This is an automated email from the ASF dual-hosted git repository.
yx9o pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shardingsphere.git
The following commit(s) were added to refs/heads/master by this push:
new 43685611007 Use Authenticator to instead of AuthenticationChecker
(#23825)
43685611007 is described below
commit 43685611007ae059a0d4798f25e766105348c788
Author: Liang Zhang <[email protected]>
AuthorDate: Mon Jan 30 12:44:53 2023 +0800
Use Authenticator to instead of AuthenticationChecker (#23825)
---
.../authority/checker/AuthenticationChecker.java | 46 ----------------------
.../authority/rule/AuthorityRule.java | 1 +
.../authentication/MySQLAuthenticationHandler.java | 5 +--
.../authenticator/MySQLAuthenticator.java | 12 +-----
.../OpenGaussAuthenticationHandler.java | 11 +++---
.../PostgreSQLAuthenticationHandler.java | 13 +++---
.../authenticator/PostgreSQLAuthenticator.java | 12 +-----
.../frontend/authentication/Authenticator.java | 13 +++++-
8 files changed, 28 insertions(+), 85 deletions(-)
diff --git
a/kernel/authority/core/src/main/java/org/apache/shardingsphere/authority/checker/AuthenticationChecker.java
b/kernel/authority/core/src/main/java/org/apache/shardingsphere/authority/checker/AuthenticationChecker.java
deleted file mode 100644
index dcdd29f4571..00000000000
---
a/kernel/authority/core/src/main/java/org/apache/shardingsphere/authority/checker/AuthenticationChecker.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.shardingsphere.authority.checker;
-
-import lombok.RequiredArgsConstructor;
-import org.apache.shardingsphere.authority.rule.AuthorityRule;
-import org.apache.shardingsphere.infra.metadata.user.Grantee;
-
-import java.util.function.BiPredicate;
-
-/**
- * Authentication checker.
- */
-@RequiredArgsConstructor
-public final class AuthenticationChecker {
-
- private final AuthorityRule rule;
-
- private final Grantee grantee;
-
- /**
- * Check Authentication with cipher.
- *
- * @param validator validator
- * @param cipher cipher
- * @return authenticated or not
- */
- public boolean isAuthenticated(final BiPredicate<Object, Object>
validator, final Object cipher) {
- return rule.findUser(grantee).filter(optional ->
validator.test(optional, cipher)).isPresent();
- }
-}
diff --git
a/kernel/authority/core/src/main/java/org/apache/shardingsphere/authority/rule/AuthorityRule.java
b/kernel/authority/core/src/main/java/org/apache/shardingsphere/authority/rule/AuthorityRule.java
index c4e31dd1ffc..0936253260f 100644
---
a/kernel/authority/core/src/main/java/org/apache/shardingsphere/authority/rule/AuthorityRule.java
+++
b/kernel/authority/core/src/main/java/org/apache/shardingsphere/authority/rule/AuthorityRule.java
@@ -55,6 +55,7 @@ public final class AuthorityRule implements GlobalRule {
/**
* Find user.
+ *
* @param grantee grantee user
* @return user
*/
diff --git
a/proxy/frontend/mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/MySQLAuthenticationHandler.java
b/proxy/frontend/mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/MySQLAuthenticationHandler.java
index 44ccd41a066..784adcd00b3 100644
---
a/proxy/frontend/mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/MySQLAuthenticationHandler.java
+++
b/proxy/frontend/mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/MySQLAuthenticationHandler.java
@@ -18,7 +18,6 @@
package org.apache.shardingsphere.proxy.frontend.mysql.authentication;
import lombok.Getter;
-import org.apache.shardingsphere.authority.checker.AuthenticationChecker;
import org.apache.shardingsphere.authority.checker.AuthorityChecker;
import org.apache.shardingsphere.authority.rule.AuthorityRule;
import
org.apache.shardingsphere.db.protocol.mysql.packet.handshake.MySQLAuthPluginData;
@@ -51,8 +50,8 @@ public final class MySQLAuthenticationHandler {
public Optional<MySQLVendorError> login(final String username, final
String hostname, final byte[] authenticationResponse, final String
databaseName) {
AuthorityRule authorityRule =
ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getGlobalRuleMetaData().getSingleRule(AuthorityRule.class);
Grantee grantee = new Grantee(username, hostname);
- MySQLAuthenticator authenticator = getAuthenticator(username,
hostname);
- if (!new AuthenticationChecker(authorityRule,
grantee).isAuthenticated((a, b) ->
authenticator.authenticate((ShardingSphereUser) a, (byte[]) b),
authenticationResponse)) {
+ Optional<ShardingSphereUser> user = authorityRule.findUser(grantee);
+ if (!user.isPresent() || !getAuthenticator(username,
hostname).authenticate(user.get(), authenticationResponse)) {
return Optional.of(MySQLVendorError.ER_ACCESS_DENIED_ERROR);
}
return null == databaseName || new AuthorityChecker(authorityRule,
grantee).isAuthorized(databaseName) ? Optional.empty() :
Optional.of(MySQLVendorError.ER_DBACCESS_DENIED_ERROR);
diff --git
a/proxy/frontend/mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/authenticator/MySQLAuthenticator.java
b/proxy/frontend/mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/authenticator/MySQLAuthenticator.java
index 3cf3e0a0a21..c7a8d14034d 100644
---
a/proxy/frontend/mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/authenticator/MySQLAuthenticator.java
+++
b/proxy/frontend/mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/authentication/authenticator/MySQLAuthenticator.java
@@ -17,20 +17,10 @@
package
org.apache.shardingsphere.proxy.frontend.mysql.authentication.authenticator;
-import org.apache.shardingsphere.infra.metadata.user.ShardingSphereUser;
import org.apache.shardingsphere.proxy.frontend.authentication.Authenticator;
/**
* MySQL authenticator.
*/
-public interface MySQLAuthenticator extends Authenticator {
-
- /**
- * Authenticate.
- *
- * @param user ShardingSphere user
- * @param authResponse auth response for user authentication
- * @return authentication success or not
- */
- boolean authenticate(ShardingSphereUser user, byte[] authResponse);
+public interface MySQLAuthenticator extends Authenticator<byte[]> {
}
diff --git
a/proxy/frontend/opengauss/src/main/java/org/apache/shardingsphere/proxy/frontend/opengauss/authentication/OpenGaussAuthenticationHandler.java
b/proxy/frontend/opengauss/src/main/java/org/apache/shardingsphere/proxy/frontend/opengauss/authentication/OpenGaussAuthenticationHandler.java
index 653714216b9..72cf3077ddc 100644
---
a/proxy/frontend/opengauss/src/main/java/org/apache/shardingsphere/proxy/frontend/opengauss/authentication/OpenGaussAuthenticationHandler.java
+++
b/proxy/frontend/opengauss/src/main/java/org/apache/shardingsphere/proxy/frontend/opengauss/authentication/OpenGaussAuthenticationHandler.java
@@ -22,7 +22,6 @@ import com.google.common.base.Strings;
import lombok.AccessLevel;
import lombok.NoArgsConstructor;
import lombok.SneakyThrows;
-import org.apache.shardingsphere.authority.checker.AuthenticationChecker;
import org.apache.shardingsphere.authority.checker.AuthorityChecker;
import org.apache.shardingsphere.authority.rule.AuthorityRule;
import
org.apache.shardingsphere.db.protocol.postgresql.packet.handshake.PostgreSQLPasswordMessagePacket;
@@ -46,6 +45,7 @@ import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Locale;
+import java.util.Optional;
/**
* Authentication handler for openGauss.
@@ -108,11 +108,10 @@ public final class OpenGaussAuthenticationHandler {
ShardingSpherePreconditions.checkState(Strings.isNullOrEmpty(databaseName) ||
ProxyContext.getInstance().databaseExists(databaseName), () -> new
UnknownDatabaseException(databaseName));
AuthorityRule authorityRule =
ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getGlobalRuleMetaData().getSingleRule(AuthorityRule.class);
Grantee grantee = new Grantee(username, "%");
-
ShardingSpherePreconditions.checkState(authorityRule.findUser(grantee).isPresent(),
() -> new UnknownUsernameException(username));
- if (!new AuthenticationChecker(authorityRule, grantee)
- .isAuthenticated((a, b) ->
isPasswordRight((ShardingSphereUser) a, (Object[]) b), new
Object[]{passwordMessagePacket.getDigest(), salt, nonce, serverIteration})) {
- throw new InvalidPasswordException(username);
- }
+ Optional<ShardingSphereUser> user = authorityRule.findUser(grantee);
+ ShardingSpherePreconditions.checkState(user.isPresent(), () -> new
UnknownUsernameException(username));
+ ShardingSpherePreconditions.checkState(isPasswordRight(user.get(), new
Object[]{passwordMessagePacket.getDigest(), salt, nonce, serverIteration}),
+ () -> new InvalidPasswordException(username));
ShardingSpherePreconditions.checkState(null == databaseName || new
AuthorityChecker(authorityRule, grantee).isAuthorized(databaseName),
() -> new PrivilegeNotGrantedException(username,
databaseName));
}
diff --git
a/proxy/frontend/postgresql/src/main/java/org/apache/shardingsphere/proxy/frontend/postgresql/authentication/PostgreSQLAuthenticationHandler.java
b/proxy/frontend/postgresql/src/main/java/org/apache/shardingsphere/proxy/frontend/postgresql/authentication/PostgreSQLAuthenticationHandler.java
index 67d0c6eccec..a3a9420d3ed 100644
---
a/proxy/frontend/postgresql/src/main/java/org/apache/shardingsphere/proxy/frontend/postgresql/authentication/PostgreSQLAuthenticationHandler.java
+++
b/proxy/frontend/postgresql/src/main/java/org/apache/shardingsphere/proxy/frontend/postgresql/authentication/PostgreSQLAuthenticationHandler.java
@@ -18,7 +18,6 @@
package org.apache.shardingsphere.proxy.frontend.postgresql.authentication;
import com.google.common.base.Strings;
-import org.apache.shardingsphere.authority.checker.AuthenticationChecker;
import org.apache.shardingsphere.authority.checker.AuthorityChecker;
import org.apache.shardingsphere.authority.rule.AuthorityRule;
import
org.apache.shardingsphere.db.protocol.postgresql.packet.handshake.PostgreSQLPasswordMessagePacket;
@@ -33,6 +32,8 @@ import
org.apache.shardingsphere.proxy.backend.context.ProxyContext;
import
org.apache.shardingsphere.proxy.frontend.postgresql.authentication.authenticator.PostgreSQLAuthenticator;
import
org.apache.shardingsphere.proxy.frontend.postgresql.authentication.authenticator.PostgreSQLMD5PasswordAuthenticator;
+import java.util.Optional;
+
/**
* Authentication handler for PostgreSQL.
*/
@@ -50,12 +51,10 @@ public final class PostgreSQLAuthenticationHandler {
ShardingSpherePreconditions.checkState(Strings.isNullOrEmpty(databaseName) ||
ProxyContext.getInstance().databaseExists(databaseName), () -> new
UnknownDatabaseException(databaseName));
AuthorityRule authorityRule =
ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getGlobalRuleMetaData().getSingleRule(AuthorityRule.class);
Grantee grantee = new Grantee(username, "%");
-
ShardingSpherePreconditions.checkState(authorityRule.findUser(grantee).isPresent(),
() -> new UnknownUsernameException(username));
- PostgreSQLAuthenticator authenticator = getAuthenticator(username,
grantee.getHostname());
- if (!new AuthenticationChecker(authorityRule, grantee)
- .isAuthenticated((a, b) ->
authenticator.authenticate((ShardingSphereUser) a, (Object[]) b), new
Object[]{passwordMessagePacket.getDigest(), md5Salt})) {
- throw new InvalidPasswordException(username);
- }
+ Optional<ShardingSphereUser> user = authorityRule.findUser(grantee);
+ ShardingSpherePreconditions.checkState(user.isPresent(), () -> new
UnknownUsernameException(username));
+ ShardingSpherePreconditions.checkState(getAuthenticator(username,
grantee.getHostname()).authenticate(user.get(), new
Object[]{passwordMessagePacket.getDigest(), md5Salt}),
+ () -> new InvalidPasswordException(username));
ShardingSpherePreconditions.checkState(null == databaseName || new
AuthorityChecker(authorityRule, grantee).isAuthorized(databaseName),
() -> new PrivilegeNotGrantedException(username,
databaseName));
}
diff --git
a/proxy/frontend/postgresql/src/main/java/org/apache/shardingsphere/proxy/frontend/postgresql/authentication/authenticator/PostgreSQLAuthenticator.java
b/proxy/frontend/postgresql/src/main/java/org/apache/shardingsphere/proxy/frontend/postgresql/authentication/authenticator/PostgreSQLAuthenticator.java
index 629dbe6036f..8401995685d 100644
---
a/proxy/frontend/postgresql/src/main/java/org/apache/shardingsphere/proxy/frontend/postgresql/authentication/authenticator/PostgreSQLAuthenticator.java
+++
b/proxy/frontend/postgresql/src/main/java/org/apache/shardingsphere/proxy/frontend/postgresql/authentication/authenticator/PostgreSQLAuthenticator.java
@@ -17,7 +17,6 @@
package
org.apache.shardingsphere.proxy.frontend.postgresql.authentication.authenticator;
-import org.apache.shardingsphere.infra.metadata.user.ShardingSphereUser;
import org.apache.shardingsphere.proxy.frontend.authentication.Authenticator;
/**
@@ -25,14 +24,5 @@ import
org.apache.shardingsphere.proxy.frontend.authentication.Authenticator;
*
* @see <a
href="https://www.postgresql.org/docs/14/auth-password.html";>Password
Authentication</a>
*/
-public interface PostgreSQLAuthenticator extends Authenticator {
-
- /**
- * Authenticate.
- *
- * @param user ShardingSphere user
- * @param args arguments for user authentication
- * @return authentication success or not
- */
- boolean authenticate(ShardingSphereUser user, Object[] args);
+public interface PostgreSQLAuthenticator extends Authenticator<Object[]> {
}
diff --git
a/proxy/frontend/spi/src/main/java/org/apache/shardingsphere/proxy/frontend/authentication/Authenticator.java
b/proxy/frontend/spi/src/main/java/org/apache/shardingsphere/proxy/frontend/authentication/Authenticator.java
index 4e48f894a40..ddc37d80c46 100644
---
a/proxy/frontend/spi/src/main/java/org/apache/shardingsphere/proxy/frontend/authentication/Authenticator.java
+++
b/proxy/frontend/spi/src/main/java/org/apache/shardingsphere/proxy/frontend/authentication/Authenticator.java
@@ -17,10 +17,21 @@
package org.apache.shardingsphere.proxy.frontend.authentication;
+import org.apache.shardingsphere.infra.metadata.user.ShardingSphereUser;
+
/**
* Authenticator.
*/
-public interface Authenticator {
+public interface Authenticator<T> {
+
+ /**
+ * Authenticate.
+ *
+ * @param user ShardingSphere user
+ * @param authInfo authentication information
+ * @return authentication success or not
+ */
+ boolean authenticate(ShardingSphereUser user, T authInfo);
/**
* Get the name of authentication method.
