eagle-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From h..@apache.org
Subject [1/3] eagle git commit: [EAGLE-918] Support auth annotations PermitAll/DenyAll/RolesAllowed and API
Date Wed, 22 Feb 2017 08:12:37 GMT
Repository: eagle
Updated Branches:
  refs/heads/master a7df69e3a -> 94b597b77


http://git-wip-us.apache.org/repos/asf/eagle/blob/94b597b7/eagle-server/src/test/java/org/apache/eagle/server/security/resource/BasicAuthenticationTestCase.java
----------------------------------------------------------------------
diff --git a/eagle-server/src/test/java/org/apache/eagle/server/security/resource/BasicAuthenticationTestCase.java
b/eagle-server/src/test/java/org/apache/eagle/server/security/resource/BasicAuthenticationTestCase.java
new file mode 100644
index 0000000..c848d19
--- /dev/null
+++ b/eagle-server/src/test/java/org/apache/eagle/server/security/resource/BasicAuthenticationTestCase.java
@@ -0,0 +1,164 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.eagle.server.security.resource;
+
+import com.sun.jersey.api.client.Client;
+import com.sun.jersey.api.client.UniformInterfaceException;
+import io.dropwizard.testing.junit.DropwizardAppRule;
+import org.apache.eagle.common.Base64;
+import org.apache.eagle.common.security.User;
+import org.apache.eagle.server.ServerApplication;
+import org.apache.eagle.server.ServerConfig;
+import org.junit.Assert;
+import org.junit.ClassRule;
+import org.junit.Test;
+
+public class BasicAuthenticationTestCase {
+
+    @ClassRule
+    public static final DropwizardAppRule<ServerConfig> RULE =
+        new DropwizardAppRule<>(ServerApplication.class,
+            BasicAuthenticationTestCase.class.getResource("/configuration.yml").getPath());
+
+    private static final String USER_AUTH_KEY = "Basic " + Base64.encode("user:secret");
+    private static final String ADMIN_AUTH_KEY = "Basic " + Base64.encode("admin:secret");
+    private static final String BAD_AUTH_KEY = "Basic " + Base64.encode("bad:bad");
+
+    @Test
+    public void testAuthUserOnly() {
+        Client client = new Client();
+        client.resource(String.format("http://localhost:%d/rest/testAuth/userOnly", RULE.getLocalPort()))
+            .header("Authorization", USER_AUTH_KEY)
+            .get(User.class);
+    }
+
+    @Test (expected = UniformInterfaceException.class)
+    public void testAuthUserOnlyWitBadKey() {
+        Client client = new Client();
+        client.resource(String.format("http://localhost:%d/rest/testAuth/userOnly", RULE.getLocalPort()))
+            .header("Authorization", BAD_AUTH_KEY)
+            .get(User.class);
+    }
+
+    @Test
+    public void testAuthAdminOnly() {
+        Client client = new Client();
+        client.resource(String.format("http://localhost:%d/rest/testAuth/adminOnly", RULE.getLocalPort()))
+            .header("Authorization", ADMIN_AUTH_KEY)
+            .get(User.class);
+    }
+
+    @Test
+    public void testAdminOnlyWithoutAuth() {
+        Client client = new Client();
+        client.resource(String.format("http://localhost:%d/rest/testAuth/adminOnlyWithoutAuth",
RULE.getLocalPort()))
+            .header("Authorization", ADMIN_AUTH_KEY)
+            .get(String.class);
+    }
+
+
+    @Test
+    public void testUserWithoutRole() {
+        Client client = new Client();
+        User user = client.resource(String.format("http://localhost:%d/rest/testAuth/userWithoutRole",
RULE.getLocalPort()))
+            .header("Authorization", ADMIN_AUTH_KEY)
+            .get(User.class);
+        Assert.assertEquals("admin", user.getName());
+
+        user = client.resource(String.format("http://localhost:%d/rest/testAuth/userWithoutRole",
RULE.getLocalPort()))
+            .header("Authorization", USER_AUTH_KEY)
+            .get(User.class);
+        Assert.assertEquals("user", user.getName());
+
+        try {
+            client.resource(String.format("http://localhost:%d/rest/testAuth/userWithoutRole",
RULE.getLocalPort()))
+                .get(User.class);
+            Assert.fail();
+        } catch (UniformInterfaceException e) {
+            Assert.assertEquals(401, e.getResponse().getStatus());
+        }
+    }
+
+    @Test
+    public void testUserWithoutRequiredAuth() {
+        Client client = new Client();
+        String response = client.resource(String.format("http://localhost:%d/rest/testAuth/userWithNotRequiredAuth",
RULE.getLocalPort()))
+            .header("Authorization", ADMIN_AUTH_KEY)
+            .get(String.class);
+        Assert.assertNotNull(response);
+        Assert.assertEquals("User found admin", response);
+
+        response = client.resource(String.format("http://localhost:%d/rest/testAuth/userWithNotRequiredAuth",
RULE.getLocalPort()))
+            .get(String.class);
+        Assert.assertEquals("User not found", response);
+    }
+
+
+    @Test
+    public void testAdminOnlyWithoutAuthByUser() {
+        try {
+            Client client = new Client();
+            client.resource(String.format("http://localhost:%d/rest/testAuth/adminOnlyWithoutAuth",
RULE.getLocalPort()))
+                .header("Authorization", USER_AUTH_KEY)
+                .get(String.class);
+            Assert.fail();
+        } catch (UniformInterfaceException e) {
+            Assert.assertEquals(403, e.getResponse().getStatus());
+        }
+    }
+
+    @Test
+    public void testAuthPermitAll() {
+        Client client = new Client();
+        client.resource(String.format("http://localhost:%d/rest/testAuth/permitAll", RULE.getLocalPort()))
+            .header("Authorization", USER_AUTH_KEY)
+            .get(User.class);
+    }
+
+    @Test
+    public void testAuthPermitAllWithoutKeyShouldPass() {
+        Client client = new Client();
+        try {
+            client.resource(String.format("http://localhost:%d/rest/testAuth/permitAll",
RULE.getLocalPort()))
+                .get(User.class);
+            Assert.fail();
+        } catch (UniformInterfaceException e) {
+            Assert.assertEquals(204, e.getResponse().getStatus());
+        }
+    }
+
+    @Test
+    public void testAuthPermitAllWithBadKeyShouldAccept401() {
+        Client client = new Client();
+        try {
+            client.resource(String.format("http://localhost:%d/rest/testAuth/permitAll",
RULE.getLocalPort()))
+                .header("Authorization", BAD_AUTH_KEY)
+                .get(User.class);
+            Assert.fail();
+        } catch (UniformInterfaceException e) {
+            Assert.assertEquals(401, e.getResponse().getStatus());
+        }
+    }
+
+    @Test(expected = UniformInterfaceException.class)
+    public void testAuthDenyAll() {
+        Client client = new Client();
+        client.resource(String.format("http://localhost:%d/rest/testAuth/denyAll", RULE.getLocalPort()))
+            .header("Authorization", USER_AUTH_KEY)
+            .get(User.class);
+    }
+}

http://git-wip-us.apache.org/repos/asf/eagle/blob/94b597b7/eagle-server/src/test/java/org/apache/eagle/server/security/resource/TestBasicAuthenticationResource.java
----------------------------------------------------------------------
diff --git a/eagle-server/src/test/java/org/apache/eagle/server/security/resource/TestBasicAuthenticationResource.java
b/eagle-server/src/test/java/org/apache/eagle/server/security/resource/TestBasicAuthenticationResource.java
new file mode 100644
index 0000000..9e4ebf9
--- /dev/null
+++ b/eagle-server/src/test/java/org/apache/eagle/server/security/resource/TestBasicAuthenticationResource.java
@@ -0,0 +1,107 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.eagle.server.security.resource;
+
+import io.dropwizard.auth.Auth;
+import org.apache.eagle.common.security.DenyAll;
+import org.apache.eagle.common.security.PermitAll;
+import org.apache.eagle.common.security.RolesAllowed;
+import org.apache.eagle.common.security.User;
+import org.junit.Ignore;
+
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.SecurityContext;
+
+@Ignore
+@Path("/testAuth")
+public class TestBasicAuthenticationResource {
+    @GET
+    @Path("/userOnly")
+    @Produces(MediaType.APPLICATION_JSON)
+    @RolesAllowed(User.Role.USER)
+    public User getUser(@Auth User user) {
+        return user;
+    }
+
+    @GET
+    @Path("/adminOnly")
+    @Produces(MediaType.APPLICATION_JSON)
+    @RolesAllowed(User.Role.ADMINISTRATOR)
+    public User getAdminUser(@Auth User user) {
+        return user;
+    }
+
+    @GET
+    @Path("/adminOnlyWithoutAuth")
+    @Produces(MediaType.APPLICATION_JSON)
+    @RolesAllowed(User.Role.ADMINISTRATOR)
+    public String getAdminUserWithoutAuth() {
+        return "Success";
+    }
+
+    @GET
+    @Path("/userWithoutRole")
+    @Produces(MediaType.APPLICATION_JSON)
+    public User getUserWithoutRole(@Auth User user) {
+        return user;
+    }
+
+    @GET
+    @Path("/userWithNotRequiredAuth")
+    @Produces(MediaType.APPLICATION_JSON)
+    public String getUserWithNotRequiredAuth(@Auth(required = false) User user) {
+        if (user == null) {
+            return "User not found";
+        }
+        return "User found " + user.getName();
+    }
+
+    @GET
+    @Path("/userOrAdmin")
+    @Produces(MediaType.APPLICATION_JSON)
+    @RolesAllowed({User.Role.ADMINISTRATOR, User.Role.USER})
+    public User getUserOrAdmin(@Auth User user) {
+        return user;
+    }
+
+    @GET
+    @Path("/securityContext")
+    @Produces(MediaType.APPLICATION_JSON)
+    public SecurityContext getSecurityContext(@Context SecurityContext securityContext) {
+        return securityContext;
+    }
+
+    @GET
+    @Path("/permitAll")
+    @Produces(MediaType.APPLICATION_JSON)
+    @PermitAll
+    public User getPermitAllUser(@Auth(required = false) User user) {
+        return user;
+    }
+
+    @GET
+    @Path("/denyAll")
+    @Produces(MediaType.APPLICATION_JSON)
+    @DenyAll
+    public User getDenyAllUser(@Auth User user) {
+        return user;
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/eagle/blob/94b597b7/eagle-server/src/test/resources/configuration.yml
----------------------------------------------------------------------
diff --git a/eagle-server/src/test/resources/configuration.yml b/eagle-server/src/test/resources/configuration.yml
index eabb8a1..b49da04 100644
--- a/eagle-server/src/test/resources/configuration.yml
+++ b/eagle-server/src/test/resources/configuration.yml
@@ -26,7 +26,7 @@ server:
 # ---------------------------------------------
 auth:
   # indicating if authentication is enabled, true for enabled, false for disabled
-  enabled: false
+  enabled: true
 
   # indicating authentication mode, "simple" or "ldap"
   mode: simple
@@ -38,18 +38,28 @@ auth:
   # indicating the cache policy, containing maximumSize and expireAfterWrite, e.g. maximumSize=10000,
expireAfterWrite=10m
   cachePolicy: maximumSize=10000, expireAfterWrite=1m
 
-  # indicating whether authorization is needed
-  authorization: false
-
-  # indicating whether @Auth annotation on parameters is needed
-  annotated: true
-
   # for basic authentication, effective only when auth.mode=simple
+  # default password is "secret"
   simple:
-    # username for basic authentication, effective only when auth.mode=simple
-    username: admin
-    # password for basic authentication, effective only when auth.mode=simple
-    password: secret
+    accounts:
+      - name: admin
+        password: rWV/cdTCr01wTLBQ/rUilkExd2TJKrifXuCCTEwig1o08K8Mi0b1qQAgVXpPqflb
+        roles: ADMINISTRATOR
+        firstName: Admin
+        lastName: Test
+        email: mock-admin@eagle.apache.org
+      - name: user
+        password: rWV/cdTCr01wTLBQ/rUilkExd2TJKrifXuCCTEwig1o08K8Mi0b1qQAgVXpPqflb
+        roles: USER
+        firstName: User
+        lastName: Test
+        email: mock-user@eagle.apache.org
+      - name: app
+        password: rWV/cdTCr01wTLBQ/rUilkExd2TJKrifXuCCTEwig1o08K8Mi0b1qQAgVXpPqflb
+        firstName: Application
+        lastName: Test
+        roles: APPLICATION
+        email: mock-support@eagle.apache.org
 
   # for ldap authentication, effective only when auth.mode=ldap
   ldap:
@@ -58,7 +68,7 @@ auth:
     providerUrl: ldap://server.address.or.domain:port
 
     # template string containing ${USERNAME} placeholder. This is designed for some orgs
who don't use plain usernames
-    # to authenticate, e.g. they may use its members' email address as the username: ${USERNAME}@some.org.
When username
+    # to authenticate, e.g. they may use its members' email address as the name: ${USERNAME}@some.org.
When name
     # is supposed to be recognized originally, just configure this parameter as ${USERNAME}
     principalTemplate: ${USERNAME}@maybe.email.suffix
 

http://git-wip-us.apache.org/repos/asf/eagle/blob/94b597b7/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index daa24a2..34f73ef 100755
--- a/pom.xml
+++ b/pom.xml
@@ -234,6 +234,7 @@
         <metrics.version>3.1.0</metrics.version>
         <mapdb.version>3.0.0-M6</mapdb.version>
         <asm.version>5.0</asm.version>
+        <jasypt.version>1.9.2</jasypt.version>
 
         <!-- Streaming -->
         <!--<kafka.version>0.10.0.0</kafka.version>-->
@@ -486,6 +487,11 @@
                 <artifactId>reflections</artifactId>
                 <version>${reflections.version}</version>
             </dependency>
+            <dependency>
+                <groupId>org.jasypt</groupId>
+                <artifactId>jasypt</artifactId>
+                <version>${jasypt.version}</version>
+            </dependency>
 
             <!-- Serialization -->
             <dependency>
@@ -1318,6 +1324,11 @@
     </build>
     <repositories>
         <repository>
+            <id>maven.central</id>
+            <name>Maven Central Repository</name>
+            <url>http://central.maven.org/maven2</url>
+        </repository>
+        <repository>
             <id>maven.repo1</id>
             <name>Maven Repo1 Repository</name>
             <url>http://repo1.maven.org/maven2</url>


Mime
View raw message