Return-Path: 
 <commits-return-1908-apmail-aurora-commits-archive=aurora.apache.org@aurora.apache.org>
X-Original-To: apmail-aurora-commits-archive@minotaur.apache.org
Delivered-To: apmail-aurora-commits-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 1890A18D79
	for <apmail-aurora-commits-archive@minotaur.apache.org>;
 Tue, 16 Jun 2015 22:07:42 +0000 (UTC)
Received: (qmail 26863 invoked by uid 500); 16 Jun 2015 22:07:41 -0000
Delivered-To: apmail-aurora-commits-archive@aurora.apache.org
Received: (qmail 26831 invoked by uid 500); 16 Jun 2015 22:07:41 -0000
Mailing-List: contact commits-help@aurora.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@aurora.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@aurora.apache.org>
List-Post: <mailto:commits@aurora.apache.org>
List-Id: <commits.aurora.apache.org>
Reply-To: dev@aurora.apache.org
Delivered-To: mailing list commits@aurora.apache.org
Received: (qmail 26822 invoked by uid 99); 16 Jun 2015 22:07:41 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org)
 (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 16 Jun 2015 22:07:41 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at
 git1-us-west.apache.org, from userid 33)
	id 79A5BE3C3C; Tue, 16 Jun 2015 22:07:41 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: kevints@apache.org
To: commits@aurora.apache.org
Message-Id: <fdaeda39a01d44ffb70844d802836887@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: aurora git commit: Use Shiro identity if available in audit logs.
Date: Tue, 16 Jun 2015 22:07:41 +0000 (UTC)

Repository: aurora
Updated Branches:
  refs/heads/master b09adc624 -> 13be937c4


Use Shiro identity if available in audit logs.

Testing Done:
./gradlew -Pq build

Bugs closed: AURORA-1352

Reviewed at https://reviews.apache.org/r/35535/


Project: http://git-wip-us.apache.org/repos/asf/aurora/repo
Commit: http://git-wip-us.apache.org/repos/asf/aurora/commit/13be937c
Tree: http://git-wip-us.apache.org/repos/asf/aurora/tree/13be937c
Diff: http://git-wip-us.apache.org/repos/asf/aurora/diff/13be937c

Branch: refs/heads/master
Commit: 13be937c4ad023230921b6a62471d4560a1f6dbb
Parents: b09adc6
Author: Kevin Sweeney <kevints@apache.org>
Authored: Tue Jun 16 15:07:11 2015 -0700
Committer: Kevin Sweeney <kevints@apache.org>
Committed: Tue Jun 16 15:07:11 2015 -0700

----------------------------------------------------------------------
 config/legacy_untested_classes.txt              |  2 -
 .../apache/aurora/auth/UnsecureAuthModule.java  | 46 ++++++------
 .../aurora/auth/UnsecureSessionContext.java     | 50 +++++++++++++
 .../aurora/auth/UnsecureSessionContextTest.java | 75 ++++++++++++++++++++
 4 files changed, 151 insertions(+), 22 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/aurora/blob/13be937c/config/legacy_untested_classes.txt
----------------------------------------------------------------------
diff --git a/config/legacy_untested_classes.txt b/config/legacy_untested_classes.txt
index f50b812..d2f3ca5 100644
--- a/config/legacy_untested_classes.txt
+++ b/config/legacy_untested_classes.txt
@@ -1,8 +1,6 @@
 org/apache/aurora/Protobufs$1
 org/apache/aurora/auth/UnsecureAuthModule$UnsecureCapabilityValidator$1
 org/apache/aurora/auth/UnsecureAuthModule$UnsecureCapabilityValidator$2
-org/apache/aurora/auth/UnsecureAuthModule$UnsecureSessionValidator
-org/apache/aurora/auth/UnsecureAuthModule$UnsecureSessionValidator$1
 org/apache/aurora/scheduler/app/SchedulerMain$2
 org/apache/aurora/scheduler/app/SchedulerMain$3
 org/apache/aurora/scheduler/async/GcExecutorLauncher$1

http://git-wip-us.apache.org/repos/asf/aurora/blob/13be937c/src/main/java/org/apache/aurora/auth/UnsecureAuthModule.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/aurora/auth/UnsecureAuthModule.java b/src/main/java/org/apache/aurora/auth/UnsecureAuthModule.java
index 912e465..c89ff0f 100644
--- a/src/main/java/org/apache/aurora/auth/UnsecureAuthModule.java
+++ b/src/main/java/org/apache/aurora/auth/UnsecureAuthModule.java
@@ -17,16 +17,18 @@ import java.util.Set;
 import java.util.logging.Logger;
 
 import com.google.inject.AbstractModule;
+import com.google.inject.Inject;
 
 import org.apache.aurora.gen.SessionKey;
 
+import static java.util.Objects.requireNonNull;
+
 /**
  * An authentication module that uses an {@link UnsecureSessionValidator}. This behavior
  * can be overridden by binding a secure validator, querying an internal authentication system,
  * to {@link SessionValidator}.
  */
 public class UnsecureAuthModule extends AbstractModule {
-  private static final String UNSECURE = "UNSECURE";
   private static final Logger LOG = Logger.getLogger(UnsecureAuthModule.class.getName());
 
   @Override
@@ -37,16 +39,18 @@ public class UnsecureAuthModule extends AbstractModule {
   }
 
   static class UnsecureSessionValidator implements SessionValidator {
+    private final SessionContext sessionContext;
+
+    @Inject
+    UnsecureSessionValidator(UnsecureSessionContext sessionContext) {
+      this.sessionContext = requireNonNull(sessionContext);
+    }
+
     @Override
     public SessionContext checkAuthenticated(SessionKey key, Set<String> targetRoles)
         throws AuthFailedException {
 
-      return new SessionContext() {
-        @Override
-        public String getIdentity() {
-          return UNSECURE;
-        }
-      };
+      return sessionContext;
     }
 
     @Override
@@ -56,33 +60,35 @@ public class UnsecureAuthModule extends AbstractModule {
   }
 
   static class UnsecureCapabilityValidator implements CapabilityValidator {
+    private final SessionValidator sessionValidator;
+    private final SessionContext sessionContext;
+
+    @Inject
+    UnsecureCapabilityValidator(
+        SessionValidator sessionValidator,
+        UnsecureSessionContext sessionContext) {
+
+      this.sessionValidator = requireNonNull(sessionValidator);
+      this.sessionContext = requireNonNull(sessionContext);
+    }
+
     @Override
     public SessionContext checkAuthorized(SessionKey key, Capability capability, AuditCheck check)
         throws AuthFailedException {
 
-      return new SessionContext() {
-        @Override
-        public String getIdentity() {
-          return UNSECURE;
-        }
-      };
+      return sessionContext;
     }
 
     @Override
     public SessionContext checkAuthenticated(SessionKey key, Set<String> targetRoles)
         throws AuthFailedException {
 
-      return new SessionContext() {
-        @Override
-        public String getIdentity() {
-          return UNSECURE;
-        }
-      };
+      return sessionValidator.checkAuthenticated(key, targetRoles);
     }
 
     @Override
     public String toString(SessionKey sessionKey) {
-      return sessionKey.toString();
+      return sessionValidator.toString(sessionKey);
     }
   }
 }

http://git-wip-us.apache.org/repos/asf/aurora/blob/13be937c/src/main/java/org/apache/aurora/auth/UnsecureSessionContext.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/aurora/auth/UnsecureSessionContext.java b/src/main/java/org/apache/aurora/auth/UnsecureSessionContext.java
new file mode 100644
index 0000000..57132ac
--- /dev/null
+++ b/src/main/java/org/apache/aurora/auth/UnsecureSessionContext.java
@@ -0,0 +1,50 @@
+/**
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.aurora.auth;
+
+import java.util.Optional;
+
+import javax.annotation.Nullable;
+import javax.inject.Provider;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.inject.Inject;
+
+import org.apache.shiro.subject.Subject;
+
+/**
+ * Uses context from Shiro for audit messages if available, otherwise defaults to a placeholder
+ * indicating the audit record is unsecure.
+ */
+class UnsecureSessionContext implements SessionValidator.SessionContext {
+  @VisibleForTesting
+  static final String UNSECURE = "UNSECURE";
+
+  @Nullable
+  private Provider<Subject> subjectProvider;
+
+  @Inject(optional = true)
+  void setSubjectProvider(Provider<Subject> subjectProvider) {
+    this.subjectProvider = subjectProvider;
+  }
+
+  @Override
+  public String getIdentity() {
+    return Optional.ofNullable(subjectProvider)
+        .map(Provider::get)
+        .map(Subject::getPrincipals)
+        .map((principalCollection) -> principalCollection.oneByType(String.class))
+        .orElse(UNSECURE);
+  }
+}

http://git-wip-us.apache.org/repos/asf/aurora/blob/13be937c/src/test/java/org/apache/aurora/auth/UnsecureSessionContextTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/aurora/auth/UnsecureSessionContextTest.java b/src/test/java/org/apache/aurora/auth/UnsecureSessionContextTest.java
new file mode 100644
index 0000000..0a842cb
--- /dev/null
+++ b/src/test/java/org/apache/aurora/auth/UnsecureSessionContextTest.java
@@ -0,0 +1,75 @@
+/**
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.aurora.auth;
+
+import javax.inject.Provider;
+
+import com.google.inject.util.Providers;
+import com.twitter.common.testing.easymock.EasyMockTest;
+
+import org.apache.shiro.subject.SimplePrincipalCollection;
+import org.apache.shiro.subject.Subject;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.easymock.EasyMock.expect;
+import static org.junit.Assert.assertEquals;
+
+public class UnsecureSessionContextTest extends EasyMockTest {
+  private Subject subject;
+  private Provider<Subject> subjectProvider;
+
+  private UnsecureSessionContext sessionContext;
+
+  @Before
+  public void setUp() {
+    subject = createMock(Subject.class);
+    subjectProvider = Providers.of(subject);
+
+    sessionContext = new UnsecureSessionContext();
+  }
+
+  private void assertIdentityEquals(String identity) {
+    assertEquals(identity, sessionContext.getIdentity());
+  }
+
+  @Test
+  public void testNoSubjectProvider() {
+    control.replay();
+
+    assertIdentityEquals(UnsecureSessionContext.UNSECURE);
+  }
+
+  @Test
+  public void testSubjectProviderReturnsNull() {
+    expect(subject.getPrincipals()).andReturn(new SimplePrincipalCollection());
+
+    control.replay();
+
+    sessionContext.setSubjectProvider(subjectProvider);
+    assertIdentityEquals(UnsecureSessionContext.UNSECURE);
+  }
+
+  @Test
+  public void testSubjectProviderReturnsValue() {
+    String userName = "jsmith";
+
+    expect(subject.getPrincipals()).andReturn(new SimplePrincipalCollection(userName, "realm"));
+
+    control.replay();
+
+    sessionContext.setSubjectProvider(subjectProvider);
+    assertIdentityEquals(userName);
+  }
+}