/src/upgrade/release-3.2.x-incubating.asciidoc ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/gremlin-python/src/test/resources/org/apache/tinkerpop/gremlin/python/driver/gremlin-server-modern-secure-py.yaml ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/gremlin-server/conf/gremlin-server-rest-secure.yaml ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/gremlin-server/conf/gremlin-server-secure.yaml ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java ---------------------------------------------------------------------- diff --cc gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java index 53aa1fb,66c7b56..5893af7 --- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java +++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java @@@ -375,14 -384,25 +375,30 @@@ public class Settings * used to load the implementation from the classpath. Defaults to {@link AllowAllAuthenticator} when * not specified. */ + public String authenticator = null; + + /** + * The fully qualified class name of the {@link Authenticator} implementation. This class name will be + * used to load the implementation from the classpath. Defaults to {@link AllowAllAuthenticator} when + * not specified. - * @deprecated As of release 3.2.5, replaced by {@link authenticator}. ++ * @deprecated As of release 3.2.5, replaced by {@link #authenticator}. + */ + @Deprecated public String className = AllowAllAuthenticator.class.getName(); /** + * The fully qualified class name of the {@link AbstractAuthenticationHandler} implementation. + * This class name will be used to load the implementation from the classpath. + * Defaults to null when not specified. + */ + public String authenticationHandler = null; + + /** + * Enable audit logging of authenticated users and gremlin evaluation requests. + */ + public boolean enableAuditLog = false; + + /** * A {@link Map} containing {@link Authenticator} specific configurations. Consult the * {@link Authenticator} implementation for specifics on what configurations are expected. */ http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/HttpChannelizer.java ---------------------------------------------------------------------- diff --cc gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/HttpChannelizer.java index b509e2d,8884b62..f516aa7 --- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/HttpChannelizer.java +++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/HttpChannelizer.java @@@ -76,6 -79,16 +79,16 @@@ public class HttpChannelizer extends Ab pipeline.addLast("http-gremlin-handler", httpGremlinEndpointHandler); } + private AbstractAuthenticationHandler instantiateAuthenticationHandler(final Settings.AuthenticationSettings authSettings) { + final String authHandlerClass = authSettings.authenticationHandler; + if (authHandlerClass == null) { + //Keep things backwards compatible - return new HttpBasicAuthenticationHandler(authenticator); ++ return new HttpBasicAuthenticationHandler(authenticator, authSettings); + } else { + return createAuthenticationHandler(authSettings); + } + } + @Override public void finalize(final ChannelPipeline pipeline) { pipeline.remove(PIPELINE_OP_SELECTOR); http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/WebSocketChannelizer.java ---------------------------------------------------------------------- diff --cc gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/WebSocketChannelizer.java index ea59e8f,1b613a1..2fb52fe --- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/WebSocketChannelizer.java +++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/WebSocketChannelizer.java @@@ -109,4 -111,14 +111,14 @@@ public class WebSocketChannelizer exten if (authenticationHandler != null) pipeline.addLast(PIPELINE_AUTHENTICATOR, authenticationHandler); } - } + + private AbstractAuthenticationHandler instantiateAuthenticationHandler(final Settings.AuthenticationSettings authSettings) { + final String authenticationHandler = authSettings.authenticationHandler; + if (authenticationHandler == null) { + //Keep things backwards compatible - return new SaslAuthenticationHandler(authenticator); ++ return new SaslAuthenticationHandler(authenticator, authSettings); + } else { + return createAuthenticationHandler(authSettings); + } + } + } http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/HttpBasicAuthenticationHandler.java ---------------------------------------------------------------------- diff --cc gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/HttpBasicAuthenticationHandler.java index 0ff899d,2370c92..d9e452e --- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/HttpBasicAuthenticationHandler.java +++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/HttpBasicAuthenticationHandler.java @@@ -46,18 -42,12 +46,17 @@@ import static org.apache.tinkerpop.grem * * @author Stephen Mallette (http://stephen.genoprime.com) */ - public class HttpBasicAuthenticationHandler extends ChannelInboundHandlerAdapter { + public class HttpBasicAuthenticationHandler extends AbstractAuthenticationHandler { + private static final Logger logger = LoggerFactory.getLogger(HttpBasicAuthenticationHandler.class); + private static final Logger auditLogger = LoggerFactory.getLogger(GremlinServer.AUDIT_LOGGER_NAME); - private final Authenticator authenticator; + private final Settings.AuthenticationSettings authenticationSettings; private final Base64.Decoder decoder = Base64.getUrlDecoder(); - public HttpBasicAuthenticationHandler(final Authenticator authenticator) { + public HttpBasicAuthenticationHandler(final Authenticator authenticator, + final Settings.AuthenticationSettings authenticationSettings) { - this.authenticator = authenticator; + super(authenticator); + this.authenticationSettings = authenticationSettings; } @Override http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java ---------------------------------------------------------------------- diff --cc gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java index 88300fd,66bffad..76af7db --- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java +++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java @@@ -58,14 -55,9 +58,13 @@@ public class SaslAuthenticationHandler private static final Logger logger = LoggerFactory.getLogger(SaslAuthenticationHandler.class); private static final Base64.Decoder BASE64_DECODER = Base64.getDecoder(); private static final Base64.Encoder BASE64_ENCODER = Base64.getEncoder(); + private static final Logger auditLogger = LoggerFactory.getLogger(GremlinServer.AUDIT_LOGGER_NAME); - private final Authenticator authenticator; - public SaslAuthenticationHandler(final Authenticator authenticator) { + private final Settings.AuthenticationSettings authenticationSettings; + + public SaslAuthenticationHandler(final Authenticator authenticator, final Settings.AuthenticationSettings authenticationSettings) { - this.authenticator = authenticator; + super(authenticator); + this.authenticationSettings = authenticationSettings; } @Override http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerHttpIntegrateTest.java ---------------------------------------------------------------------- diff --cc gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerHttpIntegrateTest.java index 9cea2ce,b64a7b5..1c0c289 --- a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerHttpIntegrateTest.java +++ b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerHttpIntegrateTest.java @@@ -18,12 -18,10 +18,13 @@@ */ package org.apache.tinkerpop.gremlin.server; +import org.apache.tinkerpop.gremlin.driver.ser.GraphSONMessageSerializerV1d0; import org.apache.tinkerpop.gremlin.driver.ser.GraphSONMessageSerializerV2d0; +import org.apache.tinkerpop.gremlin.driver.ser.GraphSONMessageSerializerV3d0; +import org.apache.tinkerpop.gremlin.jsr223.ScriptFileGremlinPlugin; import org.apache.tinkerpop.gremlin.server.auth.SimpleAuthenticator; import org.apache.tinkerpop.gremlin.server.channel.HttpChannelizer; + import org.apache.tinkerpop.gremlin.server.handler.HttpBasicAuthenticationHandler; import org.apache.http.Consts; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpGet;