http://git-wip-us.apache.org/repos/asf/zeppelin/blob/55f6c91c/zeppelin-plugins/notebookrepo/s3/src/main/java/org/apache/zeppelin/notebook/repo/S3NotebookRepo.java ---------------------------------------------------------------------- diff --git a/zeppelin-plugins/notebookrepo/s3/src/main/java/org/apache/zeppelin/notebook/repo/S3NotebookRepo.java b/zeppelin-plugins/notebookrepo/s3/src/main/java/org/apache/zeppelin/notebook/repo/S3NotebookRepo.java index 364943c..21363d8 100644 --- a/zeppelin-plugins/notebookrepo/s3/src/main/java/org/apache/zeppelin/notebook/repo/S3NotebookRepo.java +++ b/zeppelin-plugins/notebookrepo/s3/src/main/java/org/apache/zeppelin/notebook/repo/S3NotebookRepo.java @@ -17,6 +17,26 @@ package org.apache.zeppelin.notebook.repo; +import com.amazonaws.AmazonClientException; +import com.amazonaws.ClientConfiguration; +import com.amazonaws.ClientConfigurationFactory; +import com.amazonaws.auth.AWSCredentialsProvider; +import com.amazonaws.auth.DefaultAWSCredentialsProviderChain; +import com.amazonaws.regions.Region; +import com.amazonaws.regions.Regions; +import com.amazonaws.services.s3.AmazonS3; +import com.amazonaws.services.s3.AmazonS3Client; +import com.amazonaws.services.s3.AmazonS3EncryptionClient; +import com.amazonaws.services.s3.model.CryptoConfiguration; +import com.amazonaws.services.s3.model.EncryptionMaterialsProvider; +import com.amazonaws.services.s3.model.GetObjectRequest; +import com.amazonaws.services.s3.model.KMSEncryptionMaterialsProvider; +import com.amazonaws.services.s3.model.ListObjectsRequest; +import com.amazonaws.services.s3.model.ObjectListing; +import com.amazonaws.services.s3.model.ObjectMetadata; +import com.amazonaws.services.s3.model.PutObjectRequest; +import com.amazonaws.services.s3.model.S3Object; +import com.amazonaws.services.s3.model.S3ObjectSummary; import java.io.File; import java.io.FileOutputStream; import java.io.IOException; @@ -27,7 +47,6 @@ import java.util.Collections; import java.util.LinkedList; import java.util.List; import java.util.Map; - import org.apache.commons.io.FileUtils; import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.StringUtils; @@ -35,36 +54,11 @@ import org.apache.zeppelin.conf.ZeppelinConfiguration; import org.apache.zeppelin.conf.ZeppelinConfiguration.ConfVars; import org.apache.zeppelin.notebook.Note; import org.apache.zeppelin.notebook.NoteInfo; -import org.apache.zeppelin.notebook.Paragraph; -import org.apache.zeppelin.scheduler.Job.Status; import org.apache.zeppelin.user.AuthenticationInfo; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import com.amazonaws.AmazonClientException; -import com.amazonaws.ClientConfiguration; -import com.amazonaws.ClientConfigurationFactory; -import com.amazonaws.auth.AWSCredentialsProvider; -import com.amazonaws.auth.DefaultAWSCredentialsProviderChain; -import com.amazonaws.services.s3.AmazonS3; -import com.amazonaws.services.s3.AmazonS3Client; -import com.amazonaws.services.s3.AmazonS3EncryptionClient; -import com.amazonaws.services.s3.model.CryptoConfiguration; -import com.amazonaws.services.s3.model.EncryptionMaterialsProvider; -import com.amazonaws.services.s3.model.GetObjectRequest; -import com.amazonaws.services.s3.model.KMSEncryptionMaterialsProvider; -import com.amazonaws.services.s3.model.ListObjectsRequest; -import com.amazonaws.services.s3.model.ObjectListing; -import com.amazonaws.services.s3.model.ObjectMetadata; -import com.amazonaws.services.s3.model.PutObjectRequest; -import com.amazonaws.regions.Region; -import com.amazonaws.regions.Regions; -import com.amazonaws.services.s3.model.S3Object; -import com.amazonaws.services.s3.model.S3ObjectSummary; - -/** - * Backend for storing Notebooks on S3 - */ +/** Backend for storing Notebooks on S3 */ public class S3NotebookRepo implements NotebookRepo { private static final Logger LOG = LoggerFactory.getLogger(S3NotebookRepo.class); @@ -88,9 +82,7 @@ public class S3NotebookRepo implements NotebookRepo { private boolean useServerSideEncryption; private ZeppelinConfiguration conf; - public S3NotebookRepo() { - - } + public S3NotebookRepo() {} public void init(ZeppelinConfiguration conf) throws IOException { this.conf = conf; @@ -108,20 +100,18 @@ public class S3NotebookRepo implements NotebookRepo { } ClientConfiguration cliConf = createClientConfiguration(); - + // see if we should be encrypting data in S3 String kmsKeyID = conf.getS3KMSKeyID(); if (kmsKeyID != null) { // use the AWS KMS to encrypt data KMSEncryptionMaterialsProvider emp = new KMSEncryptionMaterialsProvider(kmsKeyID); this.s3client = new AmazonS3EncryptionClient(credentialsProvider, emp, cliConf, cryptoConf); - } - else if (conf.getS3EncryptionMaterialsProviderClass() != null) { + } else if (conf.getS3EncryptionMaterialsProviderClass() != null) { // use a custom encryption materials provider class EncryptionMaterialsProvider emp = createCustomProvider(conf); this.s3client = new AmazonS3EncryptionClient(credentialsProvider, emp, cliConf, cryptoConf); - } - else { + } else { // regular S3 this.s3client = new AmazonS3Client(credentialsProvider, cliConf); } @@ -131,8 +121,8 @@ public class S3NotebookRepo implements NotebookRepo { } /** - * Create an instance of a custom encryption materials provider class - * which supplies encryption keys to use when reading/writing data in S3. + * Create an instance of a custom encryption materials provider class which supplies encryption + * keys to use when reading/writing data in S3. */ private EncryptionMaterialsProvider createCustomProvider(ZeppelinConfiguration conf) throws IOException { @@ -143,15 +133,17 @@ public class S3NotebookRepo implements NotebookRepo { Object empInstance = Class.forName(empClassname).newInstance(); if (empInstance instanceof EncryptionMaterialsProvider) { emp = (EncryptionMaterialsProvider) empInstance; - } - else { - throw new IOException("Class " + empClassname + " does not implement " + } else { + throw new IOException( + "Class " + + empClassname + + " does not implement " + EncryptionMaterialsProvider.class.getName()); } - } - catch (Exception e) { - throw new IOException("Unable to instantiate encryption materials provider class " - + empClassname + ": " + e, e); + } catch (Exception e) { + throw new IOException( + "Unable to instantiate encryption materials provider class " + empClassname + ": " + e, + e); } return emp; @@ -159,6 +151,7 @@ public class S3NotebookRepo implements NotebookRepo { /** * Create AWS client configuration and return it. + * * @return AWS client configuration */ private ClientConfiguration createClientConfiguration() { @@ -178,9 +171,8 @@ public class S3NotebookRepo implements NotebookRepo { List<NoteInfo> infos = new LinkedList<>(); NoteInfo info; try { - ListObjectsRequest listObjectsRequest = new ListObjectsRequest() - .withBucketName(bucketName) - .withPrefix(user + "/" + "notebook"); + ListObjectsRequest listObjectsRequest = + new ListObjectsRequest().withBucketName(bucketName).withPrefix(user + "/" + "notebook"); ObjectListing objectListing; do { objectListing = s3client.listObjects(listObjectsRequest); @@ -204,8 +196,7 @@ public class S3NotebookRepo implements NotebookRepo { S3Object s3object; try { s3object = s3client.getObject(new GetObjectRequest(bucketName, key)); - } - catch (AmazonClientException ace) { + } catch (AmazonClientException ace) { throw new IOException("Unable to retrieve object from S3: " + ace, ace); } @@ -246,11 +237,9 @@ public class S3NotebookRepo implements NotebookRepo { } s3client.putObject(putRequest); - } - catch (AmazonClientException ace) { + } catch (AmazonClientException ace) { throw new IOException("Unable to store note in S3: " + ace, ace); - } - finally { + } finally { FileUtils.deleteQuietly(file); } } @@ -258,8 +247,8 @@ public class S3NotebookRepo implements NotebookRepo { @Override public void remove(String noteId, AuthenticationInfo subject) throws IOException { String key = user + "/" + "notebook" + "/" + noteId; - final ListObjectsRequest listObjectsRequest = new ListObjectsRequest() - .withBucketName(bucketName).withPrefix(key); + final ListObjectsRequest listObjectsRequest = + new ListObjectsRequest().withBucketName(bucketName).withPrefix(key); try { ObjectListing objects = s3client.listObjects(listObjectsRequest); @@ -269,15 +258,14 @@ public class S3NotebookRepo implements NotebookRepo { } objects = s3client.listNextBatchOfObjects(objects); } while (objects.isTruncated()); - } - catch (AmazonClientException ace) { + } catch (AmazonClientException ace) { throw new IOException("Unable to remove note in S3: " + ace, ace); } } @Override public void close() { - //no-op + // no-op } @Override @@ -290,5 +278,4 @@ public class S3NotebookRepo implements NotebookRepo { public void updateSettings(Map<String, String> settings, AuthenticationInfo subject) { LOG.warn("Method not implemented"); } - }
http://git-wip-us.apache.org/repos/asf/zeppelin/blob/55f6c91c/zeppelin-plugins/notebookrepo/vfs/src/main/java/org/apache/zeppelin/notebook/repo/VFSNotebookRepo.java ---------------------------------------------------------------------- diff --git a/zeppelin-plugins/notebookrepo/vfs/src/main/java/org/apache/zeppelin/notebook/repo/VFSNotebookRepo.java b/zeppelin-plugins/notebookrepo/vfs/src/main/java/org/apache/zeppelin/notebook/repo/VFSNotebookRepo.java index 4294b86..8577554 100644 --- a/zeppelin-plugins/notebookrepo/vfs/src/main/java/org/apache/zeppelin/notebook/repo/VFSNotebookRepo.java +++ b/zeppelin-plugins/notebookrepo/vfs/src/main/java/org/apache/zeppelin/notebook/repo/VFSNotebookRepo.java @@ -17,7 +17,6 @@ package org.apache.zeppelin.notebook.repo; -import com.google.common.collect.Lists; import java.io.File; import java.io.IOException; import java.io.InputStream; @@ -46,9 +45,7 @@ import org.apache.zeppelin.user.AuthenticationInfo; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -/** -* -*/ +/** */ public class VFSNotebookRepo implements NotebookRepo { private static final Logger LOG = LoggerFactory.getLogger(VFSNotebookRepo.class); @@ -56,9 +53,7 @@ public class VFSNotebookRepo implements NotebookRepo { private URI filesystemRoot; protected ZeppelinConfiguration conf; - public VFSNotebookRepo() { - - } + public VFSNotebookRepo() {} @Override public void init(ZeppelinConfiguration conf) throws IOException { @@ -162,7 +157,7 @@ public class VFSNotebookRepo implements NotebookRepo { if (!noteJson.exists()) { throw new IOException(noteJson.getName().toString() + " not found"); } - + FileContent content = noteJson.getContent(); InputStream ins = content.getInputStream(); String json = IOUtils.toString(ins, conf.getString(ConfVars.ZEPPELIN_ENCODING)); @@ -242,7 +237,7 @@ public class VFSNotebookRepo implements NotebookRepo { @Override public void close() { - //no-op + // no-op } @Override @@ -273,14 +268,15 @@ public class VFSNotebookRepo implements NotebookRepo { LOG.error("Notebook path is invalid"); return; } - LOG.warn("{} will change notebook dir from {} to {}", - subject.getUser(), getNotebookDirPath(), newNotebookDirectotyPath); + LOG.warn( + "{} will change notebook dir from {} to {}", + subject.getUser(), + getNotebookDirPath(), + newNotebookDirectotyPath); try { setNotebookDirectory(newNotebookDirectotyPath); } catch (IOException e) { LOG.error("Cannot update notebook directory", e); } } - } - http://git-wip-us.apache.org/repos/asf/zeppelin/blob/55f6c91c/zeppelin-plugins/notebookrepo/vfs/src/test/java/org/apache/zeppelin/notebook/repo/TestVFSNotebookRepo.java ---------------------------------------------------------------------- diff --git a/zeppelin-plugins/notebookrepo/vfs/src/test/java/org/apache/zeppelin/notebook/repo/TestVFSNotebookRepo.java b/zeppelin-plugins/notebookrepo/vfs/src/test/java/org/apache/zeppelin/notebook/repo/TestVFSNotebookRepo.java index 452adc0..72aaf74 100644 --- a/zeppelin-plugins/notebookrepo/vfs/src/test/java/org/apache/zeppelin/notebook/repo/TestVFSNotebookRepo.java +++ b/zeppelin-plugins/notebookrepo/vfs/src/test/java/org/apache/zeppelin/notebook/repo/TestVFSNotebookRepo.java @@ -17,7 +17,13 @@ package org.apache.zeppelin.notebook.repo; +import static org.junit.Assert.assertEquals; + import com.google.common.collect.ImmutableMap; +import java.io.File; +import java.io.IOException; +import java.util.List; +import java.util.Map; import org.apache.commons.io.FileUtils; import org.apache.zeppelin.conf.ZeppelinConfiguration; import org.apache.zeppelin.notebook.Note; @@ -27,13 +33,6 @@ import org.junit.After; import org.junit.Before; import org.junit.Test; -import java.io.File; -import java.io.IOException; -import java.util.List; -import java.util.Map; - -import static org.junit.Assert.assertEquals; - public class TestVFSNotebookRepo { private ZeppelinConfiguration zConf; @@ -44,7 +43,8 @@ public class TestVFSNotebookRepo { public void setUp() throws IOException { notebookRepo = new VFSNotebookRepo(); FileUtils.forceMkdir(new File(notebookDir)); - System.setProperty(ZeppelinConfiguration.ConfVars.ZEPPELIN_NOTEBOOK_DIR.getVarName(), notebookDir); + System.setProperty( + ZeppelinConfiguration.ConfVars.ZEPPELIN_NOTEBOOK_DIR.getVarName(), notebookDir); zConf = new ZeppelinConfiguration(); notebookRepo.init(zConf); } @@ -91,7 +91,8 @@ public class TestVFSNotebookRepo { @Test public void testUpdateSettings() throws IOException { - List<NotebookRepoSettingsInfo> repoSettings = notebookRepo.getSettings(AuthenticationInfo.ANONYMOUS); + List<NotebookRepoSettingsInfo> repoSettings = + notebookRepo.getSettings(AuthenticationInfo.ANONYMOUS); assertEquals(1, repoSettings.size()); NotebookRepoSettingsInfo settingInfo = repoSettings.get(0); assertEquals("Notebook Path", settingInfo.name); http://git-wip-us.apache.org/repos/asf/zeppelin/blob/55f6c91c/zeppelin-plugins/notebookrepo/zeppelin-hub/src/main/java/org/apache/zeppelin/notebook/repo/zeppelinhub/ZeppelinHubRepo.java ---------------------------------------------------------------------- diff --git a/zeppelin-plugins/notebookrepo/zeppelin-hub/src/main/java/org/apache/zeppelin/notebook/repo/zeppelinhub/ZeppelinHubRepo.java b/zeppelin-plugins/notebookrepo/zeppelin-hub/src/main/java/org/apache/zeppelin/notebook/repo/zeppelinhub/ZeppelinHubRepo.java index 9dd9fbf..adc54a1 100644 --- a/zeppelin-plugins/notebookrepo/zeppelin-hub/src/main/java/org/apache/zeppelin/notebook/repo/zeppelinhub/ZeppelinHubRepo.java +++ b/zeppelin-plugins/notebookrepo/zeppelin-hub/src/main/java/org/apache/zeppelin/notebook/repo/zeppelinhub/ZeppelinHubRepo.java @@ -16,22 +16,26 @@ */ package org.apache.zeppelin.notebook.repo.zeppelinhub; +import com.google.common.base.Joiner; +import com.google.common.collect.ImmutableMap; +import com.google.common.collect.Lists; +import com.google.gson.Gson; +import com.google.gson.reflect.TypeToken; import java.io.IOException; import java.net.URI; import java.net.URISyntaxException; import java.util.Collections; import java.util.List; import java.util.Map; - import org.apache.commons.lang.StringUtils; import org.apache.zeppelin.conf.ZeppelinConfiguration; import org.apache.zeppelin.notebook.Note; import org.apache.zeppelin.notebook.NoteInfo; -import org.apache.zeppelin.notebook.repo.NotebookRepoWithVersionControl; import org.apache.zeppelin.notebook.repo.NotebookRepoSettingsInfo; +import org.apache.zeppelin.notebook.repo.NotebookRepoWithVersionControl; import org.apache.zeppelin.notebook.repo.zeppelinhub.model.Instance; -import org.apache.zeppelin.notebook.repo.zeppelinhub.model.UserTokenContainer; import org.apache.zeppelin.notebook.repo.zeppelinhub.model.UserSessionContainer; +import org.apache.zeppelin.notebook.repo.zeppelinhub.model.UserTokenContainer; import org.apache.zeppelin.notebook.repo.zeppelinhub.rest.ZeppelinhubRestApiHandler; import org.apache.zeppelin.notebook.repo.zeppelinhub.websocket.Client; import org.apache.zeppelin.notebook.repo.zeppelinhub.websocket.utils.ZeppelinhubUtils; @@ -39,15 +43,7 @@ import org.apache.zeppelin.user.AuthenticationInfo; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import com.google.common.base.Joiner; -import com.google.common.collect.ImmutableMap; -import com.google.common.collect.Lists; -import com.google.gson.Gson; -import com.google.gson.reflect.TypeToken; - -/** - * ZeppelinHub repo class. - */ +/** ZeppelinHub repo class. */ public class ZeppelinHubRepo implements NotebookRepoWithVersionControl { private static final Logger LOG = LoggerFactory.getLogger(ZeppelinHubRepo.class); private static final String DEFAULT_SERVER = "https://www.zeppelinhub.com";; @@ -61,12 +57,10 @@ public class ZeppelinHubRepo implements NotebookRepoWithVersionControl { private String token; private ZeppelinhubRestApiHandler restApiClient; - - private ZeppelinConfiguration conf; - public ZeppelinHubRepo() { + private ZeppelinConfiguration conf; - } + public ZeppelinHubRepo() {} public ZeppelinHubRepo(ZeppelinConfiguration conf) { this(); @@ -80,11 +74,12 @@ public class ZeppelinHubRepo implements NotebookRepoWithVersionControl { token = conf.getString("ZEPPELINHUB_API_TOKEN", ZEPPELIN_CONF_PROP_NAME_TOKEN, ""); restApiClient = ZeppelinhubRestApiHandler.newInstance(zeppelinHubUrl); - //TODO(khalid): check which realm for authentication, pass to token manager + // TODO(khalid): check which realm for authentication, pass to token manager tokenManager = UserTokenContainer.init(restApiClient, token); - websocketClient = Client.initialize(getZeppelinWebsocketUri(conf), - getZeppelinhubWebsocketUri(conf), token, conf); + websocketClient = + Client.initialize( + getZeppelinWebsocketUri(conf), getZeppelinhubWebsocketUri(conf), token, conf); websocketClient.start(); } @@ -97,8 +92,10 @@ public class ZeppelinHubRepo implements NotebookRepoWithVersionControl { } if (scheme == null) { - LOG.info("{} is not a valid zeppelinhub server address. proceed with default address {}", - apiRoot, DEFAULT_SERVER); + LOG.info( + "{} is not a valid zeppelinhub server address. proceed with default address {}", + apiRoot, + DEFAULT_SERVER); apiRoot = new URI(DEFAULT_SERVER); scheme = apiRoot.getScheme(); port = apiRoot.getPort(); @@ -113,8 +110,11 @@ public class ZeppelinHubRepo implements NotebookRepoWithVersionControl { String getZeppelinhubWebsocketUri(ZeppelinConfiguration conf) { String zeppelinHubUri = StringUtils.EMPTY; try { - zeppelinHubUri = getZeppelinHubWsUri(new URI(conf.getString("ZEPPELINHUB_API_ADDRESS", - ZEPPELIN_CONF_PROP_NAME_SERVER, DEFAULT_SERVER))); + zeppelinHubUri = + getZeppelinHubWsUri( + new URI( + conf.getString( + "ZEPPELINHUB_API_ADDRESS", ZEPPELIN_CONF_PROP_NAME_SERVER, DEFAULT_SERVER))); } catch (URISyntaxException e) { LOG.error("Cannot get ZeppelinHub URI", e); } @@ -143,9 +143,8 @@ public class ZeppelinHubRepo implements NotebookRepoWithVersionControl { URI apiRoot; String zeppelinhubUrl; try { - String url = conf.getString("ZEPPELINHUB_API_ADDRESS", - ZEPPELIN_CONF_PROP_NAME_SERVER, - DEFAULT_SERVER); + String url = + conf.getString("ZEPPELINHUB_API_ADDRESS", ZEPPELIN_CONF_PROP_NAME_SERVER, DEFAULT_SERVER); apiRoot = new URI(url); } catch (URISyntaxException e) { LOG.error("Invalid zeppelinhub url, using default address {}", DEFAULT_SERVER, e); @@ -154,8 +153,10 @@ public class ZeppelinHubRepo implements NotebookRepoWithVersionControl { String scheme = apiRoot.getScheme(); if (scheme == null) { - LOG.info("{} is not a valid zeppelinhub server address. proceed with default address {}", - apiRoot, DEFAULT_SERVER); + LOG.info( + "{} is not a valid zeppelinhub server address. proceed with default address {}", + apiRoot, + DEFAULT_SERVER); zeppelinhubUrl = DEFAULT_SERVER; } else { zeppelinhubUrl = scheme + "://" + apiRoot.getHost(); @@ -172,7 +173,7 @@ public class ZeppelinHubRepo implements NotebookRepoWithVersionControl { } return (subject.isAnonymous() && !conf.isAnonymousAllowed()) ? false : true; } - + @Override public List<NoteInfo> list(AuthenticationInfo subject) throws IOException { if (!isSubjectValid(subject)) { @@ -238,7 +239,7 @@ public class ZeppelinHubRepo implements NotebookRepoWithVersionControl { } String endpoint = Joiner.on("/").join(noteId, "checkpoint"); String content = GSON.toJson(ImmutableMap.of("message", checkpointMsg)); - + String token = getUserToken(subject.getUser()); String response = restApiClient.putWithResponseBody(token, endpoint, content); @@ -272,13 +273,13 @@ public class ZeppelinHubRepo implements NotebookRepoWithVersionControl { try { String token = getUserToken(subject.getUser()); String response = restApiClient.get(token, endpoint); - history = GSON.fromJson(response, new TypeToken<List<Revision>>(){}.getType()); + history = GSON.fromJson(response, new TypeToken<List<Revision>>() {}.getType()); } catch (IOException e) { LOG.error("Cannot get note history", e); } return history; } - + private String getUserToken(String user) { return tokenManager.getUserToken(user); } @@ -299,13 +300,14 @@ public class ZeppelinHubRepo implements NotebookRepoWithVersionControl { try { instances = tokenManager.getUserInstances(zeppelinHubUserSession); } catch (IOException e) { - LOG.warn("Couldnt find instances for the session {}, returning empty collection", + LOG.warn( + "Couldnt find instances for the session {}, returning empty collection", zeppelinHubUserSession); // user not logged - //TODO(xxx): handle this case. + // TODO(xxx): handle this case. instances = Collections.emptyList(); } - + NotebookRepoSettingsInfo repoSetting = NotebookRepoSettingsInfo.newInstance(); repoSetting.type = NotebookRepoSettingsInfo.Type.DROPDOWN; for (Instance instance : instances) { @@ -381,5 +383,4 @@ public class ZeppelinHubRepo implements NotebookRepoWithVersionControl { // Auto-generated method stub return null; } - } http://git-wip-us.apache.org/repos/asf/zeppelin/blob/55f6c91c/zeppelin-server/pom.xml ---------------------------------------------------------------------- diff --git a/zeppelin-server/pom.xml b/zeppelin-server/pom.xml index 4eaedb2..d30060d 100644 --- a/zeppelin-server/pom.xml +++ b/zeppelin-server/pom.xml @@ -445,14 +445,6 @@ <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-dependency-plugin</artifactId> </plugin> - - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-checkstyle-plugin</artifactId> - <configuration> - <skip>false</skip> - </configuration> - </plugin> </plugins> </build> http://git-wip-us.apache.org/repos/asf/zeppelin/blob/55f6c91c/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java ---------------------------------------------------------------------- diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java index 41d9f5d..7d7d56b 100644 --- a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java +++ b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java @@ -16,7 +16,23 @@ */ package org.apache.zeppelin.realm; +import java.util.ArrayList; +import java.util.Collection; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; import java.util.LinkedHashMap; +import java.util.LinkedHashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; +import javax.naming.NamingEnumeration; +import javax.naming.NamingException; +import javax.naming.directory.Attribute; +import javax.naming.directory.Attributes; +import javax.naming.directory.SearchControls; +import javax.naming.directory.SearchResult; +import javax.naming.ldap.LdapContext; import org.apache.commons.lang.StringUtils; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; @@ -34,29 +50,10 @@ import org.apache.shiro.subject.PrincipalCollection; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import java.util.ArrayList; -import java.util.Collection; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Iterator; -import java.util.LinkedHashSet; -import java.util.List; -import java.util.Map; -import java.util.Set; - -import javax.naming.NamingEnumeration; -import javax.naming.NamingException; -import javax.naming.directory.Attribute; -import javax.naming.directory.Attributes; -import javax.naming.directory.SearchControls; -import javax.naming.directory.SearchResult; -import javax.naming.ldap.LdapContext; - /** - * A {@link org.apache.shiro.realm.Realm} that authenticates with an active directory LDAP - * server to determine the roles for a particular user. This implementation - * queries for the user's groups and then maps the group names to roles using the - * {@link #groupRolesMap}. + * A {@link org.apache.shiro.realm.Realm} that authenticates with an active directory LDAP server to + * determine the roles for a particular user. This implementation queries for the user's groups and + * then maps the group names to roles using the {@link #groupRolesMap}. * * @since 0.1 */ @@ -73,9 +70,9 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm { } /** - * Mapping from fully qualified active directory - * group names (e.g. CN=Group,OU=Company,DC=MyDomain,DC=local) - * as returned by the active directory LDAP server to role names. + * Mapping from fully qualified active directory group names (e.g. + * CN=Group,OU=Company,DC=MyDomain,DC=local) as returned by the active directory LDAP server to + * role names. */ private Map<String, String> groupRolesMap = new LinkedHashMap<>(); @@ -109,10 +106,10 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm { } protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) - throws AuthenticationException { + throws AuthenticationException { try { - AuthenticationInfo info = this.queryForAuthenticationInfo(token, - this.getLdapContextFactory()); + AuthenticationInfo info = + this.queryForAuthenticationInfo(token, this.getLdapContextFactory()); return info; } catch (javax.naming.AuthenticationException var5) { throw new AuthenticationException("LDAP authentication failed.", var5); @@ -124,12 +121,15 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm { protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { try { - AuthorizationInfo info = this.queryForAuthorizationInfo(principals, - this.getLdapContextFactory()); + AuthorizationInfo info = + this.queryForAuthorizationInfo(principals, this.getLdapContextFactory()); return info; } catch (NamingException var5) { - String msg = "LDAP naming error while attempting to " + - "retrieve authorization for user [" + principals + "]."; + String msg = + "LDAP naming error while attempting to " + + "retrieve authorization for user [" + + principals + + "]."; throw new AuthorizationException(msg, var5); } } @@ -146,18 +146,18 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm { /** * Builds an {@link AuthenticationInfo} object by querying the active directory LDAP context for - * the specified username. This method binds to the LDAP server using the provided username - * and password - which if successful, indicates that the password is correct. - * <p/> - * This method can be overridden by subclasses to query the LDAP server in a more complex way. + * the specified username. This method binds to the LDAP server using the provided username and + * password - which if successful, indicates that the password is correct. * - * @param token the authentication token provided by the user. + * <p>This method can be overridden by subclasses to query the LDAP server in a more complex way. + * + * @param token the authentication token provided by the user. * @param ldapContextFactory the factory used to build connections to the LDAP server. * @return an {@link AuthenticationInfo} instance containing information retrieved from LDAP. * @throws NamingException if any LDAP errors occur during the search. */ - protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token, - LdapContextFactory ldapContextFactory) throws NamingException { + protected AuthenticationInfo queryForAuthenticationInfo( + AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException { UsernamePasswordToken upToken = (UsernamePasswordToken) token; // Binds using the username and password provided by the user. @@ -170,8 +170,7 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm { if (this.principalSuffix != null && userPrincipalName.indexOf('@') < 0) { userPrincipalName = upToken.getUsername() + this.principalSuffix; } - ctx = ldapContextFactory.getLdapContext( - userPrincipalName, upToken.getPassword()); + ctx = ldapContextFactory.getLdapContext(userPrincipalName, upToken.getPassword()); } finally { LdapUtils.closeContext(ctx); } @@ -202,22 +201,23 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm { /** * Builds an {@link org.apache.shiro.authz.AuthorizationInfo} object by querying the active - * directory LDAP context for the groups that a user is a member of. The groups are then + * directory LDAP context for the groups that a user is a member of. The groups are then * translated to role names by using the configured {@link #groupRolesMap}. - * <p/> - * This implementation expects the <tt>principal</tt> argument to be a String username. - * <p/> - * Subclasses can override this method to determine authorization data (roles, permissions, etc) - * in a more complex way. Note that this default implementation does not support permissions, + * + * <p>This implementation expects the <tt>principal</tt> argument to be a String username. + * + * <p>Subclasses can override this method to determine authorization data (roles, permissions, + * etc) in a more complex way. Note that this default implementation does not support permissions, * only roles. * - * @param principals the principal of the Subject whose account is being retrieved. + * @param principals the principal of the Subject whose account is being retrieved. * @param ldapContextFactory the factory used to create LDAP connections. * @return the AuthorizationInfo for the given Subject principal. * @throws NamingException if an error occurs when searching the LDAP server. */ - protected AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principals, - LdapContextFactory ldapContextFactory) throws NamingException { + protected AuthorizationInfo queryForAuthorizationInfo( + PrincipalCollection principals, LdapContextFactory ldapContextFactory) + throws NamingException { String username = (String) getAvailablePrincipal(principals); // Perform context search @@ -238,9 +238,8 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm { return new SimpleAuthorizationInfo(roleNames); } - public List<String> searchForUserName(String containString, LdapContext ldapContext, - int numUsersToFetch) - throws NamingException { + public List<String> searchForUserName( + String containString, LdapContext ldapContext, int numUsersToFetch) throws NamingException { List<String> userNameList = new ArrayList<>(); SearchControls searchCtls = new SearchControls(); @@ -248,10 +247,10 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm { searchCtls.setCountLimit(numUsersToFetch); String searchFilter = "(&(objectClass=*)(userPrincipalName=*" + containString + "*))"; - Object[] searchArguments = new Object[]{containString}; + Object[] searchArguments = new Object[] {containString}; - NamingEnumeration answer = ldapContext.search(searchBase, searchFilter, searchArguments, - searchCtls); + NamingEnumeration answer = + ldapContext.search(searchBase, searchFilter, searchArguments, searchCtls); while (answer.hasMoreElements()) { SearchResult sr = (SearchResult) answer.next(); @@ -285,7 +284,7 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm { } private Set<String> getRoleNamesForUser(String username, LdapContext ldapContext) - throws NamingException { + throws NamingException { Set<String> roleNames = new LinkedHashSet<>(); SearchControls searchCtls = new SearchControls(); @@ -296,10 +295,10 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm { } String searchFilter = "(&(objectClass=*)(userPrincipalName=" + userPrincipalName + "))"; - Object[] searchArguments = new Object[]{userPrincipalName}; + Object[] searchArguments = new Object[] {userPrincipalName}; - NamingEnumeration answer = ldapContext.search(searchBase, searchFilter, searchArguments, - searchCtls); + NamingEnumeration answer = + ldapContext.search(searchBase, searchFilter, searchArguments, searchCtls); while (answer.hasMoreElements()) { SearchResult sr = (SearchResult) answer.next(); @@ -334,7 +333,7 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm { /** * This method is called by the default implementation to translate Active Directory group names - * to role names. This implementation uses the {@link #groupRolesMap} to map group names to role + * to role names. This implementation uses the {@link #groupRolesMap} to map group names to role * names. * * @param groupNames the group names that apply to the current user. @@ -350,12 +349,11 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm { for (String roleName : strRoleNames.split(ROLE_NAMES_DELIMETER)) { if (log.isDebugEnabled()) { - log.debug("User is member of group [" + groupName + "] so adding role [" + - roleName + "]"); + log.debug( + "User is member of group [" + groupName + "] so adding role [" + roleName + "]"); } roleNames.add(roleName); - } } } http://git-wip-us.apache.org/repos/asf/zeppelin/blob/55f6c91c/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapGroupRealm.java ---------------------------------------------------------------------- diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapGroupRealm.java b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapGroupRealm.java index cdc2c22..06924dd 100644 --- a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapGroupRealm.java +++ b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapGroupRealm.java @@ -16,18 +16,9 @@ */ package org.apache.zeppelin.realm; -import org.apache.shiro.authz.AuthorizationInfo; -import org.apache.shiro.authz.SimpleAuthorizationInfo; -import org.apache.shiro.realm.ldap.JndiLdapRealm; -import org.apache.shiro.realm.ldap.LdapContextFactory; -import org.apache.shiro.subject.PrincipalCollection; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - import java.util.HashSet; import java.util.LinkedHashSet; import java.util.Set; - import javax.naming.NamingEnumeration; import javax.naming.NamingException; import javax.naming.directory.Attribute; @@ -35,23 +26,29 @@ import javax.naming.directory.Attributes; import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; import javax.naming.ldap.LdapContext; +import org.apache.shiro.authz.AuthorizationInfo; +import org.apache.shiro.authz.SimpleAuthorizationInfo; +import org.apache.shiro.realm.ldap.JndiLdapRealm; +import org.apache.shiro.realm.ldap.LdapContextFactory; +import org.apache.shiro.subject.PrincipalCollection; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; -/** - * Created for org.apache.zeppelin.server. - */ +/** Created for org.apache.zeppelin.server. */ public class LdapGroupRealm extends JndiLdapRealm { private static final Logger LOG = LoggerFactory.getLogger(LdapGroupRealm.class); - public AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principals, - LdapContextFactory ldapContextFactory) throws NamingException { + public AuthorizationInfo queryForAuthorizationInfo( + PrincipalCollection principals, LdapContextFactory ldapContextFactory) + throws NamingException { String username = (String) getAvailablePrincipal(principals); LdapContext ldapContext = ldapContextFactory.getSystemLdapContext(); Set<String> roleNames = getRoleNamesForUser(username, ldapContext, getUserDnTemplate()); return new SimpleAuthorizationInfo(roleNames); } - public Set<String> getRoleNamesForUser(String username, LdapContext ldapContext, - String userDnTemplate) throws NamingException { + public Set<String> getRoleNamesForUser( + String username, LdapContext ldapContext, String userDnTemplate) throws NamingException { try { Set<String> roleNames = new LinkedHashSet<>(); @@ -59,13 +56,14 @@ public class LdapGroupRealm extends JndiLdapRealm { searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE); String searchFilter = "(&(objectClass=groupOfNames)(member=" + userDnTemplate + "))"; - Object[] searchArguments = new Object[]{username}; + Object[] searchArguments = new Object[] {username}; - NamingEnumeration<?> answer = ldapContext.search( - String.valueOf(ldapContext.getEnvironment().get("ldap.searchBase")), - searchFilter, - searchArguments, - searchCtls); + NamingEnumeration<?> answer = + ldapContext.search( + String.valueOf(ldapContext.getEnvironment().get("ldap.searchBase")), + searchFilter, + searchArguments, + searchCtls); while (answer.hasMoreElements()) { SearchResult sr = (SearchResult) answer.next(); http://git-wip-us.apache.org/repos/asf/zeppelin/blob/55f6c91c/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapRealm.java ---------------------------------------------------------------------- diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapRealm.java b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapRealm.java index 562ed96..c68ab35 100644 --- a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapRealm.java +++ b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapRealm.java @@ -74,56 +74,44 @@ import org.slf4j.LoggerFactory; * Implementation of {@link org.apache.shiro.realm.ldap.JndiLdapRealm} that also returns each user's * groups. This implementation is heavily based on org.apache.isis.security.shiro.IsisLdapRealm. * - * <p>This implementation saves looked up ldap groups in Shiro Session to make them - * easy to be looked up outside of this object + * <p>This implementation saves looked up ldap groups in Shiro Session to make them easy to be + * looked up outside of this object * * <p>Sample config for <tt>shiro.ini</tt>: * - * <p> - * [main] - * ldapRealm = org.apache.zeppelin.realm.LdapRealm - * ldapRealm.contextFactory.url = ldap://localhost:33389 - * ldapRealm.contextFactory.authenticationMechanism = simple - * ldapRealm.contextFactory.systemUsername = uid=guest,ou=people,dc=hadoop,dc= apache,dc=org - * ldapRealm.contextFactory.systemPassword = S{ALIAS=ldcSystemPassword} - * ldapRealm.hadoopSecurityCredentialPath = jceks://file/user/zeppelin/zeppelin.jceks - * ldapRealm.userDnTemplate = uid={0},ou=people,dc=hadoop,dc=apache,dc=org - * # Ability to set ldap paging Size if needed default is 100 - * ldapRealm.pagingSize = 200 - * ldapRealm.authorizationEnabled = true - * ldapRealm.searchBase = dc=hadoop,dc=apache,dc=org - * ldapRealm.userSearchBase = dc=hadoop,dc=apache,dc=org - * ldapRealm.groupSearchBase = ou=groups,dc=hadoop,dc=apache,dc=org - * ldapRealm.userObjectClass = person - * ldapRealm.groupObjectClass = groupofnames - * # Allow userSearchAttribute to be customized - * ldapRealm.userSearchAttributeName = sAMAccountName - * ldapRealm.memberAttribute = member - * # force usernames returned from ldap to lowercase useful for AD - * ldapRealm.userLowerCase = true - * # ability set searchScopes subtree (default), one, base - * ldapRealm.userSearchScope = subtree; - * ldapRealm.groupSearchScope = subtree; - * ldapRealm.userSearchFilter = (&(objectclass=person)(sAMAccountName={0})) - * ldapRealm.groupSearchFilter = (&(objectclass=groupofnames)(member={0})) - * ldapRealm.memberAttributeValueTemplate=cn={0},ou=people,dc=hadoop,dc=apache,dc=org - * # enable support for nested groups using the LDAP_MATCHING_RULE_IN_CHAIN operator - * ldapRealm.groupSearchEnableMatchingRuleInChain = true - * <p> - * # optional mapping from physical groups to logical application roles - * ldapRealm.rolesByGroup = \ LDN_USERS: user_role,\ NYK_USERS: user_role,\ HKG_USERS: user_role, - * \GLOBAL_ADMIN: admin_role,\ DEMOS: self-install_role - * <p> - * # optional list of roles that are allowed to authenticate - * ldapRealm.allowedRolesForAuthentication = admin_role,user_role - * <p> - * ldapRealm.permissionsByRole=\ user_role = *:ToDoItemsJdo:*:*,\*:ToDoItem:*:*; - * \ self-install_role = *:ToDoItemsFixturesService:install:* ; \ admin_role = * - * <p> - * [urls] - * **=authcBasic - * <p> - * securityManager.realms = $ldapRealm + * <p>[main] ldapRealm = org.apache.zeppelin.realm.LdapRealm ldapRealm.contextFactory.url = + * ldap://localhost:33389 ldapRealm.contextFactory.authenticationMechanism = simple + * ldapRealm.contextFactory.systemUsername = uid=guest,ou=people,dc=hadoop,dc= apache,dc=org + * ldapRealm.contextFactory.systemPassword = S{ALIAS=ldcSystemPassword} + * ldapRealm.hadoopSecurityCredentialPath = jceks://file/user/zeppelin/zeppelin.jceks + * ldapRealm.userDnTemplate = uid={0},ou=people,dc=hadoop,dc=apache,dc=org # Ability to set ldap + * paging Size if needed default is 100 ldapRealm.pagingSize = 200 ldapRealm.authorizationEnabled = + * true ldapRealm.searchBase = dc=hadoop,dc=apache,dc=org ldapRealm.userSearchBase = + * dc=hadoop,dc=apache,dc=org ldapRealm.groupSearchBase = ou=groups,dc=hadoop,dc=apache,dc=org + * ldapRealm.userObjectClass = person ldapRealm.groupObjectClass = groupofnames # Allow + * userSearchAttribute to be customized ldapRealm.userSearchAttributeName = sAMAccountName + * ldapRealm.memberAttribute = member # force usernames returned from ldap to lowercase useful for + * AD ldapRealm.userLowerCase = true # ability set searchScopes subtree (default), one, base + * ldapRealm.userSearchScope = subtree; ldapRealm.groupSearchScope = subtree; + * ldapRealm.userSearchFilter = (&(objectclass=person)(sAMAccountName={0})) + * ldapRealm.groupSearchFilter = (&(objectclass=groupofnames)(member={0})) + * ldapRealm.memberAttributeValueTemplate=cn={0},ou=people,dc=hadoop,dc=apache,dc=org # enable + * support for nested groups using the LDAP_MATCHING_RULE_IN_CHAIN operator + * ldapRealm.groupSearchEnableMatchingRuleInChain = true + * + * <p># optional mapping from physical groups to logical application roles ldapRealm.rolesByGroup = + * \ LDN_USERS: user_role,\ NYK_USERS: user_role,\ HKG_USERS: user_role, \GLOBAL_ADMIN: admin_role,\ + * DEMOS: self-install_role + * + * <p># optional list of roles that are allowed to authenticate + * ldapRealm.allowedRolesForAuthentication = admin_role,user_role + * + * <p>ldapRealm.permissionsByRole=\ user_role = *:ToDoItemsJdo:*:*,\*:ToDoItem:*:*; \ + * self-install_role = *:ToDoItemsFixturesService:install:* ; \ admin_role = * + * + * <p>[urls] **=authcBasic + * + * <p>securityManager.realms = $ldapRealm */ public class LdapRealm extends JndiLdapRealm { @@ -193,8 +181,6 @@ public class LdapRealm extends JndiLdapRealm { private HashService hashService = new DefaultHashService(); - - public void setHadoopSecurityCredentialPath(String hadoopSecurityCredentialPath) { this.hadoopSecurityCredentialPath = hadoopSecurityCredentialPath; } @@ -218,18 +204,17 @@ public class LdapRealm extends JndiLdapRealm { super.onInit(); if (!org.apache.commons.lang.StringUtils.isEmpty(this.hadoopSecurityCredentialPath) && getContextFactory() != null) { - ((JndiLdapContextFactory) getContextFactory()).setSystemPassword( - getSystemPassword(this.hadoopSecurityCredentialPath, keystorePass)); + ((JndiLdapContextFactory) getContextFactory()) + .setSystemPassword(getSystemPassword(this.hadoopSecurityCredentialPath, keystorePass)); } } - static String getSystemPassword(String hadoopSecurityCredentialPath, - String keystorePass) { + static String getSystemPassword(String hadoopSecurityCredentialPath, String keystorePass) { String password = ""; try { Configuration configuration = new Configuration(); - configuration.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, - hadoopSecurityCredentialPath); + configuration.set( + CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, hadoopSecurityCredentialPath); CredentialProvider provider = CredentialProviderFactory.getProviders(configuration).get(0); CredentialProvider.CredentialEntry credEntry = provider.getCredentialEntry(keystorePass); if (credEntry != null) { @@ -239,16 +224,19 @@ public class LdapRealm extends JndiLdapRealm { throw new ShiroException("Error from getting credential entry from keystore", e); } if (org.apache.commons.lang.StringUtils.isEmpty(password)) { - throw new ShiroException("Error getting SystemPassword from the provided keystore:" - + keystorePass + ", in path:" + hadoopSecurityCredentialPath); + throw new ShiroException( + "Error getting SystemPassword from the provided keystore:" + + keystorePass + + ", in path:" + + hadoopSecurityCredentialPath); } return password; } /** - * This overrides the implementation of queryForAuthenticationInfo inside JndiLdapRealm. - * In addition to calling the super method for authentication it also tries to validate - * if this user has atleast one of the allowed roles for authentication. In case the property + * This overrides the implementation of queryForAuthenticationInfo inside JndiLdapRealm. In + * addition to calling the super method for authentication it also tries to validate if this user + * has atleast one of the allowed roles for authentication. In case the property * allowedRolesForAuthentication is empty this check always returns true. * * @param token the submitted authentication token that triggered the authentication attempt. @@ -257,8 +245,8 @@ public class LdapRealm extends JndiLdapRealm { * @throws NamingException if any LDAP errors occur. */ @Override - protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token, - LdapContextFactory ldapContextFactory) throws NamingException { + protected AuthenticationInfo queryForAuthenticationInfo( + AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException { AuthenticationInfo info = super.queryForAuthenticationInfo(token, ldapContextFactory); // Credentials were verified. Verify that the principal has all allowedRulesForAuthentication if (!hasAllowedAuthenticationRules(info.getPrincipals(), ldapContextFactory)) { @@ -268,21 +256,19 @@ public class LdapRealm extends JndiLdapRealm { } /** - * Get groups from LDAP. - * - * @param principals - * the principals of the Subject whose AuthenticationInfo should - * be queried from the LDAP server. - * @param ldapContextFactory - * factory used to retrieve LDAP connections. - * @return an {@link AuthorizationInfo} instance containing information - * retrieved from the LDAP server. - * @throws NamingException - * if any LDAP errors occur during the search. - */ + * Get groups from LDAP. + * + * @param principals the principals of the Subject whose AuthenticationInfo should be queried from + * the LDAP server. + * @param ldapContextFactory factory used to retrieve LDAP connections. + * @return an {@link AuthorizationInfo} instance containing information retrieved from the LDAP + * server. + * @throws NamingException if any LDAP errors occur during the search. + */ @Override - public AuthorizationInfo queryForAuthorizationInfo(final PrincipalCollection principals, - final LdapContextFactory ldapContextFactory) throws NamingException { + public AuthorizationInfo queryForAuthorizationInfo( + final PrincipalCollection principals, final LdapContextFactory ldapContextFactory) + throws NamingException { if (!isAuthorizationEnabled()) { return null; } @@ -296,8 +282,9 @@ public class LdapRealm extends JndiLdapRealm { return simpleAuthorizationInfo; } - private boolean hasAllowedAuthenticationRules(PrincipalCollection principals, - final LdapContextFactory ldapContextFactory) throws NamingException { + private boolean hasAllowedAuthenticationRules( + PrincipalCollection principals, final LdapContextFactory ldapContextFactory) + throws NamingException { boolean allowed = allowedRolesForAuthentication.isEmpty(); if (!allowed) { Set<String> roles = getRoles(principals, ldapContextFactory); @@ -312,15 +299,20 @@ public class LdapRealm extends JndiLdapRealm { return allowed; } - private Set<String> getRoles(PrincipalCollection principals, - final LdapContextFactory ldapContextFactory) throws NamingException { + private Set<String> getRoles( + PrincipalCollection principals, final LdapContextFactory ldapContextFactory) + throws NamingException { final String username = (String) getAvailablePrincipal(principals); LdapContext systemLdapCtx = null; try { systemLdapCtx = ldapContextFactory.getSystemLdapContext(); - return rolesFor(principals, username, systemLdapCtx, - ldapContextFactory, SecurityUtils.getSubject().getSession()); + return rolesFor( + principals, + username, + systemLdapCtx, + ldapContextFactory, + SecurityUtils.getSubject().getSession()); } catch (AuthenticationException ae) { ae.printStackTrace(); return Collections.emptySet(); @@ -329,9 +321,13 @@ public class LdapRealm extends JndiLdapRealm { } } - protected Set<String> rolesFor(PrincipalCollection principals, String userNameIn, - final LdapContext ldapCtx, final LdapContextFactory ldapContextFactory, Session session) - throws NamingException { + protected Set<String> rolesFor( + PrincipalCollection principals, + String userNameIn, + final LdapContext ldapCtx, + final LdapContextFactory ldapContextFactory, + Session session) + throws NamingException { final Set<String> roleNames = new HashSet<>(); final Set<String> groupNames = new HashSet<>(); final String userName; @@ -341,7 +337,7 @@ public class LdapRealm extends JndiLdapRealm { } else { userName = userNameIn; } - + String userDn = getUserDnForSearch(userName); // Activate paged results @@ -353,10 +349,10 @@ public class LdapRealm extends JndiLdapRealm { byte[] cookie = null; try { ldapCtx.addToEnvironment(Context.REFERRAL, "ignore"); - - ldapCtx.setRequestControls(new Control[]{new PagedResultsControl(pageSize, - Control.NONCRITICAL)}); - + + ldapCtx.setRequestControls( + new Control[] {new PagedResultsControl(pageSize, Control.NONCRITICAL)}); + do { // ldapsearch -h localhost -p 33389 -D // uid=guest,ou=people,dc=hadoop,dc=apache,dc=org -w guest-password @@ -365,19 +361,20 @@ public class LdapRealm extends JndiLdapRealm { SearchControls searchControls = getGroupSearchControls(); try { if (groupSearchEnableMatchingRuleInChain) { - searchResultEnum = ldapCtx.search( - getGroupSearchBase(), - String.format( - MATCHING_RULE_IN_CHAIN_FORMAT, groupObjectClass, memberAttribute, userDn), - searchControls); + searchResultEnum = + ldapCtx.search( + getGroupSearchBase(), + String.format( + MATCHING_RULE_IN_CHAIN_FORMAT, groupObjectClass, memberAttribute, userDn), + searchControls); while (searchResultEnum != null && searchResultEnum.hasMore()) { // searchResults contains all the groups in search scope numResults++; final SearchResult group = searchResultEnum.next(); Attribute attribute = group.getAttributes().get(getGroupIdAttribute()); - String groupName = attribute.get().toString(); - + String groupName = attribute.get().toString(); + String roleName = roleNameFor(groupName); if (roleName != null) { roleNames.add(roleName); @@ -392,16 +389,18 @@ public class LdapRealm extends JndiLdapRealm { // If group search filter is defined in Shiro config, then use it if (groupSearchFilter != null) { searchFilter = expandTemplate(groupSearchFilter, userName); - //searchFilter = String.format("%1$s", groupSearchFilter); + // searchFilter = String.format("%1$s", groupSearchFilter); } if (log.isDebugEnabled()) { - log.debug("Group SearchBase|SearchFilter|GroupSearchScope: " + getGroupSearchBase() - + "|" + searchFilter + "|" + groupSearchScope); + log.debug( + "Group SearchBase|SearchFilter|GroupSearchScope: " + + getGroupSearchBase() + + "|" + + searchFilter + + "|" + + groupSearchScope); } - searchResultEnum = ldapCtx.search( - getGroupSearchBase(), - searchFilter, - searchControls); + searchResultEnum = ldapCtx.search(getGroupSearchBase(), searchFilter, searchControls); while (searchResultEnum != null && searchResultEnum.hasMore()) { // searchResults contains all the groups in search scope numResults++; @@ -417,12 +416,11 @@ public class LdapRealm extends JndiLdapRealm { } } // Re-activate paged results - ldapCtx.setRequestControls(new Control[]{new PagedResultsControl(pageSize, - cookie, Control.CRITICAL)}); + ldapCtx.setRequestControls( + new Control[] {new PagedResultsControl(pageSize, cookie, Control.CRITICAL)}); } while (cookie != null); } catch (SizeLimitExceededException e) { - log.info("Only retrieved first " + numResults + - " groups due to SizeLimitExceededException."); + log.info("Only retrieved first " + numResults + " groups due to SizeLimitExceededException."); } catch (IOException e) { log.error("Unabled to setup paged results"); } @@ -449,9 +447,13 @@ public class LdapRealm extends JndiLdapRealm { } } - private void addRoleIfMember(final String userDn, final SearchResult group, - final Set<String> roleNames, final Set<String> groupNames, - final LdapContextFactory ldapContextFactory) throws NamingException { + private void addRoleIfMember( + final String userDn, + final SearchResult group, + final Set<String> roleNames, + final Set<String> groupNames, + final LdapContextFactory ldapContextFactory) + throws NamingException { NamingEnumeration<? extends Attribute> attributeEnum = null; NamingEnumeration<?> ne = null; try { @@ -469,8 +471,8 @@ public class LdapRealm extends JndiLdapRealm { while (ne.hasMore()) { String attrValue = ne.next().toString(); if (memberAttribute.equalsIgnoreCase(MEMBER_URL)) { - boolean dynamicGroupMember = isUserMemberOfDynamicGroup(userLdapDn, attrValue, - ldapContextFactory); + boolean dynamicGroupMember = + isUserMemberOfDynamicGroup(userLdapDn, attrValue, ldapContextFactory); if (dynamicGroupMember) { groupNames.add(groupName); String roleName = roleNameFor(groupName); @@ -600,13 +602,11 @@ public class LdapRealm extends JndiLdapRealm { } /** - * Set Member Attribute Template for LDAP. - * - * @param template - * DN template to be used to query ldap. - * @throws IllegalArgumentException - * if template is empty or null. - */ + * Set Member Attribute Template for LDAP. + * + * @param template DN template to be used to query ldap. + * @throws IllegalArgumentException if template is empty or null. + */ public void setMemberAttributeValueTemplate(String template) { if (!StringUtils.hasText(template)) { String msg = "User DN template cannot be null or empty."; @@ -614,8 +614,11 @@ public class LdapRealm extends JndiLdapRealm { } int index = template.indexOf(MEMBER_SUBSTITUTION_TOKEN); if (index < 0) { - String msg = "Member attribute value template must contain the '" + MEMBER_SUBSTITUTION_TOKEN - + "' replacement token to understand how to " + "parse the group members."; + String msg = + "Member attribute value template must contain the '" + + MEMBER_SUBSTITUTION_TOKEN + + "' replacement token to understand how to " + + "parse the group members."; throw new IllegalArgumentException(msg); } String prefix = template.substring(0, index); @@ -657,11 +660,10 @@ public class LdapRealm extends JndiLdapRealm { } /** - * Set User Search Attribute Name for LDAP. - * - * @param userSearchAttributeName - * userAttribute to search ldap. - */ + * Set User Search Attribute Name for LDAP. + * + * @param userSearchAttributeName userAttribute to search ldap. + */ public void setUserSearchAttributeName(String userSearchAttributeName) { if (userSearchAttributeName != null) { userSearchAttributeName = userSearchAttributeName.trim(); @@ -700,8 +702,9 @@ public class LdapRealm extends JndiLdapRealm { return perms; } - boolean isUserMemberOfDynamicGroup(LdapName userLdapDn, String memberUrl, - final LdapContextFactory ldapContextFactory) throws NamingException { + boolean isUserMemberOfDynamicGroup( + LdapName userLdapDn, String memberUrl, final LdapContextFactory ldapContextFactory) + throws NamingException { // ldap://host:port/dn?attributes?scope?filter?extensions if (memberUrl == null) { return false; @@ -736,8 +739,11 @@ public class LdapRealm extends JndiLdapRealm { boolean member = false; NamingEnumeration<SearchResult> searchResultEnum = null; try { - searchResultEnum = systemLdapCtx.search(userLdapDn, searchFilter, - searchScope.equalsIgnoreCase("sub") ? SUBTREE_SCOPE : ONELEVEL_SCOPE); + searchResultEnum = + systemLdapCtx.search( + userLdapDn, + searchFilter, + searchScope.equalsIgnoreCase("sub") ? SUBTREE_SCOPE : ONELEVEL_SCOPE); if (searchResultEnum.hasMore()) { return true; } @@ -758,11 +764,10 @@ public class LdapRealm extends JndiLdapRealm { } /** - * Set Regex for Principal LDAP. - * - * @param regex - * regex to use to search for principal in shiro. - */ + * Set Regex for Principal LDAP. + * + * @param regex regex to use to search for principal in shiro. + */ public void setPrincipalRegex(String regex) { if (regex == null || regex.trim().isEmpty()) { principalPattern = Pattern.compile(DEFAULT_PRINCIPAL_REGEX); @@ -860,47 +865,44 @@ public class LdapRealm extends JndiLdapRealm { private String matchPrincipal(final String principal) { Matcher matchedPrincipal = principalPattern.matcher(principal); if (!matchedPrincipal.matches()) { - throw new IllegalArgumentException("Principal " - + principal + " does not match " + principalRegex); + throw new IllegalArgumentException( + "Principal " + principal + " does not match " + principalRegex); } return matchedPrincipal.group(); } /** - * Returns the LDAP User Distinguished Name (DN) to use when acquiring an - * {@link javax.naming.ldap.LdapContext LdapContext} from the - * {@link LdapContextFactory}. - * <p/> - * If the the {@link #getUserDnTemplate() userDnTemplate} property has been - * set, this implementation will construct the User DN by substituting the - * specified {@code principal} into the configured template. If the - * {@link #getUserDnTemplate() userDnTemplate} has not been set, the method - * argument will be returned directly (indicating that the submitted - * authentication token principal <em>is</em> the User DN). - * - * @param principal - * the principal to substitute into the configured - * {@link #getUserDnTemplate() userDnTemplate}. - * @return the constructed User DN to use at runtime when acquiring an - * {@link javax.naming.ldap.LdapContext}. - * @throws IllegalArgumentException - * if the method argument is null or empty - * @throws IllegalStateException - * if the {@link #getUserDnTemplate userDnTemplate} has not been - * set. - * @see LdapContextFactory#getLdapContext(Object, Object) - */ + * Returns the LDAP User Distinguished Name (DN) to use when acquiring an {@link + * javax.naming.ldap.LdapContext LdapContext} from the {@link LdapContextFactory}. + * + * <p>If the the {@link #getUserDnTemplate() userDnTemplate} property has been set, this + * implementation will construct the User DN by substituting the specified {@code principal} into + * the configured template. If the {@link #getUserDnTemplate() userDnTemplate} has not been set, + * the method argument will be returned directly (indicating that the submitted authentication + * token principal <em>is</em> the User DN). + * + * @param principal the principal to substitute into the configured {@link #getUserDnTemplate() + * userDnTemplate}. + * @return the constructed User DN to use at runtime when acquiring an {@link + * javax.naming.ldap.LdapContext}. + * @throws IllegalArgumentException if the method argument is null or empty + * @throws IllegalStateException if the {@link #getUserDnTemplate userDnTemplate} has not been + * set. + * @see LdapContextFactory#getLdapContext(Object, Object) + */ @Override - protected String getUserDn(final String principal) throws IllegalArgumentException, - IllegalStateException { + protected String getUserDn(final String principal) + throws IllegalArgumentException, IllegalStateException { String userDn; String matchedPrincipal = matchPrincipal(principal); String userSearchBase = getUserSearchBase(); String userSearchAttributeName = getUserSearchAttributeName(); // If not searching use the userDnTemplate and return. - if ((userSearchBase == null || userSearchBase.isEmpty()) || (userSearchAttributeName == null - && userSearchFilter == null && !"object".equalsIgnoreCase(userSearchScope))) { + if ((userSearchBase == null || userSearchBase.isEmpty()) + || (userSearchAttributeName == null + && userSearchFilter == null + && !"object".equalsIgnoreCase(userSearchScope))) { userDn = expandTemplate(userDnTemplate, matchedPrincipal); if (log.isDebugEnabled()) { log.debug("LDAP UserDN and Principal: " + userDn + "," + principal); @@ -915,9 +917,12 @@ public class LdapRealm extends JndiLdapRealm { if (userSearchAttributeName == null) { searchFilter = String.format("(objectclass=%1$s)", getUserObjectClass()); } else { - searchFilter = String.format("(&(objectclass=%1$s)(%2$s=%3$s))", getUserObjectClass(), - userSearchAttributeName, expandTemplate(getUserSearchAttributeTemplate(), - matchedPrincipal)); + searchFilter = + String.format( + "(&(objectclass=%1$s)(%2$s=%3$s))", + getUserObjectClass(), + userSearchAttributeName, + expandTemplate(getUserSearchAttributeTemplate(), matchedPrincipal)); } } else { searchFilter = expandTemplate(userSearchFilter, matchedPrincipal); @@ -930,8 +935,13 @@ public class LdapRealm extends JndiLdapRealm { try { systemLdapCtx = getContextFactory().getSystemLdapContext(); if (log.isDebugEnabled()) { - log.debug("SearchBase,SearchFilter,UserSearchScope: " + searchBase - + "," + searchFilter + "," + userSearchScope); + log.debug( + "SearchBase,SearchFilter,UserSearchScope: " + + searchBase + + "," + + searchFilter + + "," + + userSearchScope); } searchResultEnum = systemLdapCtx.search(searchBase, searchFilter, searchControls); // SearchResults contains all the entries in search scope @@ -964,16 +974,18 @@ public class LdapRealm extends JndiLdapRealm { } @Override - protected AuthenticationInfo createAuthenticationInfo(AuthenticationToken token, - Object ldapPrincipal, Object ldapCredentials, LdapContext ldapContext) + protected AuthenticationInfo createAuthenticationInfo( + AuthenticationToken token, + Object ldapPrincipal, + Object ldapCredentials, + LdapContext ldapContext) throws NamingException { HashRequest.Builder builder = new HashRequest.Builder(); - Hash credentialsHash = hashService - .computeHash(builder.setSource(token.getCredentials()) - .setAlgorithmName(HASHING_ALGORITHM).build()); - return new SimpleAuthenticationInfo(token.getPrincipal(), - credentialsHash.toHex(), credentialsHash.getSalt(), - getName()); + Hash credentialsHash = + hashService.computeHash( + builder.setSource(token.getCredentials()).setAlgorithmName(HASHING_ALGORITHM).build()); + return new SimpleAuthenticationInfo( + token.getPrincipal(), credentialsHash.toHex(), credentialsHash.getSalt(), getName()); } protected static final String expandTemplate(final String template, final String input) { http://git-wip-us.apache.org/repos/asf/zeppelin/blob/55f6c91c/zeppelin-server/src/main/java/org/apache/zeppelin/realm/PamRealm.java ---------------------------------------------------------------------- diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/PamRealm.java b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/PamRealm.java index 0622673..2af5e81 100644 --- a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/PamRealm.java +++ b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/PamRealm.java @@ -16,6 +16,8 @@ */ package org.apache.zeppelin.realm; +import java.util.LinkedHashSet; +import java.util.Set; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; @@ -31,12 +33,7 @@ import org.jvnet.libpam.UnixUser; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import java.util.LinkedHashSet; -import java.util.Set; - -/** - * An {@code AuthorizingRealm} based on libpam4j. - */ +/** An {@code AuthorizingRealm} based on libpam4j. */ public class PamRealm extends AuthorizingRealm { private static final Logger LOG = LoggerFactory.getLogger(PamRealm.class); @@ -48,7 +45,7 @@ public class PamRealm extends AuthorizingRealm { UserPrincipal user = principals.oneByType(UserPrincipal.class); - if (user != null){ + if (user != null) { roles.addAll(user.getUnixUser().getGroups()); } @@ -57,21 +54,20 @@ public class PamRealm extends AuthorizingRealm { @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) - throws AuthenticationException { + throws AuthenticationException { UsernamePasswordToken userToken = (UsernamePasswordToken) token; UnixUser user; try { - user = (new PAM(this.getService())) - .authenticate(userToken.getUsername(), new String(userToken.getPassword())); + user = + (new PAM(this.getService())) + .authenticate(userToken.getUsername(), new String(userToken.getPassword())); } catch (PAMException e) { throw new AuthenticationException("Authentication failed for PAM.", e); } return new SimpleAuthenticationInfo( - new UserPrincipal(user), - userToken.getCredentials(), - getName()); + new UserPrincipal(user), userToken.getCredentials(), getName()); } public String getService() { http://git-wip-us.apache.org/repos/asf/zeppelin/blob/55f6c91c/zeppelin-server/src/main/java/org/apache/zeppelin/realm/UserPrincipal.java ---------------------------------------------------------------------- diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/UserPrincipal.java b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/UserPrincipal.java index c1221e7..ee2ee30 100644 --- a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/UserPrincipal.java +++ b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/UserPrincipal.java @@ -16,13 +16,10 @@ */ package org.apache.zeppelin.realm; -import org.jvnet.libpam.UnixUser; - import java.security.Principal; +import org.jvnet.libpam.UnixUser; -/** - * A {@code java.security.Principal} implememtation for use with Shiro {@code PamRealm}. - */ +/** A {@code java.security.Principal} implememtation for use with Shiro {@code PamRealm}. */ public class UserPrincipal implements Principal { private final UnixUser userName; http://git-wip-us.apache.org/repos/asf/zeppelin/blob/55f6c91c/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ZeppelinHubRealm.java ---------------------------------------------------------------------- diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ZeppelinHubRealm.java b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ZeppelinHubRealm.java index 2a4dcda..18b4b2c 100644 --- a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ZeppelinHubRealm.java +++ b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ZeppelinHubRealm.java @@ -19,7 +19,12 @@ package org.apache.zeppelin.realm; import com.google.common.base.Joiner; import com.google.gson.Gson; import com.google.gson.JsonParseException; - +import java.io.IOException; +import java.net.MalformedURLException; +import java.net.URI; +import java.net.URISyntaxException; +import java.util.HashSet; +import java.util.concurrent.atomic.AtomicInteger; import org.apache.commons.httpclient.HttpClient; import org.apache.commons.httpclient.HttpStatus; import org.apache.commons.httpclient.methods.PutMethod; @@ -34,26 +39,15 @@ import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; -import org.apache.zeppelin.service.ServiceContext; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.io.IOException; -import java.net.MalformedURLException; -import java.net.URI; -import java.net.URISyntaxException; -import java.util.HashSet; -import java.util.concurrent.atomic.AtomicInteger; - import org.apache.zeppelin.common.JsonSerializable; import org.apache.zeppelin.notebook.repo.zeppelinhub.model.UserSessionContainer; import org.apache.zeppelin.notebook.repo.zeppelinhub.websocket.utils.ZeppelinhubUtils; import org.apache.zeppelin.server.ZeppelinServer; +import org.apache.zeppelin.service.ServiceContext; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; -/** - * A {@code Realm} implementation that uses the ZeppelinHub to authenticate users. - * - */ +/** A {@code Realm} implementation that uses the ZeppelinHub to authenticate users. */ public class ZeppelinHubRealm extends AuthorizingRealm { private static final Logger LOG = LoggerFactory.getLogger(ZeppelinHubRealm.class); private static final String DEFAULT_ZEPPELINHUB_URL = "https://www.zeppelinhub.com";; @@ -71,7 +65,7 @@ public class ZeppelinHubRealm extends AuthorizingRealm { public ZeppelinHubRealm() { super(); LOG.debug("Init ZeppelinhubRealm"); - //TODO(anthonyc): think about more setting for this HTTP client. + // TODO(anthonyc): think about more setting for this HTTP client. // eg: if user uses proxy etcetc... httpClient = new HttpClient(); name = getClass().getName() + "_" + INSTANCE_COUNT.getAndIncrement(); @@ -79,7 +73,7 @@ public class ZeppelinHubRealm extends AuthorizingRealm { @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authToken) - throws AuthenticationException { + throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authToken; if (StringUtils.isBlank(token.getUsername())) { throw new AccountException("Empty usernames are not allowed by this realm."); @@ -101,11 +95,11 @@ public class ZeppelinHubRealm extends AuthorizingRealm { } /** - * Setter of ZeppelinHub URL, this will be called by Shiro based on zeppelinhubUrl property - * in shiro.ini file. + * Setter of ZeppelinHub URL, this will be called by Shiro based on zeppelinhubUrl property in + * shiro.ini file. * - * It will also perform a check of ZeppelinHub url {@link #isZeppelinHubUrlValid}, - * if the url is not valid, the default zeppelinhub url will be used. + * <p>It will also perform a check of ZeppelinHub url {@link #isZeppelinHubUrlValid}, if the url + * is not valid, the default zeppelinhub url will be used. * * @param url */ @@ -137,8 +131,8 @@ public class ZeppelinHubRealm extends AuthorizingRealm { if (statusCode != HttpStatus.SC_OK) { LOG.error("Cannot login user, HTTP status code is {} instead on 200 (OK)", statusCode); put.releaseConnection(); - throw new AuthenticationException("Couldnt login to ZeppelinHub. " - + "Login or password incorrect"); + throw new AuthenticationException( + "Couldnt login to ZeppelinHub. " + "Login or password incorrect"); } responseBody = put.getResponseBodyAsString(); userSession = put.getResponseHeader(USER_SESSION_HEADER).getValue(); @@ -165,13 +159,8 @@ public class ZeppelinHubRealm extends AuthorizingRealm { /** * Create a JSON String that represent login payload. * - * Payload will look like: - * {@code - * { - * 'login': 'userLogin', - * 'password': 'userpassword' - * } - * } + * <p>Payload will look like: {@code { 'login': 'userLogin', 'password': 'userpassword' } } + * * @param login * @param pwd * @return @@ -182,9 +171,9 @@ public class ZeppelinHubRealm extends AuthorizingRealm { } /** - * Perform a Simple URL check by using {@code URI(url).toURL()}. - * If the url is not valid, the try-catch condition will catch the exceptions and return false, - * otherwise true will be returned. + * Perform a Simple URL check by using {@code URI(url).toURL()}. If the url is not valid, the + * try-catch condition will catch the exceptions and return false, otherwise true will be + * returned. * * @param url * @return @@ -201,9 +190,7 @@ public class ZeppelinHubRealm extends AuthorizingRealm { return valid; } - /** - * Helper class that will be use to fromJson ZeppelinHub response. - */ + /** Helper class that will be use to fromJson ZeppelinHub response. */ protected static class User implements JsonSerializable { private static final Gson gson = new Gson(); public String login; @@ -225,8 +212,8 @@ public class ZeppelinHubRealm extends AuthorizingRealm { /* TODO(xxx): add proper roles */ HashSet<String> userAndRoles = new HashSet<>(); userAndRoles.add(username); - ServiceContext context = new ServiceContext( - new org.apache.zeppelin.user.AuthenticationInfo(username), userAndRoles); + ServiceContext context = + new ServiceContext(new org.apache.zeppelin.user.AuthenticationInfo(username), userAndRoles); try { ZeppelinServer.notebookWsServer.broadcastReloadedNoteList(null, context); } catch (IOException e) { http://git-wip-us.apache.org/repos/asf/zeppelin/blob/55f6c91c/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/JWTAuthenticationToken.java ---------------------------------------------------------------------- diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/JWTAuthenticationToken.java b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/JWTAuthenticationToken.java index 8dc86ed..38c4d31 100644 --- a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/JWTAuthenticationToken.java +++ b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/JWTAuthenticationToken.java @@ -18,9 +18,7 @@ package org.apache.zeppelin.realm.jwt; import org.apache.shiro.authc.AuthenticationToken; -/** - * Created for org.apache.zeppelin.server. - */ +/** Created for org.apache.zeppelin.server. */ public class JWTAuthenticationToken implements AuthenticationToken { private Object userId; private String token; http://git-wip-us.apache.org/repos/asf/zeppelin/blob/55f6c91c/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/KnoxAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/KnoxAuthenticationFilter.java b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/KnoxAuthenticationFilter.java index eccf6de..1bfafcf 100644 --- a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/KnoxAuthenticationFilter.java +++ b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/KnoxAuthenticationFilter.java @@ -16,30 +16,27 @@ */ package org.apache.zeppelin.realm.jwt; -import org.apache.shiro.web.filter.authc.FormAuthenticationFilter; -import org.apache.shiro.web.servlet.ShiroHttpServletRequest; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.Cookie; - +import org.apache.shiro.web.filter.authc.FormAuthenticationFilter; +import org.apache.shiro.web.servlet.ShiroHttpServletRequest; import org.apache.zeppelin.utils.SecurityUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; -/** - * Created for org.apache.zeppelin.server. - */ +/** Created for org.apache.zeppelin.server. */ public class KnoxAuthenticationFilter extends FormAuthenticationFilter { private static final Logger LOGGER = LoggerFactory.getLogger(KnoxAuthenticationFilter.class); - protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, - Object mappedValue) { - //Check with existing shiro authentication logic - //https://github.com/apache/shiro/blob/shiro-root-1.3.2/web/src/main/java/org/apache/shiro/ + protected boolean isAccessAllowed( + ServletRequest request, ServletResponse response, Object mappedValue) { + // Check with existing shiro authentication logic + // https://github.com/apache/shiro/blob/shiro-root-1.3.2/web/src/main/java/org/apache/shiro/ // web/filter/authc/AuthenticatingFilter.java#L123-L124 - Boolean accessAllowed = super.isAccessAllowed(request, response, mappedValue) || - !isLoginRequest(request, response) && isPermissive(mappedValue); + Boolean accessAllowed = + super.isAccessAllowed(request, response, mappedValue) + || !isLoginRequest(request, response) && isPermissive(mappedValue); if (accessAllowed) { accessAllowed = false; @@ -60,9 +57,10 @@ public class KnoxAuthenticationFilter extends FormAuthenticationFilter { } } } else { - LOGGER.error("Looks like this filter is enabled without enabling KnoxJwtRealm, please refer" - + " to https://zeppelin.apache.org/docs/latest/security/shiroauthentication.html"; - + "#knox-sso"); + LOGGER.error( + "Looks like this filter is enabled without enabling KnoxJwtRealm, please refer" + + " to https://zeppelin.apache.org/docs/latest/security/shiroauthentication.html"; + + "#knox-sso"); } } return accessAllowed; http://git-wip-us.apache.org/repos/asf/zeppelin/blob/55f6c91c/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/KnoxJwtRealm.java ---------------------------------------------------------------------- diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/KnoxJwtRealm.java b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/KnoxJwtRealm.java index 3663174..83a75ff 100644 --- a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/KnoxJwtRealm.java +++ b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/KnoxJwtRealm.java @@ -16,20 +16,10 @@ */ package org.apache.zeppelin.realm.jwt; -import java.util.Date; -import org.apache.commons.io.FileUtils; -import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.security.Groups; -import org.apache.shiro.authc.AuthenticationInfo; -import org.apache.shiro.authc.AuthenticationToken; -import org.apache.shiro.authc.SimpleAccount; -import org.apache.shiro.authz.AuthorizationInfo; -import org.apache.shiro.authz.SimpleAuthorizationInfo; -import org.apache.shiro.realm.AuthorizingRealm; -import org.apache.shiro.subject.PrincipalCollection; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - +import com.nimbusds.jose.JWSObject; +import com.nimbusds.jose.JWSVerifier; +import com.nimbusds.jose.crypto.RSASSAVerifier; +import com.nimbusds.jwt.SignedJWT; import java.io.ByteArrayInputStream; import java.io.File; import java.io.IOException; @@ -40,20 +30,25 @@ import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.security.interfaces.RSAPublicKey; import java.text.ParseException; +import java.util.Date; import java.util.HashSet; import java.util.List; import java.util.Set; - import javax.servlet.ServletException; +import org.apache.commons.io.FileUtils; +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.security.Groups; +import org.apache.shiro.authc.AuthenticationInfo; +import org.apache.shiro.authc.AuthenticationToken; +import org.apache.shiro.authc.SimpleAccount; +import org.apache.shiro.authz.AuthorizationInfo; +import org.apache.shiro.authz.SimpleAuthorizationInfo; +import org.apache.shiro.realm.AuthorizingRealm; +import org.apache.shiro.subject.PrincipalCollection; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; -import com.nimbusds.jose.JWSObject; -import com.nimbusds.jose.JWSVerifier; -import com.nimbusds.jose.crypto.RSASSAVerifier; -import com.nimbusds.jwt.SignedJWT; - -/** - * Created for org.apache.zeppelin.server. - */ +/** Created for org.apache.zeppelin.server. */ public class KnoxJwtRealm extends AuthorizingRealm { private static final Logger LOGGER = LoggerFactory.getLogger(KnoxJwtRealm.class); @@ -70,14 +65,10 @@ public class KnoxJwtRealm extends AuthorizingRealm { private SimplePrincipalMapper mapper = new SimplePrincipalMapper(); - /** - * Configuration object needed by for Hadoop classes. - */ + /** Configuration object needed by for Hadoop classes. */ private Configuration hadoopConfig; - /** - * Hadoop Groups implementation. - */ + /** Hadoop Groups implementation. */ private Groups hadoopGroups; @Override @@ -162,15 +153,16 @@ public class KnoxJwtRealm extends AuthorizingRealm { PublicKey key = null; try { CertificateFactory fact = CertificateFactory.getInstance("X.509"); - ByteArrayInputStream is = new ByteArrayInputStream( - FileUtils.readFileToString(new File(pem)).getBytes("UTF8")); + ByteArrayInputStream is = + new ByteArrayInputStream(FileUtils.readFileToString(new File(pem)).getBytes("UTF8")); X509Certificate cer = (X509Certificate) fact.generateCertificate(is); key = cer.getPublicKey(); } catch (CertificateException ce) { String message = null; if (pem.startsWith(pemHeader)) { - message = "CertificateException - be sure not to include PEM header " - + "and footer in the PEM configuration element."; + message = + "CertificateException - be sure not to include PEM header " + + "and footer in the PEM configuration element."; } else { message = "CertificateException - PEM may be corrupt"; } @@ -202,12 +194,11 @@ public class KnoxJwtRealm extends AuthorizingRealm { } /** - * Validate that the expiration time of the JWT token has not been violated. - * If it has then throw an AuthenticationException. Override this method in - * subclasses in order to customize the expiration validation behavior. + * Validate that the expiration time of the JWT token has not been violated. If it has then throw + * an AuthenticationException. Override this method in subclasses in order to customize the + * expiration validation behavior. * - * @param jwtToken - * the token that contains the expiration date to validate + * @param jwtToken the token that contains the expiration date to validate * @return valid true if the token has not expired; false otherwise */ protected boolean validateExpiration(SignedJWT jwtToken) { @@ -234,20 +225,17 @@ public class KnoxJwtRealm extends AuthorizingRealm { return new SimpleAuthorizationInfo(roles); } - /** - * Query the Hadoop implementation of {@link Groups} to retrieve groups for provided user. - */ + /** Query the Hadoop implementation of {@link Groups} to retrieve groups for provided user. */ public Set<String> mapGroupPrincipals(final String mappedPrincipalName) { /* return the groups as seen by Hadoop */ Set<String> groups = null; try { hadoopGroups.refresh(); - final List<String> groupList = hadoopGroups - .getGroups(mappedPrincipalName); + final List<String> groupList = hadoopGroups.getGroups(mappedPrincipalName); if (LOGGER.isDebugEnabled()) { - LOGGER.debug(String.format("group found %s, %s", - mappedPrincipalName, groupList.toString())); + LOGGER.debug( + String.format("group found %s, %s", mappedPrincipalName, groupList.toString())); } groups = new HashSet<>(groupList);
