Repository: incubator-atlas Updated Branches: refs/heads/master 7e3830a73 -> 67a1133a3
ATLAS-869 Make LDAP/AD properties to be configurable. (nixonrodrigues via yhemanth) Project: http://git-wip-us.apache.org/repos/asf/incubator-atlas/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-atlas/commit/67a1133a Tree: http://git-wip-us.apache.org/repos/asf/incubator-atlas/tree/67a1133a Diff: http://git-wip-us.apache.org/repos/asf/incubator-atlas/diff/67a1133a Branch: refs/heads/master Commit: 67a1133a3ba14b5a89d90c1447607d066ab6be30 Parents: 7e3830a Author: Hemanth Yamijala <[email protected]> Authored: Mon Jun 13 20:19:34 2016 +0530 Committer: Hemanth Yamijala <[email protected]> Committed: Mon Jun 13 20:19:34 2016 +0530 ---------------------------------------------------------------------- distro/src/conf/atlas-application.properties | 29 +++- release-log.txt | 1 + .../security/AtlasADAuthenticationProvider.java | 30 +++-- .../AtlasLdapAuthenticationProvider.java | 48 ++++--- webapp/src/main/resources/atlas-admin-site.xml | 133 ------------------- .../main/webapp/WEB-INF/applicationContext.xml | 12 -- 6 files changed, 73 insertions(+), 180 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/67a1133a/distro/src/conf/atlas-application.properties ---------------------------------------------------------------------- diff --git a/distro/src/conf/atlas-application.properties b/distro/src/conf/atlas-application.properties index 2b90086..5bd0f74 100755 --- a/distro/src/conf/atlas-application.properties +++ b/distro/src/conf/atlas-application.properties @@ -89,10 +89,37 @@ atlas.authentication.method.kerberos=false atlas.authentication.method.ldap=false atlas.authentication.method.file=true +#### ldap.type= LDAP or AD atlas.authentication.method.ldap.type=LDAP -atlas.authentication.method.ldap.url= + +#### user credentials file atlas.authentication.method.file.filename=${sys:atlas.home}/conf/users-credentials.properties + +######## LDAP properties ######### +#atlas.authentication.method.ldap.url=ldap://<ldap server url>:389 +#atlas.authentication.method.ldap.userDNpattern=uid={0}\,ou=People\,dc=example\,dc=com +#atlas.authentication.method.ldap.groupSearchBase=dc=example\,dc=com +#atlas.authentication.method.ldap.groupSearchFilter=(member=uid={0}\,ou=Users\,dc=example\,dc=com) +#atlas.authentication.method.ldap.groupRoleAttribute=cn +#atlas.authentication.method.ldap.base.dn=dc=example\,dc=com +#atlas.authentication.method.ldap.bind.dn=cn=Manager\,dc=example\,dc=com +#atlas.authentication.method.ldap.bind.password=<password> +#atlas.authentication.method.ldap.referral=ignore +#atlas.authentication.method.ldap.user.searchfilter=(uid={0}) +#atlas.authentication.method.ldap.default.role=<default role> + + +######### Active directory properties ####### +#atlas.authentication.method.ldap.ad.domain=example.com +#atlas.authentication.method.ldap.ad.url=ldap://<AD server url>:389 +#atlas.authentication.method.ldap.ad.base.dn=(sAMAccountName={0}) +#atlas.authentication.method.ldap.ad.bind.dn=CN=team\,CN=Users\,DC=example\,DC=com +#atlas.authentication.method.ldap.ad.bind.password=<password> +#atlas.authentication.method.ldap.ad.referral=ignore +#atlas.authentication.method.ldap.ad.user.searchfilter=(sAMAccountName={0}) +#atlas.authentication.method.ldap.ad.default.role=<default role> + ######### JAAS Configuration ######## #atlas.jaas.KafkaClient.loginModuleName = com.sun.security.auth.module.Krb5LoginModule http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/67a1133a/release-log.txt ---------------------------------------------------------------------- diff --git a/release-log.txt b/release-log.txt index 2752fe4..56b3472 100644 --- a/release-log.txt +++ b/release-log.txt @@ -22,6 +22,7 @@ ATLAS-409 Atlas will not import avro tables with schema read from a file (dosset ATLAS-379 Create sqoop and falcon metadata addons (venkatnrangan,bvellanki,sowmyaramesh via shwethags) ALL CHANGES: +ATLAS-869 Make LDAP/AD properties to be configurable. (nixonrodrigues via yhemanth) ATLAS-730 Change titan hbase table name (svimal2106 via sumasai ) ATLAS-871 Make audit repository implementation configurable (jnhagelb via shwethags) ATLAS-885 optimize HBaseStoreManager to avoid expensive HTable instantiation every 5 seconds (madhan.neethiraj via yhemanth) http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/67a1133a/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java b/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java index 34063b0..cf83109 100644 --- a/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java +++ b/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java @@ -22,8 +22,9 @@ import java.util.List; import javax.annotation.PostConstruct; -import org.apache.atlas.utils.PropertiesUtil; +import org.apache.atlas.ApplicationProperties; import org.apache.atlas.web.model.User; +import org.apache.commons.configuration.Configuration; import org.apache.log4j.Logger; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; @@ -97,18 +98,21 @@ public class AtlasADAuthenticationProvider extends } private void setADProperties() { - adDomain = PropertiesUtil.getProperty("atlas.ad.domain", adDomain); - adURL = PropertiesUtil.getProperty("atlas.ad.url", adURL); - adBindDN = PropertiesUtil.getProperty("atlas.ad.bind.dn", adBindDN); - adBindPassword = PropertiesUtil.getProperty("atlas.ad.bind.password", - adBindPassword); - adUserSearchFilter = PropertiesUtil.getProperty( - "atlas.ad.user.searchfilter", adUserSearchFilter); - adBase = PropertiesUtil.getProperty("atlas.ad.base.dn", adBase); - adReferral = PropertiesUtil - .getProperty("atlas.ad.referral", adReferral); - adDefaultRole = PropertiesUtil.getProperty("atlas.ad.default.role", - adDefaultRole); + try { + + Configuration configuration = ApplicationProperties.get(); + this.adDomain = configuration.getString("atlas.authentication.method.ldap.ad.domain"); + this.adURL = configuration.getString("atlas.authentication.method.ldap.ad.url"); + this.adBindDN = configuration.getString("atlas.authentication.method.ldap.ad.bind.dn"); + this.adBindPassword = configuration.getString("atlas.authentication.method.ldap.ad.bind.password"); + this.adUserSearchFilter = configuration.getString("atlas.authentication.method.ldap.ad.user.searchfilter"); + this.adBase = configuration.getString("atlas.authentication.method.ldap.ad.base.dn"); + this.adReferral = configuration.getString("atlas.authentication.method.ldap.ad.referral"); + this.adDefaultRole = configuration.getString("atlas.authentication.method.ldap.ad.default.role"); + + } catch (Exception e) { + LOG.error("Exception while setADProperties", e); + } } } http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/67a1133a/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java b/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java index 6037858..6d56453 100644 --- a/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java +++ b/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java @@ -20,8 +20,9 @@ package org.apache.atlas.web.security; import java.util.List; import javax.annotation.PostConstruct; -import org.apache.atlas.utils.PropertiesUtil; +import org.apache.atlas.ApplicationProperties; import org.apache.atlas.web.model.User; +import org.apache.commons.configuration.Configuration; import org.apache.log4j.Logger; import org.springframework.ldap.core.support.LdapContextSource; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; @@ -120,26 +121,31 @@ public class AtlasLdapAuthenticationProvider extends } private void setLdapProperties() { - ldapURL = PropertiesUtil.getProperty("atlas.ldap.url", ldapURL); - ldapUserDNPattern = PropertiesUtil.getProperty( - "atlas.ldap.user.dnpattern", ldapUserDNPattern); - ldapGroupSearchBase = PropertiesUtil.getProperty( - "atlas.ldap.group.searchbase", ldapGroupSearchBase); - ldapGroupSearchFilter = PropertiesUtil.getProperty( - "atlas.ldap.group.searchfilter", ldapGroupSearchFilter); - ldapGroupRoleAttribute = PropertiesUtil.getProperty( - "atlas.ldap.group.roleattribute", ldapGroupRoleAttribute); - ldapBindDN = PropertiesUtil.getProperty("atlas.ldap.bind.dn", - ldapBindDN); - ldapBindPassword = PropertiesUtil.getProperty( - "atlas.ldap.bind.password", ldapBindDN); - ldapDefaultRole = PropertiesUtil.getProperty("atlas.ldap.default.role", - ldapDefaultRole); - ldapUserSearchFilter = PropertiesUtil.getProperty( - "atlas.ldap.user.searchfilter", ldapUserSearchFilter); - ldapReferral = PropertiesUtil.getProperty("atlas.ldap.referral", - ldapReferral); - ldapBase = PropertiesUtil.getProperty("atlas.ldap.base.dn", ldapBase); + try { + Configuration configuration = ApplicationProperties.get(); + + ldapURL = configuration.getString("atlas.authentication.method.ldap.url"); + ldapUserDNPattern = configuration.getString( + "atlas.authentication.method.ldap.userDNpattern"); + ldapGroupSearchBase = configuration.getString( + "atlas.authentication.method.ldap.groupSearchBase"); + ldapGroupSearchFilter = configuration.getString( + "atlas.authentication.method.ldap.groupSearchFilter"); + ldapGroupRoleAttribute = configuration.getString( + "atlas.authentication.method.ldap.groupRoleAttribute"); + ldapBindDN = configuration.getString("atlas.authentication.method.ldap.bind.dn"); + ldapBindPassword = configuration.getString( + "atlas.authentication.method.ldap.bind.password"); + ldapDefaultRole = configuration.getString("atlas.authentication.method.ldap.default.role"); + ldapUserSearchFilter = configuration.getString( + "atlas.authentication.method.ldap.user.searchfilter"); + ldapReferral = configuration.getString("atlas.authentication.method.ldap.ad.referral"); + ldapBase = configuration.getString("atlas.authentication.method.ldap.base.dn"); + + } catch (Exception e) { + LOG.error("Exception while setLdapProperties", e); + } + } private LdapContextSource getLdapContextSource() throws Exception { http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/67a1133a/webapp/src/main/resources/atlas-admin-site.xml ---------------------------------------------------------------------- diff --git a/webapp/src/main/resources/atlas-admin-site.xml b/webapp/src/main/resources/atlas-admin-site.xml deleted file mode 100644 index c4b4be7..0000000 --- a/webapp/src/main/resources/atlas-admin-site.xml +++ /dev/null @@ -1,133 +0,0 @@ -<!-- Licensed under the Apache License, Version 2.0 (the "License"); you - may not use this file except in compliance with the License. You may obtain - a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless - required by applicable law or agreed to in writing, software distributed - under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES - OR CONDITIONS OF ANY KIND, either express or implied. See the License for - the specific language governing permissions and limitations under the License. - See accompanying LICENSE file. --> - - -<configuration> - <!-- # Ldap info start --> - - <property> - <name>atlas.ldap.url</name> - <display-name>LDAP URL</display-name> - <value>ldap://172.22.98.129:389</value> - <description>LDAP Server URL, only used if - Authentication method - is LDAP - </description> - </property> - <property> - <name>atlas.ldap.user.dnpattern</name> - <value>uid={0},ou=People,dc=example,dc=com</value> - <description></description> - </property> - <property> - <name>atlas.ldap.group.searchbase</name> - <display-name>Group Search Base</display-name> - <value>dc=example,dc=com</value> - <description></description> - </property> - <property> - <name>atlas.ldap.group.searchfilter</name> - <display-name>Group Search Filter</display-name> - <value>(member=uid={0},ou=Users,dc=example,dc=com) - </value> - <description></description> - </property> - <property> - <name>atlas.ldap.group.roleattribute</name> - <value>cn</value> - <description></description> - </property> - - <property> - <name>atlas.ldap.base.dn</name> - <value>dc=example,dc=com</value> - <description>LDAP base dn or search base</description> - </property> - <property> - <name>atlas.ldap.bind.dn</name> - <display-name>Bind User</display-name> - <value>cn=Manager,dc=example,dc=com</value> - <description>LDAP bind dn or manager dn</description> - </property> - <property> - <name>atlas.ldap.bind.password</name> - <display-name>âBind User Password</display-name> - <value>p@ssword</value> - <property-type>PASSWORD</property-type> - <description>Password for the account that can search - for users - </description> - <value-attributes> - <type>password</type> - <overridable>false</overridable> - </value-attributes> - </property> - <property> - <name>atlas.ldap.user.searchfilter</name> - <display-name>User Search Filter</display-name> - <value>(uid={0})</value> - <description></description> - </property> - - <property> - <name>atlas.ldap.default.role</name> - <value>ROLE_USER</value> - </property> - <property> - <name>atlas.ldap.referral</name> - <value>ignore</value> - <description>follow or ignore</description> - </property> - - - <!-- # Ldap Info end --> - - <!-- #AD info start --> - <property> - <name>atlas.ad.url</name> - <value>ldap://13.76.128.185:389</value> - <description></description> - </property> - <property> - <name>atlas.ad.domain</name> - <value>example.com</value> - <description>Ad Domain</description> - </property> - <property> - <name>atlas.ad.bind.dn</name> - <value>CN=adadmin admin,CN=Users,DC=example,DC=com</value> - <description>AD bind dn or manager dn</description> - </property> - <property> - <name>atlas.ad.bind.password</name> - <value>p@ssword</value> - <description>AD bind password</description> - </property> - <property> - <name>atlas.ad.user.searchfilter</name> - <display-name>User Search Filter</display-name> - <value>(sAMAccountName={0})</value> - <description></description> - </property> - <property> - <name>atlas.ad.base.dn</name> - <value>dc=example,dc=com</value> - <description>AD base dn or search base</description> - </property> - <property> - <name>atlas.ad.referral</name> - <value>ignore</value> - <description>follow or ignore</description> - </property> - <property> - <name>atlas.ad.default.role</name> - <value>ROLE_USER</value> - </property> - <!-- AD info end --> -</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/67a1133a/webapp/src/main/webapp/WEB-INF/applicationContext.xml ---------------------------------------------------------------------- diff --git a/webapp/src/main/webapp/WEB-INF/applicationContext.xml b/webapp/src/main/webapp/WEB-INF/applicationContext.xml index 004c3a8..6129605 100644 --- a/webapp/src/main/webapp/WEB-INF/applicationContext.xml +++ b/webapp/src/main/webapp/WEB-INF/applicationContext.xml @@ -22,18 +22,6 @@ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd";> - <import resource="classpath:/spring-security.xml" /> - <bean id="xmlPropertyConfigurer" class="org.apache.atlas.utils.XMLPropertiesUtil" /> - - <bean id="propertyConfigurer" class="org.apache.atlas.utils.PropertiesUtil"> - <property name="locations"> - <list> - <value>classpath:atlas-admin-site.xml - </value> - </list> - </property> - <property name="propertiesPersister" ref="xmlPropertyConfigurer" /> - </bean> </beans> \ No newline at end of file
