incubator-ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From maha...@apache.org
Subject svn commit: r1387826 [3/3] - in /incubator/ambari/branches/AMBARI-666: ./ ambari-agent/src/main/puppet/ ambari-agent/src/main/puppet/manifestloader/ ambari-agent/src/main/puppet/modules/ ambari-agent/src/main/puppet/modules/configgenerator/ ambari-agen...
Date Thu, 20 Sep 2012 00:27:05 GMT
Modified: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java?rev=1387826&r1=1387825&r2=1387826&view=diff
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
(original)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
Thu Sep 20 00:27:02 2012
@@ -19,85 +19,168 @@
 package org.apache.ambari.server.controller;
 
 
-import java.io.IOException;
-
-import org.apache.ambari.server.agent.HeartBeatHandler;
+import com.google.inject.Guice;
+import com.google.inject.Inject;
+import com.google.inject.Injector;
+import com.google.inject.Singleton;
+import com.google.inject.persist.jpa.JpaPersistModule;
+import com.sun.jersey.spi.container.servlet.ServletContainer;
+import org.apache.ambari.server.configuration.Configuration;
+import org.apache.ambari.server.orm.GuiceJpaInitializer;
+import org.apache.ambari.server.security.CertificateManager;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.mortbay.jetty.Server;
+import org.mortbay.jetty.security.SslSocketConnector;
 import org.mortbay.jetty.servlet.Context;
 import org.mortbay.jetty.servlet.DefaultServlet;
 import org.mortbay.jetty.servlet.ServletHolder;
+import org.mortbay.jetty.webapp.WebAppContext;
+import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
+import org.springframework.context.support.ClassPathXmlApplicationContext;
+import org.springframework.web.context.WebApplicationContext;
+import org.springframework.web.context.support.GenericWebApplicationContext;
 
-import com.google.inject.Guice;
-import com.google.inject.Injector;
-import com.google.inject.Singleton;
-import com.sun.jersey.spi.container.servlet.ServletContainer;
+import java.io.File;
+import java.io.IOException;
+import java.net.URL;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
 
 @Singleton
 public class AmbariServer {
- private static Log LOG = LogFactory.getLog(AmbariServer.class);
- public static int CLIENT_PORT = 4080;
- private Server server = null;
- public volatile boolean running = true; // true while controller runs
-
- public void run() {
-   server = new Server(CLIENT_PORT);
-
-   try {
-     Context root = new Context(server, "/", Context.SESSIONS);
-     ServletHolder rootServlet = root.addServlet(DefaultServlet.class, "/");
-     rootServlet.setInitOrder(1);
-
-     ServletHolder sh = new ServletHolder(ServletContainer.class);
-     sh.setInitParameter("com.sun.jersey.config.property.resourceConfigClass",
-       "com.sun.jersey.api.core.PackagesResourceConfig");
-     sh.setInitParameter("com.sun.jersey.config.property.packages",
-       "org.apache.ambari.server.api.rest");
-     root.addServlet(sh, "/api/*");
-     sh.setInitOrder(2);
-
-     ServletHolder agent = new ServletHolder(ServletContainer.class);
-     agent.setInitParameter("com.sun.jersey.config.property.resourceConfigClass",
-       "com.sun.jersey.api.core.PackagesResourceConfig");
-     agent.setInitParameter("com.sun.jersey.config.property.packages",
-       "org.apache.ambari.server.agent.rest");
-     root.addServlet(agent, "/agent/*");
-     agent.setInitOrder(3);
-
-     server.setStopAtShutdown(true);
-
-     /*
-      * Start the server after controller state is recovered.
-      */
-     server.start();
-     LOG.info("Started Server");
-     server.join();
-     LOG.info("Joined the Server");
-   } catch (Exception e) {
-     LOG.error("Error in the server", e);
-
-   }
- }
-
- public void stop() throws Exception {
-   try {
-     server.stop();
-   } catch (Exception e) {
-     LOG.error("Error stopping the server", e);
-   }
- }
-
- public static void main(String[] args) throws IOException {
-   Injector injector = Guice.createInjector(new ControllerModule());
-   try {
-     LOG.info("Getting the controller");
-     AmbariServer server = injector.getInstance(AmbariServer.class);
-     if (server != null) {
-       server.run();
-     }
-   } catch(Throwable t) {
-     LOG.error("Failed to run the Ambari Server", t);
-   }
- }
+  public static final String PERSISTENCE_PROVIDER = "ambari-postgres";
+  private static Log LOG = LogFactory.getLog(AmbariServer.class);
+  public static int CLIENT_PORT = 4080;
+  public static int CLIENT_SECURED_PORT = 8443;
+  private Server server = null;
+  public volatile boolean running = true; // true while controller runs
+
+  final String WEB_APP_DIR = "webapp";
+  final URL warUrl = this.getClass().getClassLoader().getResource(WEB_APP_DIR);
+  final String warUrlString = warUrl.toExternalForm();
+  final String CONTEXT_PATH = "/";
+  final String SPRING_CONTEXT_LOCATION = "classpath:/webapp/WEB-INF/spring-security.xml";
+
+  @Inject
+  Configuration configs;
+  @Inject
+  CertificateManager certMan;
+  @Inject
+  Injector injector;
+
+  public void run() {
+    server = new Server(CLIENT_PORT);
+
+    try {
+      ClassPathXmlApplicationContext parentSpringAppContext = new ClassPathXmlApplicationContext();
+      parentSpringAppContext.refresh();
+      ConfigurableListableBeanFactory factory = parentSpringAppContext.getBeanFactory();
+      factory.registerSingleton("guiceInjector", injector); //Spring Security xml config
depends on this Bean
+
+      String[] contextLocations = {SPRING_CONTEXT_LOCATION};
+      ClassPathXmlApplicationContext springAppContext = new ClassPathXmlApplicationContext(contextLocations,
parentSpringAppContext);
+
+      WebAppContext webAppContext = new WebAppContext(warUrlString, CONTEXT_PATH);
+
+      GenericWebApplicationContext springWebAppContext = new GenericWebApplicationContext();
+      springWebAppContext.setServletContext(webAppContext.getServletContext());
+      springWebAppContext.setParent(springAppContext);
+
+      webAppContext.getServletContext().setAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE,
springWebAppContext);
+
+      server.setHandler(webAppContext);
+
+      certMan.initRootCert();
+      Context root =
+//              new Context(webAppContext, "/", Context.SESSIONS);
+              webAppContext;
+
+      ServletHolder rootServlet = root.addServlet(DefaultServlet.class, "/");
+      rootServlet.setInitOrder(1);
+
+
+      //Secured connector for 2-way auth
+      SslSocketConnector sslConnector = new SslSocketConnector();
+      sslConnector.setPort(CLIENT_SECURED_PORT);
+
+      Map<String, String> configsMap = configs.getConfigsMap();
+      String keystore = configsMap.get(Configuration.SRVR_KSTR_DIR_KEY) + File.separator
+ configsMap.get(Configuration.KSTR_NAME_KEY);
+      String srvrCrtPass = configsMap.get(Configuration.SRVR_CRT_PASS_KEY);
+
+      sslConnector.setKeystore(keystore);
+      sslConnector.setTruststore(keystore);
+      sslConnector.setPassword(srvrCrtPass);
+      sslConnector.setKeyPassword(srvrCrtPass);
+      sslConnector.setTrustPassword(srvrCrtPass);
+      sslConnector.setKeystoreType("PKCS12");
+      sslConnector.setTruststoreType("PKCS12");
+      sslConnector.setNeedClientAuth(true);
+
+      server.addConnector(sslConnector);
+
+      ServletHolder sh = new ServletHolder(ServletContainer.class);
+      sh.setInitParameter("com.sun.jersey.config.property.resourceConfigClass",
+              "com.sun.jersey.api.core.PackagesResourceConfig");
+      sh.setInitParameter("com.sun.jersey.config.property.packages",
+              "org.apache.ambari.server.api.rest");
+      root.addServlet(sh, "/api/*");
+      sh.setInitOrder(2);
+
+      ServletHolder agent = new ServletHolder(ServletContainer.class);
+      agent.setInitParameter("com.sun.jersey.config.property.resourceConfigClass",
+              "com.sun.jersey.api.core.PackagesResourceConfig");
+      agent.setInitParameter("com.sun.jersey.config.property.packages",
+              "org.apache.ambari.server.agent.rest");
+      root.addServlet(agent, "/agent/*");
+      agent.setInitOrder(3);
+
+      ServletHolder cert = new ServletHolder(ServletContainer.class);
+      cert.setInitParameter("com.sun.jersey.config.property.resourceConfigClass",
+              "com.sun.jersey.api.core.PackagesResourceConfig");
+      cert.setInitParameter("com.sun.jersey.config.property.packages",
+              "org.apache.ambari.server.security.unsecured.rest");
+      root.addServlet(cert, "/cert/*");
+      cert.setInitOrder(4);
+
+      server.setStopAtShutdown(true);
+
+      springAppContext.start();
+      /*
+       * Start the server after controller state is recovered.
+       */
+      server.start();
+      LOG.info("Started Server");
+      server.join();
+      LOG.info("Joined the Server");
+    } catch (Exception e) {
+      LOG.error("Error in the server", e);
+    }
+  }
+
+  public void stop() throws Exception {
+    try {
+      server.stop();
+    } catch (Exception e) {
+      LOG.error("Error stopping the server", e);
+    }
+  }
+
+  public static void main(String[] args) throws IOException {
+    Injector injector = Guice.createInjector(new ControllerModule(), new JpaPersistModule(PERSISTENCE_PROVIDER));
+
+    try {
+      LOG.info("Getting the controller");
+      AmbariServer server = injector.getInstance(AmbariServer.class);
+      CertificateManager certMan = injector.getInstance(CertificateManager.class);
+      injector.getInstance(GuiceJpaInitializer.class);
+      certMan.initRootCert();
+      if (server != null) {
+        server.run();
+      }
+    } catch (Throwable t) {
+      LOG.error("Failed to run the Ambari Server", t);
+    }
+  }
 }

Modified: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java?rev=1387826&r1=1387825&r2=1387826&view=diff
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java
(original)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java
Thu Sep 20 00:27:02 2012
@@ -17,6 +17,7 @@
  */
 package org.apache.ambari.server.controller;
 import org.apache.ambari.server.agent.rest.AgentResource;
+import org.apache.ambari.server.security.unsecured.rest.CertificateDownload;
 
 import com.google.inject.AbstractModule;
 
@@ -29,5 +30,6 @@ public class ControllerModule extends Ab
   @Override
   protected void configure() {
     requestStaticInjection(AgentResource.class);
+    requestStaticInjection(CertificateDownload.class);
   }
 }

Added: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleDAO.java
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleDAO.java?rev=1387826&view=auto
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleDAO.java
(added)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleDAO.java
Thu Sep 20 00:27:02 2012
@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.orm.dao;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import com.google.inject.persist.Transactional;
+import org.apache.ambari.server.orm.entities.RoleEntity;
+
+import javax.persistence.EntityManager;
+
+public class RoleDAO {
+
+  @Inject
+  Provider<EntityManager> entityManagerProvider;
+
+  public RoleEntity findByName(String roleName) {
+    return entityManagerProvider.get().find(RoleEntity.class, roleName);
+  }
+
+  public void create(RoleEntity roleName) {
+    entityManagerProvider.get().persist(roleName);
+  }
+
+  @Transactional
+  public RoleEntity merge(RoleEntity roleName) {
+    return entityManagerProvider.get().merge(roleName);
+  }
+
+  @Transactional
+  public void remove(RoleEntity roleName) {
+    entityManagerProvider.get().remove(roleName);
+  }
+
+  @Transactional
+  public void removeByName(String roleName) {
+    remove(findByName(roleName));
+  }
+
+}

Added: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/UserDAO.java
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/UserDAO.java?rev=1387826&view=auto
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/UserDAO.java
(added)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/UserDAO.java
Thu Sep 20 00:27:02 2012
@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.orm.dao;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import com.google.inject.persist.Transactional;
+import org.apache.ambari.server.orm.entities.UserEntity;
+
+import javax.persistence.EntityManager;
+
+public class UserDAO {
+
+  @Inject
+  Provider<EntityManager> entityManagerProvider;
+
+  public UserEntity findByName(String userName) {
+    return entityManagerProvider.get().find(UserEntity.class, userName);
+  }
+
+  public void create(UserEntity userName) {
+    entityManagerProvider.get().persist(userName);
+  }
+
+  @Transactional
+  public UserEntity merge(UserEntity userName) {
+    return entityManagerProvider.get().merge(userName);
+  }
+
+  @Transactional
+  public void remove(UserEntity userName) {
+    entityManagerProvider.get().remove(userName);
+  }
+
+  @Transactional
+  public void removeByName(String userName) {
+    remove(findByName(userName));
+  }
+
+}

Added: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/RoleEntity.java
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/RoleEntity.java?rev=1387826&view=auto
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/RoleEntity.java
(added)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/RoleEntity.java
Thu Sep 20 00:27:02 2012
@@ -0,0 +1,51 @@
+package org.apache.ambari.server.orm.entities;
+
+import javax.persistence.Entity;
+import javax.persistence.Id;
+import javax.persistence.ManyToMany;
+import java.util.Set;
+
+@javax.persistence.Table(name = "roles", schema = "ambari", catalog = "")
+@Entity
+public class RoleEntity {
+
+  private String roleName;
+
+  @javax.persistence.Column(name = "role_name")
+  @Id
+  public String getRoleName() {
+    return roleName;
+  }
+
+  public void setRoleName(String roleName) {
+    this.roleName = roleName;
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (this == o) return true;
+    if (o == null || getClass() != o.getClass()) return false;
+
+    RoleEntity that = (RoleEntity) o;
+
+    if (roleName != null ? !roleName.equals(that.roleName) : that.roleName != null) return
false;
+
+    return true;
+  }
+
+  @Override
+  public int hashCode() {
+    return roleName != null ? roleName.hashCode() : 0;
+  }
+
+  private Set<UserEntity> userEntities;
+
+  @ManyToMany(mappedBy = "roleEntities")
+  public Set<UserEntity> getUserEntities() {
+    return userEntities;
+  }
+
+  public void setUserEntities(Set<UserEntity> userEntities) {
+    this.userEntities = userEntities;
+  }
+}

Added: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/UserEntity.java
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/UserEntity.java?rev=1387826&view=auto
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/UserEntity.java
(added)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/UserEntity.java
Thu Sep 20 00:27:02 2012
@@ -0,0 +1,94 @@
+package org.apache.ambari.server.orm.entities;
+
+import javax.persistence.*;
+import java.sql.Timestamp;
+import java.util.Set;
+
+@javax.persistence.Table(name = "users", schema = "ambari", catalog = "")
+@Entity
+public class UserEntity {
+
+  private String userName;
+
+  @javax.persistence.Column(name = "user_name")
+  @Id
+  public String getUserName() {
+    return userName;
+  }
+
+  public void setUserName(String userName) {
+    this.userName = userName;
+  }
+
+  private String userPassword;
+
+  @javax.persistence.Column(name = "user_password")
+  @Basic
+  public String getUserPassword() {
+    return userPassword;
+  }
+
+  public void setUserPassword(String userPassword) {
+    this.userPassword = userPassword;
+  }
+
+  private Boolean ldapUser;
+
+  @javax.persistence.Column(name = "ldap_user")
+  @Basic
+  public Boolean getLdapUser() {
+    return ldapUser;
+  }
+
+  public void setLdapUser(Boolean ldapUser) {
+    this.ldapUser = ldapUser;
+  }
+
+  private Timestamp createTime;
+
+  @javax.persistence.Column(name = "create_time")
+  @Basic
+  public Timestamp getCreateTime() {
+    return createTime;
+  }
+
+  public void setCreateTime(Timestamp createTime) {
+    this.createTime = createTime;
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (this == o) return true;
+    if (o == null || getClass() != o.getClass()) return false;
+
+    UserEntity that = (UserEntity) o;
+
+    if (createTime != null ? !createTime.equals(that.createTime) : that.createTime != null)
return false;
+    if (ldapUser != null ? !ldapUser.equals(that.ldapUser) : that.ldapUser != null) return
false;
+    if (userName != null ? !userName.equals(that.userName) : that.userName != null) return
false;
+    if (userPassword != null ? !userPassword.equals(that.userPassword) : that.userPassword
!= null) return false;
+
+    return true;
+  }
+
+  @Override
+  public int hashCode() {
+    int result = userName != null ? userName.hashCode() : 0;
+    result = 31 * result + (userPassword != null ? userPassword.hashCode() : 0);
+    result = 31 * result + (ldapUser != null ? ldapUser.hashCode() : 0);
+    result = 31 * result + (createTime != null ? createTime.hashCode() : 0);
+    return result;
+  }
+
+  private Set<RoleEntity> roleEntities;
+
+  @javax.persistence.JoinTable(name = "user_roles", catalog = "", schema = "ambari", joinColumns
= {@JoinColumn(name = "user_name")}, inverseJoinColumns = {@JoinColumn(name = "user_name")})
+  @ManyToMany
+  public Set<RoleEntity> getRoleEntities() {
+    return roleEntities;
+  }
+
+  public void setRoleEntities(Set<RoleEntity> roleEntities) {
+    this.roleEntities = roleEntities;
+  }
+}

Added: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariUserDetailsService.java
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariUserDetailsService.java?rev=1387826&view=auto
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariUserDetailsService.java
(added)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariUserDetailsService.java
Thu Sep 20 00:27:02 2012
@@ -0,0 +1,96 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.security;
+
+import com.google.inject.Inject;
+import com.google.inject.Injector;
+import org.apache.ambari.server.configuration.Configuration;
+import org.apache.ambari.server.orm.dao.UserDAO;
+import org.apache.ambari.server.orm.entities.RoleEntity;
+import org.apache.ambari.server.orm.entities.UserEntity;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class AmbariUserDetailsService implements UserDetailsService {
+  private static final Logger log = LoggerFactory.getLogger(AmbariUserDetailsService.class);
+
+  Injector injector;
+  Configuration configuration;
+  UserDAO userDAO;
+
+
+  @Inject
+  public AmbariUserDetailsService(Injector injector, Configuration configuration, UserDAO
userDAO) {
+    this.injector = injector;
+    this.configuration = configuration;
+    this.userDAO = userDAO;
+  }
+
+  /**
+   * Loads Spring Security UserDetails from identity storage according to Configuration
+   * @param username username
+   * @return UserDetails
+   * @throws UsernameNotFoundException when user not found or have empty roles
+   */
+  @Override
+  public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException
{
+    log.info("Loading user by name: " + username);
+
+    UserEntity user = null;
+    try {
+      user = userDAO.findByName(username);
+    } catch (Exception e) {
+      System.err.println(e);
+    }
+
+    if (isLdapEnabled() && (user == null || user.getLdapUser())) {
+      //TODO implement LDAP
+    }
+
+    if (user == null) {
+      log.info("user not found ");
+      throw new UsernameNotFoundException("Username " + username + " not found");
+    }else if (user.getRoleEntities().isEmpty()) {
+      System.err.println("no roles ex");
+      throw new UsernameNotFoundException("Username " + username + " has no roles");
+    }
+
+    List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(user.getRoleEntities().size());
+
+    System.err.println("Authorities number = " + user.getRoleEntities().size());
+    for (RoleEntity roleEntity : user.getRoleEntities()) {
+      authorities.add(new SimpleGrantedAuthority(roleEntity.getRoleName().toUpperCase()));
+    }
+
+    return new User(user.getUserName(), user.getUserPassword(), authorities);
+  }
+
+  private boolean isLdapEnabled() {
+    return ClientSecurityType.fromString(configuration.getConfigsMap().get(Configuration.CLIENT_SECURITY_KEY))
== ClientSecurityType.LDAP;
+  }
+
+}

Added: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/CertificateManager.java
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/CertificateManager.java?rev=1387826&view=auto
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/CertificateManager.java
(added)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/CertificateManager.java
Thu Sep 20 00:27:02 2012
@@ -0,0 +1,164 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.security;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.text.MessageFormat;
+import java.util.Map;
+
+import org.apache.ambari.server.configuration.Configuration;
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import com.google.inject.Inject;
+import com.google.inject.Singleton;
+
+/**
+ * Ambari security.
+ * Manages server and agent certificates
+ */
+@Singleton
+public class CertificateManager {
+	
+  @Inject Configuration configs;
+	
+  private static final Log LOG = LogFactory.getLog(CertificateManager.class);
+	
+	
+  private static final String GEN_SRVR_KEY = "openssl genrsa -des3 -passout pass:{0} -out
{1}/{2} 4096 ";
+  private static final String GEN_SRVR_REQ = "openssl req -passin pass:{0} -new -key {1}/{2}
-out {1}/{3} -batch";
+  private static final String SIGN_SRVR_CRT = "openssl x509 -passin pass:{0} -req -days 365
-in {1}/{3} -signkey {1}/{2} -out {1}/{3} \n";
+  private static final String EXPRT_KSTR = "openssl pkcs12 -export -in {1}/{3} -inkey {1}/{2}
-certfile {1}/{3} -out {1}/{4} -password pass:{0} -passin pass:{0} \n";
+	
+  /**
+   * Verify that root certificate exists, generate it otherwise.
+   */
+  public void initRootCert() {
+    LOG.info("Initialization of root certificate");
+		
+    boolean certExists = isCertExists();
+		
+    LOG.info("Certificate exists:" + certExists);
+		
+	if (!certExists) {
+      generateServerCertificate();
+	}
+  }
+	
+  /**
+   * Checks root certificate state.
+   * @return "true" if certificate exists
+   */
+  private boolean isCertExists() {
+
+    Map<String, String> configsMap = configs.getConfigsMap();
+    String srvrKstrDir = configsMap.get(Configuration.SRVR_KSTR_DIR_KEY);
+    String srvrCrtName = configsMap.get(Configuration.SRVR_CRT_NAME_KEY);
+    File certFile = new File(srvrKstrDir + File.separator + srvrCrtName);
+    
+	return certFile.exists();
+	}
+  
+  
+  /**
+   * Runs os command
+   */
+  private void runCommand(String command) {
+	  
+	  String line = null;
+      Process process = null;
+      try {
+        process = Runtime.getRuntime().exec(command);
+        BufferedReader br = new BufferedReader(new InputStreamReader(process.getInputStream()));
+        
+        while ((line = br.readLine()) != null) {
+          LOG.info(line);
+        }
+        
+        try {
+          process.waitFor();
+        }
+        catch (InterruptedException e) {
+          e.printStackTrace();
+        }
+      }
+      catch (IOException e){
+        e.printStackTrace();
+      }
+	  
+  }
+  
+  private void generateServerCertificate() {
+    LOG.info("Generation of server certificate");
+    
+    Map<String, String> configsMap = configs.getConfigsMap();
+    String srvrKstrDir = configsMap.get(Configuration.SRVR_KSTR_DIR_KEY);
+    String srvrCrtName = configsMap.get(Configuration.SRVR_CRT_NAME_KEY);
+    String srvrKeyName = configsMap.get(Configuration.SRVR_KEY_NAME_KEY);
+    String kstrName = configsMap.get(Configuration.KSTR_NAME_KEY);
+    String srvrCrtPass = configsMap.get(Configuration.SRVR_CRT_PASS_KEY);
+    
+    Object[] scriptArgs = {srvrCrtPass, srvrKstrDir, srvrKeyName,
+			               srvrCrtName, kstrName};
+
+    String command = MessageFormat.format(GEN_SRVR_KEY,scriptArgs);
+
+    LOG.info("Executing command:" + command);
+    
+	runCommand(command);
+	
+    command = MessageFormat.format(GEN_SRVR_REQ,scriptArgs);
+    
+    LOG.info("Executing command:" + command);
+    
+	runCommand(command);
+	
+    command = MessageFormat.format(SIGN_SRVR_CRT,scriptArgs);
+    
+    LOG.info("Executing command:" + command);
+    
+	runCommand(command);
+	
+    command = MessageFormat.format(EXPRT_KSTR,scriptArgs);
+    
+    LOG.info("Executing command:" + command);
+    
+	runCommand(command);
+	
+	}
+
+  /**
+   * Returns server certificate content
+   * @return string with server certificate content
+   */
+  public String getServerCert() {
+    Map<String, String> configsMap = configs.getConfigsMap();
+    File certFile = new File(configsMap.get(Configuration.SRVR_KSTR_DIR_KEY) + File.separator
+ configsMap.get(Configuration.SRVR_CRT_NAME_KEY));  
+    String srvrCrtContent = null;
+    try {
+      srvrCrtContent = FileUtils.readFileToString(certFile);
+	} catch (IOException e) {
+        LOG.error(e.getMessage());
+	}   
+    return srvrCrtContent;
+	}
+}

Added: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java?rev=1387826&view=auto
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
(added)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
Thu Sep 20 00:27:02 2012
@@ -0,0 +1,26 @@
+package org.apache.ambari.server.security;
+
+public enum ClientSecurityType {
+  LOCAL("local"),
+  LDAP("ldap");
+
+  private String value;
+  ClientSecurityType(String value) {
+    this.value = value;
+  }
+
+  public static ClientSecurityType fromString(String value) {
+    for (ClientSecurityType securityType : ClientSecurityType.values()) {
+      if (securityType.toString().equals(value)) {
+        return securityType;
+      }
+    }
+    return null;
+  }
+
+
+  @Override
+  public String toString() {
+    return value;
+  }
+}

Added: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/unsecured/rest/CertificateDownload.java
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/unsecured/rest/CertificateDownload.java?rev=1387826&view=auto
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/unsecured/rest/CertificateDownload.java
(added)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/java/org/apache/ambari/server/security/unsecured/rest/CertificateDownload.java
Thu Sep 20 00:27:02 2012
@@ -0,0 +1,47 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.security.unsecured.rest;
+
+
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+
+import org.apache.ambari.server.security.CertificateManager;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import com.google.inject.Inject;
+
+@Path("/ca")
+public class CertificateDownload {
+  private static Log LOG = LogFactory.getLog(CertificateDownload.class);
+  private static CertificateManager certMan;
+  
+  @Inject
+  static void init(CertificateManager instance) {
+    certMan = instance;
+  }
+  
+  @GET
+  @Produces({MediaType.TEXT_PLAIN})
+  public String downloadSrvrCrt() {
+    return certMan.getServerCert();
+  }
+}

Modified: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/META-INF/persistence.xml
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/META-INF/persistence.xml?rev=1387826&r1=1387825&r2=1387826&view=diff
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/META-INF/persistence.xml
(original)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/META-INF/persistence.xml
Thu Sep 20 00:27:02 2012
@@ -33,9 +33,11 @@
     <class>org.apache.ambari.server.orm.entities.ServiceConfigEntity</class>
     <class>org.apache.ambari.server.orm.entities.ServiceDesiredStateEntity</class>
     <class>org.apache.ambari.server.orm.entities.ServiceStateEntity</class>
+    <class>org.apache.ambari.server.orm.entities.RoleEntity</class>
+    <class>org.apache.ambari.server.orm.entities.UserEntity</class>
 
     <properties>
-      <property name="javax.persistence.jdbc.url" value="jdbc:postgresql://localhost/ambari"/>
+      <property name="javax.persistence.jdbc.url" value="jdbc:postgresql://localhost/postgres"/>
       <property name="javax.persistence.jdbc.driver" value="org.postgresql.Driver"/>
       <property name="javax.persistence.jdbc.user" value="ambari-server"/>
       <property name="javax.persistence.jdbc.password" value="bigdata"/>
@@ -58,6 +60,8 @@
     <class>org.apache.ambari.server.orm.entities.ServiceConfigEntity</class>
     <class>org.apache.ambari.server.orm.entities.ServiceDesiredStateEntity</class>
     <class>org.apache.ambari.server.orm.entities.ServiceStateEntity</class>
+    <class>org.apache.ambari.server.orm.entities.RoleEntity</class>
+    <class>org.apache.ambari.server.orm.entities.UserEntity</class>
 
     <properties>
       <property name="javax.persistence.jdbc.url" value="jdbc:derby:memory:myDB;create=true"/>

Added: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/pass.txt
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/pass.txt?rev=1387826&view=auto
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/pass.txt (added)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/pass.txt Thu Sep
20 00:27:02 2012
@@ -0,0 +1 @@
+QWERTYUIO

Added: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/users.ldif
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/users.ldif?rev=1387826&view=auto
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/users.ldif (added)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/users.ldif Thu Sep
20 00:27:02 2012
@@ -0,0 +1,35 @@
+dn: ou=groups,dc=ambari,dc=apache,dc=org
+objectclass:top
+objectclass:organizationalUnit
+ou: groups
+
+dn: ou=people,dc=ambari,dc=apache,dc=org
+objectclass:top
+objectclass:organizationalUnit
+ou: people
+
+dn: uid=allowedUser,ou=people,dc=ambari,dc=apache,dc=org
+objectclass:top
+objectclass:person
+objectclass:organizationalPerson
+objectclass:inetOrgPerson
+cn: CraigWalls
+sn: Walls
+uid: allowedUser
+userPassword:password
+
+dn: uid=deniedUser,ou=people,dc=ambari,dc=apache,dc=org
+objectclass:top
+objectclass:person
+objectclass:organizationalPerson
+objectclass:inetOrgPerson
+cn: JohnSmith
+sn: Smith
+uid: deniedUser
+userPassword:password
+
+dn: cn=admin,ou=groups,dc=ambari,dc=apache,dc=org
+objectclass:top
+objectclass:groupOfNames
+cn: admin
+member: uid=allowedUser,ou=people,dc=ambari,dc=apache,dc=org

Added: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml?rev=1387826&view=auto
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml
(added)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml
Thu Sep 20 00:27:02 2012
@@ -0,0 +1,52 @@
+<!--
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+-->
+<beans:beans xmlns="http://www.springframework.org/schema/security"
+             xmlns:beans="http://www.springframework.org/schema/beans"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xsi:schemaLocation="http://www.springframework.org/schema/beans
+                    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+                    http://www.springframework.org/schema/security
+                    http://www.springframework.org/schema/security/spring-security-3.1.xsd">
+
+  <http use-expressions="true" auto-config="true"
+        disable-url-rewriting="true"
+          >
+    <http-basic/>
+    <intercept-url pattern="/api/*" access="hasRole('ADMIN')"/>
+    <intercept-url pattern="/**" access="isAuthenticated()"/>
+  </http>
+
+  <!--<ldap-server id="ldapServer" root="dc=ambari,dc=apache,dc=org"/>-->
+
+  <authentication-manager>
+
+    <authentication-provider user-service-ref="ambariUserService">
+
+    </authentication-provider>
+
+  </authentication-manager>
+
+  <beans:bean id="ambariUserService"
+              class="org.springframework.security.core.userdetails.UserDetailsService"
+              factory-bean="guiceInjector"
+              factory-method="getInstance"
+              lazy-init="true">
+    <beans:constructor-arg type="java.lang.Class" value="org.apache.ambari.server.security.AmbariUserDetailsService"/>
+  </beans:bean>
+
+
+</beans:beans>
\ No newline at end of file

Added: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/webapp/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/webapp/WEB-INF/web.xml?rev=1387826&view=auto
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/webapp/WEB-INF/web.xml
(added)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/webapp/WEB-INF/web.xml
Thu Sep 20 00:27:02 2012
@@ -0,0 +1,33 @@
+<!--
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+-->
+<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+            http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
+
+  <display-name>Ambari-web</display-name>
+
+  <filter>
+    <filter-name>springSecurityFilterChain</filter-name>
+    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+  </filter>
+
+  <filter-mapping>
+    <filter-name>springSecurityFilterChain</filter-name>
+    <url-pattern>/*</url-pattern>
+  </filter-mapping>
+</web-app>
\ No newline at end of file

Added: incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/webapp/index.html
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/webapp/index.html?rev=1387826&view=auto
==============================================================================
--- incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/webapp/index.html
(added)
+++ incubator/ambari/branches/AMBARI-666/ambari-server/src/main/resources/webapp/index.html
Thu Sep 20 00:27:02 2012
@@ -0,0 +1,26 @@
+<!--
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+-->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+        "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+    <title>AMBARI TEST PAGE</title>
+</head>
+<body>
+<h1>AMBARI TEST PAGE</h1>
+</body>
+</html>
\ No newline at end of file



Mime
View raw message