ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From stoa...@apache.org
Subject [22/51] [abbrv] ambari git commit: Change message of auditlog login event
Date Thu, 24 Mar 2016 12:08:54 GMT
Change message of auditlog login event


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/b6448074
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/b6448074
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/b6448074

Branch: refs/heads/audit_logging
Commit: b64480740bf7450ba859c17e33e3715e1e372c44
Parents: 56efb57
Author: Daniel Gergely <dgergely@hortonworks.com>
Authored: Mon Feb 29 16:25:11 2016 +0100
Committer: Toader, Sebastian <stoader@hortonworks.com>
Committed: Thu Mar 24 13:06:48 2016 +0100

----------------------------------------------------------------------
 .../server/audit/LoginSucceededAuditEvent.java  | 19 ++++++---
 .../ambari/server/controller/AmbariServer.java  |  2 +
 .../authorization/AuthorizationHelper.java      | 42 ++++++++++++++++++--
 .../audit/LoginSucceededAuditEventTest.java     | 14 +++++--
 .../AmbariAuthenticationFilterTest.java         |  9 ++++-
 5 files changed, 73 insertions(+), 13 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/b6448074/ambari-server/src/main/java/org/apache/ambari/server/audit/LoginSucceededAuditEvent.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/LoginSucceededAuditEvent.java
b/ambari-server/src/main/java/org/apache/ambari/server/audit/LoginSucceededAuditEvent.java
index a57fc5d..08c272e 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/audit/LoginSucceededAuditEvent.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/LoginSucceededAuditEvent.java
@@ -18,7 +18,10 @@
 
 package org.apache.ambari.server.audit;
 
+import java.util.LinkedList;
 import java.util.List;
+import java.util.Map;
+
 import javax.annotation.concurrent.Immutable;
 import org.apache.commons.lang.StringUtils;
 
@@ -33,7 +36,7 @@ public class LoginSucceededAuditEvent extends AbstractLoginAuditEvent {
 
     private LoginSucceededAuditEventBuilder() { }
 
-    private List<String> roles;
+    private Map<String, List<String>> roles;
 
 
     /**
@@ -43,10 +46,14 @@ public class LoginSucceededAuditEvent extends AbstractLoginAuditEvent
{
     protected void buildAuditMessage(StringBuilder builder) {
       super.buildAuditMessage(builder);
 
-      builder
-        .append(", Roles(")
-        .append(StringUtils.join(roles, ","))
-        .append("), Status(Login succeeded !)");
+      builder.append(", Roles(").append(System.lineSeparator());
+
+      List<String> lines = new LinkedList<>();
+      for( Map.Entry<String, List<String>> entry : roles.entrySet()) {
+        lines.add("    " + entry.getKey() + ": " + StringUtils.join(entry.getValue(), ",
"));
+      }
+      builder.append(StringUtils.join(lines, System.lineSeparator()));
+      builder.append(System.lineSeparator()).append("), Status(Login succeeded !)");
     }
 
     /**
@@ -54,7 +61,7 @@ public class LoginSucceededAuditEvent extends AbstractLoginAuditEvent {
      * @param roles
      * @return this builder
      */
-    public LoginSucceededAuditEventBuilder withRoles(List<String> roles) {
+    public LoginSucceededAuditEventBuilder withRoles(Map<String, List<String>>
roles) {
       this.roles = roles;
 
       return this;

http://git-wip-us.apache.org/repos/asf/ambari/blob/b6448074/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
index 9436e5d..1a972ab 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
@@ -97,6 +97,7 @@ import org.apache.ambari.server.security.SecurityFilter;
 import org.apache.ambari.server.security.authorization.AmbariAuthorizationFilter;
 import org.apache.ambari.server.security.authorization.AmbariLdapAuthenticationProvider;
 import org.apache.ambari.server.security.authorization.AmbariLocalUserDetailsService;
+import org.apache.ambari.server.security.authorization.AuthorizationHelper;
 import org.apache.ambari.server.security.authorization.Users;
 import org.apache.ambari.server.security.authorization.internal.AmbariInternalAuthenticationProvider;
 import org.apache.ambari.server.security.authorization.jwt.JwtAuthenticationFilter;
@@ -887,6 +888,7 @@ public class AmbariServer {
     RetryHelper.init(configs.getOperationsRetryAttempts());
 
     AbstractServerAction.init(injector);
+    AuthorizationHelper.init(injector.getInstance(Clusters.class), injector.getInstance(ViewInstanceDAO.class));
   }
 
   /**

http://git-wip-us.apache.org/repos/asf/ambari/blob/b6448074/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java
index f1b6f1a..7e06519 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java
@@ -19,10 +19,14 @@ package org.apache.ambari.server.security.authorization;
 
 import com.google.common.collect.Lists;
 import com.google.inject.Singleton;
+
+import org.apache.ambari.server.AmbariException;
+import org.apache.ambari.server.orm.dao.ViewInstanceDAO;
 import org.apache.ambari.server.orm.entities.PermissionEntity;
 import org.apache.ambari.server.orm.entities.PrivilegeEntity;
 import org.apache.ambari.server.orm.entities.ResourceEntity;
 import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity;
+import org.apache.ambari.server.state.Clusters;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.security.core.Authentication;
@@ -39,6 +43,15 @@ import java.util.*;
 public class AuthorizationHelper {
   private final static Logger LOG = LoggerFactory.getLogger(AuthorizationHelper.class);
 
+  private static Clusters clusters;
+
+  private static ViewInstanceDAO viewInstanceDAO;
+
+  public static void init(Clusters clusters, ViewInstanceDAO viewInstanceDAO) {
+    AuthorizationHelper.clusters = clusters;
+    AuthorizationHelper.viewInstanceDAO = viewInstanceDAO;
+  }
+
   /**
    * Converts collection of RoleEntities to collection of GrantedAuthorities
    */
@@ -257,14 +270,37 @@ public class AuthorizationHelper {
    * @param authentication the authenticated user and associated access privileges
    * @return human-readable permissions
    */
-  public static List<String> getPermissionLabels(Authentication authentication) {
-    List<String> permissionLabels = Lists.newArrayList();
+  public static Map<String,List<String>> getPermissionLabels(Authentication authentication)
{
+    Map<String,List<String>> permissionLabels = new HashMap<>();
     if (authentication.getAuthorities() != null) {
       for (GrantedAuthority grantedAuthority : authentication.getAuthorities()) {
         AmbariGrantedAuthority ambariGrantedAuthority = (AmbariGrantedAuthority) grantedAuthority;
 
         PrivilegeEntity privilegeEntity = ambariGrantedAuthority.getPrivilegeEntity();
-        permissionLabels.add(privilegeEntity.getPermission().getPermissionLabel());
+
+        String key = null;
+        try {
+          switch(privilegeEntity.getResource().getResourceType().getName()) {
+            case "CLUSTER":
+              key = clusters.getClusterById(privilegeEntity.getResource().getResourceType().getId()).getClusterName();
+              break;
+            case "AMBARI":
+              key = "Ambari";
+              break;
+            default:
+              key = viewInstanceDAO.findByResourceId(privilegeEntity.getResource().getId()).getLabel();
+              break;
+          }
+        } catch (Throwable ignored) {
+
+        }
+
+        if(key != null) {
+          if(!permissionLabels.containsKey(key)) {
+            permissionLabels.put(key, new LinkedList<String>());
+          }
+          permissionLabels.get(key).add(privilegeEntity.getPermission().getPermissionLabel());
+        }
       }
     }
     return permissionLabels;

http://git-wip-us.apache.org/repos/asf/ambari/blob/b6448074/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginSucceededAuditEventTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginSucceededAuditEventTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginSucceededAuditEventTest.java
index 4454596..31e7eef 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginSucceededAuditEventTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginSucceededAuditEventTest.java
@@ -20,7 +20,11 @@ package org.apache.ambari.server.audit;
 
 
 import java.util.Arrays;
+import java.util.HashMap;
+import java.util.LinkedList;
 import java.util.List;
+import java.util.Map;
+
 import org.apache.commons.lang.StringUtils;
 import org.joda.time.DateTime;
 import org.junit.Test;
@@ -37,21 +41,25 @@ public class LoginSucceededAuditEventTest {
     // Given
     String testUserName = "USER1";
     String testRemoteIp = "127.0.0.1";
-    String testRole = "Administrator";
+
+    Map<String, List<String>> roles = new HashMap<>();
+    roles.put("a", Arrays.asList("r1", "r2", "r3"));
 
     LoginSucceededAuditEvent evnt = LoginSucceededAuditEvent.builder()
       .withTimestamp(DateTime.now())
       .withRemoteIp(testRemoteIp)
       .withUserName(testUserName)
-      .withRoles(Arrays.asList(testRole))
+      .withRoles(roles)
       .build();
 
     // When
     String actualAuditMessage = evnt.getAuditMessage();
 
+    String roleMessage = System.lineSeparator() + "    a: r1, r2, r3" + System.lineSeparator();
+
     // Then
     String expectedAuditMessage = String.format("User(%s), RemoteIp(%s), Roles(%s), Status(Login
succeeded !)",
-      testUserName, testRemoteIp, testRole);
+      testUserName, testRemoteIp, roleMessage);
 
     assertThat(actualAuditMessage, equalTo(expectedAuditMessage));
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/b6448074/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationFilterTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationFilterTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationFilterTest.java
index 5b1bbf6..8430326 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationFilterTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationFilterTest.java
@@ -19,6 +19,10 @@ package org.apache.ambari.server.security.authentication;
 
 import java.io.IOException;
 import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -83,8 +87,11 @@ public class AmbariAuthenticationFilterTest {
     HttpServletResponse response = createMock(HttpServletResponse.class);
     Authentication authentication = createMock(Authentication.class);
     PowerMock.mockStatic(AuthorizationHelper.class);
+
+    Map<String, List<String>> roles = new HashMap<>();
+    roles.put("a", Arrays.asList("r1", "r2", "r3"));
     expect(AuthorizationHelper.getPermissionLabels(authentication))
-      .andReturn(Arrays.asList("role1", "role2"));
+      .andReturn(roles);
     expect(AuthorizationHelper.getAuthorizationNames(authentication))
       .andReturn(Arrays.asList("perm1", "perm2"));
     expect(request.getHeader("X-Forwarded-For")).andReturn("1.2.3.4");


Mime
View raw message