This is an automated email from the ASF dual-hosted git repository. xxyu pushed a commit to branch kylin5 in repository https://gitbox.apache.org/repos/asf/kylin.git
commit e4e59cd6b07a09d68cc860251519a5cc0ade3b39 Author: Liang.Hua <36814772+jacob...@users.noreply.github.com> AuthorDate: Thu Dec 15 10:11:09 2022 +0800 KYLIN-5425 fix api security Co-authored-by: liang.hua <liang....@kyligence.io> --- src/common-booter/src/main/resources/kylinSecurity.xml | 6 ++++-- src/common-server/src/main/resources/kylinSecurity.xml | 6 ++++-- src/common-service/src/test/resources/kylinSecurity.xml | 6 ++++-- src/data-loading-booter/src/main/resources/kylinSecurity.xml | 6 ++++-- .../src/test/resources/springframework/conf/kylinSecurity.xml | 6 ++++-- src/query-booter/src/main/resources/kylinSecurity.xml | 6 ++++-- src/streaming-service/src/test/resources/kylinSecurity.xml | 6 ++++-- 7 files changed, 28 insertions(+), 14 deletions(-) diff --git a/src/common-booter/src/main/resources/kylinSecurity.xml b/src/common-booter/src/main/resources/kylinSecurity.xml index f6fd5b2c8d..3588bf5a48 100644 --- a/src/common-booter/src/main/resources/kylinSecurity.xml +++ b/src/common-booter/src/main/resources/kylinSecurity.xml @@ -311,10 +311,11 @@ <scr:intercept-url pattern="/api/admin/public_config" access="permitAll"/> <scr:intercept-url pattern="/api/admin/instance_info" access="permitAll"/> <scr:intercept-url pattern="/api/projects" access="permitAll"/> - <scr:intercept-url pattern="/api/system/license/info" access="permitAll"/> + <scr:intercept-url pattern="/api/system/license/info" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/error" access="permitAll"/> <scr:intercept-url pattern="/api/admin*/**" access="hasRole('ROLE_ADMIN')"/> <scr:intercept-url pattern="/api/**" access="isAuthenticated()"/> + <scr:intercept-url pattern="/sparder/**" access="isAuthenticated()"/> <scr:logout invalidate-session="true" delete-cookies="JSESSIONID" logout-url="/api/j_spring_security_logout" success-handler-ref="logoutSuccessHandler"/> @@ -366,10 +367,11 @@ <scr:intercept-url pattern="/api/models*/**" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/job*/**" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/admin/config" access="permitAll"/> - <scr:intercept-url pattern="/api/system/license/info" access="permitAll"/> + <scr:intercept-url pattern="/api/system/license/info" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/projects*/*" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/admin*/**" access="hasRole('ROLE_ADMIN')"/> <scr:intercept-url pattern="/api/**" access="isAuthenticated()"/> + <scr:intercept-url pattern="/sparder/**" access="isAuthenticated()"/> <scr:form-login login-page="/login"/> <scr:logout invalidate-session="true" delete-cookies="JSESSIONID" logout-url="/j_spring_security_logout" diff --git a/src/common-server/src/main/resources/kylinSecurity.xml b/src/common-server/src/main/resources/kylinSecurity.xml index 82f50d3ee3..85ecab6e94 100644 --- a/src/common-server/src/main/resources/kylinSecurity.xml +++ b/src/common-server/src/main/resources/kylinSecurity.xml @@ -312,10 +312,11 @@ <scr:intercept-url pattern="/api/admin/instance_info" access="permitAll"/> <scr:intercept-url pattern="/api/projects" access="permitAll"/> <scr:intercept-url pattern="/api/error" access="permitAll"/> - <scr:intercept-url pattern="/api/system/license/info" access="permitAll"/> + <scr:intercept-url pattern="/api/system/license/info" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/error" access="permitAll"/> <scr:intercept-url pattern="/api/admin*/**" access="hasRole('ROLE_ADMIN')"/> <scr:intercept-url pattern="/api/**" access="isAuthenticated()"/> + <scr:intercept-url pattern="/sparder/**" access="isAuthenticated()"/> <scr:logout invalidate-session="true" delete-cookies="JSESSIONID" logout-url="/api/j_spring_security_logout" success-handler-ref="logoutSuccessHandler"/> @@ -367,10 +368,11 @@ <scr:intercept-url pattern="/api/models*/**" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/job*/**" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/admin/config" access="permitAll"/> - <scr:intercept-url pattern="/api/system/license/info" access="permitAll"/> + <scr:intercept-url pattern="/api/system/license/info" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/projects*/*" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/admin*/**" access="hasRole('ROLE_ADMIN')"/> <scr:intercept-url pattern="/api/**" access="isAuthenticated()"/> + <scr:intercept-url pattern="/sparder/**" access="isAuthenticated()"/> <scr:form-login login-page="/login"/> <scr:logout invalidate-session="true" delete-cookies="JSESSIONID" logout-url="/j_spring_security_logout" diff --git a/src/common-service/src/test/resources/kylinSecurity.xml b/src/common-service/src/test/resources/kylinSecurity.xml index d8c4920319..c083eaecd1 100644 --- a/src/common-service/src/test/resources/kylinSecurity.xml +++ b/src/common-service/src/test/resources/kylinSecurity.xml @@ -303,10 +303,11 @@ <scr:intercept-url pattern="/api/admin/public_config" access="permitAll"/> <scr:intercept-url pattern="/api/admin/instance_info" access="permitAll"/> <scr:intercept-url pattern="/api/projects" access="permitAll"/> - <scr:intercept-url pattern="/api/system/license/info" access="permitAll"/> + <scr:intercept-url pattern="/api/system/license/info" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/error" access="permitAll"/> <scr:intercept-url pattern="/api/admin*/**" access="hasRole('ROLE_ADMIN')"/> <scr:intercept-url pattern="/api/**" access="isAuthenticated()"/> + <scr:intercept-url pattern="/sparder/**" access="isAuthenticated()"/> <scr:logout invalidate-session="true" delete-cookies="JSESSIONID" logout-url="/api/j_spring_security_logout" success-handler-ref="logoutSuccessHandler"/> @@ -358,10 +359,11 @@ <scr:intercept-url pattern="/api/models*/**" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/job*/**" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/admin/config" access="permitAll"/> - <scr:intercept-url pattern="/api/system/license/info" access="permitAll"/> + <scr:intercept-url pattern="/api/system/license/info" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/projects*/*" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/admin*/**" access="hasRole('ROLE_ADMIN')"/> <scr:intercept-url pattern="/api/**" access="isAuthenticated()"/> + <scr:intercept-url pattern="/sparder/**" access="isAuthenticated()"/> <scr:form-login login-page="/login"/> <scr:logout invalidate-session="true" delete-cookies="JSESSIONID" logout-url="/j_spring_security_logout" diff --git a/src/data-loading-booter/src/main/resources/kylinSecurity.xml b/src/data-loading-booter/src/main/resources/kylinSecurity.xml index 132a31f58b..8b32208b12 100644 --- a/src/data-loading-booter/src/main/resources/kylinSecurity.xml +++ b/src/data-loading-booter/src/main/resources/kylinSecurity.xml @@ -311,9 +311,10 @@ <scr:intercept-url pattern="/api/admin/public_config" access="permitAll"/> <scr:intercept-url pattern="/api/admin/instance_info" access="permitAll"/> <scr:intercept-url pattern="/api/projects" access="permitAll"/> - <scr:intercept-url pattern="/api/system/license/info" access="permitAll"/> + <scr:intercept-url pattern="/api/system/license/info" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/admin*/**" access="hasRole('ROLE_ADMIN')"/> <scr:intercept-url pattern="/api/**" access="isAuthenticated()"/> + <scr:intercept-url pattern="/sparder/**" access="isAuthenticated()"/> <scr:logout invalidate-session="true" delete-cookies="JSESSIONID" logout-url="/api/j_spring_security_logout" success-handler-ref="logoutSuccessHandler"/> @@ -365,11 +366,12 @@ <scr:intercept-url pattern="/api/models*/**" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/job*/**" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/admin/config" access="permitAll"/> - <scr:intercept-url pattern="/api/system/license/info" access="permitAll"/> + <scr:intercept-url pattern="/api/system/license/info" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/error" access="permitAll"/> <scr:intercept-url pattern="/api/projects*/*" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/admin*/**" access="hasRole('ROLE_ADMIN')"/> <scr:intercept-url pattern="/api/**" access="isAuthenticated()"/> + <scr:intercept-url pattern="/sparder/**" access="isAuthenticated()"/> <scr:form-login login-page="/login"/> <scr:logout invalidate-session="true" delete-cookies="JSESSIONID" logout-url="/j_spring_security_logout" diff --git a/src/kylin-it/src/test/resources/springframework/conf/kylinSecurity.xml b/src/kylin-it/src/test/resources/springframework/conf/kylinSecurity.xml index 7a011d6506..f38550ed44 100644 --- a/src/kylin-it/src/test/resources/springframework/conf/kylinSecurity.xml +++ b/src/kylin-it/src/test/resources/springframework/conf/kylinSecurity.xml @@ -312,10 +312,11 @@ <scr:intercept-url pattern="/api/admin/public_config" access="permitAll"/> <scr:intercept-url pattern="/api/admin/instance_info" access="permitAll"/> <scr:intercept-url pattern="/api/projects" access="permitAll"/> - <scr:intercept-url pattern="/api/system/license/info" access="permitAll"/> + <scr:intercept-url pattern="/api/system/license/info" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/error" access="permitAll"/> <scr:intercept-url pattern="/api/admin*/**" access="hasRole('ROLE_ADMIN')"/> <scr:intercept-url pattern="/api/**" access="isAuthenticated()"/> + <scr:intercept-url pattern="/sparder/**" access="isAuthenticated()"/> <scr:logout invalidate-session="true" delete-cookies="JSESSIONID" logout-url="/api/j_spring_security_logout" success-handler-ref="logoutSuccessHandler"/> @@ -367,10 +368,11 @@ <scr:intercept-url pattern="/api/models*/**" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/job*/**" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/admin/config" access="permitAll"/> - <scr:intercept-url pattern="/api/system/license/info" access="permitAll"/> + <scr:intercept-url pattern="/api/system/license/info" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/projects*/*" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/admin*/**" access="hasRole('ROLE_ADMIN')"/> <scr:intercept-url pattern="/api/**" access="isAuthenticated()"/> + <scr:intercept-url pattern="/sparder/**" access="isAuthenticated()"/> <scr:form-login login-page="/login"/> <scr:logout invalidate-session="true" delete-cookies="JSESSIONID" logout-url="/j_spring_security_logout" diff --git a/src/query-booter/src/main/resources/kylinSecurity.xml b/src/query-booter/src/main/resources/kylinSecurity.xml index f6fd5b2c8d..3588bf5a48 100644 --- a/src/query-booter/src/main/resources/kylinSecurity.xml +++ b/src/query-booter/src/main/resources/kylinSecurity.xml @@ -311,10 +311,11 @@ <scr:intercept-url pattern="/api/admin/public_config" access="permitAll"/> <scr:intercept-url pattern="/api/admin/instance_info" access="permitAll"/> <scr:intercept-url pattern="/api/projects" access="permitAll"/> - <scr:intercept-url pattern="/api/system/license/info" access="permitAll"/> + <scr:intercept-url pattern="/api/system/license/info" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/error" access="permitAll"/> <scr:intercept-url pattern="/api/admin*/**" access="hasRole('ROLE_ADMIN')"/> <scr:intercept-url pattern="/api/**" access="isAuthenticated()"/> + <scr:intercept-url pattern="/sparder/**" access="isAuthenticated()"/> <scr:logout invalidate-session="true" delete-cookies="JSESSIONID" logout-url="/api/j_spring_security_logout" success-handler-ref="logoutSuccessHandler"/> @@ -366,10 +367,11 @@ <scr:intercept-url pattern="/api/models*/**" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/job*/**" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/admin/config" access="permitAll"/> - <scr:intercept-url pattern="/api/system/license/info" access="permitAll"/> + <scr:intercept-url pattern="/api/system/license/info" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/projects*/*" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/admin*/**" access="hasRole('ROLE_ADMIN')"/> <scr:intercept-url pattern="/api/**" access="isAuthenticated()"/> + <scr:intercept-url pattern="/sparder/**" access="isAuthenticated()"/> <scr:form-login login-page="/login"/> <scr:logout invalidate-session="true" delete-cookies="JSESSIONID" logout-url="/j_spring_security_logout" diff --git a/src/streaming-service/src/test/resources/kylinSecurity.xml b/src/streaming-service/src/test/resources/kylinSecurity.xml index f6fd5b2c8d..3588bf5a48 100644 --- a/src/streaming-service/src/test/resources/kylinSecurity.xml +++ b/src/streaming-service/src/test/resources/kylinSecurity.xml @@ -311,10 +311,11 @@ <scr:intercept-url pattern="/api/admin/public_config" access="permitAll"/> <scr:intercept-url pattern="/api/admin/instance_info" access="permitAll"/> <scr:intercept-url pattern="/api/projects" access="permitAll"/> - <scr:intercept-url pattern="/api/system/license/info" access="permitAll"/> + <scr:intercept-url pattern="/api/system/license/info" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/error" access="permitAll"/> <scr:intercept-url pattern="/api/admin*/**" access="hasRole('ROLE_ADMIN')"/> <scr:intercept-url pattern="/api/**" access="isAuthenticated()"/> + <scr:intercept-url pattern="/sparder/**" access="isAuthenticated()"/> <scr:logout invalidate-session="true" delete-cookies="JSESSIONID" logout-url="/api/j_spring_security_logout" success-handler-ref="logoutSuccessHandler"/> @@ -366,10 +367,11 @@ <scr:intercept-url pattern="/api/models*/**" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/job*/**" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/admin/config" access="permitAll"/> - <scr:intercept-url pattern="/api/system/license/info" access="permitAll"/> + <scr:intercept-url pattern="/api/system/license/info" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/projects*/*" access="isAuthenticated()"/> <scr:intercept-url pattern="/api/admin*/**" access="hasRole('ROLE_ADMIN')"/> <scr:intercept-url pattern="/api/**" access="isAuthenticated()"/> + <scr:intercept-url pattern="/sparder/**" access="isAuthenticated()"/> <scr:form-login login-page="/login"/> <scr:logout invalidate-session="true" delete-cookies="JSESSIONID" logout-url="/j_spring_security_logout"