[
https://issues.apache.org/jira/browse/METRON-1665?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16549149#comment-16549149
]
ASF GitHub Bot commented on METRON-1665:
----------------------------------------
GitHub user simonellistonball opened a pull request:
https://github.com/apache/metron/pull/1111
METRON-1665 Host UIs on Spring Boot and add SSO authentication
This is part of a move towards using KnoxSSO, and LDAP as an authentication
method for Metron UIs.
The current UIs are served up by very lightweight nodejs applications,
which serve the static bundle files produced by the angular build process, and
proxies the rest api. This PR replaces this with Spring Boot applications,
using the Spring Security stack.
It also provides a shared project used as the base for the UI host
application, which ensures consistent security across all UIs
(metron-interface/metron-ui-security) an abstract web hosting application with
zuul embedded for proxying rest to avoid cors problems
(metron-interface/metron-ui-host) and two further concrete applications to do
the actual hosting, the angular front-ends have been subtley changed to package
themselves in jars which are included in the hosting applications, aiding the
ease and integrity of the front end code on deployment.
Some tests in the rest api have been changed slightly, and a fix has been
applied to AlertsUiController to allow users access to delete their own
settings. The metron-rest project has also been adapted to work with
metron-ui-security, and so inherits the same authentication benefits.
A follow on PR will address changes to the mpack to implement necessary
config changes.
Nodejs has been removed from the RPMs, and the deployment process, since it
is no longer needed beyond the build stage.
An additional feature is the filter provided to allow JWT cookies to be
passed to a backend through zuul as Authorization Bearer headers, allowing
simpler stateless interaction with the rest api for example, which opens the
possibility of deploying each layer in a load balanced or HA mode using ribbon
config.
To test at this stage, you will need to manually configure and launch the
metron-alerts and metron-config jars, which behave like init.d scripts. This
can be done by launching the jars through the bin/ scripts, but would be a lot
easier with the follow on work on mpack elements to configure them. For now,
integration tests have been included for key function on the security layer and
should be reviewed.
## Pull Request Checklist
Thank you for submitting a contribution to Apache Metron.
Please refer to our [Development
Guidelines](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61332235)
for the complete guide to follow for contributions.
Please refer also to our [Build Verification
Guidelines](https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds?show-miniview)
for complete smoke testing guides.
In order to streamline the review of the contribution we ask you follow
these guidelines and ask you to double check the following:
### For all changes:
- [x] Is there a JIRA ticket associated with this PR? If not one needs to
be created at [Metron
Jira](https://issues.apache.org/jira/browse/METRON/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel).
- [x] Does your PR title start with METRON-XXXX where XXXX is the JIRA
number you are trying to resolve? Pay particular attention to the hyphen "-"
character.
- [x] Has your PR been rebased against the latest commit within the target
branch (typically master)?
### For code changes:
- [x] Have you included steps to reproduce the behavior or problem that is
being changed or addressed?
- [x] Have you included steps or a guide to how the change may be verified
and tested manually?
- [x] Have you ensured that the full suite of tests and checks have been
executed in the root metron folder via:
```
mvn -q clean integration-test install &&
dev-utilities/build-utils/verify_licenses.sh
```
- [x] Have you written or updated unit tests and or integration tests to
verify your changes?
- [x] If adding new dependencies to the code, are these dependencies
licensed in a way that is compatible for inclusion under [ASF
2.0](http://www.apache.org/legal/resolved.html#category-a)?
- [x] Have you verified the basic functionality of the build by building
and running locally with Vagrant full-dev environment or the equivalent?
### For documentation related changes:
- [ ] Have you ensured that format looks appropriate for the output in
which it is rendered by building and verifying the site-book? If not then run
the following commands and the verify changes via
`site-book/target/site/index.html`:
```
cd site-book
mvn site
```
#### Note:
Please ensure that once the PR is submitted, you check travis-ci for build
issues and submit an update to your PR as soon as possible.
It is also recommended that [travis-ci](https://travis-ci.org) is set up
for your personal repository such that your branches are built there before
submitting a pull request.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/simonellistonball/metron METRON-1665
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/metron/pull/1111.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1111
----
commit 90b75c27e55d868d17c59910f2ce6cf25f4f4abf
Author: Simon Elliston Ball <simon@...>
Date: 2018-07-19T09:03:12Z
Add base projects for Hosting UIs in Spring
Add Zuul capability
Add KnoxSSO provider and security config
commit 8443329c90247c533bc4ffa5ef7cc64955c55f32
Author: Simon Elliston Ball <simon@...>
Date: 2018-07-19T09:20:04Z
Packaging changes for the UIs
commit 627d37cf8092260a37c1f80d599025dbf6d3d2f7
Author: Simon Elliston Ball <simon@...>
Date: 2018-07-19T09:28:29Z
Integrate SSO base to metron-rest and added test config
commit 824763624ec9e8abce94db0e5aaf51d7c92a6506
Author: Simon Elliston Ball <simon@...>
Date: 2018-07-19T09:52:28Z
Clean up assembly build process based on new packaging of uis
commit bb83e0bac91581410c5bb8f62e112c930cd0d89b
Author: Simon Elliston Ball <simon@...>
Date: 2018-07-19T10:04:44Z
Fixed security test for UI settings
commit dd6f3fb9eff2eafb3b8049abc836d7cb476a2396
Author: Simon Elliston Ball <simon@...>
Date: 2018-07-19T10:05:59Z
Added hosting applications for UIs
commit 278f9cb40dca4d0ef1e0239ec34f85062c0d852f
Author: Simon Elliston Ball <simon@...>
Date: 2018-07-12T17:43:00Z
Removed nodejs from rpm build process
commit c2fde46d5504769b19e9fd0872dcaf55ec6fbb6f
Author: Simon Elliston Ball <simon@...>
Date: 2018-07-19T11:19:44Z
RPM changes for new hosting method
----
> Move hosting of Alerts and Config UIs from Nodejs to Spring Boot
> ----------------------------------------------------------------
>
> Key: METRON-1665
> URL: https://issues.apache.org/jira/browse/METRON-1665
> Project: Metron
> Issue Type: Sub-task
> Reporter: Simon Elliston Ball
> Priority: Major
>
> The current UIs are served up by very lightweight nodejs applications, which
> serve the static bundle files produced by the angular build process, and
> proxies the rest api.
> The proposal is to use a spring boot application, allowing us to harmonise
> the security implementation across the UI static servers and the REST layer,
> and to provide a routing platform for later microservices.
> The UIs currently proxy to the REST API to avoid CORS issues, this will be
> achieved with Zuul.
> Spring Security will also be extended to use a Knox SSO authenticator.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
