http://git-wip-us.apache.org/repos/asf/zeppelin/blob/0d746fa2/zeppelin-plugins/notebookrepo/vfs/src/test/java/org/apache/zeppelin/notebook/repo/TestVFSNotebookRepo.java ---------------------------------------------------------------------- diff --git a/zeppelin-plugins/notebookrepo/vfs/src/test/java/org/apache/zeppelin/notebook/repo/TestVFSNotebookRepo.java b/zeppelin-plugins/notebookrepo/vfs/src/test/java/org/apache/zeppelin/notebook/repo/TestVFSNotebookRepo.java index 72aaf74..452adc0 100644 --- a/zeppelin-plugins/notebookrepo/vfs/src/test/java/org/apache/zeppelin/notebook/repo/TestVFSNotebookRepo.java +++ b/zeppelin-plugins/notebookrepo/vfs/src/test/java/org/apache/zeppelin/notebook/repo/TestVFSNotebookRepo.java @@ -17,13 +17,7 @@ package org.apache.zeppelin.notebook.repo; -import static org.junit.Assert.assertEquals; - import com.google.common.collect.ImmutableMap; -import java.io.File; -import java.io.IOException; -import java.util.List; -import java.util.Map; import org.apache.commons.io.FileUtils; import org.apache.zeppelin.conf.ZeppelinConfiguration; import org.apache.zeppelin.notebook.Note; @@ -33,6 +27,13 @@ import org.junit.After; import org.junit.Before; import org.junit.Test; +import java.io.File; +import java.io.IOException; +import java.util.List; +import java.util.Map; + +import static org.junit.Assert.assertEquals; + public class TestVFSNotebookRepo { private ZeppelinConfiguration zConf; @@ -43,8 +44,7 @@ public class TestVFSNotebookRepo { public void setUp() throws IOException { notebookRepo = new VFSNotebookRepo(); FileUtils.forceMkdir(new File(notebookDir)); - System.setProperty( - ZeppelinConfiguration.ConfVars.ZEPPELIN_NOTEBOOK_DIR.getVarName(), notebookDir); + System.setProperty(ZeppelinConfiguration.ConfVars.ZEPPELIN_NOTEBOOK_DIR.getVarName(), notebookDir); zConf = new ZeppelinConfiguration(); notebookRepo.init(zConf); } @@ -91,8 +91,7 @@ public class TestVFSNotebookRepo { @Test public void testUpdateSettings() throws IOException { - List<NotebookRepoSettingsInfo> repoSettings = - notebookRepo.getSettings(AuthenticationInfo.ANONYMOUS); + List<NotebookRepoSettingsInfo> repoSettings = notebookRepo.getSettings(AuthenticationInfo.ANONYMOUS); assertEquals(1, repoSettings.size()); NotebookRepoSettingsInfo settingInfo = repoSettings.get(0); assertEquals("Notebook Path", settingInfo.name);
http://git-wip-us.apache.org/repos/asf/zeppelin/blob/0d746fa2/zeppelin-plugins/notebookrepo/zeppelin-hub/src/main/java/org/apache/zeppelin/notebook/repo/zeppelinhub/ZeppelinHubRepo.java ---------------------------------------------------------------------- diff --git a/zeppelin-plugins/notebookrepo/zeppelin-hub/src/main/java/org/apache/zeppelin/notebook/repo/zeppelinhub/ZeppelinHubRepo.java b/zeppelin-plugins/notebookrepo/zeppelin-hub/src/main/java/org/apache/zeppelin/notebook/repo/zeppelinhub/ZeppelinHubRepo.java index adc54a1..9dd9fbf 100644 --- a/zeppelin-plugins/notebookrepo/zeppelin-hub/src/main/java/org/apache/zeppelin/notebook/repo/zeppelinhub/ZeppelinHubRepo.java +++ b/zeppelin-plugins/notebookrepo/zeppelin-hub/src/main/java/org/apache/zeppelin/notebook/repo/zeppelinhub/ZeppelinHubRepo.java @@ -16,26 +16,22 @@ */ package org.apache.zeppelin.notebook.repo.zeppelinhub; -import com.google.common.base.Joiner; -import com.google.common.collect.ImmutableMap; -import com.google.common.collect.Lists; -import com.google.gson.Gson; -import com.google.gson.reflect.TypeToken; import java.io.IOException; import java.net.URI; import java.net.URISyntaxException; import java.util.Collections; import java.util.List; import java.util.Map; + import org.apache.commons.lang.StringUtils; import org.apache.zeppelin.conf.ZeppelinConfiguration; import org.apache.zeppelin.notebook.Note; import org.apache.zeppelin.notebook.NoteInfo; -import org.apache.zeppelin.notebook.repo.NotebookRepoSettingsInfo; import org.apache.zeppelin.notebook.repo.NotebookRepoWithVersionControl; +import org.apache.zeppelin.notebook.repo.NotebookRepoSettingsInfo; import org.apache.zeppelin.notebook.repo.zeppelinhub.model.Instance; -import org.apache.zeppelin.notebook.repo.zeppelinhub.model.UserSessionContainer; import org.apache.zeppelin.notebook.repo.zeppelinhub.model.UserTokenContainer; +import org.apache.zeppelin.notebook.repo.zeppelinhub.model.UserSessionContainer; import org.apache.zeppelin.notebook.repo.zeppelinhub.rest.ZeppelinhubRestApiHandler; import org.apache.zeppelin.notebook.repo.zeppelinhub.websocket.Client; import org.apache.zeppelin.notebook.repo.zeppelinhub.websocket.utils.ZeppelinhubUtils; @@ -43,7 +39,15 @@ import org.apache.zeppelin.user.AuthenticationInfo; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -/** ZeppelinHub repo class. */ +import com.google.common.base.Joiner; +import com.google.common.collect.ImmutableMap; +import com.google.common.collect.Lists; +import com.google.gson.Gson; +import com.google.gson.reflect.TypeToken; + +/** + * ZeppelinHub repo class. + */ public class ZeppelinHubRepo implements NotebookRepoWithVersionControl { private static final Logger LOG = LoggerFactory.getLogger(ZeppelinHubRepo.class); private static final String DEFAULT_SERVER = "https://www.zeppelinhub.com";; @@ -57,10 +61,12 @@ public class ZeppelinHubRepo implements NotebookRepoWithVersionControl { private String token; private ZeppelinhubRestApiHandler restApiClient; - + private ZeppelinConfiguration conf; - public ZeppelinHubRepo() {} + public ZeppelinHubRepo() { + + } public ZeppelinHubRepo(ZeppelinConfiguration conf) { this(); @@ -74,12 +80,11 @@ public class ZeppelinHubRepo implements NotebookRepoWithVersionControl { token = conf.getString("ZEPPELINHUB_API_TOKEN", ZEPPELIN_CONF_PROP_NAME_TOKEN, ""); restApiClient = ZeppelinhubRestApiHandler.newInstance(zeppelinHubUrl); - // TODO(khalid): check which realm for authentication, pass to token manager + //TODO(khalid): check which realm for authentication, pass to token manager tokenManager = UserTokenContainer.init(restApiClient, token); - websocketClient = - Client.initialize( - getZeppelinWebsocketUri(conf), getZeppelinhubWebsocketUri(conf), token, conf); + websocketClient = Client.initialize(getZeppelinWebsocketUri(conf), + getZeppelinhubWebsocketUri(conf), token, conf); websocketClient.start(); } @@ -92,10 +97,8 @@ public class ZeppelinHubRepo implements NotebookRepoWithVersionControl { } if (scheme == null) { - LOG.info( - "{} is not a valid zeppelinhub server address. proceed with default address {}", - apiRoot, - DEFAULT_SERVER); + LOG.info("{} is not a valid zeppelinhub server address. proceed with default address {}", + apiRoot, DEFAULT_SERVER); apiRoot = new URI(DEFAULT_SERVER); scheme = apiRoot.getScheme(); port = apiRoot.getPort(); @@ -110,11 +113,8 @@ public class ZeppelinHubRepo implements NotebookRepoWithVersionControl { String getZeppelinhubWebsocketUri(ZeppelinConfiguration conf) { String zeppelinHubUri = StringUtils.EMPTY; try { - zeppelinHubUri = - getZeppelinHubWsUri( - new URI( - conf.getString( - "ZEPPELINHUB_API_ADDRESS", ZEPPELIN_CONF_PROP_NAME_SERVER, DEFAULT_SERVER))); + zeppelinHubUri = getZeppelinHubWsUri(new URI(conf.getString("ZEPPELINHUB_API_ADDRESS", + ZEPPELIN_CONF_PROP_NAME_SERVER, DEFAULT_SERVER))); } catch (URISyntaxException e) { LOG.error("Cannot get ZeppelinHub URI", e); } @@ -143,8 +143,9 @@ public class ZeppelinHubRepo implements NotebookRepoWithVersionControl { URI apiRoot; String zeppelinhubUrl; try { - String url = - conf.getString("ZEPPELINHUB_API_ADDRESS", ZEPPELIN_CONF_PROP_NAME_SERVER, DEFAULT_SERVER); + String url = conf.getString("ZEPPELINHUB_API_ADDRESS", + ZEPPELIN_CONF_PROP_NAME_SERVER, + DEFAULT_SERVER); apiRoot = new URI(url); } catch (URISyntaxException e) { LOG.error("Invalid zeppelinhub url, using default address {}", DEFAULT_SERVER, e); @@ -153,10 +154,8 @@ public class ZeppelinHubRepo implements NotebookRepoWithVersionControl { String scheme = apiRoot.getScheme(); if (scheme == null) { - LOG.info( - "{} is not a valid zeppelinhub server address. proceed with default address {}", - apiRoot, - DEFAULT_SERVER); + LOG.info("{} is not a valid zeppelinhub server address. proceed with default address {}", + apiRoot, DEFAULT_SERVER); zeppelinhubUrl = DEFAULT_SERVER; } else { zeppelinhubUrl = scheme + "://" + apiRoot.getHost(); @@ -173,7 +172,7 @@ public class ZeppelinHubRepo implements NotebookRepoWithVersionControl { } return (subject.isAnonymous() && !conf.isAnonymousAllowed()) ? false : true; } - + @Override public List<NoteInfo> list(AuthenticationInfo subject) throws IOException { if (!isSubjectValid(subject)) { @@ -239,7 +238,7 @@ public class ZeppelinHubRepo implements NotebookRepoWithVersionControl { } String endpoint = Joiner.on("/").join(noteId, "checkpoint"); String content = GSON.toJson(ImmutableMap.of("message", checkpointMsg)); - + String token = getUserToken(subject.getUser()); String response = restApiClient.putWithResponseBody(token, endpoint, content); @@ -273,13 +272,13 @@ public class ZeppelinHubRepo implements NotebookRepoWithVersionControl { try { String token = getUserToken(subject.getUser()); String response = restApiClient.get(token, endpoint); - history = GSON.fromJson(response, new TypeToken<List<Revision>>() {}.getType()); + history = GSON.fromJson(response, new TypeToken<List<Revision>>(){}.getType()); } catch (IOException e) { LOG.error("Cannot get note history", e); } return history; } - + private String getUserToken(String user) { return tokenManager.getUserToken(user); } @@ -300,14 +299,13 @@ public class ZeppelinHubRepo implements NotebookRepoWithVersionControl { try { instances = tokenManager.getUserInstances(zeppelinHubUserSession); } catch (IOException e) { - LOG.warn( - "Couldnt find instances for the session {}, returning empty collection", + LOG.warn("Couldnt find instances for the session {}, returning empty collection", zeppelinHubUserSession); // user not logged - // TODO(xxx): handle this case. + //TODO(xxx): handle this case. instances = Collections.emptyList(); } - + NotebookRepoSettingsInfo repoSetting = NotebookRepoSettingsInfo.newInstance(); repoSetting.type = NotebookRepoSettingsInfo.Type.DROPDOWN; for (Instance instance : instances) { @@ -383,4 +381,5 @@ public class ZeppelinHubRepo implements NotebookRepoWithVersionControl { // Auto-generated method stub return null; } + } http://git-wip-us.apache.org/repos/asf/zeppelin/blob/0d746fa2/zeppelin-server/pom.xml ---------------------------------------------------------------------- diff --git a/zeppelin-server/pom.xml b/zeppelin-server/pom.xml index d30060d..4eaedb2 100644 --- a/zeppelin-server/pom.xml +++ b/zeppelin-server/pom.xml @@ -445,6 +445,14 @@ <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-dependency-plugin</artifactId> </plugin> + + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-checkstyle-plugin</artifactId> + <configuration> + <skip>false</skip> + </configuration> + </plugin> </plugins> </build> http://git-wip-us.apache.org/repos/asf/zeppelin/blob/0d746fa2/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java ---------------------------------------------------------------------- diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java index 7d7d56b..41d9f5d 100644 --- a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java +++ b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java @@ -16,23 +16,7 @@ */ package org.apache.zeppelin.realm; -import java.util.ArrayList; -import java.util.Collection; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Iterator; import java.util.LinkedHashMap; -import java.util.LinkedHashSet; -import java.util.List; -import java.util.Map; -import java.util.Set; -import javax.naming.NamingEnumeration; -import javax.naming.NamingException; -import javax.naming.directory.Attribute; -import javax.naming.directory.Attributes; -import javax.naming.directory.SearchControls; -import javax.naming.directory.SearchResult; -import javax.naming.ldap.LdapContext; import org.apache.commons.lang.StringUtils; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; @@ -50,10 +34,29 @@ import org.apache.shiro.subject.PrincipalCollection; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import java.util.ArrayList; +import java.util.Collection; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.LinkedHashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import javax.naming.NamingEnumeration; +import javax.naming.NamingException; +import javax.naming.directory.Attribute; +import javax.naming.directory.Attributes; +import javax.naming.directory.SearchControls; +import javax.naming.directory.SearchResult; +import javax.naming.ldap.LdapContext; + /** - * A {@link org.apache.shiro.realm.Realm} that authenticates with an active directory LDAP server to - * determine the roles for a particular user. This implementation queries for the user's groups and - * then maps the group names to roles using the {@link #groupRolesMap}. + * A {@link org.apache.shiro.realm.Realm} that authenticates with an active directory LDAP + * server to determine the roles for a particular user. This implementation + * queries for the user's groups and then maps the group names to roles using the + * {@link #groupRolesMap}. * * @since 0.1 */ @@ -70,9 +73,9 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm { } /** - * Mapping from fully qualified active directory group names (e.g. - * CN=Group,OU=Company,DC=MyDomain,DC=local) as returned by the active directory LDAP server to - * role names. + * Mapping from fully qualified active directory + * group names (e.g. CN=Group,OU=Company,DC=MyDomain,DC=local) + * as returned by the active directory LDAP server to role names. */ private Map<String, String> groupRolesMap = new LinkedHashMap<>(); @@ -106,10 +109,10 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm { } protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) - throws AuthenticationException { + throws AuthenticationException { try { - AuthenticationInfo info = - this.queryForAuthenticationInfo(token, this.getLdapContextFactory()); + AuthenticationInfo info = this.queryForAuthenticationInfo(token, + this.getLdapContextFactory()); return info; } catch (javax.naming.AuthenticationException var5) { throw new AuthenticationException("LDAP authentication failed.", var5); @@ -121,15 +124,12 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm { protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { try { - AuthorizationInfo info = - this.queryForAuthorizationInfo(principals, this.getLdapContextFactory()); + AuthorizationInfo info = this.queryForAuthorizationInfo(principals, + this.getLdapContextFactory()); return info; } catch (NamingException var5) { - String msg = - "LDAP naming error while attempting to " - + "retrieve authorization for user [" - + principals - + "]."; + String msg = "LDAP naming error while attempting to " + + "retrieve authorization for user [" + principals + "]."; throw new AuthorizationException(msg, var5); } } @@ -146,18 +146,18 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm { /** * Builds an {@link AuthenticationInfo} object by querying the active directory LDAP context for - * the specified username. This method binds to the LDAP server using the provided username and - * password - which if successful, indicates that the password is correct. + * the specified username. This method binds to the LDAP server using the provided username + * and password - which if successful, indicates that the password is correct. + * <p/> + * This method can be overridden by subclasses to query the LDAP server in a more complex way. * - * <p>This method can be overridden by subclasses to query the LDAP server in a more complex way. - * - * @param token the authentication token provided by the user. + * @param token the authentication token provided by the user. * @param ldapContextFactory the factory used to build connections to the LDAP server. * @return an {@link AuthenticationInfo} instance containing information retrieved from LDAP. * @throws NamingException if any LDAP errors occur during the search. */ - protected AuthenticationInfo queryForAuthenticationInfo( - AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException { + protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token, + LdapContextFactory ldapContextFactory) throws NamingException { UsernamePasswordToken upToken = (UsernamePasswordToken) token; // Binds using the username and password provided by the user. @@ -170,7 +170,8 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm { if (this.principalSuffix != null && userPrincipalName.indexOf('@') < 0) { userPrincipalName = upToken.getUsername() + this.principalSuffix; } - ctx = ldapContextFactory.getLdapContext(userPrincipalName, upToken.getPassword()); + ctx = ldapContextFactory.getLdapContext( + userPrincipalName, upToken.getPassword()); } finally { LdapUtils.closeContext(ctx); } @@ -201,23 +202,22 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm { /** * Builds an {@link org.apache.shiro.authz.AuthorizationInfo} object by querying the active - * directory LDAP context for the groups that a user is a member of. The groups are then + * directory LDAP context for the groups that a user is a member of. The groups are then * translated to role names by using the configured {@link #groupRolesMap}. - * - * <p>This implementation expects the <tt>principal</tt> argument to be a String username. - * - * <p>Subclasses can override this method to determine authorization data (roles, permissions, - * etc) in a more complex way. Note that this default implementation does not support permissions, + * <p/> + * This implementation expects the <tt>principal</tt> argument to be a String username. + * <p/> + * Subclasses can override this method to determine authorization data (roles, permissions, etc) + * in a more complex way. Note that this default implementation does not support permissions, * only roles. * - * @param principals the principal of the Subject whose account is being retrieved. + * @param principals the principal of the Subject whose account is being retrieved. * @param ldapContextFactory the factory used to create LDAP connections. * @return the AuthorizationInfo for the given Subject principal. * @throws NamingException if an error occurs when searching the LDAP server. */ - protected AuthorizationInfo queryForAuthorizationInfo( - PrincipalCollection principals, LdapContextFactory ldapContextFactory) - throws NamingException { + protected AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principals, + LdapContextFactory ldapContextFactory) throws NamingException { String username = (String) getAvailablePrincipal(principals); // Perform context search @@ -238,8 +238,9 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm { return new SimpleAuthorizationInfo(roleNames); } - public List<String> searchForUserName( - String containString, LdapContext ldapContext, int numUsersToFetch) throws NamingException { + public List<String> searchForUserName(String containString, LdapContext ldapContext, + int numUsersToFetch) + throws NamingException { List<String> userNameList = new ArrayList<>(); SearchControls searchCtls = new SearchControls(); @@ -247,10 +248,10 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm { searchCtls.setCountLimit(numUsersToFetch); String searchFilter = "(&(objectClass=*)(userPrincipalName=*" + containString + "*))"; - Object[] searchArguments = new Object[] {containString}; + Object[] searchArguments = new Object[]{containString}; - NamingEnumeration answer = - ldapContext.search(searchBase, searchFilter, searchArguments, searchCtls); + NamingEnumeration answer = ldapContext.search(searchBase, searchFilter, searchArguments, + searchCtls); while (answer.hasMoreElements()) { SearchResult sr = (SearchResult) answer.next(); @@ -284,7 +285,7 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm { } private Set<String> getRoleNamesForUser(String username, LdapContext ldapContext) - throws NamingException { + throws NamingException { Set<String> roleNames = new LinkedHashSet<>(); SearchControls searchCtls = new SearchControls(); @@ -295,10 +296,10 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm { } String searchFilter = "(&(objectClass=*)(userPrincipalName=" + userPrincipalName + "))"; - Object[] searchArguments = new Object[] {userPrincipalName}; + Object[] searchArguments = new Object[]{userPrincipalName}; - NamingEnumeration answer = - ldapContext.search(searchBase, searchFilter, searchArguments, searchCtls); + NamingEnumeration answer = ldapContext.search(searchBase, searchFilter, searchArguments, + searchCtls); while (answer.hasMoreElements()) { SearchResult sr = (SearchResult) answer.next(); @@ -333,7 +334,7 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm { /** * This method is called by the default implementation to translate Active Directory group names - * to role names. This implementation uses the {@link #groupRolesMap} to map group names to role + * to role names. This implementation uses the {@link #groupRolesMap} to map group names to role * names. * * @param groupNames the group names that apply to the current user. @@ -349,11 +350,12 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm { for (String roleName : strRoleNames.split(ROLE_NAMES_DELIMETER)) { if (log.isDebugEnabled()) { - log.debug( - "User is member of group [" + groupName + "] so adding role [" + roleName + "]"); + log.debug("User is member of group [" + groupName + "] so adding role [" + + roleName + "]"); } roleNames.add(roleName); + } } } http://git-wip-us.apache.org/repos/asf/zeppelin/blob/0d746fa2/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapGroupRealm.java ---------------------------------------------------------------------- diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapGroupRealm.java b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapGroupRealm.java index 06924dd..cdc2c22 100644 --- a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapGroupRealm.java +++ b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapGroupRealm.java @@ -16,9 +16,18 @@ */ package org.apache.zeppelin.realm; +import org.apache.shiro.authz.AuthorizationInfo; +import org.apache.shiro.authz.SimpleAuthorizationInfo; +import org.apache.shiro.realm.ldap.JndiLdapRealm; +import org.apache.shiro.realm.ldap.LdapContextFactory; +import org.apache.shiro.subject.PrincipalCollection; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + import java.util.HashSet; import java.util.LinkedHashSet; import java.util.Set; + import javax.naming.NamingEnumeration; import javax.naming.NamingException; import javax.naming.directory.Attribute; @@ -26,29 +35,23 @@ import javax.naming.directory.Attributes; import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; import javax.naming.ldap.LdapContext; -import org.apache.shiro.authz.AuthorizationInfo; -import org.apache.shiro.authz.SimpleAuthorizationInfo; -import org.apache.shiro.realm.ldap.JndiLdapRealm; -import org.apache.shiro.realm.ldap.LdapContextFactory; -import org.apache.shiro.subject.PrincipalCollection; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -/** Created for org.apache.zeppelin.server. */ +/** + * Created for org.apache.zeppelin.server. + */ public class LdapGroupRealm extends JndiLdapRealm { private static final Logger LOG = LoggerFactory.getLogger(LdapGroupRealm.class); - public AuthorizationInfo queryForAuthorizationInfo( - PrincipalCollection principals, LdapContextFactory ldapContextFactory) - throws NamingException { + public AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principals, + LdapContextFactory ldapContextFactory) throws NamingException { String username = (String) getAvailablePrincipal(principals); LdapContext ldapContext = ldapContextFactory.getSystemLdapContext(); Set<String> roleNames = getRoleNamesForUser(username, ldapContext, getUserDnTemplate()); return new SimpleAuthorizationInfo(roleNames); } - public Set<String> getRoleNamesForUser( - String username, LdapContext ldapContext, String userDnTemplate) throws NamingException { + public Set<String> getRoleNamesForUser(String username, LdapContext ldapContext, + String userDnTemplate) throws NamingException { try { Set<String> roleNames = new LinkedHashSet<>(); @@ -56,14 +59,13 @@ public class LdapGroupRealm extends JndiLdapRealm { searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE); String searchFilter = "(&(objectClass=groupOfNames)(member=" + userDnTemplate + "))"; - Object[] searchArguments = new Object[] {username}; + Object[] searchArguments = new Object[]{username}; - NamingEnumeration<?> answer = - ldapContext.search( - String.valueOf(ldapContext.getEnvironment().get("ldap.searchBase")), - searchFilter, - searchArguments, - searchCtls); + NamingEnumeration<?> answer = ldapContext.search( + String.valueOf(ldapContext.getEnvironment().get("ldap.searchBase")), + searchFilter, + searchArguments, + searchCtls); while (answer.hasMoreElements()) { SearchResult sr = (SearchResult) answer.next(); http://git-wip-us.apache.org/repos/asf/zeppelin/blob/0d746fa2/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapRealm.java ---------------------------------------------------------------------- diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapRealm.java b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapRealm.java index c68ab35..562ed96 100644 --- a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapRealm.java +++ b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapRealm.java @@ -74,44 +74,56 @@ import org.slf4j.LoggerFactory; * Implementation of {@link org.apache.shiro.realm.ldap.JndiLdapRealm} that also returns each user's * groups. This implementation is heavily based on org.apache.isis.security.shiro.IsisLdapRealm. * - * <p>This implementation saves looked up ldap groups in Shiro Session to make them easy to be - * looked up outside of this object + * <p>This implementation saves looked up ldap groups in Shiro Session to make them + * easy to be looked up outside of this object * * <p>Sample config for <tt>shiro.ini</tt>: * - * <p>[main] ldapRealm = org.apache.zeppelin.realm.LdapRealm ldapRealm.contextFactory.url = - * ldap://localhost:33389 ldapRealm.contextFactory.authenticationMechanism = simple - * ldapRealm.contextFactory.systemUsername = uid=guest,ou=people,dc=hadoop,dc= apache,dc=org - * ldapRealm.contextFactory.systemPassword = S{ALIAS=ldcSystemPassword} - * ldapRealm.hadoopSecurityCredentialPath = jceks://file/user/zeppelin/zeppelin.jceks - * ldapRealm.userDnTemplate = uid={0},ou=people,dc=hadoop,dc=apache,dc=org # Ability to set ldap - * paging Size if needed default is 100 ldapRealm.pagingSize = 200 ldapRealm.authorizationEnabled = - * true ldapRealm.searchBase = dc=hadoop,dc=apache,dc=org ldapRealm.userSearchBase = - * dc=hadoop,dc=apache,dc=org ldapRealm.groupSearchBase = ou=groups,dc=hadoop,dc=apache,dc=org - * ldapRealm.userObjectClass = person ldapRealm.groupObjectClass = groupofnames # Allow - * userSearchAttribute to be customized ldapRealm.userSearchAttributeName = sAMAccountName - * ldapRealm.memberAttribute = member # force usernames returned from ldap to lowercase useful for - * AD ldapRealm.userLowerCase = true # ability set searchScopes subtree (default), one, base - * ldapRealm.userSearchScope = subtree; ldapRealm.groupSearchScope = subtree; - * ldapRealm.userSearchFilter = (&(objectclass=person)(sAMAccountName={0})) - * ldapRealm.groupSearchFilter = (&(objectclass=groupofnames)(member={0})) - * ldapRealm.memberAttributeValueTemplate=cn={0},ou=people,dc=hadoop,dc=apache,dc=org # enable - * support for nested groups using the LDAP_MATCHING_RULE_IN_CHAIN operator - * ldapRealm.groupSearchEnableMatchingRuleInChain = true - * - * <p># optional mapping from physical groups to logical application roles ldapRealm.rolesByGroup = - * \ LDN_USERS: user_role,\ NYK_USERS: user_role,\ HKG_USERS: user_role, \GLOBAL_ADMIN: admin_role,\ - * DEMOS: self-install_role - * - * <p># optional list of roles that are allowed to authenticate - * ldapRealm.allowedRolesForAuthentication = admin_role,user_role - * - * <p>ldapRealm.permissionsByRole=\ user_role = *:ToDoItemsJdo:*:*,\*:ToDoItem:*:*; \ - * self-install_role = *:ToDoItemsFixturesService:install:* ; \ admin_role = * - * - * <p>[urls] **=authcBasic - * - * <p>securityManager.realms = $ldapRealm + * <p> + * [main] + * ldapRealm = org.apache.zeppelin.realm.LdapRealm + * ldapRealm.contextFactory.url = ldap://localhost:33389 + * ldapRealm.contextFactory.authenticationMechanism = simple + * ldapRealm.contextFactory.systemUsername = uid=guest,ou=people,dc=hadoop,dc= apache,dc=org + * ldapRealm.contextFactory.systemPassword = S{ALIAS=ldcSystemPassword} + * ldapRealm.hadoopSecurityCredentialPath = jceks://file/user/zeppelin/zeppelin.jceks + * ldapRealm.userDnTemplate = uid={0},ou=people,dc=hadoop,dc=apache,dc=org + * # Ability to set ldap paging Size if needed default is 100 + * ldapRealm.pagingSize = 200 + * ldapRealm.authorizationEnabled = true + * ldapRealm.searchBase = dc=hadoop,dc=apache,dc=org + * ldapRealm.userSearchBase = dc=hadoop,dc=apache,dc=org + * ldapRealm.groupSearchBase = ou=groups,dc=hadoop,dc=apache,dc=org + * ldapRealm.userObjectClass = person + * ldapRealm.groupObjectClass = groupofnames + * # Allow userSearchAttribute to be customized + * ldapRealm.userSearchAttributeName = sAMAccountName + * ldapRealm.memberAttribute = member + * # force usernames returned from ldap to lowercase useful for AD + * ldapRealm.userLowerCase = true + * # ability set searchScopes subtree (default), one, base + * ldapRealm.userSearchScope = subtree; + * ldapRealm.groupSearchScope = subtree; + * ldapRealm.userSearchFilter = (&(objectclass=person)(sAMAccountName={0})) + * ldapRealm.groupSearchFilter = (&(objectclass=groupofnames)(member={0})) + * ldapRealm.memberAttributeValueTemplate=cn={0},ou=people,dc=hadoop,dc=apache,dc=org + * # enable support for nested groups using the LDAP_MATCHING_RULE_IN_CHAIN operator + * ldapRealm.groupSearchEnableMatchingRuleInChain = true + * <p> + * # optional mapping from physical groups to logical application roles + * ldapRealm.rolesByGroup = \ LDN_USERS: user_role,\ NYK_USERS: user_role,\ HKG_USERS: user_role, + * \GLOBAL_ADMIN: admin_role,\ DEMOS: self-install_role + * <p> + * # optional list of roles that are allowed to authenticate + * ldapRealm.allowedRolesForAuthentication = admin_role,user_role + * <p> + * ldapRealm.permissionsByRole=\ user_role = *:ToDoItemsJdo:*:*,\*:ToDoItem:*:*; + * \ self-install_role = *:ToDoItemsFixturesService:install:* ; \ admin_role = * + * <p> + * [urls] + * **=authcBasic + * <p> + * securityManager.realms = $ldapRealm */ public class LdapRealm extends JndiLdapRealm { @@ -181,6 +193,8 @@ public class LdapRealm extends JndiLdapRealm { private HashService hashService = new DefaultHashService(); + + public void setHadoopSecurityCredentialPath(String hadoopSecurityCredentialPath) { this.hadoopSecurityCredentialPath = hadoopSecurityCredentialPath; } @@ -204,17 +218,18 @@ public class LdapRealm extends JndiLdapRealm { super.onInit(); if (!org.apache.commons.lang.StringUtils.isEmpty(this.hadoopSecurityCredentialPath) && getContextFactory() != null) { - ((JndiLdapContextFactory) getContextFactory()) - .setSystemPassword(getSystemPassword(this.hadoopSecurityCredentialPath, keystorePass)); + ((JndiLdapContextFactory) getContextFactory()).setSystemPassword( + getSystemPassword(this.hadoopSecurityCredentialPath, keystorePass)); } } - static String getSystemPassword(String hadoopSecurityCredentialPath, String keystorePass) { + static String getSystemPassword(String hadoopSecurityCredentialPath, + String keystorePass) { String password = ""; try { Configuration configuration = new Configuration(); - configuration.set( - CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, hadoopSecurityCredentialPath); + configuration.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, + hadoopSecurityCredentialPath); CredentialProvider provider = CredentialProviderFactory.getProviders(configuration).get(0); CredentialProvider.CredentialEntry credEntry = provider.getCredentialEntry(keystorePass); if (credEntry != null) { @@ -224,19 +239,16 @@ public class LdapRealm extends JndiLdapRealm { throw new ShiroException("Error from getting credential entry from keystore", e); } if (org.apache.commons.lang.StringUtils.isEmpty(password)) { - throw new ShiroException( - "Error getting SystemPassword from the provided keystore:" - + keystorePass - + ", in path:" - + hadoopSecurityCredentialPath); + throw new ShiroException("Error getting SystemPassword from the provided keystore:" + + keystorePass + ", in path:" + hadoopSecurityCredentialPath); } return password; } /** - * This overrides the implementation of queryForAuthenticationInfo inside JndiLdapRealm. In - * addition to calling the super method for authentication it also tries to validate if this user - * has atleast one of the allowed roles for authentication. In case the property + * This overrides the implementation of queryForAuthenticationInfo inside JndiLdapRealm. + * In addition to calling the super method for authentication it also tries to validate + * if this user has atleast one of the allowed roles for authentication. In case the property * allowedRolesForAuthentication is empty this check always returns true. * * @param token the submitted authentication token that triggered the authentication attempt. @@ -245,8 +257,8 @@ public class LdapRealm extends JndiLdapRealm { * @throws NamingException if any LDAP errors occur. */ @Override - protected AuthenticationInfo queryForAuthenticationInfo( - AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException { + protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token, + LdapContextFactory ldapContextFactory) throws NamingException { AuthenticationInfo info = super.queryForAuthenticationInfo(token, ldapContextFactory); // Credentials were verified. Verify that the principal has all allowedRulesForAuthentication if (!hasAllowedAuthenticationRules(info.getPrincipals(), ldapContextFactory)) { @@ -256,19 +268,21 @@ public class LdapRealm extends JndiLdapRealm { } /** - * Get groups from LDAP. - * - * @param principals the principals of the Subject whose AuthenticationInfo should be queried from - * the LDAP server. - * @param ldapContextFactory factory used to retrieve LDAP connections. - * @return an {@link AuthorizationInfo} instance containing information retrieved from the LDAP - * server. - * @throws NamingException if any LDAP errors occur during the search. - */ + * Get groups from LDAP. + * + * @param principals + * the principals of the Subject whose AuthenticationInfo should + * be queried from the LDAP server. + * @param ldapContextFactory + * factory used to retrieve LDAP connections. + * @return an {@link AuthorizationInfo} instance containing information + * retrieved from the LDAP server. + * @throws NamingException + * if any LDAP errors occur during the search. + */ @Override - public AuthorizationInfo queryForAuthorizationInfo( - final PrincipalCollection principals, final LdapContextFactory ldapContextFactory) - throws NamingException { + public AuthorizationInfo queryForAuthorizationInfo(final PrincipalCollection principals, + final LdapContextFactory ldapContextFactory) throws NamingException { if (!isAuthorizationEnabled()) { return null; } @@ -282,9 +296,8 @@ public class LdapRealm extends JndiLdapRealm { return simpleAuthorizationInfo; } - private boolean hasAllowedAuthenticationRules( - PrincipalCollection principals, final LdapContextFactory ldapContextFactory) - throws NamingException { + private boolean hasAllowedAuthenticationRules(PrincipalCollection principals, + final LdapContextFactory ldapContextFactory) throws NamingException { boolean allowed = allowedRolesForAuthentication.isEmpty(); if (!allowed) { Set<String> roles = getRoles(principals, ldapContextFactory); @@ -299,20 +312,15 @@ public class LdapRealm extends JndiLdapRealm { return allowed; } - private Set<String> getRoles( - PrincipalCollection principals, final LdapContextFactory ldapContextFactory) - throws NamingException { + private Set<String> getRoles(PrincipalCollection principals, + final LdapContextFactory ldapContextFactory) throws NamingException { final String username = (String) getAvailablePrincipal(principals); LdapContext systemLdapCtx = null; try { systemLdapCtx = ldapContextFactory.getSystemLdapContext(); - return rolesFor( - principals, - username, - systemLdapCtx, - ldapContextFactory, - SecurityUtils.getSubject().getSession()); + return rolesFor(principals, username, systemLdapCtx, + ldapContextFactory, SecurityUtils.getSubject().getSession()); } catch (AuthenticationException ae) { ae.printStackTrace(); return Collections.emptySet(); @@ -321,13 +329,9 @@ public class LdapRealm extends JndiLdapRealm { } } - protected Set<String> rolesFor( - PrincipalCollection principals, - String userNameIn, - final LdapContext ldapCtx, - final LdapContextFactory ldapContextFactory, - Session session) - throws NamingException { + protected Set<String> rolesFor(PrincipalCollection principals, String userNameIn, + final LdapContext ldapCtx, final LdapContextFactory ldapContextFactory, Session session) + throws NamingException { final Set<String> roleNames = new HashSet<>(); final Set<String> groupNames = new HashSet<>(); final String userName; @@ -337,7 +341,7 @@ public class LdapRealm extends JndiLdapRealm { } else { userName = userNameIn; } - + String userDn = getUserDnForSearch(userName); // Activate paged results @@ -349,10 +353,10 @@ public class LdapRealm extends JndiLdapRealm { byte[] cookie = null; try { ldapCtx.addToEnvironment(Context.REFERRAL, "ignore"); - - ldapCtx.setRequestControls( - new Control[] {new PagedResultsControl(pageSize, Control.NONCRITICAL)}); - + + ldapCtx.setRequestControls(new Control[]{new PagedResultsControl(pageSize, + Control.NONCRITICAL)}); + do { // ldapsearch -h localhost -p 33389 -D // uid=guest,ou=people,dc=hadoop,dc=apache,dc=org -w guest-password @@ -361,20 +365,19 @@ public class LdapRealm extends JndiLdapRealm { SearchControls searchControls = getGroupSearchControls(); try { if (groupSearchEnableMatchingRuleInChain) { - searchResultEnum = - ldapCtx.search( - getGroupSearchBase(), - String.format( - MATCHING_RULE_IN_CHAIN_FORMAT, groupObjectClass, memberAttribute, userDn), - searchControls); + searchResultEnum = ldapCtx.search( + getGroupSearchBase(), + String.format( + MATCHING_RULE_IN_CHAIN_FORMAT, groupObjectClass, memberAttribute, userDn), + searchControls); while (searchResultEnum != null && searchResultEnum.hasMore()) { // searchResults contains all the groups in search scope numResults++; final SearchResult group = searchResultEnum.next(); Attribute attribute = group.getAttributes().get(getGroupIdAttribute()); - String groupName = attribute.get().toString(); - + String groupName = attribute.get().toString(); + String roleName = roleNameFor(groupName); if (roleName != null) { roleNames.add(roleName); @@ -389,18 +392,16 @@ public class LdapRealm extends JndiLdapRealm { // If group search filter is defined in Shiro config, then use it if (groupSearchFilter != null) { searchFilter = expandTemplate(groupSearchFilter, userName); - // searchFilter = String.format("%1$s", groupSearchFilter); + //searchFilter = String.format("%1$s", groupSearchFilter); } if (log.isDebugEnabled()) { - log.debug( - "Group SearchBase|SearchFilter|GroupSearchScope: " - + getGroupSearchBase() - + "|" - + searchFilter - + "|" - + groupSearchScope); + log.debug("Group SearchBase|SearchFilter|GroupSearchScope: " + getGroupSearchBase() + + "|" + searchFilter + "|" + groupSearchScope); } - searchResultEnum = ldapCtx.search(getGroupSearchBase(), searchFilter, searchControls); + searchResultEnum = ldapCtx.search( + getGroupSearchBase(), + searchFilter, + searchControls); while (searchResultEnum != null && searchResultEnum.hasMore()) { // searchResults contains all the groups in search scope numResults++; @@ -416,11 +417,12 @@ public class LdapRealm extends JndiLdapRealm { } } // Re-activate paged results - ldapCtx.setRequestControls( - new Control[] {new PagedResultsControl(pageSize, cookie, Control.CRITICAL)}); + ldapCtx.setRequestControls(new Control[]{new PagedResultsControl(pageSize, + cookie, Control.CRITICAL)}); } while (cookie != null); } catch (SizeLimitExceededException e) { - log.info("Only retrieved first " + numResults + " groups due to SizeLimitExceededException."); + log.info("Only retrieved first " + numResults + + " groups due to SizeLimitExceededException."); } catch (IOException e) { log.error("Unabled to setup paged results"); } @@ -447,13 +449,9 @@ public class LdapRealm extends JndiLdapRealm { } } - private void addRoleIfMember( - final String userDn, - final SearchResult group, - final Set<String> roleNames, - final Set<String> groupNames, - final LdapContextFactory ldapContextFactory) - throws NamingException { + private void addRoleIfMember(final String userDn, final SearchResult group, + final Set<String> roleNames, final Set<String> groupNames, + final LdapContextFactory ldapContextFactory) throws NamingException { NamingEnumeration<? extends Attribute> attributeEnum = null; NamingEnumeration<?> ne = null; try { @@ -471,8 +469,8 @@ public class LdapRealm extends JndiLdapRealm { while (ne.hasMore()) { String attrValue = ne.next().toString(); if (memberAttribute.equalsIgnoreCase(MEMBER_URL)) { - boolean dynamicGroupMember = - isUserMemberOfDynamicGroup(userLdapDn, attrValue, ldapContextFactory); + boolean dynamicGroupMember = isUserMemberOfDynamicGroup(userLdapDn, attrValue, + ldapContextFactory); if (dynamicGroupMember) { groupNames.add(groupName); String roleName = roleNameFor(groupName); @@ -602,11 +600,13 @@ public class LdapRealm extends JndiLdapRealm { } /** - * Set Member Attribute Template for LDAP. - * - * @param template DN template to be used to query ldap. - * @throws IllegalArgumentException if template is empty or null. - */ + * Set Member Attribute Template for LDAP. + * + * @param template + * DN template to be used to query ldap. + * @throws IllegalArgumentException + * if template is empty or null. + */ public void setMemberAttributeValueTemplate(String template) { if (!StringUtils.hasText(template)) { String msg = "User DN template cannot be null or empty."; @@ -614,11 +614,8 @@ public class LdapRealm extends JndiLdapRealm { } int index = template.indexOf(MEMBER_SUBSTITUTION_TOKEN); if (index < 0) { - String msg = - "Member attribute value template must contain the '" - + MEMBER_SUBSTITUTION_TOKEN - + "' replacement token to understand how to " - + "parse the group members."; + String msg = "Member attribute value template must contain the '" + MEMBER_SUBSTITUTION_TOKEN + + "' replacement token to understand how to " + "parse the group members."; throw new IllegalArgumentException(msg); } String prefix = template.substring(0, index); @@ -660,10 +657,11 @@ public class LdapRealm extends JndiLdapRealm { } /** - * Set User Search Attribute Name for LDAP. - * - * @param userSearchAttributeName userAttribute to search ldap. - */ + * Set User Search Attribute Name for LDAP. + * + * @param userSearchAttributeName + * userAttribute to search ldap. + */ public void setUserSearchAttributeName(String userSearchAttributeName) { if (userSearchAttributeName != null) { userSearchAttributeName = userSearchAttributeName.trim(); @@ -702,9 +700,8 @@ public class LdapRealm extends JndiLdapRealm { return perms; } - boolean isUserMemberOfDynamicGroup( - LdapName userLdapDn, String memberUrl, final LdapContextFactory ldapContextFactory) - throws NamingException { + boolean isUserMemberOfDynamicGroup(LdapName userLdapDn, String memberUrl, + final LdapContextFactory ldapContextFactory) throws NamingException { // ldap://host:port/dn?attributes?scope?filter?extensions if (memberUrl == null) { return false; @@ -739,11 +736,8 @@ public class LdapRealm extends JndiLdapRealm { boolean member = false; NamingEnumeration<SearchResult> searchResultEnum = null; try { - searchResultEnum = - systemLdapCtx.search( - userLdapDn, - searchFilter, - searchScope.equalsIgnoreCase("sub") ? SUBTREE_SCOPE : ONELEVEL_SCOPE); + searchResultEnum = systemLdapCtx.search(userLdapDn, searchFilter, + searchScope.equalsIgnoreCase("sub") ? SUBTREE_SCOPE : ONELEVEL_SCOPE); if (searchResultEnum.hasMore()) { return true; } @@ -764,10 +758,11 @@ public class LdapRealm extends JndiLdapRealm { } /** - * Set Regex for Principal LDAP. - * - * @param regex regex to use to search for principal in shiro. - */ + * Set Regex for Principal LDAP. + * + * @param regex + * regex to use to search for principal in shiro. + */ public void setPrincipalRegex(String regex) { if (regex == null || regex.trim().isEmpty()) { principalPattern = Pattern.compile(DEFAULT_PRINCIPAL_REGEX); @@ -865,44 +860,47 @@ public class LdapRealm extends JndiLdapRealm { private String matchPrincipal(final String principal) { Matcher matchedPrincipal = principalPattern.matcher(principal); if (!matchedPrincipal.matches()) { - throw new IllegalArgumentException( - "Principal " + principal + " does not match " + principalRegex); + throw new IllegalArgumentException("Principal " + + principal + " does not match " + principalRegex); } return matchedPrincipal.group(); } /** - * Returns the LDAP User Distinguished Name (DN) to use when acquiring an {@link - * javax.naming.ldap.LdapContext LdapContext} from the {@link LdapContextFactory}. - * - * <p>If the the {@link #getUserDnTemplate() userDnTemplate} property has been set, this - * implementation will construct the User DN by substituting the specified {@code principal} into - * the configured template. If the {@link #getUserDnTemplate() userDnTemplate} has not been set, - * the method argument will be returned directly (indicating that the submitted authentication - * token principal <em>is</em> the User DN). - * - * @param principal the principal to substitute into the configured {@link #getUserDnTemplate() - * userDnTemplate}. - * @return the constructed User DN to use at runtime when acquiring an {@link - * javax.naming.ldap.LdapContext}. - * @throws IllegalArgumentException if the method argument is null or empty - * @throws IllegalStateException if the {@link #getUserDnTemplate userDnTemplate} has not been - * set. - * @see LdapContextFactory#getLdapContext(Object, Object) - */ + * Returns the LDAP User Distinguished Name (DN) to use when acquiring an + * {@link javax.naming.ldap.LdapContext LdapContext} from the + * {@link LdapContextFactory}. + * <p/> + * If the the {@link #getUserDnTemplate() userDnTemplate} property has been + * set, this implementation will construct the User DN by substituting the + * specified {@code principal} into the configured template. If the + * {@link #getUserDnTemplate() userDnTemplate} has not been set, the method + * argument will be returned directly (indicating that the submitted + * authentication token principal <em>is</em> the User DN). + * + * @param principal + * the principal to substitute into the configured + * {@link #getUserDnTemplate() userDnTemplate}. + * @return the constructed User DN to use at runtime when acquiring an + * {@link javax.naming.ldap.LdapContext}. + * @throws IllegalArgumentException + * if the method argument is null or empty + * @throws IllegalStateException + * if the {@link #getUserDnTemplate userDnTemplate} has not been + * set. + * @see LdapContextFactory#getLdapContext(Object, Object) + */ @Override - protected String getUserDn(final String principal) - throws IllegalArgumentException, IllegalStateException { + protected String getUserDn(final String principal) throws IllegalArgumentException, + IllegalStateException { String userDn; String matchedPrincipal = matchPrincipal(principal); String userSearchBase = getUserSearchBase(); String userSearchAttributeName = getUserSearchAttributeName(); // If not searching use the userDnTemplate and return. - if ((userSearchBase == null || userSearchBase.isEmpty()) - || (userSearchAttributeName == null - && userSearchFilter == null - && !"object".equalsIgnoreCase(userSearchScope))) { + if ((userSearchBase == null || userSearchBase.isEmpty()) || (userSearchAttributeName == null + && userSearchFilter == null && !"object".equalsIgnoreCase(userSearchScope))) { userDn = expandTemplate(userDnTemplate, matchedPrincipal); if (log.isDebugEnabled()) { log.debug("LDAP UserDN and Principal: " + userDn + "," + principal); @@ -917,12 +915,9 @@ public class LdapRealm extends JndiLdapRealm { if (userSearchAttributeName == null) { searchFilter = String.format("(objectclass=%1$s)", getUserObjectClass()); } else { - searchFilter = - String.format( - "(&(objectclass=%1$s)(%2$s=%3$s))", - getUserObjectClass(), - userSearchAttributeName, - expandTemplate(getUserSearchAttributeTemplate(), matchedPrincipal)); + searchFilter = String.format("(&(objectclass=%1$s)(%2$s=%3$s))", getUserObjectClass(), + userSearchAttributeName, expandTemplate(getUserSearchAttributeTemplate(), + matchedPrincipal)); } } else { searchFilter = expandTemplate(userSearchFilter, matchedPrincipal); @@ -935,13 +930,8 @@ public class LdapRealm extends JndiLdapRealm { try { systemLdapCtx = getContextFactory().getSystemLdapContext(); if (log.isDebugEnabled()) { - log.debug( - "SearchBase,SearchFilter,UserSearchScope: " - + searchBase - + "," - + searchFilter - + "," - + userSearchScope); + log.debug("SearchBase,SearchFilter,UserSearchScope: " + searchBase + + "," + searchFilter + "," + userSearchScope); } searchResultEnum = systemLdapCtx.search(searchBase, searchFilter, searchControls); // SearchResults contains all the entries in search scope @@ -974,18 +964,16 @@ public class LdapRealm extends JndiLdapRealm { } @Override - protected AuthenticationInfo createAuthenticationInfo( - AuthenticationToken token, - Object ldapPrincipal, - Object ldapCredentials, - LdapContext ldapContext) + protected AuthenticationInfo createAuthenticationInfo(AuthenticationToken token, + Object ldapPrincipal, Object ldapCredentials, LdapContext ldapContext) throws NamingException { HashRequest.Builder builder = new HashRequest.Builder(); - Hash credentialsHash = - hashService.computeHash( - builder.setSource(token.getCredentials()).setAlgorithmName(HASHING_ALGORITHM).build()); - return new SimpleAuthenticationInfo( - token.getPrincipal(), credentialsHash.toHex(), credentialsHash.getSalt(), getName()); + Hash credentialsHash = hashService + .computeHash(builder.setSource(token.getCredentials()) + .setAlgorithmName(HASHING_ALGORITHM).build()); + return new SimpleAuthenticationInfo(token.getPrincipal(), + credentialsHash.toHex(), credentialsHash.getSalt(), + getName()); } protected static final String expandTemplate(final String template, final String input) { http://git-wip-us.apache.org/repos/asf/zeppelin/blob/0d746fa2/zeppelin-server/src/main/java/org/apache/zeppelin/realm/PamRealm.java ---------------------------------------------------------------------- diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/PamRealm.java b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/PamRealm.java index 2af5e81..0622673 100644 --- a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/PamRealm.java +++ b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/PamRealm.java @@ -16,8 +16,6 @@ */ package org.apache.zeppelin.realm; -import java.util.LinkedHashSet; -import java.util.Set; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; @@ -33,7 +31,12 @@ import org.jvnet.libpam.UnixUser; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -/** An {@code AuthorizingRealm} based on libpam4j. */ +import java.util.LinkedHashSet; +import java.util.Set; + +/** + * An {@code AuthorizingRealm} based on libpam4j. + */ public class PamRealm extends AuthorizingRealm { private static final Logger LOG = LoggerFactory.getLogger(PamRealm.class); @@ -45,7 +48,7 @@ public class PamRealm extends AuthorizingRealm { UserPrincipal user = principals.oneByType(UserPrincipal.class); - if (user != null) { + if (user != null){ roles.addAll(user.getUnixUser().getGroups()); } @@ -54,20 +57,21 @@ public class PamRealm extends AuthorizingRealm { @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) - throws AuthenticationException { + throws AuthenticationException { UsernamePasswordToken userToken = (UsernamePasswordToken) token; UnixUser user; try { - user = - (new PAM(this.getService())) - .authenticate(userToken.getUsername(), new String(userToken.getPassword())); + user = (new PAM(this.getService())) + .authenticate(userToken.getUsername(), new String(userToken.getPassword())); } catch (PAMException e) { throw new AuthenticationException("Authentication failed for PAM.", e); } return new SimpleAuthenticationInfo( - new UserPrincipal(user), userToken.getCredentials(), getName()); + new UserPrincipal(user), + userToken.getCredentials(), + getName()); } public String getService() { http://git-wip-us.apache.org/repos/asf/zeppelin/blob/0d746fa2/zeppelin-server/src/main/java/org/apache/zeppelin/realm/UserPrincipal.java ---------------------------------------------------------------------- diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/UserPrincipal.java b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/UserPrincipal.java index ee2ee30..c1221e7 100644 --- a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/UserPrincipal.java +++ b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/UserPrincipal.java @@ -16,10 +16,13 @@ */ package org.apache.zeppelin.realm; -import java.security.Principal; import org.jvnet.libpam.UnixUser; -/** A {@code java.security.Principal} implememtation for use with Shiro {@code PamRealm}. */ +import java.security.Principal; + +/** + * A {@code java.security.Principal} implememtation for use with Shiro {@code PamRealm}. + */ public class UserPrincipal implements Principal { private final UnixUser userName; http://git-wip-us.apache.org/repos/asf/zeppelin/blob/0d746fa2/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ZeppelinHubRealm.java ---------------------------------------------------------------------- diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ZeppelinHubRealm.java b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ZeppelinHubRealm.java index 18b4b2c..2a4dcda 100644 --- a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ZeppelinHubRealm.java +++ b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ZeppelinHubRealm.java @@ -19,12 +19,7 @@ package org.apache.zeppelin.realm; import com.google.common.base.Joiner; import com.google.gson.Gson; import com.google.gson.JsonParseException; -import java.io.IOException; -import java.net.MalformedURLException; -import java.net.URI; -import java.net.URISyntaxException; -import java.util.HashSet; -import java.util.concurrent.atomic.AtomicInteger; + import org.apache.commons.httpclient.HttpClient; import org.apache.commons.httpclient.HttpStatus; import org.apache.commons.httpclient.methods.PutMethod; @@ -39,15 +34,26 @@ import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; +import org.apache.zeppelin.service.ServiceContext; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.io.IOException; +import java.net.MalformedURLException; +import java.net.URI; +import java.net.URISyntaxException; +import java.util.HashSet; +import java.util.concurrent.atomic.AtomicInteger; + import org.apache.zeppelin.common.JsonSerializable; import org.apache.zeppelin.notebook.repo.zeppelinhub.model.UserSessionContainer; import org.apache.zeppelin.notebook.repo.zeppelinhub.websocket.utils.ZeppelinhubUtils; import org.apache.zeppelin.server.ZeppelinServer; -import org.apache.zeppelin.service.ServiceContext; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -/** A {@code Realm} implementation that uses the ZeppelinHub to authenticate users. */ +/** + * A {@code Realm} implementation that uses the ZeppelinHub to authenticate users. + * + */ public class ZeppelinHubRealm extends AuthorizingRealm { private static final Logger LOG = LoggerFactory.getLogger(ZeppelinHubRealm.class); private static final String DEFAULT_ZEPPELINHUB_URL = "https://www.zeppelinhub.com";; @@ -65,7 +71,7 @@ public class ZeppelinHubRealm extends AuthorizingRealm { public ZeppelinHubRealm() { super(); LOG.debug("Init ZeppelinhubRealm"); - // TODO(anthonyc): think about more setting for this HTTP client. + //TODO(anthonyc): think about more setting for this HTTP client. // eg: if user uses proxy etcetc... httpClient = new HttpClient(); name = getClass().getName() + "_" + INSTANCE_COUNT.getAndIncrement(); @@ -73,7 +79,7 @@ public class ZeppelinHubRealm extends AuthorizingRealm { @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authToken) - throws AuthenticationException { + throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authToken; if (StringUtils.isBlank(token.getUsername())) { throw new AccountException("Empty usernames are not allowed by this realm."); @@ -95,11 +101,11 @@ public class ZeppelinHubRealm extends AuthorizingRealm { } /** - * Setter of ZeppelinHub URL, this will be called by Shiro based on zeppelinhubUrl property in - * shiro.ini file. + * Setter of ZeppelinHub URL, this will be called by Shiro based on zeppelinhubUrl property + * in shiro.ini file. * - * <p>It will also perform a check of ZeppelinHub url {@link #isZeppelinHubUrlValid}, if the url - * is not valid, the default zeppelinhub url will be used. + * It will also perform a check of ZeppelinHub url {@link #isZeppelinHubUrlValid}, + * if the url is not valid, the default zeppelinhub url will be used. * * @param url */ @@ -131,8 +137,8 @@ public class ZeppelinHubRealm extends AuthorizingRealm { if (statusCode != HttpStatus.SC_OK) { LOG.error("Cannot login user, HTTP status code is {} instead on 200 (OK)", statusCode); put.releaseConnection(); - throw new AuthenticationException( - "Couldnt login to ZeppelinHub. " + "Login or password incorrect"); + throw new AuthenticationException("Couldnt login to ZeppelinHub. " + + "Login or password incorrect"); } responseBody = put.getResponseBodyAsString(); userSession = put.getResponseHeader(USER_SESSION_HEADER).getValue(); @@ -159,8 +165,13 @@ public class ZeppelinHubRealm extends AuthorizingRealm { /** * Create a JSON String that represent login payload. * - * <p>Payload will look like: {@code { 'login': 'userLogin', 'password': 'userpassword' } } - * + * Payload will look like: + * {@code + * { + * 'login': 'userLogin', + * 'password': 'userpassword' + * } + * } * @param login * @param pwd * @return @@ -171,9 +182,9 @@ public class ZeppelinHubRealm extends AuthorizingRealm { } /** - * Perform a Simple URL check by using {@code URI(url).toURL()}. If the url is not valid, the - * try-catch condition will catch the exceptions and return false, otherwise true will be - * returned. + * Perform a Simple URL check by using {@code URI(url).toURL()}. + * If the url is not valid, the try-catch condition will catch the exceptions and return false, + * otherwise true will be returned. * * @param url * @return @@ -190,7 +201,9 @@ public class ZeppelinHubRealm extends AuthorizingRealm { return valid; } - /** Helper class that will be use to fromJson ZeppelinHub response. */ + /** + * Helper class that will be use to fromJson ZeppelinHub response. + */ protected static class User implements JsonSerializable { private static final Gson gson = new Gson(); public String login; @@ -212,8 +225,8 @@ public class ZeppelinHubRealm extends AuthorizingRealm { /* TODO(xxx): add proper roles */ HashSet<String> userAndRoles = new HashSet<>(); userAndRoles.add(username); - ServiceContext context = - new ServiceContext(new org.apache.zeppelin.user.AuthenticationInfo(username), userAndRoles); + ServiceContext context = new ServiceContext( + new org.apache.zeppelin.user.AuthenticationInfo(username), userAndRoles); try { ZeppelinServer.notebookWsServer.broadcastReloadedNoteList(null, context); } catch (IOException e) { http://git-wip-us.apache.org/repos/asf/zeppelin/blob/0d746fa2/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/JWTAuthenticationToken.java ---------------------------------------------------------------------- diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/JWTAuthenticationToken.java b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/JWTAuthenticationToken.java index 38c4d31..8dc86ed 100644 --- a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/JWTAuthenticationToken.java +++ b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/JWTAuthenticationToken.java @@ -18,7 +18,9 @@ package org.apache.zeppelin.realm.jwt; import org.apache.shiro.authc.AuthenticationToken; -/** Created for org.apache.zeppelin.server. */ +/** + * Created for org.apache.zeppelin.server. + */ public class JWTAuthenticationToken implements AuthenticationToken { private Object userId; private String token; http://git-wip-us.apache.org/repos/asf/zeppelin/blob/0d746fa2/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/KnoxAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/KnoxAuthenticationFilter.java b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/KnoxAuthenticationFilter.java index 1bfafcf..eccf6de 100644 --- a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/KnoxAuthenticationFilter.java +++ b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/KnoxAuthenticationFilter.java @@ -16,27 +16,30 @@ */ package org.apache.zeppelin.realm.jwt; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.Cookie; import org.apache.shiro.web.filter.authc.FormAuthenticationFilter; import org.apache.shiro.web.servlet.ShiroHttpServletRequest; -import org.apache.zeppelin.utils.SecurityUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -/** Created for org.apache.zeppelin.server. */ +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.Cookie; + +import org.apache.zeppelin.utils.SecurityUtils; + +/** + * Created for org.apache.zeppelin.server. + */ public class KnoxAuthenticationFilter extends FormAuthenticationFilter { private static final Logger LOGGER = LoggerFactory.getLogger(KnoxAuthenticationFilter.class); - protected boolean isAccessAllowed( - ServletRequest request, ServletResponse response, Object mappedValue) { - // Check with existing shiro authentication logic - // https://github.com/apache/shiro/blob/shiro-root-1.3.2/web/src/main/java/org/apache/shiro/ + protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, + Object mappedValue) { + //Check with existing shiro authentication logic + //https://github.com/apache/shiro/blob/shiro-root-1.3.2/web/src/main/java/org/apache/shiro/ // web/filter/authc/AuthenticatingFilter.java#L123-L124 - Boolean accessAllowed = - super.isAccessAllowed(request, response, mappedValue) - || !isLoginRequest(request, response) && isPermissive(mappedValue); + Boolean accessAllowed = super.isAccessAllowed(request, response, mappedValue) || + !isLoginRequest(request, response) && isPermissive(mappedValue); if (accessAllowed) { accessAllowed = false; @@ -57,10 +60,9 @@ public class KnoxAuthenticationFilter extends FormAuthenticationFilter { } } } else { - LOGGER.error( - "Looks like this filter is enabled without enabling KnoxJwtRealm, please refer" - + " to https://zeppelin.apache.org/docs/latest/security/shiroauthentication.html"; - + "#knox-sso"); + LOGGER.error("Looks like this filter is enabled without enabling KnoxJwtRealm, please refer" + + " to https://zeppelin.apache.org/docs/latest/security/shiroauthentication.html"; + + "#knox-sso"); } } return accessAllowed; http://git-wip-us.apache.org/repos/asf/zeppelin/blob/0d746fa2/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/KnoxJwtRealm.java ---------------------------------------------------------------------- diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/KnoxJwtRealm.java b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/KnoxJwtRealm.java index 83a75ff..3663174 100644 --- a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/KnoxJwtRealm.java +++ b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/KnoxJwtRealm.java @@ -16,10 +16,20 @@ */ package org.apache.zeppelin.realm.jwt; -import com.nimbusds.jose.JWSObject; -import com.nimbusds.jose.JWSVerifier; -import com.nimbusds.jose.crypto.RSASSAVerifier; -import com.nimbusds.jwt.SignedJWT; +import java.util.Date; +import org.apache.commons.io.FileUtils; +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.security.Groups; +import org.apache.shiro.authc.AuthenticationInfo; +import org.apache.shiro.authc.AuthenticationToken; +import org.apache.shiro.authc.SimpleAccount; +import org.apache.shiro.authz.AuthorizationInfo; +import org.apache.shiro.authz.SimpleAuthorizationInfo; +import org.apache.shiro.realm.AuthorizingRealm; +import org.apache.shiro.subject.PrincipalCollection; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + import java.io.ByteArrayInputStream; import java.io.File; import java.io.IOException; @@ -30,25 +40,20 @@ import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.security.interfaces.RSAPublicKey; import java.text.ParseException; -import java.util.Date; import java.util.HashSet; import java.util.List; import java.util.Set; + import javax.servlet.ServletException; -import org.apache.commons.io.FileUtils; -import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.security.Groups; -import org.apache.shiro.authc.AuthenticationInfo; -import org.apache.shiro.authc.AuthenticationToken; -import org.apache.shiro.authc.SimpleAccount; -import org.apache.shiro.authz.AuthorizationInfo; -import org.apache.shiro.authz.SimpleAuthorizationInfo; -import org.apache.shiro.realm.AuthorizingRealm; -import org.apache.shiro.subject.PrincipalCollection; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -/** Created for org.apache.zeppelin.server. */ +import com.nimbusds.jose.JWSObject; +import com.nimbusds.jose.JWSVerifier; +import com.nimbusds.jose.crypto.RSASSAVerifier; +import com.nimbusds.jwt.SignedJWT; + +/** + * Created for org.apache.zeppelin.server. + */ public class KnoxJwtRealm extends AuthorizingRealm { private static final Logger LOGGER = LoggerFactory.getLogger(KnoxJwtRealm.class); @@ -65,10 +70,14 @@ public class KnoxJwtRealm extends AuthorizingRealm { private SimplePrincipalMapper mapper = new SimplePrincipalMapper(); - /** Configuration object needed by for Hadoop classes. */ + /** + * Configuration object needed by for Hadoop classes. + */ private Configuration hadoopConfig; - /** Hadoop Groups implementation. */ + /** + * Hadoop Groups implementation. + */ private Groups hadoopGroups; @Override @@ -153,16 +162,15 @@ public class KnoxJwtRealm extends AuthorizingRealm { PublicKey key = null; try { CertificateFactory fact = CertificateFactory.getInstance("X.509"); - ByteArrayInputStream is = - new ByteArrayInputStream(FileUtils.readFileToString(new File(pem)).getBytes("UTF8")); + ByteArrayInputStream is = new ByteArrayInputStream( + FileUtils.readFileToString(new File(pem)).getBytes("UTF8")); X509Certificate cer = (X509Certificate) fact.generateCertificate(is); key = cer.getPublicKey(); } catch (CertificateException ce) { String message = null; if (pem.startsWith(pemHeader)) { - message = - "CertificateException - be sure not to include PEM header " - + "and footer in the PEM configuration element."; + message = "CertificateException - be sure not to include PEM header " + + "and footer in the PEM configuration element."; } else { message = "CertificateException - PEM may be corrupt"; } @@ -194,11 +202,12 @@ public class KnoxJwtRealm extends AuthorizingRealm { } /** - * Validate that the expiration time of the JWT token has not been violated. If it has then throw - * an AuthenticationException. Override this method in subclasses in order to customize the - * expiration validation behavior. + * Validate that the expiration time of the JWT token has not been violated. + * If it has then throw an AuthenticationException. Override this method in + * subclasses in order to customize the expiration validation behavior. * - * @param jwtToken the token that contains the expiration date to validate + * @param jwtToken + * the token that contains the expiration date to validate * @return valid true if the token has not expired; false otherwise */ protected boolean validateExpiration(SignedJWT jwtToken) { @@ -225,17 +234,20 @@ public class KnoxJwtRealm extends AuthorizingRealm { return new SimpleAuthorizationInfo(roles); } - /** Query the Hadoop implementation of {@link Groups} to retrieve groups for provided user. */ + /** + * Query the Hadoop implementation of {@link Groups} to retrieve groups for provided user. + */ public Set<String> mapGroupPrincipals(final String mappedPrincipalName) { /* return the groups as seen by Hadoop */ Set<String> groups = null; try { hadoopGroups.refresh(); - final List<String> groupList = hadoopGroups.getGroups(mappedPrincipalName); + final List<String> groupList = hadoopGroups + .getGroups(mappedPrincipalName); if (LOGGER.isDebugEnabled()) { - LOGGER.debug( - String.format("group found %s, %s", mappedPrincipalName, groupList.toString())); + LOGGER.debug(String.format("group found %s, %s", + mappedPrincipalName, groupList.toString())); } groups = new HashSet<>(groupList); http://git-wip-us.apache.org/repos/asf/zeppelin/blob/0d746fa2/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/PrincipalMapper.java ---------------------------------------------------------------------- diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/PrincipalMapper.java b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/PrincipalMapper.java index 7e037c0..fec276c 100644 --- a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/PrincipalMapper.java +++ b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/PrincipalMapper.java @@ -19,27 +19,26 @@ package org.apache.zeppelin.realm.jwt; public interface PrincipalMapper { /** - * Load the internal principal mapping table from the provided string value which conforms to the - * following semicolon delimited format: actual[,another-actual]=mapped;... - * + * Load the internal principal mapping table from the provided + * string value which conforms to the following semicolon delimited format: + * actual[,another-actual]=mapped;... * @param principalMapping */ void loadMappingTable(String principalMapping, String groupMapping) - throws PrincipalMappingException; + throws PrincipalMappingException; /** - * Acquire a mapped principal name from the mapping table as appropriate. Otherwise, the provided - * principalName will be used. - * + * Acquire a mapped principal name from the mapping table + * as appropriate. Otherwise, the provided principalName + * will be used. * @param principalName * @return principal name to be used in the assertion */ String mapUserPrincipal(String principalName); /** - * Acquire array of group principal names from the mapping table as appropriate. Otherwise, return - * null. - * + * Acquire array of group principal names from the mapping table + * as appropriate. Otherwise, return null. * @param principalName * @return group principal names to be used in the assertion */ http://git-wip-us.apache.org/repos/asf/zeppelin/blob/0d746fa2/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/PrincipalMappingException.java ---------------------------------------------------------------------- diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/PrincipalMappingException.java b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/PrincipalMappingException.java index 21d5fab..50e5036 100644 --- a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/PrincipalMappingException.java +++ b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/PrincipalMappingException.java @@ -1,20 +1,25 @@ /** - * Licensed to the Apache Software Foundation (ASF) under one or more contributor license - * agreements. See the NOTICE file distributed with this work for additional information regarding - * copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance with the License. You may obtain a - * copy of the License at + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at * - * <p>http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * <p>Unless required by applicable law or agreed to in writing, software distributed under the - * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either - * express or implied. See the License for the specific language governing permissions and + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.zeppelin.realm.jwt; -/** * {@link System}. */ +/*** + * {@link System}. + */ public class PrincipalMappingException extends Exception { public PrincipalMappingException(String message) { super(message); http://git-wip-us.apache.org/repos/asf/zeppelin/blob/0d746fa2/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/SimplePrincipalMapper.java ---------------------------------------------------------------------- diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/SimplePrincipalMapper.java b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/SimplePrincipalMapper.java index c1fbfb4..b194810 100644 --- a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/SimplePrincipalMapper.java +++ b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/SimplePrincipalMapper.java @@ -1,15 +1,18 @@ /** - * Licensed to the Apache Software Foundation (ASF) under one or more contributor license - * agreements. See the NOTICE file distributed with this work for additional information regarding - * copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance with the License. You may obtain a - * copy of the License at + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at * - * <p>http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * <p>Unless required by applicable law or agreed to in writing, software distributed under the - * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either - * express or implied. See the License for the specific language governing permissions and + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.zeppelin.realm.jwt; @@ -18,13 +21,17 @@ import java.util.Arrays; import java.util.HashMap; import java.util.StringTokenizer; -/** * */ + +/*** + * + */ public class SimplePrincipalMapper implements PrincipalMapper { public HashMap<String, String[]> principalMappings = null; public HashMap<String, String[]> groupMappings = null; - public SimplePrincipalMapper() {} + public SimplePrincipalMapper() { + } /* (non-Javadoc) * @see org.apache.hadoop.gateway.filter.PrincipalMapper#loadMappingTable(java.lang.String) @@ -38,7 +45,8 @@ public class SimplePrincipalMapper implements PrincipalMapper { } } - private HashMap<String, String[]> parseMapping(String mappings) throws PrincipalMappingException { + private HashMap<String, String[]> parseMapping(String mappings) + throws PrincipalMappingException { if (mappings == null) { return null; } @@ -63,10 +71,8 @@ public class SimplePrincipalMapper implements PrincipalMapper { // no principal mapping will occur table.clear(); throw new PrincipalMappingException( - "Unable to load mappings from provided string: " - + mappings - + " - no principal mapping will be provided.", - e); + "Unable to load mappings from provided string: " + mappings + + " - no principal mapping will be provided.", e); } } http://git-wip-us.apache.org/repos/asf/zeppelin/blob/0d746fa2/zeppelin-server/src/main/java/org/apache/zeppelin/rest/AbstractRestApi.java ---------------------------------------------------------------------- diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/AbstractRestApi.java b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/AbstractRestApi.java index aeede66..f4406a2 100644 --- a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/AbstractRestApi.java +++ b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/AbstractRestApi.java @@ -18,14 +18,15 @@ package org.apache.zeppelin.rest; import com.google.common.collect.Sets; -import java.io.IOException; -import java.util.Set; -import javax.ws.rs.WebApplicationException; import org.apache.zeppelin.service.ServiceContext; import org.apache.zeppelin.service.SimpleServiceCallback; import org.apache.zeppelin.user.AuthenticationInfo; import org.apache.zeppelin.utils.SecurityUtils; +import javax.ws.rs.WebApplicationException; +import java.io.IOException; +import java.util.Set; + public class AbstractRestApi { protected ServiceContext getServiceContext() {
