tinkerpop-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From spmalle...@apache.org
Subject [1/2] incubator-tinkerpop git commit: Deprecated Authenticator.newSaslNegotiator() and added new method to replace.
Date Tue, 01 Dec 2015 11:10:10 GMT
Repository: incubator-tinkerpop
Updated Branches:
  refs/heads/TINKERPOP3-995 [created] aec1bfff9


Deprecated Authenticator.newSaslNegotiator() and added new method to replace.


Project: http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/commit/88b85c86
Tree: http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/tree/88b85c86
Diff: http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/diff/88b85c86

Branch: refs/heads/TINKERPOP3-995
Commit: 88b85c864ba82d0935a9834015e13358aaca46ec
Parents: 322668b
Author: Stephen Mallette <spmva@genoprime.com>
Authored: Thu Nov 26 07:41:19 2015 -0500
Committer: Stephen Mallette <spmva@genoprime.com>
Committed: Mon Nov 30 19:09:48 2015 -0500

----------------------------------------------------------------------
 .../server/auth/AllowAllAuthenticator.java      | 10 ++++++++
 .../gremlin/server/auth/Authenticator.java      | 27 +++++++++++++++++---
 .../server/auth/SimpleAuthenticator.java        |  9 +++++++
 .../handler/SaslAuthenticationHandler.java      | 22 +++++++++++++++-
 4 files changed, 64 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/blob/88b85c86/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/auth/AllowAllAuthenticator.java
----------------------------------------------------------------------
diff --git a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/auth/AllowAllAuthenticator.java
b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/auth/AllowAllAuthenticator.java
index 8f062fa..bce2dd6 100644
--- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/auth/AllowAllAuthenticator.java
+++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/auth/AllowAllAuthenticator.java
@@ -18,6 +18,7 @@
  */
 package org.apache.tinkerpop.gremlin.server.auth;
 
+import java.net.InetAddress;
 import java.util.Map;
 
 /**
@@ -41,7 +42,16 @@ public final class AllowAllAuthenticator implements Authenticator {
         return AuthenticatedUser.ANONYMOUS_USER;
     }
 
+    /**
+     * @deprecated As of release 3.1.1-incubating, replaced by {@link #newSaslNegotiator(InetAddress)}.
+     * @see <a href="https://issues.apache.org/jira/browse/TINKERPOP3-995">TINKERPOP3-995</a>
+     */
+    @Override
+    @Deprecated
     public SaslNegotiator newSaslNegotiator() {
+        // While this method is deprecated, it remains here to ensure backward compatibility
with the old method. In
+        // this way the integration tests can continue to execute here
+        // todo: remove this method on a future version and implement the new one
         return AUTHENTICATOR_INSTANCE;
     }
 

http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/blob/88b85c86/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/auth/Authenticator.java
----------------------------------------------------------------------
diff --git a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/auth/Authenticator.java
b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/auth/Authenticator.java
index 873ae09..f282ad9 100644
--- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/auth/Authenticator.java
+++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/auth/Authenticator.java
@@ -23,6 +23,7 @@ import org.apache.tinkerpop.gremlin.driver.message.ResponseMessage;
 import org.apache.tinkerpop.gremlin.driver.message.ResponseStatusCode;
 import org.apache.tinkerpop.gremlin.server.Channelizer;
 
+import java.net.InetAddress;
 import java.util.Map;
 
 /**
@@ -45,13 +46,33 @@ public interface Authenticator {
     public void setup(final Map<String,Object> config);
 
     /**
-     * Provide a SASL handler to perform authentication for an single connection. SASL
-     * is a stateful protocol, so a new instance must be used for each authentication
-     * attempt.)
+     * Provide a SASL handler to perform authentication for an single connection. SASL is
a stateful protocol, so a
+     * new instance must be used for each authentication attempt.)
+     *
+     * @deprecated As of release 3.1.1-incubating, replaced by {@link #newSaslNegotiator(InetAddress)}.
+     * @see <a href="https://issues.apache.org/jira/browse/TINKERPOP3-995">TINKERPOP3-995</a>
      */
+    @Deprecated
     public SaslNegotiator newSaslNegotiator();
 
     /**
+     * Provide a SASL handler to perform authentication for an single connection. SASL is
a stateful protocol, so
+     * a new instance must be used for each authentication attempt.
+     *
+     * As of 3.1.1, this method by default calls the {@link #newSaslNegotiator()} method
so as not to introduce a
+     * breaking change. Implementers should move their code from {@link #newSaslNegotiator()}
to this method as
+     * this is the method now called by Gremlin Server during authentication. For full backwards
compatibility,
+     * it makes sense to call this method from {@link #newSaslNegotiator()} passing {@code
null} for the
+     * {@code remoteAddress} parameter.
+     *
+     * @param remoteAddress the IP address of the client to authenticate to authenticate
or null if an internal
+     *                      client (one not connected over the remote transport).
+     */
+    public default SaslNegotiator newSaslNegotiator(final InetAddress remoteAddress) {
+        return newSaslNegotiator();
+    }
+
+    /**
      * A "standard" authentication implementation that can be used more generically without
SASL support.  This
      * implementation is used when a particular {@link Channelizer} doesn't support SASL
directly (like basic
      * HTTP authentication).

http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/blob/88b85c86/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/auth/SimpleAuthenticator.java
----------------------------------------------------------------------
diff --git a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/auth/SimpleAuthenticator.java
b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/auth/SimpleAuthenticator.java
index 7692343..4287cfa 100644
--- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/auth/SimpleAuthenticator.java
+++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/auth/SimpleAuthenticator.java
@@ -29,6 +29,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import java.io.IOException;
+import java.net.InetAddress;
 import java.nio.charset.StandardCharsets;
 import java.util.Arrays;
 import java.util.HashMap;
@@ -104,8 +105,16 @@ public class SimpleAuthenticator implements Authenticator {
         logger.info("CredentialGraph initialized at {}", credentialStore);
     }
 
+    /**
+     * @deprecated As of release 3.1.1-incubating, replaced by {@link #newSaslNegotiator(InetAddress)}.
+     * @see <a href="https://issues.apache.org/jira/browse/TINKERPOP3-995">TINKERPOP3-995</a>
+     */
     @Override
+    @Deprecated
     public SaslNegotiator newSaslNegotiator() {
+        // While this method is deprecated, it remains here to ensure backward compatibility
with the old method. In
+        // this way the integration tests can continue to execute here
+        // todo: remove this method on a future version and implement the new one
         return new PlainTextSaslAuthenticator();
     }
 

http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/blob/88b85c86/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java
----------------------------------------------------------------------
diff --git a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java
b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java
index 93cb168..de7f624 100644
--- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java
+++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.java
@@ -18,10 +18,15 @@
  */
 package org.apache.tinkerpop.gremlin.server.handler;
 
+import io.netty.channel.Channel;
 import io.netty.channel.ChannelHandler;
 import io.netty.channel.ChannelHandlerContext;
 import io.netty.channel.ChannelInboundHandlerAdapter;
 import io.netty.util.Attribute;
+
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.SocketAddress;
 import java.util.Base64;
 import org.apache.tinkerpop.gremlin.driver.Tokens;
 import org.apache.tinkerpop.gremlin.driver.message.RequestMessage;
@@ -61,7 +66,7 @@ public class SaslAuthenticationHandler extends ChannelInboundHandlerAdapter
{
             final Attribute<RequestMessage> request = ctx.attr(StateKey.REQUEST_MESSAGE);
             if (negotiator.get() == null) {
                 // First time through so save the request and send an AUTHENTICATE challenge
with no data
-                negotiator.set(authenticator.newSaslNegotiator());
+                negotiator.set(authenticator.newSaslNegotiator(getRemoteInetAddress(ctx)));
                 request.set(requestMessage);
                 final ResponseMessage authenticate = ResponseMessage.build(requestMessage)
                         .code(ResponseStatusCode.AUTHENTICATE).create();
@@ -121,4 +126,19 @@ public class SaslAuthenticationHandler extends ChannelInboundHandlerAdapter
{
             ctx.close();
         }
     }
+
+    private InetAddress getRemoteInetAddress(ChannelHandlerContext ctx)
+    {
+        Channel channel = ctx.channel();
+
+        if (null == channel)
+            return null;
+
+        SocketAddress genericSocketAddr = channel.remoteAddress();
+
+        if (null == genericSocketAddr || !(genericSocketAddr instanceof InetSocketAddress))
+            return null;
+
+        return ((InetSocketAddress)genericSocketAddr).getAddress();
+    }
 }


Mime
View raw message