Merge branch 'tp32'
Conflicts:
docs/src/reference/gremlin-applications.asciidoc
gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/HttpChannelizer.java
gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/WebSocketChannelizer.java
gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/HttpBasicAuthenticationHandler.java
gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java
Project: http://git-wip-us.apache.org/repos/asf/tinkerpop/repo
Commit: http://git-wip-us.apache.org/repos/asf/tinkerpop/commit/960fdc11
Tree: http://git-wip-us.apache.org/repos/asf/tinkerpop/tree/960fdc11
Diff: http://git-wip-us.apache.org/repos/asf/tinkerpop/diff/960fdc11
Branch: refs/heads/master
Commit: 960fdc11399590280522189b08727e90cd9b629a
Parents: 4b9c283 021831e
Author: Stephen Mallette <sp...@genoprime.com>
Authored: Mon Apr 10 15:40:46 2017 -0400
Committer: Stephen Mallette <sp...@genoprime.com>
Committed: Mon Apr 10 15:40:46 2017 -0400
----------------------------------------------------------------------
CHANGELOG.asciidoc | 3 ++
.../src/reference/gremlin-applications.asciidoc | 7 ++--
.../upgrade/release-3.2.x-incubating.asciidoc | 10 ++++++
.../driver/gremlin-server-modern-secure-py.yaml | 2 +-
.../conf/gremlin-server-rest-secure.yaml | 4 +--
gremlin-server/conf/gremlin-server-secure.yaml | 4 +--
.../gremlin/server/AbstractChannelizer.java | 25 ++++++++++++--
.../tinkerpop/gremlin/server/Settings.java | 18 +++++++++-
.../gremlin/server/channel/HttpChannelizer.java | 15 +++++++-
.../server/channel/WebSocketChannelizer.java | 16 +++++++--
.../handler/AbstractAuthenticationHandler.java | 35 +++++++++++++++++++
.../handler/HttpBasicAuthenticationHandler.java | 5 ++-
.../handler/SaslAuthenticationHandler.java | 5 ++-
.../server/GremlinServerHttpIntegrateTest.java | 36 ++++++++++++++++++++
14 files changed, 164 insertions(+), 21 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/CHANGELOG.asciidoc
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/docs/src/reference/gremlin-applications.asciidoc
----------------------------------------------------------------------
diff --cc docs/src/reference/gremlin-applications.asciidoc
index 318f2df,851ef36..ba66f08
--- a/docs/src/reference/gremlin-applications.asciidoc
+++ b/docs/src/reference/gremlin-applications.asciidoc
@@@ -1124,9 -1072,9 +1124,10 @@@ The following table describes the vario
[width="100%",cols="3,10,^2",options="header"]
|=========================================================
|Key |Description |Default
- |authentication.className |The fully qualified classname of an
`Authenticator` implementation to use. If this setting is not present, then
authentication is effectively disabled. |`AllowAllAuthenticator`
- |authentication.enableAuditLog |The available authenticators can issue audit
logging messages, binding the authenticated user to his remote socket address
and binding requests with a gremlin query to the remote socket address. For
privacy reasons, the default value of this setting is false. The audit logging
messages are logged at the INFO level via the
`audit.org.apache.tinkerpop.gremlin.server` logger, which can be configured
using the log4j.properties file. |false
+ |authentication.authenticator |The fully qualified classname of an
`Authenticator` implementation to use. If this setting is not present, then
authentication is effectively disabled. |`AllowAllAuthenticator`
+ |authentication.authenticationHandler | The fully qualified classname of an
`AbstractAuthenticationHandler` implementation to use. If this setting is not
present, but the `authentication.authenticator` is, it will use that
authenticator with the default `AbstractAuthenticationHandler` implementation
for the specified `Channelizer` |_none_
|authentication.config |A `Map` of configuration settings to be passes to the
`Authenticator` when it is constructed. The settings available are dependent
on the implementation. |_none_
++|authentication.enableAuditLog |The available authenticators can issue audit
logging messages, binding the authenticated user to his remote socket address
and binding requests with a gremlin query to the remote socket address. For
privacy reasons, the default value of this setting is false. The audit logging
messages are logged at the INFO level via the
`audit.org.apache.tinkerpop.gremlin.server` logger, which can be configured
using the log4j.properties file. |false
|channelizer |The fully qualified classname of the `Channelizer`
implementation to use. A `Channelizer` is a "channel initializer" which
Gremlin Server uses to define the type of processing pipeline to use. By
allowing different `Channelizer` implementations, Gremlin Server can support
different communication protocols (e.g. Websockets, Java NIO, etc.).
|`WebSocketChannelizer`
|graphs |A `Map` of `Graph` configuration files where the key of the `Map`
becomes the name to which the `Graph` will be bound and the value is the file
name of a `Graph` configuration file. |_none_
|gremlinPool |The number of "Gremlin" threads available to execute actual
scripts in a `ScriptEngine`. This pool represents the workers available to
handle blocking operations in Gremlin Server. When set to `0`, Gremlin Server
will use the value provided by `Runtime.availableProcessors()`. |0
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/docs/src/upgrade/release-3.2.x-incubating.asciidoc
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/gremlin-python/src/test/resources/org/apache/tinkerpop/gremlin/python/driver/gremlin-server-modern-secure-py.yaml
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/gremlin-server/conf/gremlin-server-rest-secure.yaml
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/gremlin-server/conf/gremlin-server-secure.yaml
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
----------------------------------------------------------------------
diff --cc
gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
index 53aa1fb,66c7b56..5893af7
---
a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
+++
b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
@@@ -375,14 -384,25 +375,30 @@@ public class Settings
* used to load the implementation from the classpath. Defaults to
{@link AllowAllAuthenticator} when
* not specified.
*/
+ public String authenticator = null;
+
+ /**
+ * The fully qualified class name of the {@link Authenticator}
implementation. This class name will be
+ * used to load the implementation from the classpath. Defaults to
{@link AllowAllAuthenticator} when
+ * not specified.
- * @deprecated As of release 3.2.5, replaced by {@link authenticator}.
++ * @deprecated As of release 3.2.5, replaced by {@link
#authenticator}.
+ */
+ @Deprecated
public String className = AllowAllAuthenticator.class.getName();
/**
+ * The fully qualified class name of the {@link
AbstractAuthenticationHandler} implementation.
+ * This class name will be used to load the implementation from the
classpath.
+ * Defaults to null when not specified.
+ */
+ public String authenticationHandler = null;
+
+ /**
+ * Enable audit logging of authenticated users and gremlin evaluation
requests.
+ */
+ public boolean enableAuditLog = false;
+
+ /**
* A {@link Map} containing {@link Authenticator} specific
configurations. Consult the
* {@link Authenticator} implementation for specifics on what
configurations are expected.
*/
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/HttpChannelizer.java
----------------------------------------------------------------------
diff --cc
gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/HttpChannelizer.java
index b509e2d,8884b62..f516aa7
---
a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/HttpChannelizer.java
+++
b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/HttpChannelizer.java
@@@ -76,6 -79,16 +79,16 @@@ public class HttpChannelizer extends Ab
pipeline.addLast("http-gremlin-handler", httpGremlinEndpointHandler);
}
+ private AbstractAuthenticationHandler
instantiateAuthenticationHandler(final Settings.AuthenticationSettings
authSettings) {
+ final String authHandlerClass = authSettings.authenticationHandler;
+ if (authHandlerClass == null) {
+ //Keep things backwards compatible
- return new HttpBasicAuthenticationHandler(authenticator);
++ return new HttpBasicAuthenticationHandler(authenticator,
authSettings);
+ } else {
+ return createAuthenticationHandler(authSettings);
+ }
+ }
+
@Override
public void finalize(final ChannelPipeline pipeline) {
pipeline.remove(PIPELINE_OP_SELECTOR);
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/WebSocketChannelizer.java
----------------------------------------------------------------------
diff --cc
gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/WebSocketChannelizer.java
index ea59e8f,1b613a1..2fb52fe
---
a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/WebSocketChannelizer.java
+++
b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/channel/WebSocketChannelizer.java
@@@ -109,4 -111,14 +111,14 @@@ public class WebSocketChannelizer exten
if (authenticationHandler != null)
pipeline.addLast(PIPELINE_AUTHENTICATOR, authenticationHandler);
}
- }
+
+ private AbstractAuthenticationHandler
instantiateAuthenticationHandler(final Settings.AuthenticationSettings
authSettings) {
+ final String authenticationHandler =
authSettings.authenticationHandler;
+ if (authenticationHandler == null) {
+ //Keep things backwards compatible
- return new SaslAuthenticationHandler(authenticator);
++ return new SaslAuthenticationHandler(authenticator, authSettings);
+ } else {
+ return createAuthenticationHandler(authSettings);
+ }
+ }
+ }
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/HttpBasicAuthenticationHandler.java
----------------------------------------------------------------------
diff --cc
gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/HttpBasicAuthenticationHandler.java
index 0ff899d,2370c92..d9e452e
---
a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/HttpBasicAuthenticationHandler.java
+++
b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/HttpBasicAuthenticationHandler.java
@@@ -46,18 -42,12 +46,17 @@@ import static org.apache.tinkerpop.grem
*
* @author Stephen Mallette (http://stephen.genoprime.com)
*/
- public class HttpBasicAuthenticationHandler extends
ChannelInboundHandlerAdapter {
+ public class HttpBasicAuthenticationHandler extends
AbstractAuthenticationHandler {
+ private static final Logger logger =
LoggerFactory.getLogger(HttpBasicAuthenticationHandler.class);
+ private static final Logger auditLogger =
LoggerFactory.getLogger(GremlinServer.AUDIT_LOGGER_NAME);
- private final Authenticator authenticator;
+ private final Settings.AuthenticationSettings authenticationSettings;
private final Base64.Decoder decoder = Base64.getUrlDecoder();
- public HttpBasicAuthenticationHandler(final Authenticator authenticator) {
+ public HttpBasicAuthenticationHandler(final Authenticator authenticator,
+ final
Settings.AuthenticationSettings authenticationSettings) {
- this.authenticator = authenticator;
+ super(authenticator);
+ this.authenticationSettings = authenticationSettings;
}
@Override
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java
----------------------------------------------------------------------
diff --cc
gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java
index 88300fd,66bffad..76af7db
---
a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java
+++
b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java
@@@ -58,14 -55,9 +58,13 @@@ public class SaslAuthenticationHandler
private static final Logger logger =
LoggerFactory.getLogger(SaslAuthenticationHandler.class);
private static final Base64.Decoder BASE64_DECODER = Base64.getDecoder();
private static final Base64.Encoder BASE64_ENCODER = Base64.getEncoder();
+ private static final Logger auditLogger =
LoggerFactory.getLogger(GremlinServer.AUDIT_LOGGER_NAME);
- private final Authenticator authenticator;
- public SaslAuthenticationHandler(final Authenticator authenticator) {
+ private final Settings.AuthenticationSettings authenticationSettings;
+
+ public SaslAuthenticationHandler(final Authenticator authenticator, final
Settings.AuthenticationSettings authenticationSettings) {
- this.authenticator = authenticator;
+ super(authenticator);
+ this.authenticationSettings = authenticationSettings;
}
@Override
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/960fdc11/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerHttpIntegrateTest.java
----------------------------------------------------------------------
diff --cc
gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerHttpIntegrateTest.java
index 9cea2ce,b64a7b5..1c0c289
---
a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerHttpIntegrateTest.java
+++
b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerHttpIntegrateTest.java
@@@ -18,12 -18,10 +18,13 @@@
*/
package org.apache.tinkerpop.gremlin.server;
+import org.apache.tinkerpop.gremlin.driver.ser.GraphSONMessageSerializerV1d0;
import org.apache.tinkerpop.gremlin.driver.ser.GraphSONMessageSerializerV2d0;
+import org.apache.tinkerpop.gremlin.driver.ser.GraphSONMessageSerializerV3d0;
+import org.apache.tinkerpop.gremlin.jsr223.ScriptFileGremlinPlugin;
import org.apache.tinkerpop.gremlin.server.auth.SimpleAuthenticator;
import org.apache.tinkerpop.gremlin.server.channel.HttpChannelizer;
+ import
org.apache.tinkerpop.gremlin.server.handler.HttpBasicAuthenticationHandler;
import org.apache.http.Consts;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
