Fixes for review comments
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/9360f944 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/9360f944 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/9360f944 Branch: refs/heads/audit_logging Commit: 9360f9448177bdc06916cd7602a6d03800fa7ea8 Parents: 9ca5907 Author: Daniel Gergely <dgerg...@hortonworks.com> Authored: Fri Mar 11 15:26:41 2016 +0100 Committer: Toader, Sebastian <stoa...@hortonworks.com> Committed: Thu Mar 24 13:06:49 2016 +0100 ---------------------------------------------------------------------- ambari-server/pom.xml | 5 -- .../actionmanager/ActionDBAccessorImpl.java | 14 ++-- .../ambari/server/api/services/BaseRequest.java | 17 +--- .../ambari/server/api/services/BaseService.java | 9 +- .../server/api/services/LogoutService.java | 3 +- .../server/audit/AuditLoggerDefaultImpl.java | 10 ++- .../server/audit/event/AbstractAuditEvent.java | 10 +-- .../ambari/server/audit/event/AuditEvent.java | 4 +- .../eventcreator/AlertGroupEventCreator.java | 8 +- .../eventcreator/AlertTargetEventCreator.java | 7 +- .../eventcreator/BlueprintEventCreator.java | 5 +- .../BlueprintExportEventCreator.java | 3 +- .../eventcreator/ComponentEventCreator.java | 3 +- .../ConfigurationChangeEventCreator.java | 5 +- .../eventcreator/CredentialEventCreator.java | 3 +- .../eventcreator/DefaultEventCreator.java | 18 +--- .../request/eventcreator/GroupEventCreator.java | 5 +- .../request/eventcreator/HostEventCreator.java | 7 +- .../eventcreator/MemberEventCreator.java | 7 +- .../eventcreator/PrivilegeEventCreator.java | 5 +- .../eventcreator/RepositoryEventCreator.java | 5 +- .../RepositoryVersionEventCreator.java | 7 +- .../eventcreator/RequestEventCreator.java | 3 +- .../ServiceConfigDownloadEventCreator.java | 3 +- .../eventcreator/ServiceEventCreator.java | 5 +- .../eventcreator/UnauthorizedEventCreator.java | 3 +- .../eventcreator/UpgradeEventCreator.java | 3 +- .../eventcreator/UpgradeItemEventCreator.java | 3 +- .../request/eventcreator/UserEventCreator.java | 11 ++- .../eventcreator/ViewInstanceEventCreator.java | 7 +- .../eventcreator/ViewPrivilegeEventCreator.java | 3 +- .../ambari/server/controller/AmbariServer.java | 6 +- .../AmbariAuthenticationFilter.java | 51 ++++++++++-- .../AmbariAuthorizationFilter.java | 11 +-- .../authorization/AuthorizationHelper.java | 51 +----------- .../authorization/PermissionHelper.java | 88 ++++++++++++++++++++ .../serveraction/AbstractServerAction.java | 20 +---- .../kerberos/CreateKeytabFilesServerAction.java | 3 +- .../kerberos/CreatePrincipalsServerAction.java | 3 +- .../kerberos/DestroyPrincipalsServerAction.java | 3 +- .../kerberos/FinalizeKerberosServerAction.java | 3 +- .../kerberos/KerberosServerAction.java | 1 - .../ambari/server/utils/RequestUtils.java | 38 +++++++++ .../webapp/WEB-INF/spring-security.xml | 1 + .../server/api/services/BaseServiceTest.java | 15 +++- .../audit/AccessUnauthorizedAuditEventTest.java | 7 +- .../server/audit/BufferedAuditLoggerTest.java | 3 +- .../server/audit/LoginAuditEventTest.java | 9 +- .../server/audit/LogoutAuditEventTest.java | 7 +- .../audit/OperationStatusAuditEventTest.java | 7 +- .../StartOperationRequestAuditEventTest.java | 7 +- .../audit/request/AbstractBaseCreator.java | 5 +- .../AmbariAuthenticationFilterTest.java | 10 ++- .../AmbariAuthorizationFilterTest.java | 2 + 54 files changed, 307 insertions(+), 245 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/pom.xml ---------------------------------------------------------------------- diff --git a/ambari-server/pom.xml b/ambari-server/pom.xml index fcb5ab3..799cff5 100644 --- a/ambari-server/pom.xml +++ b/ambari-server/pom.xml @@ -1319,11 +1319,6 @@ <version>[0.9.5.2]</version> <scope>compile</scope> </dependency> - <dependency> - <groupId>joda-time</groupId> - <artifactId>joda-time</artifactId> - <version>2.7</version> - </dependency> </dependencies> <pluginRepositories> http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/actionmanager/ActionDBAccessorImpl.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/actionmanager/ActionDBAccessorImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/actionmanager/ActionDBAccessorImpl.java index 91a040d..2d6aa52 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/actionmanager/ActionDBAccessorImpl.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/actionmanager/ActionDBAccessorImpl.java @@ -66,7 +66,6 @@ import org.apache.ambari.server.utils.Parallel; import org.apache.ambari.server.utils.ParallelLoopResult; import org.apache.ambari.server.utils.StageUtils; import org.apache.commons.lang.StringUtils; -import org.joda.time.DateTime; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -497,18 +496,17 @@ public class ActionDBAccessorImpl implements ActionDBAccessor { report.getStructuredOut().getBytes()); commandEntity.setExitcode(report.getExitCode()); - String actionId = report.getActionId(); - long[] requestStageIds = StageUtils.getRequestStage(actionId); - long requestId = requestStageIds[0]; - if (HostRoleStatus.getCompletedStates().contains(commandEntity.getStatus())) { commandEntity.setEndTime(now); + + String actionId = report.getActionId(); + long[] requestStageIds = StageUtils.getRequestStage(actionId); + long requestId = requestStageIds[0]; long stageId = requestStageIds[1]; if (requestDAO.getLastStageId(requestId).equals(stageId)) { requestsToCheck.add(requestId); } } - } // no need to merge if there's nothing to merge @@ -808,7 +806,7 @@ public class ActionDBAccessorImpl implements ActionDBAccessor { .withRequestId(String.valueOf(requestId)) .withStatus(String.valueOf(cs.getStatus())) .withRequestContext(stages.isEmpty() ? "" : stages.get(0).getRequestContext()) - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .build(); auditLogger.log(auditEvent); @@ -832,7 +830,7 @@ public class ActionDBAccessorImpl implements ActionDBAccessor { .withDetails(commandEntity.getCommandDetail()) .withStatus(commandEntity.getStatus().toString()) .withRequestId(String.valueOf(requestId)) - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .build(); auditLogger.log(taskEvent); http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/api/services/BaseRequest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/services/BaseRequest.java b/ambari-server/src/main/java/org/apache/ambari/server/api/services/BaseRequest.java index c3c1d4a..88b8170 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/api/services/BaseRequest.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/api/services/BaseRequest.java @@ -129,22 +129,7 @@ public abstract class BaseRequest implements Request { m_uriInfo = uriInfo; m_resource = resource; m_body = body; - m_remoteAddress = retrieveRemoteAddress(); - } - - private static String retrieveRemoteAddress() { - - if(hasValidRequest()) { - return RequestUtils.getRemoteAddress(((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest()); - } - - return null; - } - - private static boolean hasValidRequest() { - return RequestContextHolder.getRequestAttributes() != null && - RequestContextHolder.getRequestAttributes() instanceof ServletRequestAttributes && - ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest() != null; + m_remoteAddress = RequestUtils.getRemoteAddress(); } @Override http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/api/services/BaseService.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/services/BaseService.java b/ambari-server/src/main/java/org/apache/ambari/server/api/services/BaseService.java index 4f2359a..2e5b920 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/api/services/BaseService.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/api/services/BaseService.java @@ -60,7 +60,6 @@ public abstract class BaseService { protected static RequestAuditLogger requestAuditLogger; - @Inject public static void init(RequestAuditLogger instance) { requestAuditLogger = instance; } @@ -118,16 +117,20 @@ public abstract class BaseService { headers, requestBody, uriInfo, requestType, resource); result = request.process(); + requestAuditLogger.log(request, result); + } + + if(requestBodySet.isEmpty() || !ResultStatus.STATUS.OK.equals(result.getStatus().getStatus())) { + requestAuditLogger.log(request, result); } } catch (BodyParseException e) { result = new ResultImpl(new ResultStatus(ResultStatus.STATUS.BAD_REQUEST, e.getMessage())); + requestAuditLogger.log(request, result); } catch (Throwable t) { requestAuditLogger.log(request, new ResultImpl(new ResultStatus(ResultStatus.STATUS.SERVER_ERROR, t.getMessage()))); throw t; } - requestAuditLogger.log(request, result); - ResultSerializer serializer = mediaType == null ? getResultSerializer() : getResultSerializer(mediaType); Response.ResponseBuilder builder = Response.status(result.getStatus().getStatusCode()).entity( http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/api/services/LogoutService.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/services/LogoutService.java b/ambari-server/src/main/java/org/apache/ambari/server/api/services/LogoutService.java index b07c4b0..c755e40 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/api/services/LogoutService.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/api/services/LogoutService.java @@ -30,7 +30,6 @@ import org.apache.ambari.server.security.authorization.AuthorizationHelper; import org.apache.ambari.server.utils.RequestUtils; import com.google.inject.Inject; -import org.joda.time.DateTime; import org.springframework.security.core.context.SecurityContextHolder; /** @@ -57,7 +56,7 @@ public class LogoutService { private void auditLog(HttpServletRequest servletRequest) { LogoutAuditEvent logoutEvent = LogoutAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRemoteIp(RequestUtils.getRemoteAddress(servletRequest)) .withUserName(AuthorizationHelper.getAuthenticatedName()) .build(); http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/audit/AuditLoggerDefaultImpl.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/AuditLoggerDefaultImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/AuditLoggerDefaultImpl.java index 7f87293..adac54a 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/AuditLoggerDefaultImpl.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/AuditLoggerDefaultImpl.java @@ -18,6 +18,10 @@ package org.apache.ambari.server.audit; +import java.text.DateFormat; +import java.text.SimpleDateFormat; +import java.util.Date; + import org.apache.ambari.server.audit.event.AuditEvent; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -37,6 +41,10 @@ public class AuditLoggerDefaultImpl implements AuditLogger { */ @Override public void log(AuditEvent event) { - LOG.info("{}, {}", event.getTimestamp(), event.getAuditMessage()); + Date date = new Date(event.getTimestamp()); + //2016-03-11T10:42:36.376Z + DateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSX"); + + LOG.info("{}, {}", dateFormat.format(date), event.getAuditMessage()); } } http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/audit/event/AbstractAuditEvent.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/AbstractAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/AbstractAuditEvent.java index e43beeb..558b0ea 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/AbstractAuditEvent.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/AbstractAuditEvent.java @@ -18,10 +18,8 @@ package org.apache.ambari.server.audit.event; - import org.apache.commons.lang.builder.EqualsBuilder; import org.apache.commons.lang.builder.HashCodeBuilder; -import org.joda.time.DateTime; /** * Base class for concrete audit event types. @@ -31,7 +29,7 @@ public abstract class AbstractAuditEvent implements AuditEvent { /** * Timestamp for the audit event creation */ - private final DateTime timestamp; + private final Long timestamp; /** * Message to log @@ -47,7 +45,7 @@ public abstract class AbstractAuditEvent implements AuditEvent { protected static abstract class AbstractAuditEventBuilder<T extends AbstractAuditEvent, TBuilder extends AbstractAuditEventBuilder<T, TBuilder>> implements AuditEventBuilder<T> { - private DateTime timestamp; + private Long timestamp; private String auditMessage; @@ -72,7 +70,7 @@ public abstract class AbstractAuditEvent implements AuditEvent { * @param timestamp * @return */ - public TBuilder withTimestamp(DateTime timestamp) { + public TBuilder withTimestamp(Long timestamp) { this.timestamp = timestamp; return (TBuilder) this; @@ -113,7 +111,7 @@ public abstract class AbstractAuditEvent implements AuditEvent { * {@inheritDoc} */ @Override - public DateTime getTimestamp() { + public Long getTimestamp() { return timestamp; } http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/audit/event/AuditEvent.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/AuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/AuditEvent.java index 4ef88d6..fc027c7 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/AuditEvent.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/AuditEvent.java @@ -18,8 +18,6 @@ package org.apache.ambari.server.audit.event; -import org.joda.time.DateTime; - /** * Audit event that contains * the details of an action/event @@ -46,7 +44,7 @@ public interface AuditEvent { * * @return timestamp of the audit event. */ - DateTime getTimestamp(); + Long getTimestamp(); /** * Returns the details of the audit event. http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/AlertGroupEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/AlertGroupEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/AlertGroupEventCreator.java index 8ef5052..103fd4d 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/AlertGroupEventCreator.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/AlertGroupEventCreator.java @@ -19,6 +19,7 @@ package org.apache.ambari.server.audit.request.eventcreator; import java.util.Collections; +import java.util.Date; import java.util.List; import java.util.Set; @@ -32,7 +33,6 @@ import org.apache.ambari.server.audit.event.request.DeleteAlertGroupRequestAudit import org.apache.ambari.server.audit.request.RequestAuditEventCreator; import org.apache.ambari.server.controller.spi.Resource; import org.apache.ambari.server.controller.utilities.PropertyHelper; -import org.joda.time.DateTime; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.User; @@ -89,7 +89,7 @@ public class AlertGroupEventCreator implements RequestAuditEventCreator { switch (request.getRequestType()) { case POST: return AddAlertGroupRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) @@ -101,7 +101,7 @@ public class AlertGroupEventCreator implements RequestAuditEventCreator { .build(); case PUT: return ChangeAlertGroupRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) @@ -113,7 +113,7 @@ public class AlertGroupEventCreator implements RequestAuditEventCreator { .build(); case DELETE: return DeleteAlertGroupRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/AlertTargetEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/AlertTargetEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/AlertTargetEventCreator.java index a5ba525..29a241e 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/AlertTargetEventCreator.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/AlertTargetEventCreator.java @@ -32,7 +32,6 @@ import org.apache.ambari.server.audit.event.request.DeleteAlertTargetRequestAudi import org.apache.ambari.server.audit.request.RequestAuditEventCreator; import org.apache.ambari.server.controller.spi.Resource; import org.apache.ambari.server.controller.utilities.PropertyHelper; -import org.joda.time.DateTime; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.User; @@ -89,7 +88,7 @@ public class AlertTargetEventCreator implements RequestAuditEventCreator { switch (request.getRequestType()) { case POST: return AddAlertTargetRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) @@ -105,7 +104,7 @@ public class AlertTargetEventCreator implements RequestAuditEventCreator { .build(); case PUT: return ChangeAlertTargetRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) @@ -121,7 +120,7 @@ public class AlertTargetEventCreator implements RequestAuditEventCreator { .build(); case DELETE: return DeleteAlertTargetRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/BlueprintEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/BlueprintEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/BlueprintEventCreator.java index 94a8950..bdd6dbe 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/BlueprintEventCreator.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/BlueprintEventCreator.java @@ -28,7 +28,6 @@ import org.apache.ambari.server.audit.event.request.AddBlueprintRequestAuditEven import org.apache.ambari.server.audit.event.request.DeleteBlueprintRequestAuditEvent; import org.apache.ambari.server.audit.request.RequestAuditEventCreator; import org.apache.ambari.server.controller.spi.Resource; -import org.joda.time.DateTime; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.User; @@ -85,7 +84,7 @@ public class BlueprintEventCreator implements RequestAuditEventCreator { switch (request.getRequestType()) { case POST: return AddBlueprintRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) @@ -95,7 +94,7 @@ public class BlueprintEventCreator implements RequestAuditEventCreator { .build(); case DELETE: return DeleteBlueprintRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/BlueprintExportEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/BlueprintExportEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/BlueprintExportEventCreator.java index 5a26998..1416021 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/BlueprintExportEventCreator.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/BlueprintExportEventCreator.java @@ -27,7 +27,6 @@ import org.apache.ambari.server.audit.event.AuditEvent; import org.apache.ambari.server.audit.event.request.BlueprintExportRequestAuditEvent; import org.apache.ambari.server.audit.request.RequestAuditEventCreator; import org.apache.ambari.server.controller.spi.Resource; -import org.joda.time.DateTime; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.User; @@ -84,7 +83,7 @@ public class BlueprintExportEventCreator implements RequestAuditEventCreator { return null; } return BlueprintExportRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ComponentEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ComponentEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ComponentEventCreator.java index 0fc0041..8034d24 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ComponentEventCreator.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ComponentEventCreator.java @@ -30,7 +30,6 @@ import org.apache.ambari.server.audit.request.RequestAuditEventCreator; import org.apache.ambari.server.controller.internal.RequestOperationLevel; import org.apache.ambari.server.controller.spi.Resource; import org.apache.ambari.server.controller.utilities.PropertyHelper; -import org.joda.time.DateTime; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.User; @@ -96,7 +95,7 @@ public class ComponentEventCreator implements RequestAuditEventCreator { .withOperation(operation) .withUserName(username) .withRemoteIp(request.getRemoteAddress()) - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestId(String.valueOf(requestId)); if (result.getStatus().isErrorState()) { http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ConfigurationChangeEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ConfigurationChangeEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ConfigurationChangeEventCreator.java index 2f9a80f..7e58893 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ConfigurationChangeEventCreator.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ConfigurationChangeEventCreator.java @@ -30,7 +30,6 @@ import org.apache.ambari.server.audit.event.request.ConfigurationChangeRequestAu import org.apache.ambari.server.audit.request.RequestAuditEventCreator; import org.apache.ambari.server.controller.spi.Resource; import org.apache.ambari.server.controller.utilities.PropertyHelper; -import org.joda.time.DateTime; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.User; @@ -90,7 +89,7 @@ public class ConfigurationChangeEventCreator implements RequestAuditEventCreator String newName = String.valueOf(map.get(PropertyHelper.getPropertyId("Clusters", "cluster_name"))); String oldName = request.getResource().getKeyValueMap().get(Resource.Type.Cluster); return ClusterNameChangeRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) @@ -103,7 +102,7 @@ public class ConfigurationChangeEventCreator implements RequestAuditEventCreator } return ConfigurationChangeRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/CredentialEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/CredentialEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/CredentialEventCreator.java index fc46db4..3b1f462 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/CredentialEventCreator.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/CredentialEventCreator.java @@ -28,7 +28,6 @@ import org.apache.ambari.server.audit.event.request.AddCredentialRequestAuditEve import org.apache.ambari.server.audit.request.RequestAuditEventCreator; import org.apache.ambari.server.controller.spi.Resource; import org.apache.ambari.server.controller.utilities.PropertyHelper; -import org.joda.time.DateTime; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.User; @@ -83,7 +82,7 @@ public class CredentialEventCreator implements RequestAuditEventCreator { String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); return AddCredentialRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/DefaultEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/DefaultEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/DefaultEventCreator.java index da67cd7..d0f57f2 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/DefaultEventCreator.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/DefaultEventCreator.java @@ -18,8 +18,7 @@ package org.apache.ambari.server.audit.request.eventcreator; -import java.util.Arrays; -import java.util.HashSet; +import java.util.EnumSet; import java.util.Set; import org.apache.ambari.server.api.services.Request; @@ -30,7 +29,6 @@ import org.apache.ambari.server.audit.request.RequestAuditEvent; import org.apache.ambari.server.audit.request.RequestAuditEventCreator; import org.apache.ambari.server.audit.request.RequestAuditLogger; import org.apache.ambari.server.controller.spi.Resource; -import org.joda.time.DateTime; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.User; @@ -43,18 +41,10 @@ public class DefaultEventCreator implements RequestAuditEventCreator { /** * Set of {@link org.apache.ambari.server.api.services.Request.Type}s that are handled by this plugin + * In this case all {@link Request.Type}s are listed, except {@link Request.Type#GET} */ - private Set<Request.Type> requestTypes; + private Set<Request.Type> requestTypes = ImmutableSet.<Request.Type>builder().addAll(EnumSet.complementOf(EnumSet.of(Request.Type.GET))).build(); - { - Set<Request.Type> allowedTypes = new HashSet<Request.Type>(); - allowedTypes.addAll(Arrays.asList(Request.Type.values())); - allowedTypes.remove(Request.Type.GET); // get is not handled by default - - ImmutableSet.Builder<Request.Type> builder = ImmutableSet.builder(); - requestTypes = builder.addAll(allowedTypes).build(); - - } /** {@inheritDoc} */ @Override @@ -87,7 +77,7 @@ public class DefaultEventCreator implements RequestAuditEventCreator { String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); return RequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withUserName(username) .withRemoteIp(request.getRemoteAddress()) .withRequestType(request.getRequestType()) http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/GroupEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/GroupEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/GroupEventCreator.java index 85ea82e..d926d94 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/GroupEventCreator.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/GroupEventCreator.java @@ -29,7 +29,6 @@ import org.apache.ambari.server.audit.event.request.DeleteGroupRequestAuditEvent import org.apache.ambari.server.audit.request.RequestAuditEventCreator; import org.apache.ambari.server.controller.spi.Resource; import org.apache.ambari.server.controller.utilities.PropertyHelper; -import org.joda.time.DateTime; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.User; @@ -86,7 +85,7 @@ public class GroupEventCreator implements RequestAuditEventCreator { switch (request.getRequestType()) { case POST: return CreateGroupRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) @@ -96,7 +95,7 @@ public class GroupEventCreator implements RequestAuditEventCreator { .build(); case DELETE: return DeleteGroupRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/HostEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/HostEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/HostEventCreator.java index 6d26a4c..910280d 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/HostEventCreator.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/HostEventCreator.java @@ -31,7 +31,6 @@ import org.apache.ambari.server.audit.event.request.DeleteHostRequestAuditEvent; import org.apache.ambari.server.audit.request.RequestAuditEventCreator; import org.apache.ambari.server.controller.spi.Resource; import org.apache.ambari.server.controller.utilities.PropertyHelper; -import org.joda.time.DateTime; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.User; @@ -89,7 +88,7 @@ public class HostEventCreator implements RequestAuditEventCreator { switch (request.getRequestType()) { case DELETE: return DeleteHostRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) @@ -99,7 +98,7 @@ public class HostEventCreator implements RequestAuditEventCreator { .build(); case POST: return AddHostRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) @@ -109,7 +108,7 @@ public class HostEventCreator implements RequestAuditEventCreator { .build(); case QUERY_POST: return AddComponentToHostRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/MemberEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/MemberEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/MemberEventCreator.java index 771ac33..a3c3164 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/MemberEventCreator.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/MemberEventCreator.java @@ -33,7 +33,6 @@ import org.apache.ambari.server.audit.event.request.RemoveUserFromGroupRequestAu import org.apache.ambari.server.audit.request.RequestAuditEventCreator; import org.apache.ambari.server.controller.spi.Resource; import org.apache.ambari.server.controller.utilities.PropertyHelper; -import org.joda.time.DateTime; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.User; @@ -90,7 +89,7 @@ public class MemberEventCreator implements RequestAuditEventCreator { switch (request.getRequestType()) { case POST: return AddUserToGroupRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) @@ -101,7 +100,7 @@ public class MemberEventCreator implements RequestAuditEventCreator { .build(); case DELETE: return RemoveUserFromGroupRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) @@ -112,7 +111,7 @@ public class MemberEventCreator implements RequestAuditEventCreator { .build(); case PUT: return MembershipChangeRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/PrivilegeEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/PrivilegeEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/PrivilegeEventCreator.java index 3c98329..bdc7b59 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/PrivilegeEventCreator.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/PrivilegeEventCreator.java @@ -33,7 +33,6 @@ import org.apache.ambari.server.audit.event.request.PrivilegeChangeRequestAuditE import org.apache.ambari.server.audit.request.RequestAuditEventCreator; import org.apache.ambari.server.controller.spi.Resource; import org.apache.ambari.server.controller.utilities.PropertyHelper; -import org.joda.time.DateTime; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.User; @@ -93,7 +92,7 @@ public class PrivilegeEventCreator implements RequestAuditEventCreator { switch (request.getRequestType()) { case PUT: return ClusterPrivilegeChangeRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) @@ -105,7 +104,7 @@ public class PrivilegeEventCreator implements RequestAuditEventCreator { case POST: String role = users.isEmpty() ? (groups.isEmpty() ? null : groups.keySet().iterator().next()) : users.keySet().iterator().next(); return PrivilegeChangeRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/RepositoryEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/RepositoryEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/RepositoryEventCreator.java index 321940d..fe6f8cc 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/RepositoryEventCreator.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/RepositoryEventCreator.java @@ -29,7 +29,6 @@ import org.apache.ambari.server.audit.event.request.UpdateRepositoryRequestAudit import org.apache.ambari.server.audit.request.RequestAuditEventCreator; import org.apache.ambari.server.controller.spi.Resource; import org.apache.ambari.server.controller.utilities.PropertyHelper; -import org.joda.time.DateTime; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.User; @@ -86,7 +85,7 @@ public class RepositoryEventCreator implements RequestAuditEventCreator { switch (request.getRequestType()) { case POST: return AddRepositoryRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) @@ -100,7 +99,7 @@ public class RepositoryEventCreator implements RequestAuditEventCreator { .build(); case PUT: return UpdateRepositoryRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/RepositoryVersionEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/RepositoryVersionEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/RepositoryVersionEventCreator.java index 2f71237..7c9c731 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/RepositoryVersionEventCreator.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/RepositoryVersionEventCreator.java @@ -34,7 +34,6 @@ import org.apache.ambari.server.audit.event.request.DeleteRepositoryVersionReque import org.apache.ambari.server.audit.request.RequestAuditEventCreator; import org.apache.ambari.server.controller.spi.Resource; import org.apache.ambari.server.controller.utilities.PropertyHelper; -import org.joda.time.DateTime; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.User; @@ -91,7 +90,7 @@ public class RepositoryVersionEventCreator implements RequestAuditEventCreator { switch (request.getRequestType()) { case POST: return AddRepositoryVersionRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) @@ -105,7 +104,7 @@ public class RepositoryVersionEventCreator implements RequestAuditEventCreator { .build(); case PUT: return ChangeRepositoryVersionRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) @@ -119,7 +118,7 @@ public class RepositoryVersionEventCreator implements RequestAuditEventCreator { .build(); case DELETE: return DeleteRepositoryVersionRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/RequestEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/RequestEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/RequestEventCreator.java index 9610e4f..fd13973 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/RequestEventCreator.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/RequestEventCreator.java @@ -28,7 +28,6 @@ import org.apache.ambari.server.audit.event.request.AddRequestRequestAuditEvent; import org.apache.ambari.server.audit.request.RequestAuditEventCreator; import org.apache.ambari.server.controller.internal.RequestOperationLevel; import org.apache.ambari.server.controller.spi.Resource; -import org.joda.time.DateTime; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.User; @@ -86,7 +85,7 @@ public class RequestEventCreator implements RequestAuditEventCreator { switch (request.getRequestType()) { case POST: return AddRequestRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ServiceConfigDownloadEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ServiceConfigDownloadEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ServiceConfigDownloadEventCreator.java index 694be24..681cfb8 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ServiceConfigDownloadEventCreator.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ServiceConfigDownloadEventCreator.java @@ -27,7 +27,6 @@ import org.apache.ambari.server.audit.event.AuditEvent; import org.apache.ambari.server.audit.event.request.ClientConfigDownloadRequestAuditEvent; import org.apache.ambari.server.audit.request.RequestAuditEventCreator; import org.apache.ambari.server.controller.spi.Resource; -import org.joda.time.DateTime; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.User; @@ -80,7 +79,7 @@ public class ServiceConfigDownloadEventCreator implements RequestAuditEventCreat public AuditEvent createAuditEvent(Request request, Result result) { String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); return ClientConfigDownloadRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ServiceEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ServiceEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ServiceEventCreator.java index 327dc3c..2e2b91d 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ServiceEventCreator.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ServiceEventCreator.java @@ -31,7 +31,6 @@ import org.apache.ambari.server.audit.request.RequestAuditEventCreator; import org.apache.ambari.server.controller.internal.RequestOperationLevel; import org.apache.ambari.server.controller.spi.Resource; import org.apache.ambari.server.controller.utilities.PropertyHelper; -import org.joda.time.DateTime; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.User; @@ -88,7 +87,7 @@ public class ServiceEventCreator implements RequestAuditEventCreator { if (request.getRequestType() == Request.Type.DELETE) { return DeleteServiceRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) @@ -109,7 +108,7 @@ public class ServiceEventCreator implements RequestAuditEventCreator { .withOperation(operation) .withUserName(username) .withRemoteIp(request.getRemoteAddress()) - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestId(String.valueOf(requestId)); if (result.getStatus().isErrorState()) { http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/UnauthorizedEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/UnauthorizedEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/UnauthorizedEventCreator.java index 2396376..d53aa68 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/UnauthorizedEventCreator.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/UnauthorizedEventCreator.java @@ -27,7 +27,6 @@ import org.apache.ambari.server.audit.event.AccessUnauthorizedAuditEvent; import org.apache.ambari.server.audit.event.AuditEvent; import org.apache.ambari.server.audit.request.RequestAuditEventCreator; import org.apache.ambari.server.controller.spi.Resource; -import org.joda.time.DateTime; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.User; @@ -78,7 +77,7 @@ public class UnauthorizedEventCreator implements RequestAuditEventCreator { AccessUnauthorizedAuditEvent ae = AccessUnauthorizedAuditEvent.builder() .withRemoteIp(request.getRemoteAddress()) .withResourcePath(request.getURI()) - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withUserName(username) .build(); http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/UpgradeEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/UpgradeEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/UpgradeEventCreator.java index c7be302..b8a6873 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/UpgradeEventCreator.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/UpgradeEventCreator.java @@ -28,7 +28,6 @@ import org.apache.ambari.server.audit.event.request.AddUpgradeRequestAuditEvent; import org.apache.ambari.server.audit.request.RequestAuditEventCreator; import org.apache.ambari.server.controller.spi.Resource; import org.apache.ambari.server.controller.utilities.PropertyHelper; -import org.joda.time.DateTime; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.User; @@ -83,7 +82,7 @@ public class UpgradeEventCreator implements RequestAuditEventCreator { String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); return AddUpgradeRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/UpgradeItemEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/UpgradeItemEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/UpgradeItemEventCreator.java index 5eb0688..9f83172 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/UpgradeItemEventCreator.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/UpgradeItemEventCreator.java @@ -28,7 +28,6 @@ import org.apache.ambari.server.audit.event.request.UpdateUpgradeItemRequestAudi import org.apache.ambari.server.audit.request.RequestAuditEventCreator; import org.apache.ambari.server.controller.spi.Resource; import org.apache.ambari.server.controller.utilities.PropertyHelper; -import org.joda.time.DateTime; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.User; @@ -83,7 +82,7 @@ public class UpgradeItemEventCreator implements RequestAuditEventCreator { String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); return UpdateUpgradeItemRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/UserEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/UserEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/UserEventCreator.java index 11d1832..2b4e5c1 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/UserEventCreator.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/UserEventCreator.java @@ -32,7 +32,6 @@ import org.apache.ambari.server.audit.event.request.UserPasswordChangeRequestAud import org.apache.ambari.server.audit.request.RequestAuditEventCreator; import org.apache.ambari.server.controller.spi.Resource; import org.apache.ambari.server.controller.utilities.PropertyHelper; -import org.joda.time.DateTime; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.User; @@ -89,7 +88,7 @@ public class UserEventCreator implements RequestAuditEventCreator { switch (request.getRequestType()) { case POST: return CreateUserRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) @@ -101,7 +100,7 @@ public class UserEventCreator implements RequestAuditEventCreator { .build(); case DELETE: return DeleteUserRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) @@ -112,7 +111,7 @@ public class UserEventCreator implements RequestAuditEventCreator { case PUT: if (hasActive(request)) { return ActivateUserRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) @@ -124,7 +123,7 @@ public class UserEventCreator implements RequestAuditEventCreator { } if (hasAdmin(request)) { return AdminUserRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) @@ -136,7 +135,7 @@ public class UserEventCreator implements RequestAuditEventCreator { } if (hasOldPassword(request)) { return UserPasswordChangeRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ViewInstanceEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ViewInstanceEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ViewInstanceEventCreator.java index 4897401..611b1ea 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ViewInstanceEventCreator.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ViewInstanceEventCreator.java @@ -30,7 +30,6 @@ import org.apache.ambari.server.audit.event.request.DeleteViewInstanceRequestAud import org.apache.ambari.server.audit.request.RequestAuditEventCreator; import org.apache.ambari.server.controller.spi.Resource; import org.apache.ambari.server.controller.utilities.PropertyHelper; -import org.joda.time.DateTime; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.User; @@ -88,7 +87,7 @@ public class ViewInstanceEventCreator implements RequestAuditEventCreator { case POST: return AddViewInstanceRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) @@ -103,7 +102,7 @@ public class ViewInstanceEventCreator implements RequestAuditEventCreator { case PUT: return ChangeViewInstanceRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) @@ -118,7 +117,7 @@ public class ViewInstanceEventCreator implements RequestAuditEventCreator { case DELETE: return DeleteViewInstanceRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ViewPrivilegeEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ViewPrivilegeEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ViewPrivilegeEventCreator.java index 6cd4d3b..18b860a 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ViewPrivilegeEventCreator.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ViewPrivilegeEventCreator.java @@ -32,7 +32,6 @@ import org.apache.ambari.server.audit.event.request.ViewPrivilegeChangeRequestAu import org.apache.ambari.server.audit.request.RequestAuditEventCreator; import org.apache.ambari.server.controller.spi.Resource; import org.apache.ambari.server.controller.utilities.PropertyHelper; -import org.joda.time.DateTime; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.User; @@ -91,7 +90,7 @@ public class ViewPrivilegeEventCreator implements RequestAuditEventCreator { Map<String, List<String>> groups = getEntities(request, "GROUP"); return ViewPrivilegeChangeRequestAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withRequestType(request.getRequestType()) .withResultStatus(result.getStatus()) .withUrl(request.getURI()) http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java index 1a972ab..bc9b0ab 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java @@ -98,6 +98,7 @@ import org.apache.ambari.server.security.authorization.AmbariAuthorizationFilter import org.apache.ambari.server.security.authorization.AmbariLdapAuthenticationProvider; import org.apache.ambari.server.security.authorization.AmbariLocalUserDetailsService; import org.apache.ambari.server.security.authorization.AuthorizationHelper; +import org.apache.ambari.server.security.authorization.PermissionHelper; import org.apache.ambari.server.security.authorization.Users; import org.apache.ambari.server.security.authorization.internal.AmbariInternalAuthenticationProvider; import org.apache.ambari.server.security.authorization.jwt.JwtAuthenticationFilter; @@ -304,6 +305,8 @@ public class AmbariServer { injector.getInstance(PasswordEncoder.class)); factory.registerSingleton("auditLogger", injector.getInstance(AuditLogger.class)); + factory.registerSingleton("permissionHelper", + injector.getInstance(PermissionHelper.class)); factory.registerSingleton("ambariLocalUserService", injector.getInstance(AmbariLocalUserDetailsService.class)); factory.registerSingleton("ambariLdapAuthenticationProvider", @@ -886,9 +889,6 @@ public class AmbariServer { LogoutService.init(injector.getInstance(AuditLogger.class)); RetryHelper.init(configs.getOperationsRetryAttempts()); - - AbstractServerAction.init(injector); - AuthorizationHelper.init(injector.getInstance(Clusters.class), injector.getInstance(ViewInstanceDAO.class)); } /** http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationFilter.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationFilter.java index 79b055e..92f71b0 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationFilter.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationFilter.java @@ -28,8 +28,8 @@ import org.apache.ambari.server.audit.event.AuditEvent; import org.apache.ambari.server.audit.AuditLogger; import org.apache.ambari.server.audit.event.LoginAuditEvent; import org.apache.ambari.server.security.authorization.AuthorizationHelper; +import org.apache.ambari.server.security.authorization.PermissionHelper; import org.apache.ambari.server.utils.RequestUtils; -import org.joda.time.DateTime; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.authentication.AuthenticationManager; @@ -39,20 +39,38 @@ import org.springframework.security.core.AuthenticationException; import org.springframework.security.crypto.codec.Base64; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; +/** + * The purpose of this class is to check whether authentication is successful or not, + * and make an audit event + */ public class AmbariAuthenticationFilter extends BasicAuthenticationFilter { private static final Logger LOG = LoggerFactory.getLogger(AmbariAuthenticationFilter.class); + /** + * Audit logger + */ private AuditLogger auditLogger; + private PermissionHelper permissionHelper; + public AmbariAuthenticationFilter() { super(); } - public AmbariAuthenticationFilter(AuthenticationManager authenticationManager, AuditLogger auditLogger) { + public AmbariAuthenticationFilter(AuthenticationManager authenticationManager, AuditLogger auditLogger, PermissionHelper permissionHelper) { super(authenticationManager); this.auditLogger = auditLogger; + this.permissionHelper = permissionHelper; } + /** + * Checks whether the authentication information is filled. If it is not, then a login failed audit event is logged + * @param req + * @param res + * @param chain + * @throws IOException + * @throws ServletException + */ @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; @@ -60,7 +78,7 @@ public class AmbariAuthenticationFilter extends BasicAuthenticationFilter { if (AuthorizationHelper.getAuthenticatedName() == null && (header == null || !header.startsWith("Basic "))) { AuditEvent loginFailedAuditEvent = LoginAuditEvent.builder() .withRemoteIp(RequestUtils.getRemoteAddress(request)) - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withReasonOfFailure("Authentication required") .withUserName(null) .build(); @@ -69,17 +87,31 @@ public class AmbariAuthenticationFilter extends BasicAuthenticationFilter { super.doFilter(req, res, chain); } + /** + * If the authentication was successful, then an audit event is logged about the success + * @param request + * @param response + * @param authResult + * @throws IOException + */ @Override protected void onSuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) throws IOException { AuditEvent loginSucceededAuditEvent = LoginAuditEvent.builder() .withRemoteIp(RequestUtils.getRemoteAddress(request)) .withUserName(authResult.getName()) - .withTimestamp(DateTime.now()) - .withRoles(AuthorizationHelper.getPermissionLabels(authResult)) + .withTimestamp(System.currentTimeMillis()) + .withRoles(permissionHelper.getPermissionLabels(authResult)) .build(); auditLogger.log(loginSucceededAuditEvent); } + /** + * In the case of invalid username or password, the authentication fails and it is logged + * @param request + * @param response + * @param authEx + * @throws IOException + */ @Override protected void onUnsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException authEx) throws IOException { String header = request.getHeader("Authorization"); @@ -92,13 +124,20 @@ public class AmbariAuthenticationFilter extends BasicAuthenticationFilter { } AuditEvent loginFailedAuditEvent = LoginAuditEvent.builder() .withRemoteIp(RequestUtils.getRemoteAddress(request)) - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withReasonOfFailure("Invalid username/password combination") .withUserName(username) .build(); auditLogger.log(loginFailedAuditEvent); } + /** + * Helper function to decode Authorization header + * @param header + * @param request + * @return + * @throws IOException + */ private String[] decodeAuth(String header, HttpServletRequest request) throws IOException { byte[] base64Token = header.substring(6).getBytes("UTF-8"); http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java index b28f694..96d6131 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java @@ -30,7 +30,6 @@ import org.apache.ambari.server.security.authorization.internal.InternalAuthenti import org.apache.ambari.server.utils.RequestUtils; import org.apache.ambari.server.view.ViewRegistry; import org.apache.commons.lang.StringUtils; -import org.joda.time.DateTime; import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; @@ -99,6 +98,8 @@ public class AmbariAuthorizationFilter implements Filter { @Inject private AuditLogger auditLogger; + @Inject PermissionHelper permissionHelper; + /** * The realm to use for the basic http auth */ @@ -139,8 +140,8 @@ public class AmbariAuthorizationFilter implements Filter { LoginAuditEvent loginAuditEvent = LoginAuditEvent.builder() .withUserName(internalAuthenticationToken.getName()) .withRemoteIp(RequestUtils.getRemoteAddress(httpRequest)) - .withRoles(AuthorizationHelper.getPermissionLabels(authentication)) - .withTimestamp(DateTime.now()).build(); + .withRoles(permissionHelper.getPermissionLabels(authentication)) + .withTimestamp(System.currentTimeMillis()).build(); auditLogger.log(loginAuditEvent); } else { // for view access, we should redirect to the Ambari login @@ -211,7 +212,7 @@ public class AmbariAuthorizationFilter implements Filter { .withRemoteIp(RequestUtils.getRemoteAddress(httpRequest)) .withResourcePath(httpRequest.getRequestURI()) .withUserName(AuthorizationHelper.getAuthenticatedName()) - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .build(); auditLogger.log(auditEvent); @@ -229,7 +230,7 @@ public class AmbariAuthorizationFilter implements Filter { .withRemoteIp(RequestUtils.getRemoteAddress(httpRequest)) .withResourcePath(httpRequest.getRequestURI()) .withUserName(AuthorizationHelper.getAuthenticatedName()) - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .build(); auditLogger.log(auditEvent); } http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java index 7e06519..aa7a76a 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java @@ -21,6 +21,7 @@ import com.google.common.collect.Lists; import com.google.inject.Singleton; import org.apache.ambari.server.AmbariException; +import org.apache.ambari.server.orm.dao.ClusterDAO; import org.apache.ambari.server.orm.dao.ViewInstanceDAO; import org.apache.ambari.server.orm.entities.PermissionEntity; import org.apache.ambari.server.orm.entities.PrivilegeEntity; @@ -43,15 +44,6 @@ import java.util.*; public class AuthorizationHelper { private final static Logger LOG = LoggerFactory.getLogger(AuthorizationHelper.class); - private static Clusters clusters; - - private static ViewInstanceDAO viewInstanceDAO; - - public static void init(Clusters clusters, ViewInstanceDAO viewInstanceDAO) { - AuthorizationHelper.clusters = clusters; - AuthorizationHelper.viewInstanceDAO = viewInstanceDAO; - } - /** * Converts collection of RoleEntities to collection of GrantedAuthorities */ @@ -266,47 +258,6 @@ public class AuthorizationHelper { } /** - * Retrieve permission labels based on the details of the authenticated user - * @param authentication the authenticated user and associated access privileges - * @return human-readable permissions - */ - public static Map<String,List<String>> getPermissionLabels(Authentication authentication) { - Map<String,List<String>> permissionLabels = new HashMap<>(); - if (authentication.getAuthorities() != null) { - for (GrantedAuthority grantedAuthority : authentication.getAuthorities()) { - AmbariGrantedAuthority ambariGrantedAuthority = (AmbariGrantedAuthority) grantedAuthority; - - PrivilegeEntity privilegeEntity = ambariGrantedAuthority.getPrivilegeEntity(); - - String key = null; - try { - switch(privilegeEntity.getResource().getResourceType().getName()) { - case "CLUSTER": - key = clusters.getClusterById(privilegeEntity.getResource().getResourceType().getId()).getClusterName(); - break; - case "AMBARI": - key = "Ambari"; - break; - default: - key = viewInstanceDAO.findByResourceId(privilegeEntity.getResource().getId()).getLabel(); - break; - } - } catch (Throwable ignored) { - - } - - if(key != null) { - if(!permissionLabels.containsKey(key)) { - permissionLabels.put(key, new LinkedList<String>()); - } - permissionLabels.get(key).add(privilegeEntity.getPermission().getPermissionLabel()); - } - } - } - return permissionLabels; - } - - /** * Retrieve authorization names based on the details of the authenticated user * @param authentication the authenticated user and associated access privileges * @return human readable role authorizations http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PermissionHelper.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PermissionHelper.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PermissionHelper.java new file mode 100644 index 0000000..ecf2d7a --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PermissionHelper.java @@ -0,0 +1,88 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.security.authorization; + +import java.util.HashMap; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; + +import org.apache.ambari.server.orm.dao.ClusterDAO; +import org.apache.ambari.server.orm.dao.ViewInstanceDAO; +import org.apache.ambari.server.orm.entities.PrivilegeEntity; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.GrantedAuthority; + +import com.google.inject.Inject; +import com.google.inject.Singleton; + +@Singleton +public class PermissionHelper { + + private final static Logger LOG = LoggerFactory.getLogger(PermissionHelper.class); + + @Inject + private ClusterDAO clusterDAO; + + @Inject + private ViewInstanceDAO viewInstanceDAO; + + /** + * Retrieve permission labels based on the details of the authenticated user + * @param authentication the authenticated user and associated access privileges + * @return human-readable permissions + */ + public Map<String,List<String>> getPermissionLabels(Authentication authentication) { + Map<String,List<String>> permissionLabels = new HashMap<>(); + if (authentication.getAuthorities() != null) { + for (GrantedAuthority grantedAuthority : authentication.getAuthorities()) { + AmbariGrantedAuthority ambariGrantedAuthority = (AmbariGrantedAuthority) grantedAuthority; + + PrivilegeEntity privilegeEntity = ambariGrantedAuthority.getPrivilegeEntity(); + + String key = null; + try { + switch(privilegeEntity.getResource().getResourceType().getName()) { + case "CLUSTER": + key = clusterDAO.findByResourceId(privilegeEntity.getResource().getId()).getClusterName(); + break; + case "AMBARI": + key = "Ambari"; + break; + default: + key = viewInstanceDAO.findByResourceId(privilegeEntity.getResource().getId()).getLabel(); + break; + } + } catch (Throwable ignored) { + LOG.warn("Error occurred when cluster or view is searched based on resource id", ignored); + } + + if(key != null) { + if(!permissionLabels.containsKey(key)) { + permissionLabels.put(key, new LinkedList<String>()); + } + permissionLabels.get(key).add(privilegeEntity.getPermission().getPermissionLabel()); + } + } + } + return permissionLabels; + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/serveraction/AbstractServerAction.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/AbstractServerAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/AbstractServerAction.java index f36fede..ca4a92c 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/AbstractServerAction.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/AbstractServerAction.java @@ -31,6 +31,7 @@ import org.apache.ambari.server.utils.StageUtils; import java.util.Collections; import java.util.Map; +import com.google.inject.Inject; import com.google.inject.Injector; /** @@ -56,21 +57,8 @@ public abstract class AbstractServerAction implements ServerAction { */ protected ActionLog actionLog = new ActionLog(); - /** - * Guice injector - */ - private static Injector injector; - - /** - * Statically initialize the Injector - * <p/> - * This should only be used for unit tests. - * - * @param injector the Injector to (manually) statically inject - */ - public static void init(Injector injector) { - AbstractServerAction.injector = injector; - } + @Inject + private AuditLogger auditLogger; @Override public ExecutionCommand getExecutionCommand() { @@ -196,7 +184,7 @@ public abstract class AbstractServerAction implements ServerAction { } protected void auditLog(AuditEvent ae) { - injector.getInstance(AuditLogger.class).log(ae); + auditLogger.log(ae); } } http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java index 4086b85..c15ab87 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java @@ -32,7 +32,6 @@ import org.apache.ambari.server.orm.entities.KerberosPrincipalEntity; import org.apache.ambari.server.serveraction.ActionLog; import org.apache.commons.codec.digest.DigestUtils; import org.apache.directory.server.kerberos.shared.keytab.Keytab; -import org.joda.time.DateTime; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -151,7 +150,7 @@ public class CreateKeytabFilesServerAction extends KerberosServerAction { throws AmbariException { - CreateKeyTabKerberosAuditEvent.CreateKeyTabKerberosAuditEventBuilder auditEventBuilder = CreateKeyTabKerberosAuditEvent.builder().withTimestamp(DateTime.now()); + CreateKeyTabKerberosAuditEvent.CreateKeyTabKerberosAuditEventBuilder auditEventBuilder = CreateKeyTabKerberosAuditEvent.builder().withTimestamp(System.currentTimeMillis()); CommandReport commandReport = null; String message = null; try { http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java index 3ed001c..03a181e 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java @@ -29,7 +29,6 @@ import org.apache.ambari.server.orm.entities.KerberosPrincipalEntity; import org.apache.ambari.server.security.SecurePasswordHelper; import org.apache.ambari.server.serveraction.ActionLog; import org.apache.commons.lang.StringUtils; -import org.joda.time.DateTime; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -176,7 +175,7 @@ public class CreatePrincipalsServerAction extends KerberosServerAction { KerberosOperationHandler kerberosOperationHandler, ActionLog actionLog) { CreatePrincipalKerberosAuditEvent.CreatePrincipalKerberosAuditEventBuilder auditEventBuilder = CreatePrincipalKerberosAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withPrincipal(principal); CreatePrincipalResult result = null; String message = null; http://git-wip-us.apache.org/repos/asf/ambari/blob/9360f944/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java index 7f94399..f78c65b 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java @@ -24,7 +24,6 @@ import org.apache.ambari.server.agent.CommandReport; import org.apache.ambari.server.audit.event.kerberos.DestroyPrincipalKerberosAuditEvent; import org.apache.ambari.server.orm.dao.KerberosPrincipalDAO; import org.apache.ambari.server.orm.entities.KerberosPrincipalEntity; -import org.joda.time.DateTime; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -92,7 +91,7 @@ public class DestroyPrincipalsServerAction extends KerberosServerAction { LOG.info(message); actionLog.writeStdOut(message); DestroyPrincipalKerberosAuditEvent.DestroyPrincipalKerberosAuditEventBuilder auditEventBuilder = DestroyPrincipalKerberosAuditEvent.builder() - .withTimestamp(DateTime.now()) + .withTimestamp(System.currentTimeMillis()) .withPrincipal(evaluatedPrincipal); try {