[
https://issues.apache.org/jira/browse/SCB-788?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16571608#comment-16571608
]
ASF GitHub Bot commented on SCB-788:
------------------------------------
liubao68 closed pull request #846: [SCB-788] public key black/white add
feature: choose server by version
URL: https://github.com/apache/incubator-servicecomb-java-chassis/pull/846
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git
a/common/common-rest/src/main/java/org/apache/servicecomb/common/rest/codec/RestObjectMapper.java
b/common/common-rest/src/main/java/org/apache/servicecomb/common/rest/codec/RestObjectMapper.java
index 617e86be7..f94ec2c15 100644
---
a/common/common-rest/src/main/java/org/apache/servicecomb/common/rest/codec/RestObjectMapper.java
+++
b/common/common-rest/src/main/java/org/apache/servicecomb/common/rest/codec/RestObjectMapper.java
@@ -26,7 +26,6 @@
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.JavaType;
import com.fasterxml.jackson.databind.JsonSerializer;
-import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature;
import com.fasterxml.jackson.databind.SerializerProvider;
import com.fasterxml.jackson.databind.module.SimpleModule;
diff --git a/core/src/test/java/org/apache/servicecomb/core/TestExecutors.java
b/core/src/test/java/org/apache/servicecomb/core/TestExecutors.java
index 8d64571c1..4de37b59f 100644
--- a/core/src/test/java/org/apache/servicecomb/core/TestExecutors.java
+++ b/core/src/test/java/org/apache/servicecomb/core/TestExecutors.java
@@ -56,6 +56,7 @@ public void run() {
strThreadTest = "thread Ran";
}
});
+ oReactiveExecutor.close();
Assert.assertEquals("thread Ran", strThreadTest);
}
}
diff --git
a/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/provider/AccessController.java
b/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/provider/AccessController.java
index 9d8ff1b51..e609e9f0b 100644
---
a/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/provider/AccessController.java
+++
b/handlers/handler-publickey-auth/src/main/java/org/apache/servicecomb/authentication/provider/AccessController.java
@@ -16,9 +16,11 @@
*/
package org.apache.servicecomb.authentication.provider;
+import java.beans.PropertyDescriptor;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
+import java.util.Map.Entry;
import org.apache.commons.lang3.StringUtils;
import org.apache.servicecomb.serviceregistry.api.registry.Microservice;
@@ -84,20 +86,38 @@ private boolean blackDenied(Microservice microservice) {
private boolean matchFound(Microservice microservice, Map<String,
ConfigurationItem> ruleList) {
boolean matched = false;
for (ConfigurationItem item : ruleList.values()) {
- // TODO: Currently we only support property, not support tags. And we
will support tags later.
if (ConfigurationItem.CATEGORY_PROPERTY.equals(item.category)) {
- // TODO: Currently we only support to configure serviceName. And we
will support others later.
- if ("serviceName".equals(item.propertyName)) {
- if (isPatternMatch(microservice.getServiceName(), item.rule)) {
- matched = true;
- break;
- }
- }
+ // we support to configure properties, e.g. serviceName, appId,
environment, alias, version and so on, also support key in properties.
+ if (matchMicroserviceField(microservice, item) ||
matchMicroserviceProperties(microservice, item))
+ return true;
}
}
return matched;
}
+ private boolean matchMicroserviceProperties(Microservice microservice,
ConfigurationItem item) {
+ Map<String, String> properties = microservice.getProperties();
+ for (Entry<String, String> entry : properties.entrySet()) {
+ if (!entry.getKey().equals(item.propertyName))
+ continue;
+ return isPatternMatch(entry.getValue(), item.rule);
+ }
+ return false;
+ }
+
+ private boolean matchMicroserviceField(Microservice microservice,
ConfigurationItem item) {
+ Object fieldValue = null;
+ try {
+ fieldValue = new PropertyDescriptor(item.propertyName,
Microservice.class).getReadMethod().invoke(microservice);
+ } catch (Exception e) {
+ LOG.warn("can't find propertyname: {} in microservice field, will search
in microservice properties.", item.propertyName);
+ return false;
+ }
+ if (fieldValue.getClass().getName().equals(String.class.getName()))
+ return isPatternMatch((String) fieldValue, item.rule);
+ return false;
+ }
+
private boolean isPatternMatch(String value, String pattern) {
if (pattern.startsWith("*")) {
return value.endsWith(pattern.substring(1));
diff --git
a/handlers/handler-publickey-auth/src/test/java/org/apache/servicecomb/authentication/TestAccessController.java
b/handlers/handler-publickey-auth/src/test/java/org/apache/servicecomb/authentication/TestAccessController.java
index c5774490c..e493e7703 100644
---
a/handlers/handler-publickey-auth/src/test/java/org/apache/servicecomb/authentication/TestAccessController.java
+++
b/handlers/handler-publickey-auth/src/test/java/org/apache/servicecomb/authentication/TestAccessController.java
@@ -16,6 +16,9 @@
*/
package org.apache.servicecomb.authentication;
+import java.util.HashMap;
+import java.util.Map;
+
import org.apache.servicecomb.authentication.provider.AccessController;
import org.apache.servicecomb.foundation.common.utils.Log4jUtils;
import org.apache.servicecomb.foundation.test.scaffolding.config.ArchaiusUtils;
@@ -24,7 +27,6 @@
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
-import org.mockito.Mockito;
public class TestAccessController {
@Before
@@ -38,65 +40,65 @@ public void tearDown() {
}
@Test
- public void testIsValidOfWhite() {
+ public void testIsValidOfWhiteByServiceName() {
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.propertyName",
"serviceName");
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.category",
"property");
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.rule",
"trust*");
AccessController controller = new AccessController();
- Microservice service = Mockito.mock(Microservice.class);
+ Microservice service = new Microservice();
- Mockito.when(service.getServiceName()).thenReturn("trustCustomer");
+ service.setServiceName("trustCustomer");
Assert.assertTrue(controller.isAllowed(service));
- Mockito.when(service.getServiceName()).thenReturn("nottrustCustomer");
+ service.setServiceName("nottrustCustomer");
Assert.assertTrue(!controller.isAllowed(service));
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.rule",
"*trust");
- Mockito.when(service.getServiceName()).thenReturn("Customer_trust");
+ service.setServiceName("Customer_trust");
Assert.assertTrue(controller.isAllowed(service));
- Mockito.when(service.getServiceName()).thenReturn("Customer_trust_not");
+ service.setServiceName("Customer_trust_not");
Assert.assertTrue(!controller.isAllowed(service));
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.rule",
"trust");
- Mockito.when(service.getServiceName()).thenReturn("trust");
+ service.setServiceName("trust");
Assert.assertTrue(controller.isAllowed(service));
- Mockito.when(service.getServiceName()).thenReturn("Customer_trust");
+ service.setServiceName("Customer_trust");
Assert.assertTrue(!controller.isAllowed(service));
}
@Test
- public void testIsValidOfBlack() {
+ public void testIsValidOfBlackByServiceName() {
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.propertyName",
"serviceName");
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.category",
"property");
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.rule",
"trust*");
AccessController controller = new AccessController();
- Microservice service = Mockito.mock(Microservice.class);
+ Microservice service = new Microservice();
- Mockito.when(service.getServiceName()).thenReturn("trustCustomer");
+ service.setServiceName("trustCustomer");
Assert.assertTrue(!controller.isAllowed(service));
- Mockito.when(service.getServiceName()).thenReturn("nottrustCustomer");
+ service.setServiceName("nottrustCustomer");
Assert.assertTrue(controller.isAllowed(service));
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.rule",
"*trust");
- Mockito.when(service.getServiceName()).thenReturn("Customer_trust");
+ service.setServiceName("Customer_trust");
Assert.assertTrue(!controller.isAllowed(service));
- Mockito.when(service.getServiceName()).thenReturn("Customer_trust_not");
+ service.setServiceName("Customer_trust_not");
Assert.assertTrue(controller.isAllowed(service));
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.rule",
"trust");
- Mockito.when(service.getServiceName()).thenReturn("trust");
+ service.setServiceName("trust");
Assert.assertTrue(!controller.isAllowed(service));
- Mockito.when(service.getServiceName()).thenReturn("Customer_trust");
+ service.setServiceName("Customer_trust");
Assert.assertTrue(controller.isAllowed(service));
}
@Test
- public void testIsValidOfBlackAndWhite() {
+ public void testIsValidOfBlackAndWhiteByServiceName() {
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.propertyName",
"serviceName");
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.category",
"property");
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.rule",
"trust*");
@@ -105,12 +107,65 @@ public void testIsValidOfBlackAndWhite() {
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.rule",
"*hacker");
AccessController controller = new AccessController();
- Microservice service = Mockito.mock(Microservice.class);
+ Microservice service = new Microservice();
+
+ service.setServiceName("trustCustomer");
+ Assert.assertTrue(controller.isAllowed(service));
+
+ service.setServiceName("trustCustomerhacker");
+ Assert.assertTrue(!controller.isAllowed(service));
+ }
+
+ @Test
+ public void testIsValidOfBlackByProperties() {
+
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.propertyName",
"tag");
+
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.category",
"property");
+
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.rule",
"test");
+ AccessController controller = new AccessController();
+ Microservice service = new Microservice();
+ Map<String, String> map = new HashMap<>();
+ map.put("tag", "test");
+
+ service.setProperties(map);
+ Assert.assertTrue(!controller.isAllowed(service));
+
+ map.put("tag", "testa");
+ service.setProperties(map);
+ Assert.assertTrue(controller.isAllowed(service));
+ }
+
+ @Test
+ public void testIsValidOfWhiteByProperties() {
+
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.propertyName",
"tag");
+
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.category",
"property");
+
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.rule",
"test");
+ AccessController controller = new AccessController();
+ Microservice service = new Microservice();
+ Map<String, String> map = new HashMap<>();
+ map.put("tag", "test");
- Mockito.when(service.getServiceName()).thenReturn("trustCustomer");
+ service.setProperties(map);
Assert.assertTrue(controller.isAllowed(service));
- Mockito.when(service.getServiceName()).thenReturn("trustCustomerhacker");
+ map.put("tag", "testa");
+ service.setProperties(map);
+ Assert.assertTrue(!controller.isAllowed(service));
+ }
+
+ @Test
+ public void testIsValidOfBlackAndWhiteByServiceNameAndVersion() {
+
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.propertyName",
"serviceName");
+
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.category",
"property");
+
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.white.list1.rule",
"trust*");
+
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.propertyName",
"version");
+
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.category",
"property");
+
ArchaiusUtils.setProperty("servicecomb.publicKey.accessControl.black.list1.rule",
"0.0.1");
+
+ AccessController controller = new AccessController();
+ Microservice service = new Microservice();
+ service.setServiceName("trustCustomer");
+ service.setVersion("0.0.1");
+
Assert.assertTrue(!controller.isAllowed(service));
}
}
diff --git a/samples/trust-sample/store/src/main/resources/microservice.yaml
b/samples/trust-sample/store/src/main/resources/microservice.yaml
index 88bf72b22..4358d42b1 100644
--- a/samples/trust-sample/store/src/main/resources/microservice.yaml
+++ b/samples/trust-sample/store/src/main/resources/microservice.yaml
@@ -38,8 +38,9 @@ servicecomb:
black:
list01:
category: property ## property, fixed value
- propertyName: serviceName ## property name
- rule: hacker ## property value match expression. only supports
prefix match and postfix match and exactly match. e.g. hacker*, *hacker, hacker
+ propertyName: serviceName ## property name, e.g. serviceName, appId,
environment, alias, version and so on, also support key in properties.
+ rule: hacker ## property value match expression.
+##if propertyName is serviceName, only supports prefix match and postfix match
and exactly match. e.g. hacker*, *hacker, hacker
white:
list02:
category: property
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> public key black/white add feature: choose server by version
> ------------------------------------------------------------
>
> Key: SCB-788
> URL: https://issues.apache.org/jira/browse/SCB-788
> Project: Apache ServiceComb
> Issue Type: New Feature
> Components: Java-Chassis
> Reporter: WeiChao
> Assignee: WeiChao
> Priority: Major
> Fix For: java-chassis-1.1.0
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
