aurora-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kevi...@apache.org
Subject aurora git commit: Use Shiro identity if available in audit logs.
Date Tue, 16 Jun 2015 22:07:41 GMT
Repository: aurora
Updated Branches:
  refs/heads/master b09adc624 -> 13be937c4


Use Shiro identity if available in audit logs.

Testing Done:
./gradlew -Pq build

Bugs closed: AURORA-1352

Reviewed at https://reviews.apache.org/r/35535/


Project: http://git-wip-us.apache.org/repos/asf/aurora/repo
Commit: http://git-wip-us.apache.org/repos/asf/aurora/commit/13be937c
Tree: http://git-wip-us.apache.org/repos/asf/aurora/tree/13be937c
Diff: http://git-wip-us.apache.org/repos/asf/aurora/diff/13be937c

Branch: refs/heads/master
Commit: 13be937c4ad023230921b6a62471d4560a1f6dbb
Parents: b09adc6
Author: Kevin Sweeney <kevints@apache.org>
Authored: Tue Jun 16 15:07:11 2015 -0700
Committer: Kevin Sweeney <kevints@apache.org>
Committed: Tue Jun 16 15:07:11 2015 -0700

----------------------------------------------------------------------
 config/legacy_untested_classes.txt              |  2 -
 .../apache/aurora/auth/UnsecureAuthModule.java  | 46 ++++++------
 .../aurora/auth/UnsecureSessionContext.java     | 50 +++++++++++++
 .../aurora/auth/UnsecureSessionContextTest.java | 75 ++++++++++++++++++++
 4 files changed, 151 insertions(+), 22 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/aurora/blob/13be937c/config/legacy_untested_classes.txt
----------------------------------------------------------------------
diff --git a/config/legacy_untested_classes.txt b/config/legacy_untested_classes.txt
index f50b812..d2f3ca5 100644
--- a/config/legacy_untested_classes.txt
+++ b/config/legacy_untested_classes.txt
@@ -1,8 +1,6 @@
 org/apache/aurora/Protobufs$1
 org/apache/aurora/auth/UnsecureAuthModule$UnsecureCapabilityValidator$1
 org/apache/aurora/auth/UnsecureAuthModule$UnsecureCapabilityValidator$2
-org/apache/aurora/auth/UnsecureAuthModule$UnsecureSessionValidator
-org/apache/aurora/auth/UnsecureAuthModule$UnsecureSessionValidator$1
 org/apache/aurora/scheduler/app/SchedulerMain$2
 org/apache/aurora/scheduler/app/SchedulerMain$3
 org/apache/aurora/scheduler/async/GcExecutorLauncher$1

http://git-wip-us.apache.org/repos/asf/aurora/blob/13be937c/src/main/java/org/apache/aurora/auth/UnsecureAuthModule.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/aurora/auth/UnsecureAuthModule.java b/src/main/java/org/apache/aurora/auth/UnsecureAuthModule.java
index 912e465..c89ff0f 100644
--- a/src/main/java/org/apache/aurora/auth/UnsecureAuthModule.java
+++ b/src/main/java/org/apache/aurora/auth/UnsecureAuthModule.java
@@ -17,16 +17,18 @@ import java.util.Set;
 import java.util.logging.Logger;
 
 import com.google.inject.AbstractModule;
+import com.google.inject.Inject;
 
 import org.apache.aurora.gen.SessionKey;
 
+import static java.util.Objects.requireNonNull;
+
 /**
  * An authentication module that uses an {@link UnsecureSessionValidator}. This behavior
  * can be overridden by binding a secure validator, querying an internal authentication system,
  * to {@link SessionValidator}.
  */
 public class UnsecureAuthModule extends AbstractModule {
-  private static final String UNSECURE = "UNSECURE";
   private static final Logger LOG = Logger.getLogger(UnsecureAuthModule.class.getName());
 
   @Override
@@ -37,16 +39,18 @@ public class UnsecureAuthModule extends AbstractModule {
   }
 
   static class UnsecureSessionValidator implements SessionValidator {
+    private final SessionContext sessionContext;
+
+    @Inject
+    UnsecureSessionValidator(UnsecureSessionContext sessionContext) {
+      this.sessionContext = requireNonNull(sessionContext);
+    }
+
     @Override
     public SessionContext checkAuthenticated(SessionKey key, Set<String> targetRoles)
         throws AuthFailedException {
 
-      return new SessionContext() {
-        @Override
-        public String getIdentity() {
-          return UNSECURE;
-        }
-      };
+      return sessionContext;
     }
 
     @Override
@@ -56,33 +60,35 @@ public class UnsecureAuthModule extends AbstractModule {
   }
 
   static class UnsecureCapabilityValidator implements CapabilityValidator {
+    private final SessionValidator sessionValidator;
+    private final SessionContext sessionContext;
+
+    @Inject
+    UnsecureCapabilityValidator(
+        SessionValidator sessionValidator,
+        UnsecureSessionContext sessionContext) {
+
+      this.sessionValidator = requireNonNull(sessionValidator);
+      this.sessionContext = requireNonNull(sessionContext);
+    }
+
     @Override
     public SessionContext checkAuthorized(SessionKey key, Capability capability, AuditCheck
check)
         throws AuthFailedException {
 
-      return new SessionContext() {
-        @Override
-        public String getIdentity() {
-          return UNSECURE;
-        }
-      };
+      return sessionContext;
     }
 
     @Override
     public SessionContext checkAuthenticated(SessionKey key, Set<String> targetRoles)
         throws AuthFailedException {
 
-      return new SessionContext() {
-        @Override
-        public String getIdentity() {
-          return UNSECURE;
-        }
-      };
+      return sessionValidator.checkAuthenticated(key, targetRoles);
     }
 
     @Override
     public String toString(SessionKey sessionKey) {
-      return sessionKey.toString();
+      return sessionValidator.toString(sessionKey);
     }
   }
 }

http://git-wip-us.apache.org/repos/asf/aurora/blob/13be937c/src/main/java/org/apache/aurora/auth/UnsecureSessionContext.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/aurora/auth/UnsecureSessionContext.java b/src/main/java/org/apache/aurora/auth/UnsecureSessionContext.java
new file mode 100644
index 0000000..57132ac
--- /dev/null
+++ b/src/main/java/org/apache/aurora/auth/UnsecureSessionContext.java
@@ -0,0 +1,50 @@
+/**
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.aurora.auth;
+
+import java.util.Optional;
+
+import javax.annotation.Nullable;
+import javax.inject.Provider;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.inject.Inject;
+
+import org.apache.shiro.subject.Subject;
+
+/**
+ * Uses context from Shiro for audit messages if available, otherwise defaults to a placeholder
+ * indicating the audit record is unsecure.
+ */
+class UnsecureSessionContext implements SessionValidator.SessionContext {
+  @VisibleForTesting
+  static final String UNSECURE = "UNSECURE";
+
+  @Nullable
+  private Provider<Subject> subjectProvider;
+
+  @Inject(optional = true)
+  void setSubjectProvider(Provider<Subject> subjectProvider) {
+    this.subjectProvider = subjectProvider;
+  }
+
+  @Override
+  public String getIdentity() {
+    return Optional.ofNullable(subjectProvider)
+        .map(Provider::get)
+        .map(Subject::getPrincipals)
+        .map((principalCollection) -> principalCollection.oneByType(String.class))
+        .orElse(UNSECURE);
+  }
+}

http://git-wip-us.apache.org/repos/asf/aurora/blob/13be937c/src/test/java/org/apache/aurora/auth/UnsecureSessionContextTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/aurora/auth/UnsecureSessionContextTest.java b/src/test/java/org/apache/aurora/auth/UnsecureSessionContextTest.java
new file mode 100644
index 0000000..0a842cb
--- /dev/null
+++ b/src/test/java/org/apache/aurora/auth/UnsecureSessionContextTest.java
@@ -0,0 +1,75 @@
+/**
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.aurora.auth;
+
+import javax.inject.Provider;
+
+import com.google.inject.util.Providers;
+import com.twitter.common.testing.easymock.EasyMockTest;
+
+import org.apache.shiro.subject.SimplePrincipalCollection;
+import org.apache.shiro.subject.Subject;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.easymock.EasyMock.expect;
+import static org.junit.Assert.assertEquals;
+
+public class UnsecureSessionContextTest extends EasyMockTest {
+  private Subject subject;
+  private Provider<Subject> subjectProvider;
+
+  private UnsecureSessionContext sessionContext;
+
+  @Before
+  public void setUp() {
+    subject = createMock(Subject.class);
+    subjectProvider = Providers.of(subject);
+
+    sessionContext = new UnsecureSessionContext();
+  }
+
+  private void assertIdentityEquals(String identity) {
+    assertEquals(identity, sessionContext.getIdentity());
+  }
+
+  @Test
+  public void testNoSubjectProvider() {
+    control.replay();
+
+    assertIdentityEquals(UnsecureSessionContext.UNSECURE);
+  }
+
+  @Test
+  public void testSubjectProviderReturnsNull() {
+    expect(subject.getPrincipals()).andReturn(new SimplePrincipalCollection());
+
+    control.replay();
+
+    sessionContext.setSubjectProvider(subjectProvider);
+    assertIdentityEquals(UnsecureSessionContext.UNSECURE);
+  }
+
+  @Test
+  public void testSubjectProviderReturnsValue() {
+    String userName = "jsmith";
+
+    expect(subject.getPrincipals()).andReturn(new SimplePrincipalCollection(userName, "realm"));
+
+    control.replay();
+
+    sessionContext.setSubjectProvider(subjectProvider);
+    assertIdentityEquals(userName);
+  }
+}


Mime
View raw message