This is an automated email from the ASF dual-hosted git repository. akshayrai09 pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/incubator-pinot.git
The following commit(s) were added to refs/heads/master by this push: new fd003dc [TE] Clean up and inject ThirdEye Credentials into SecurityContext (#4326) fd003dc is described below commit fd003dc747d85fa7ce76bae4b08b5a4888f97880 Author: Akshay Rai <akshayra...@gmail.com> AuthorDate: Mon Jun 17 16:34:28 2019 -0700 [TE] Clean up and inject ThirdEye Credentials into SecurityContext (#4326) --- .../pinot/thirdeye/auth/ThirdEyeAuthFilter.java | 24 +++-- .../auth/ThirdEyeAuthenticatorDisabled.java | 4 +- .../{Credentials.java => ThirdEyeCredentials.java} | 26 ++++- ...torLdap.java => ThirdEyeLdapAuthenticator.java} | 120 ++++++++++++--------- .../pinot/thirdeye/auth/ThirdEyePrincipal.java | 9 ++ .../dashboard/ThirdEyeDashboardApplication.java | 20 ++-- .../dashboard/resources/v2/AuthResource.java | 8 +- .../auth/ThirdEyeAuthenticatorLdapTest.java | 20 ++-- 8 files changed, 143 insertions(+), 88 deletions(-) diff --git a/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeAuthFilter.java b/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeAuthFilter.java index 53cc6ca..ca30d09 100644 --- a/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeAuthFilter.java +++ b/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeAuthFilter.java @@ -19,10 +19,10 @@ package org.apache.pinot.thirdeye.auth; +import javax.ws.rs.core.SecurityContext; import org.apache.pinot.thirdeye.dashboard.resources.v2.AuthResource; import org.apache.pinot.thirdeye.datalayer.bao.SessionManager; import org.apache.pinot.thirdeye.datalayer.dto.SessionDTO; -import org.apache.pinot.thirdeye.datasource.DAORegistry; import io.dropwizard.auth.AuthFilter; import io.dropwizard.auth.Authenticator; import java.util.HashSet; @@ -37,35 +37,34 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; -public class ThirdEyeAuthFilter extends AuthFilter<Credentials, ThirdEyePrincipal> { +public class ThirdEyeAuthFilter extends AuthFilter<ThirdEyeCredentials, ThirdEyePrincipal> { private static final Logger LOG = LoggerFactory.getLogger(ThirdEyeAuthFilter.class); private static final ThreadLocal<ThirdEyePrincipal> principalAuthContextThreadLocal = new ThreadLocal<>(); - private static final DAORegistry DAO_REGISTRY = DAORegistry.getInstance(); private final Set<String> allowedPaths; private final SessionManager sessionDAO; private Set<String> administrators; - public ThirdEyeAuthFilter(Authenticator<Credentials, ThirdEyePrincipal> authenticator, Set<String> allowedPaths, List<String> administrators) { + public ThirdEyeAuthFilter(Authenticator<ThirdEyeCredentials, ThirdEyePrincipal> authenticator, Set<String> allowedPaths, List<String> administrators, SessionManager sessionDAO) { this.authenticator = authenticator; this.allowedPaths = allowedPaths; - this.sessionDAO = DAO_REGISTRY.getSessionDAO(); + this.sessionDAO = sessionDAO; if (administrators != null) { this.administrators = new HashSet<>(administrators); } } @Override - public void filter(ContainerRequestContext containerRequestContext) { + public void filter(ContainerRequestContext requestContext) { setCurrentPrincipal(null); - String uriPath = containerRequestContext.getUriInfo().getPath(); + String uriPath = requestContext.getUriInfo().getPath(); LOG.info("Checking auth for {}", uriPath); ThirdEyePrincipal principal = new ThirdEyePrincipal(); - if (!isAuthenticated(containerRequestContext, principal)) { + if (!isAuthenticated(requestContext, principal)) { // not authenticated, check exceptions // authenticate end points should be out of auth filter @@ -99,6 +98,15 @@ public class ThirdEyeAuthFilter extends AuthFilter<Credentials, ThirdEyePrincipa } setCurrentPrincipal(principal); + + ThirdEyeCredentials credentials = new ThirdEyeCredentials(); + credentials.setPrincipal(principal.getName()); + credentials.setToken(principal.getSessionKey()); + + // Trigger the parent authentication to inject the credentials into the Security Context + if (!this.authenticate(requestContext, credentials, SecurityContext.BASIC_AUTH)) { + throw new WebApplicationException(unauthorizedHandler.buildResponse(prefix, realm)); + } } private boolean isAuthenticated(ContainerRequestContext containerRequestContext, ThirdEyePrincipal principal) { diff --git a/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeAuthenticatorDisabled.java b/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeAuthenticatorDisabled.java index 897e533..c959ead 100644 --- a/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeAuthenticatorDisabled.java +++ b/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeAuthenticatorDisabled.java @@ -26,14 +26,14 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; -public class ThirdEyeAuthenticatorDisabled implements Authenticator<Credentials, ThirdEyePrincipal> { +public class ThirdEyeAuthenticatorDisabled implements Authenticator<ThirdEyeCredentials, ThirdEyePrincipal> { private static final Logger LOG = LoggerFactory.getLogger(ThirdEyeAuthenticatorDisabled.class); /** * {@inheritDoc} */ @Override - public Optional<ThirdEyePrincipal> authenticate(Credentials credentials) throws AuthenticationException { + public Optional<ThirdEyePrincipal> authenticate(ThirdEyeCredentials credentials) throws AuthenticationException { LOG.info("Authentication is disabled. Accepting any credentials for {}.", credentials.getPrincipal()); ThirdEyePrincipal principal = new ThirdEyePrincipal(); diff --git a/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/Credentials.java b/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeCredentials.java similarity index 70% rename from thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/Credentials.java rename to thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeCredentials.java index af91298..5537b67 100644 --- a/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/Credentials.java +++ b/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeCredentials.java @@ -22,9 +22,18 @@ package org.apache.pinot.thirdeye.auth; import java.util.Objects; -public class Credentials { +public class ThirdEyeCredentials { String principal; String password; + String token; + + ThirdEyeCredentials(String principal, String password) { + this.principal = principal; + this.password = password; + } + + public ThirdEyeCredentials() { + } public String getPrincipal() { return principal; @@ -42,16 +51,25 @@ public class Credentials { this.password = password; } + public String getToken() { + return token; + } + + public void setToken(String token) { + this.token = token; + } + @Override public boolean equals(Object o) { if (this == o) { return true; } - if (!(o instanceof Credentials)) { + if (!(o instanceof ThirdEyeCredentials)) { return false; } - Credentials that = (Credentials) o; - return Objects.equals(principal, that.principal) && Objects.equals(password, that.password); + ThirdEyeCredentials that = (ThirdEyeCredentials) o; + return (Objects.equals(principal, that.principal) && Objects.equals(password, that.password)) + || Objects.equals(token, that.token); } @Override diff --git a/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeAuthenticatorLdap.java b/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeLdapAuthenticator.java similarity index 61% rename from thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeAuthenticatorLdap.java rename to thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeLdapAuthenticator.java index 88a28db..a3bc303 100644 --- a/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeAuthenticatorLdap.java +++ b/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyeLdapAuthenticator.java @@ -32,22 +32,26 @@ import javax.naming.NamingException; import javax.naming.directory.InitialDirContext; import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.lang3.StringUtils; +import org.apache.pinot.thirdeye.datalayer.bao.SessionManager; +import org.apache.pinot.thirdeye.datalayer.dto.SessionDTO; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -public class ThirdEyeAuthenticatorLdap implements Authenticator<Credentials, ThirdEyePrincipal> { - private static final Logger LOG = LoggerFactory.getLogger(ThirdEyeAuthenticatorLdap.class); +public class ThirdEyeLdapAuthenticator implements Authenticator<ThirdEyeCredentials, ThirdEyePrincipal> { + private static final Logger LOG = LoggerFactory.getLogger(ThirdEyeLdapAuthenticator.class); private static final String LDAP_CONTEXT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory"; private final List<String> domainSuffix; private final String ldapUrl; + private final SessionManager sessionDAO; private String ldapContextFactory; - public ThirdEyeAuthenticatorLdap(List<String> domainSuffix, String ldapUrl) { + public ThirdEyeLdapAuthenticator(List<String> domainSuffix, String ldapUrl, SessionManager sessionDAO) { this.domainSuffix = domainSuffix; this.ldapUrl = ldapUrl; + this.sessionDAO = sessionDAO; this.ldapContextFactory = LDAP_CONTEXT_FACTORY; } @@ -56,60 +60,74 @@ public class ThirdEyeAuthenticatorLdap implements Authenticator<Credentials, Thi } /** + * Attempt ldap authentication with the following steps: + * 1. If user's name contains domain name or the system doesn't have any given domain names, + * then use the username as is. + * 2. Else, try out all combinations of username and the given domain names of the system. + */ + private Optional<ThirdEyePrincipal> ldapAuthenticate(String username, String password) { + LOG.info("Authenticating '{}' via username and password", username); + Hashtable<String, String> env = new Hashtable<>(); + env.put(Context.INITIAL_CONTEXT_FACTORY, ldapContextFactory); + env.put(Context.PROVIDER_URL, this.ldapUrl); + if (this.ldapUrl.startsWith("ldaps")) { + env.put(Context.SECURITY_PROTOCOL, "ssl"); + } + env.put(Context.SECURITY_AUTHENTICATION, "simple"); + env.put(Context.SECURITY_CREDENTIALS, password); + + AuthenticationResults authenticationResults = new AuthenticationResults(); + if (username.contains("@") || CollectionUtils.isEmpty(domainSuffix)) { + env.put(Context.SECURITY_PRINCIPAL, username); + AuthenticationResult authenticationResult = authenticate(env); + authenticationResults.appendAuthenticationResult(authenticationResult); + } else { + for (String suffix : domainSuffix) { + env.put(Context.SECURITY_PRINCIPAL, username + '@' + suffix); + AuthenticationResult authenticationResult = authenticate(env); + authenticationResults.appendAuthenticationResult(authenticationResult); + if (authenticationResults.isAuthenticated()) { + break; + } + } + } + + if (authenticationResults.isAuthenticated()) { + ThirdEyePrincipal principal = new ThirdEyePrincipal(); + principal.setName(env.get(Context.SECURITY_PRINCIPAL)); + LOG.info("Successfully authenticated {} with LDAP", env.get(Context.SECURITY_PRINCIPAL)); + return Optional.of(principal); + } else { + // Failed to authenticate the user; log all error messages. + List<String> errorMessages = authenticationResults.getMessages(); + for (String errorMessage : errorMessages) { + LOG.error(errorMessage); + } + return Optional.empty(); + } + } + + /** * {@inheritDoc} */ @Override - public Optional<ThirdEyePrincipal> authenticate(Credentials credentials) throws AuthenticationException { + public Optional<ThirdEyePrincipal> authenticate(ThirdEyeCredentials credentials) throws AuthenticationException { try { - String principalName = credentials.getPrincipal(); - if (StringUtils.isBlank(principalName)) { - LOG.info("Unable to authenticate empty user name."); - return Optional.empty(); - } else { - LOG.info("Authenticating '{}' via username and password", principalName); - - Hashtable<String, String> env = new Hashtable<>(); - env.put(Context.INITIAL_CONTEXT_FACTORY, ldapContextFactory); - env.put(Context.PROVIDER_URL, this.ldapUrl); - if (this.ldapUrl.startsWith("ldaps")) { - env.put(Context.SECURITY_PROTOCOL, "ssl"); - } - env.put(Context.SECURITY_AUTHENTICATION, "simple"); - env.put(Context.SECURITY_CREDENTIALS, credentials.getPassword()); - - // Attempt ldap authentication with the following steps: - // 1. If user's name contains domain name or the system doesn't have any given domain names, then - // use the username as is. - // 2. Else, try out all combinations of username and the given domain names of the system. - AuthenticationResults authenticationResults = new AuthenticationResults(); - if (principalName.contains("@") || CollectionUtils.isEmpty(domainSuffix)) { - env.put(Context.SECURITY_PRINCIPAL, principalName); - AuthenticationResult authenticationResult = authenticate(env); - authenticationResults.appendAuthenticationResult(authenticationResult); - } else { - for (String suffix : domainSuffix) { - env.put(Context.SECURITY_PRINCIPAL, principalName + '@' + suffix); - AuthenticationResult authenticationResult = authenticate(env); - authenticationResults.appendAuthenticationResult(authenticationResult); - if (authenticationResults.isAuthenticated()) { - break; - } - } + if (StringUtils.isNotBlank(credentials.getToken())) { + SessionDTO sessionDTO = this.sessionDAO.findBySessionKey(credentials.getToken()); + if (sessionDTO != null && System.currentTimeMillis() < sessionDTO.getExpirationTime()) { + return Optional.of(new ThirdEyePrincipal(credentials.getPrincipal(), credentials.getToken())); } + } - if (authenticationResults.isAuthenticated()) { - ThirdEyePrincipal principal = new ThirdEyePrincipal(); - principal.setName(env.get(Context.SECURITY_PRINCIPAL)); - LOG.info("Successfully authenticated {} with LDAP", env.get(Context.SECURITY_PRINCIPAL)); - return Optional.of(principal); - } else { - // Failed to authenticate the user; log all error messages. - List<String> errorMessages = authenticationResults.getMessages(); - for (String errorMessage : errorMessages) { - LOG.error(errorMessage); - } - return Optional.empty(); - } + String username = credentials.getPrincipal(); + String password = credentials.getPassword(); + + if (StringUtils.isBlank(username) || StringUtils.isBlank(password)) { + LOG.info("Unable to authenticate empty user name/password"); + return Optional.empty(); + } else { + return ldapAuthenticate(username, password); } } catch (Exception e) { throw new AuthenticationException(e); diff --git a/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyePrincipal.java b/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyePrincipal.java index 1103ddf..c63bdfc 100644 --- a/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyePrincipal.java +++ b/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/auth/ThirdEyePrincipal.java @@ -29,6 +29,15 @@ public class ThirdEyePrincipal implements Principal { Set<String> groups = new HashSet<>(); String sessionKey; + public ThirdEyePrincipal(String name, String token) { + this.name = name; + this.sessionKey = token; + } + + public ThirdEyePrincipal() { + + } + public String getSessionKey() { return sessionKey; } diff --git a/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/dashboard/ThirdEyeDashboardApplication.java b/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/dashboard/ThirdEyeDashboardApplication.java index 76b5403..dce1242 100644 --- a/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/dashboard/ThirdEyeDashboardApplication.java +++ b/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/dashboard/ThirdEyeDashboardApplication.java @@ -21,15 +21,17 @@ package org.apache.pinot.thirdeye.dashboard; import com.fasterxml.jackson.databind.SerializationFeature; import com.google.common.cache.CacheBuilder; +import io.dropwizard.auth.AuthValueFactoryProvider; +import io.dropwizard.auth.Authenticator; import org.apache.pinot.thirdeye.anomaly.detection.DetectionJobScheduler; import org.apache.pinot.thirdeye.anomaly.onboard.DetectionOnboardResource; import org.apache.pinot.thirdeye.anomalydetection.alertFilterAutotune.AlertFilterAutotuneFactory; import org.apache.pinot.thirdeye.api.application.ApplicationResource; +import org.apache.pinot.thirdeye.auth.ThirdEyeCredentials; import org.apache.pinot.thirdeye.common.time.TimeGranularity; -import org.apache.pinot.thirdeye.auth.Credentials; import org.apache.pinot.thirdeye.auth.ThirdEyeAuthFilter; import org.apache.pinot.thirdeye.auth.ThirdEyeAuthenticatorDisabled; -import org.apache.pinot.thirdeye.auth.ThirdEyeAuthenticatorLdap; +import org.apache.pinot.thirdeye.auth.ThirdEyeLdapAuthenticator; import org.apache.pinot.thirdeye.auth.ThirdEyePrincipal; import org.apache.pinot.thirdeye.common.BaseThirdEyeApplication; import org.apache.pinot.thirdeye.common.ThirdEyeSwaggerBundle; @@ -65,6 +67,7 @@ import org.apache.pinot.thirdeye.api.user.dashboard.UserDashboardResource; import org.apache.pinot.thirdeye.dashboard.resources.v2.rootcause.DefaultEntityFormatter; import org.apache.pinot.thirdeye.dashboard.resources.v2.rootcause.FormatterLoader; import org.apache.pinot.thirdeye.dataset.DatasetAutoOnboardResource; +import org.apache.pinot.thirdeye.datasource.DAORegistry; import org.apache.pinot.thirdeye.datasource.ThirdEyeCacheRegistry; import org.apache.pinot.thirdeye.datasource.loader.AggregationLoader; import org.apache.pinot.thirdeye.datasource.loader.DefaultAggregationLoader; @@ -80,7 +83,6 @@ import org.apache.pinot.thirdeye.rootcause.RCAFramework; import org.apache.pinot.thirdeye.rootcause.impl.RCAFrameworkLoader; import org.apache.pinot.thirdeye.tracking.RequestStatisticsLogger; import io.dropwizard.assets.AssetsBundle; -import io.dropwizard.auth.Authenticator; import io.dropwizard.auth.CachingAuthenticator; import io.dropwizard.bundles.redirect.PathRedirect; import io.dropwizard.bundles.redirect.RedirectBundle; @@ -234,21 +236,23 @@ public class ThirdEyeDashboardApplication LOG.error("Error loading the resource", e); } + // Authentication if (config.getAuthConfig() != null) { final AuthConfiguration authConfig = config.getAuthConfig(); // default permissive authenticator - Authenticator<Credentials, ThirdEyePrincipal> authenticator = new ThirdEyeAuthenticatorDisabled(); + Authenticator<ThirdEyeCredentials, ThirdEyePrincipal> authenticator = new ThirdEyeAuthenticatorDisabled(); // ldap authenticator if (authConfig.isAuthEnabled()) { - final ThirdEyeAuthenticatorLdap authenticatorLdap = new ThirdEyeAuthenticatorLdap(authConfig.getDomainSuffix(), authConfig.getLdapUrl()); + final ThirdEyeLdapAuthenticator + authenticatorLdap = new ThirdEyeLdapAuthenticator(authConfig.getDomainSuffix(), authConfig.getLdapUrl(), DAORegistry.getInstance().getSessionDAO()); authenticator = new CachingAuthenticator<>(env.metrics(), authenticatorLdap, CacheBuilder.newBuilder().expireAfterWrite(authConfig.getCacheTTL(), TimeUnit.SECONDS)); } - // auth filter - env.jersey().register(new ThirdEyeAuthFilter(authenticator, authConfig.getAllowedPaths(), authConfig.getAdminUsers())); - // auth resource + + env.jersey().register(new ThirdEyeAuthFilter(authenticator, authConfig.getAllowedPaths(), authConfig.getAdminUsers(), DAORegistry.getInstance().getSessionDAO())); env.jersey().register(new AuthResource(authenticator, authConfig.getCookieTTL() * 1000)); + env.jersey().register(new AuthValueFactoryProvider.Binder<>(ThirdEyePrincipal.class)); } env.lifecycle().manage(new Managed() { diff --git a/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/dashboard/resources/v2/AuthResource.java b/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/dashboard/resources/v2/AuthResource.java index 94b3815..6a7cdca 100644 --- a/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/dashboard/resources/v2/AuthResource.java +++ b/thirdeye/thirdeye-pinot/src/main/java/org/apache/pinot/thirdeye/dashboard/resources/v2/AuthResource.java @@ -20,8 +20,8 @@ package org.apache.pinot.thirdeye.dashboard.resources.v2; import java.util.Optional; -import org.apache.pinot.thirdeye.auth.Credentials; import org.apache.pinot.thirdeye.auth.ThirdEyeAuthFilter; +import org.apache.pinot.thirdeye.auth.ThirdEyeCredentials; import org.apache.pinot.thirdeye.auth.ThirdEyePrincipal; import org.apache.pinot.thirdeye.datalayer.bao.SessionManager; import org.apache.pinot.thirdeye.datalayer.dto.SessionDTO; @@ -53,12 +53,12 @@ public class AuthResource { private final DAORegistry DAO_REGISTRY = DAORegistry.getInstance(); private static final int DEFAULT_VALID_DAYS_VALUE = 90; - private final Authenticator<Credentials, ThirdEyePrincipal> authenticator; + private final Authenticator<ThirdEyeCredentials, ThirdEyePrincipal> authenticator; private final long cookieTTL; private final SessionManager sessionDAO; private final Random random; - public AuthResource(Authenticator<Credentials, ThirdEyePrincipal> authenticator, + public AuthResource(Authenticator<ThirdEyeCredentials, ThirdEyePrincipal> authenticator, long cookieTTL) { this.authenticator = authenticator; this.cookieTTL = cookieTTL; @@ -93,7 +93,7 @@ public class AuthResource { @Path("/authenticate") @POST - public Response authenticate(Credentials credentials) { + public Response authenticate(ThirdEyeCredentials credentials) { try { final Optional<ThirdEyePrincipal> optPrincipal = this.authenticator.authenticate(credentials); if (!optPrincipal.isPresent()) { diff --git a/thirdeye/thirdeye-pinot/src/test/java/org/apache/pinot/thirdeye/auth/ThirdEyeAuthenticatorLdapTest.java b/thirdeye/thirdeye-pinot/src/test/java/org/apache/pinot/thirdeye/auth/ThirdEyeAuthenticatorLdapTest.java index 93174f4..9ac0ba5 100644 --- a/thirdeye/thirdeye-pinot/src/test/java/org/apache/pinot/thirdeye/auth/ThirdEyeAuthenticatorLdapTest.java +++ b/thirdeye/thirdeye-pinot/src/test/java/org/apache/pinot/thirdeye/auth/ThirdEyeAuthenticatorLdapTest.java @@ -25,6 +25,7 @@ import javax.naming.Context; import javax.naming.NamingException; import javax.naming.directory.DirContext; import javax.naming.spi.InitialContextFactory; +import org.apache.pinot.thirdeye.datasource.DAORegistry; import org.mockito.Mockito; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -35,8 +36,8 @@ import org.testng.annotations.Test; public class ThirdEyeAuthenticatorLdapTest { private static final Logger LOG = LoggerFactory.getLogger(ThirdEyeAuthenticatorLdapTest.class); - private ThirdEyeAuthenticatorLdap thirdEyeAuthenticatorLdap; - private Credentials credentials; + private ThirdEyeLdapAuthenticator thirdEyeAuthenticatorLdap; + private ThirdEyeCredentials credentials; private static String USERNAME1 = "username1"; // @DOMAIN1 private static String USERNAME2 = "username2"; // @DOMAIN2 @@ -49,18 +50,15 @@ public class ThirdEyeAuthenticatorLdapTest { @BeforeClass public void setup() { List<String> domains = Arrays.asList(DOMAIN1, DOMAIN2); - thirdEyeAuthenticatorLdap = new ThirdEyeAuthenticatorLdap(domains, "ldaps://someLdap"); + thirdEyeAuthenticatorLdap = new ThirdEyeLdapAuthenticator(domains, "ldaps://someLdap", DAORegistry.getInstance().getSessionDAO()); thirdEyeAuthenticatorLdap.setInitialContextFactory(MockInitialDirContextFactory.class.getName()); - - credentials = new Credentials(); - credentials.setPassword(PASSWORD); } @Test public void testBasicAuthentication() { // Test multiple domains try { - credentials.setPrincipal(USERNAME1); + credentials = new ThirdEyeCredentials(USERNAME1, PASSWORD); Optional<ThirdEyePrincipal> authenticate = thirdEyeAuthenticatorLdap.authenticate(credentials); Assert.assertTrue(authenticate.isPresent(), "Authentication should not fail!"); } catch (AuthenticationException e) { @@ -68,7 +66,7 @@ public class ThirdEyeAuthenticatorLdapTest { Assert.fail(); } try { - credentials.setPrincipal(USERNAME2); + credentials = new ThirdEyeCredentials(USERNAME2, PASSWORD); Optional<ThirdEyePrincipal> authenticate = thirdEyeAuthenticatorLdap.authenticate(credentials); Assert.assertTrue(authenticate.isPresent(), "Authentication should not fail!"); } catch (AuthenticationException e) { @@ -78,7 +76,7 @@ public class ThirdEyeAuthenticatorLdapTest { // Test given domain name try { - credentials.setPrincipal(USERNAME3 + '@' + DOMAIN3); + credentials = new ThirdEyeCredentials(USERNAME3 + '@' + DOMAIN3, PASSWORD); Optional<ThirdEyePrincipal> authenticate = thirdEyeAuthenticatorLdap.authenticate(credentials); Assert.assertTrue(authenticate.isPresent(), "Authentication should not fail!"); } catch (AuthenticationException e) { @@ -91,7 +89,7 @@ public class ThirdEyeAuthenticatorLdapTest { public void testFailedAuthentication() { // Failed reason: username 3 doesn't exist in domain1 and domain2 try { - credentials.setPrincipal(USERNAME3); + credentials = new ThirdEyeCredentials(USERNAME3, PASSWORD); Optional<ThirdEyePrincipal> authenticate = thirdEyeAuthenticatorLdap.authenticate(credentials); Assert.assertFalse(authenticate.isPresent(), "Authentication should fail!"); } catch (AuthenticationException e) { @@ -104,7 +102,7 @@ public class ThirdEyeAuthenticatorLdapTest { public void testBlankAuthentication() { // Failed reason: blank username try { - credentials.setPrincipal(null); + credentials = new ThirdEyeCredentials(null, PASSWORD); Optional<ThirdEyePrincipal> authenticate = thirdEyeAuthenticatorLdap.authenticate(credentials); Assert.assertFalse(authenticate.isPresent(), "Authentication should fail!"); } catch (AuthenticationException e) { --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org For additional commands, e-mail: commits-h...@pinot.apache.org