http://git-wip-us.apache.org/repos/asf/ambari/blob/b0f1e340/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/model/JWTAuthenticationToken.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/model/JWTAuthenticationToken.java b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/model/JWTAuthenticationToken.java new file mode 100644 index 0000000..35175b6 --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/model/JWTAuthenticationToken.java @@ -0,0 +1,53 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.ambari.logsearch.web.model; + +import org.springframework.security.authentication.AbstractAuthenticationToken; +import org.springframework.security.core.GrantedAuthority; + +import java.util.Collection; + +public class JWTAuthenticationToken extends AbstractAuthenticationToken { + + private String credential; + + private String principal; + + public JWTAuthenticationToken(String principal, String credential) { + super((Collection)null); + this.principal = principal; + this.credential = credential; + } + + public JWTAuthenticationToken(String principal, String credential, Collection<? extends GrantedAuthority> authorities) { + super(authorities); + this.principal = principal; + this.credential = credential; + } + + @Override + public Object getCredentials() { + return credential; + } + + @Override + public Object getPrincipal() { + return principal; + } +}
http://git-wip-us.apache.org/repos/asf/ambari/blob/b0f1e340/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/model/Privilege.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/model/Privilege.java b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/model/Privilege.java new file mode 100644 index 0000000..949a1ab --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/model/Privilege.java @@ -0,0 +1,42 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.ambari.logsearch.web.model; + +public class Privilege { + + private String name; + + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } + + @Override + public String toString() { + StringBuilder builder = new StringBuilder(); + builder.append("Privilege [name="); + builder.append(name); + builder.append("]"); + return builder.toString(); + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/b0f1e340/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/model/Role.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/model/Role.java b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/model/Role.java new file mode 100644 index 0000000..9b08424 --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/model/Role.java @@ -0,0 +1,64 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.ambari.logsearch.web.model; + +import java.util.List; + +import org.springframework.security.core.GrantedAuthority; + +public class Role implements GrantedAuthority { + + private static final long serialVersionUID = 1L; + private String name; + + private List<Privilege> privileges; + + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } + + @Override + public String getAuthority() { + return this.name; + } + + public List<Privilege> getPrivileges() { + return privileges; + } + + public void setPrivileges(List<Privilege> privileges) { + this.privileges = privileges; + } + + @Override + public String toString() { + StringBuilder builder = new StringBuilder(); + builder.append("Role [name="); + builder.append(name); + builder.append(", privileges="); + builder.append(privileges); + builder.append("]"); + return builder.toString(); + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/b0f1e340/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/model/User.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/model/User.java b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/model/User.java new file mode 100644 index 0000000..2bd0ed2 --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/model/User.java @@ -0,0 +1,167 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.ambari.logsearch.web.model; + +import java.util.Collection; +import java.util.List; + +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.userdetails.UserDetails; + +public class User implements UserDetails { + private static final long serialVersionUID = 1L; + + private String username; + private String password; + private String email; + private String firstName; + private String lastName; + + /* Spring Security fields*/ + private List<GrantedAuthority> authorities; + private boolean accountNonExpired = true; + private boolean accountNonLocked = true; + private boolean credentialsNonExpired = true; + private boolean enabled = true; + + public User(String userName2, String userPassword, List<GrantedAuthority> grantedAuths) { + this.username = userName2; + this.password = userPassword; + this.authorities = grantedAuths; + + } + + public User() { + // TODO Auto-generated constructor stub + } + + @Override + public String getUsername() { + return username; + } + + public void setUsername(String username) { + this.username = username; + } + + @Override + public String getPassword() { + return password; + } + + public void setPassword(String password) { + this.password = password; + } + + public String getFirstName() { + return firstName; + } + + public void setFirstName(String firstName) { + this.firstName = firstName; + } + + public String getLastName() { + return lastName; + } + + public void setLastName(String lastName) { + this.lastName = lastName; + } + + public String getEmail() { + return email; + } + + public void setEmail(String email) { + this.email = email; + } + + @Override + public Collection<? extends GrantedAuthority> getAuthorities() { + return this.authorities; + } + + public void setAuthorities(List<GrantedAuthority> authorities) { + this.authorities = authorities; + } + + + @Override + public boolean isAccountNonExpired() { + return this.accountNonExpired; + } + + public void setAccountNonExpired(boolean accountNonExpired) { + this.accountNonExpired = accountNonExpired; + } + + @Override + public boolean isAccountNonLocked() { + return this.accountNonLocked; + } + + public void setAccountNonLocked(boolean accountNonLocked) { + this.accountNonLocked = accountNonLocked; + } + + @Override + public boolean isCredentialsNonExpired() { + return this.credentialsNonExpired; + } + + public void setCredentialsNonExpired(boolean credentialsNonExpired) { + this.credentialsNonExpired = credentialsNonExpired; + } + + @Override + public boolean isEnabled() { + return this.enabled; + } + + public void setEnabled(boolean enabled) { + this.enabled = enabled; + } + + @Override + public String toString() { + StringBuilder builder = new StringBuilder(); + builder.append("User [username="); + builder.append(username); + builder.append(", email="); + builder.append(email); + builder.append(", firstName="); + builder.append(firstName); + builder.append(", lastName="); + builder.append(lastName); + builder.append(", authorities="); + builder.append(authorities); + builder.append(", accountNonExpired="); + builder.append(accountNonExpired); + builder.append(", accountNonLocked="); + builder.append(accountNonLocked); + builder.append(", credentialsNonExpired="); + builder.append(credentialsNonExpired); + builder.append(", enabled="); + builder.append(enabled); + builder.append("]"); + return builder.toString(); + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/b0f1e340/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LdapProperties.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LdapProperties.java b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LdapProperties.java new file mode 100644 index 0000000..82e71fe --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LdapProperties.java @@ -0,0 +1,365 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.ambari.logsearch.web.security; + +import org.apache.commons.lang.StringUtils; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +/** + * Describes LDAP Server connection parameters + */ +public class LdapProperties { + private String primaryUrl; + private String secondaryUrl; + private boolean useSsl; + private boolean anonymousBind; + private String managerDn; + private String managerPassword; + private String baseDN; + private String dnAttribute; + private String referralMethod; + + // LDAP group properties + private String groupBase; + private String groupObjectClass; + private String groupMembershipAttr; + private String groupNamingAttr; + private String adminGroupMappingRules; + private boolean groupMappingEnabled; + + // LDAP user properties + private String userBase; + private String userObjectClass; + private String usernameAttribute; + private String userSearchBase = ""; + + private String groupSearchFilter; + private static final String userSearchFilter = "({attribute}={0})"; + + public List<String> getLdapUrls() { + String protocol = useSsl ? "ldaps://" : "ldap://"; + + if (StringUtils.isEmpty(primaryUrl) || primaryUrl.equalsIgnoreCase("none")) { + return Collections.emptyList(); + } else { + List<String> list = new ArrayList<String>(); + list.add(protocol + primaryUrl); + if (StringUtils.isNotEmpty(secondaryUrl)) { + list.add(protocol + secondaryUrl); + } + return list; + } + } + + public String getPrimaryUrl() { + return primaryUrl; + } + + public void setPrimaryUrl(String primaryUrl) { + this.primaryUrl = primaryUrl; + } + + public String getSecondaryUrl() { + return secondaryUrl; + } + + public void setSecondaryUrl(String secondaryUrl) { + this.secondaryUrl = secondaryUrl; + } + + public boolean isUseSsl() { + return useSsl; + } + + public void setUseSsl(boolean useSsl) { + this.useSsl = useSsl; + } + + public boolean isAnonymousBind() { + return anonymousBind; + } + + public void setAnonymousBind(boolean anonymousBind) { + this.anonymousBind = anonymousBind; + } + + public String getManagerDn() { + return managerDn; + } + + public void setManagerDn(String managerDn) { + this.managerDn = managerDn; + } + + public String getManagerPassword() { + return managerPassword; + } + + public void setManagerPassword(String managerPassword) { + this.managerPassword = managerPassword; + } + + public String getBaseDN() { + return baseDN; + } + + public void setBaseDN(String baseDN) { + this.baseDN = baseDN; + } + + public String getUserSearchBase() { + return userSearchBase; + } + + public void setUserSearchBase(String userSearchBase) { + this.userSearchBase = userSearchBase; + } + + public String getUserSearchFilter() { + return userSearchFilter.replace("{attribute}", usernameAttribute); + } + + public String getUsernameAttribute() { + return usernameAttribute; + } + + public void setUsernameAttribute(String usernameAttribute) { + this.usernameAttribute = usernameAttribute; + } + + public String getGroupBase() { + return groupBase; + } + + public void setGroupBase(String groupBase) { + this.groupBase = groupBase; + } + + public String getGroupObjectClass() { + return groupObjectClass; + } + + public void setGroupObjectClass(String groupObjectClass) { + this.groupObjectClass = groupObjectClass; + } + + public String getGroupMembershipAttr() { + return groupMembershipAttr; + } + + public void setGroupMembershipAttr(String groupMembershipAttr) { + this.groupMembershipAttr = groupMembershipAttr; + } + + public String getGroupNamingAttr() { + return groupNamingAttr; + } + + public void setGroupNamingAttr(String groupNamingAttr) { + this.groupNamingAttr = groupNamingAttr; + } + + public String getAdminGroupMappingRules() { + return adminGroupMappingRules; + } + + public void setAdminGroupMappingRules(String adminGroupMappingRules) { + this.adminGroupMappingRules = adminGroupMappingRules; + } + + public String getGroupSearchFilter() { + return groupSearchFilter; + } + + public void setGroupSearchFilter(String groupSearchFilter) { + this.groupSearchFilter = groupSearchFilter; + } + + public boolean isGroupMappingEnabled() { + return groupMappingEnabled; + } + + public void setGroupMappingEnabled(boolean groupMappingEnabled) { + this.groupMappingEnabled = groupMappingEnabled; + } + + public void setUserBase(String userBase) { + this.userBase = userBase; + } + + public void setUserObjectClass(String userObjectClass) { + this.userObjectClass = userObjectClass; + } + + public String getUserBase() { + return userBase; + } + + public String getUserObjectClass() { + return userObjectClass; + } + + public String getDnAttribute() { + return dnAttribute; + } + + public void setDnAttribute(String dnAttribute) { + this.dnAttribute = dnAttribute; + } + + public void setReferralMethod(String referralMethod) { + this.referralMethod = referralMethod; + } + + public String getReferralMethod() { + return referralMethod; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null || getClass() != obj.getClass()) + return false; + + LdapProperties that = (LdapProperties) obj; + + if (primaryUrl != null ? !primaryUrl.equals(that.primaryUrl) + : that.primaryUrl != null) + return false; + if (secondaryUrl != null ? !secondaryUrl.equals(that.secondaryUrl) + : that.secondaryUrl != null) + return false; + if (useSsl != that.useSsl) + return false; + if (anonymousBind != that.anonymousBind) + return false; + if (managerDn != null ? !managerDn.equals(that.managerDn) + : that.managerDn != null) + return false; + if (managerPassword != null ? !managerPassword + .equals(that.managerPassword) : that.managerPassword != null) + return false; + if (baseDN != null ? !baseDN.equals(that.baseDN) : that.baseDN != null) + return false; + if (userBase != null ? !userBase.equals(that.userBase) + : that.userBase != null) + return false; + if (userObjectClass != null ? !userObjectClass + .equals(that.userObjectClass) : that.userObjectClass != null) + return false; + if (usernameAttribute != null ? !usernameAttribute + .equals(that.usernameAttribute) + : that.usernameAttribute != null) + return false; + if (groupBase != null ? !groupBase.equals(that.groupBase) + : that.groupBase != null) + return false; + if (groupObjectClass != null ? !groupObjectClass + .equals(that.groupObjectClass) : that.groupObjectClass != null) + return false; + if (groupMembershipAttr != null ? !groupMembershipAttr + .equals(that.groupMembershipAttr) + : that.groupMembershipAttr != null) + return false; + if (groupNamingAttr != null ? !groupNamingAttr + .equals(that.groupNamingAttr) : that.groupNamingAttr != null) + return false; + if (adminGroupMappingRules != null ? !adminGroupMappingRules + .equals(that.adminGroupMappingRules) + : that.adminGroupMappingRules != null) + return false; + if (groupSearchFilter != null ? !groupSearchFilter + .equals(that.groupSearchFilter) + : that.groupSearchFilter != null) + return false; + if (dnAttribute != null ? !dnAttribute.equals(that.dnAttribute) + : that.dnAttribute != null) + return false; + if (referralMethod != null ? !referralMethod + .equals(that.referralMethod) : that.referralMethod != null) + return false; + + return true; + } + + @Override + public int hashCode() { + int result = primaryUrl != null ? primaryUrl.hashCode() : 0; + result = 31 * result + + (secondaryUrl != null ? secondaryUrl.hashCode() : 0); + result = 31 * result + (useSsl ? 1 : 0); + result = 31 * result + (anonymousBind ? 1 : 0); + result = 31 * result + (managerDn != null ? managerDn.hashCode() : 0); + result = 31 * result + + (managerPassword != null ? managerPassword.hashCode() : 0); + result = 31 * result + (baseDN != null ? baseDN.hashCode() : 0); + result = 31 * result + (userBase != null ? userBase.hashCode() : 0); + result = 31 * result + + (userObjectClass != null ? userObjectClass.hashCode() : 0); + result = 31 + * result + + (usernameAttribute != null ? usernameAttribute.hashCode() : 0); + result = 31 * result + (groupBase != null ? groupBase.hashCode() : 0); + result = 31 * result + + (groupObjectClass != null ? groupObjectClass.hashCode() : 0); + result = 31 + * result + + (groupMembershipAttr != null ? groupMembershipAttr.hashCode() + : 0); + result = 31 * result + + (groupNamingAttr != null ? groupNamingAttr.hashCode() : 0); + result = 31 + * result + + (adminGroupMappingRules != null ? adminGroupMappingRules + .hashCode() : 0); + result = 31 + * result + + (groupSearchFilter != null ? groupSearchFilter.hashCode() : 0); + result = 31 * result + + (dnAttribute != null ? dnAttribute.hashCode() : 0); + result = 31 * result + + (referralMethod != null ? referralMethod.hashCode() : 0); + return result; + } + + @Override + public String toString() { + return "LdapProperties [primaryUrl=" + primaryUrl + ", secondaryUrl=" + + secondaryUrl + ", useSsl=" + useSsl + ", anonymousBind=" + + anonymousBind + ", managerDn=" + managerDn + + ", managerPassword=" + managerPassword == null ? "null" + : "****" + ", baseDN=" + baseDN + ", dnAttribute=" + + dnAttribute + ", referralMethod=" + referralMethod + + ", groupBase=" + groupBase + ", groupObjectClass=" + + groupObjectClass + ", groupMembershipAttr=" + + groupMembershipAttr + ", groupNamingAttr=" + + groupNamingAttr + ", adminGroupMappingRules=" + + adminGroupMappingRules + ", groupMappingEnabled=" + + groupMappingEnabled + ", userBase=" + userBase + + ", userObjectClass=" + userObjectClass + + ", usernameAttribute=" + usernameAttribute + + ", userSearchBase=" + userSearchBase + + ", groupSearchFilter=" + groupSearchFilter + "]"; + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/b0f1e340/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LdapPropertyName.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LdapPropertyName.java b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LdapPropertyName.java new file mode 100644 index 0000000..370c94b --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LdapPropertyName.java @@ -0,0 +1,58 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.ambari.logsearch.web.security; + +public class LdapPropertyName { + + public static final String LDAP_USE_SSL_KEY = "authentication.ldap.useSSL"; + public static final String LDAP_PRIMARY_URL_KEY = "authentication.ldap.primaryUrl"; + public static final String LDAP_SECONDARY_URL_KEY = "authentication.ldap.secondaryUrl"; + public static final String LDAP_BASE_DN_KEY = "authentication.ldap.baseDn"; + public static final String LDAP_BIND_ANONYMOUSLY_KEY = "authentication.ldap.bindAnonymously"; + public static final String LDAP_MANAGER_DN_KEY = "authentication.ldap.managerDn"; + public static final String LDAP_MANAGER_PASSWORD_KEY = "authentication.ldap.managerPassword"; + public static final String LDAP_DN_ATTRIBUTE_KEY = "authentication.ldap.dnAttribute"; + public static final String LDAP_USERNAME_ATTRIBUTE_KEY = "authentication.ldap.usernameAttribute"; + public static final String LDAP_USER_BASE_KEY = "authentication.ldap.userBase"; + public static final String LDAP_USER_OBJECT_CLASS_KEY = "authentication.ldap.userObjectClass"; + public static final String LDAP_GROUP_BASE_KEY = "authentication.ldap.groupBase"; + public static final String LDAP_GROUP_OBJECT_CLASS_KEY = "authentication.ldap.groupObjectClass"; + public static final String LDAP_GROUP_NAMING_ATTR_KEY = "authentication.ldap.groupNamingAttr"; + public static final String LDAP_GROUP_MEMEBERSHIP_ATTR_KEY = "authentication.ldap.groupMembershipAttr"; + public static final String LDAP_ADMIN_GROUP_MAPPING_RULES_KEY = "authorization.ldap.adminGroupMappingRules"; + public static final String LDAP_GROUP_SEARCH_FILTER_KEY = "authorization.ldap.groupSearchFilter"; + public static final String LDAP_REFERRAL_KEY = "authentication.ldap.referral"; + + // default + public static final String LDAP_BIND_ANONYMOUSLY_DEFAULT = "true"; + public static final String LDAP_PRIMARY_URL_DEFAULT = "localhost:389"; + public static final String LDAP_BASE_DN_DEFAULT = "dc=example,dc=com"; + public static final String LDAP_USERNAME_ATTRIBUTE_DEFAULT = "uid"; + public static final String LDAP_DN_ATTRIBUTE_DEFAULT = "dn"; + public static final String LDAP_USER_BASE_DEFAULT = "ou=people,dc=example,dc=com"; + public static final String LDAP_USER_OBJECT_CLASS_DEFAULT = "person"; + public static final String LDAP_GROUP_BASE_DEFAULT = "ou=groups,dc=example,dc=com"; + public static final String LDAP_GROUP_OBJECT_CLASS_DEFAULT = "group"; + public static final String LDAP_GROUP_NAMING_ATTR_DEFAULT = "cn"; + public static final String LDAP_GROUP_MEMBERSHIP_ATTR_DEFAULT = "member"; + public static final String LDAP_ADMIN_GROUP_MAPPING_RULES_DEFAULT = "Logsearch Administrators"; + public static final String LDAP_GROUP_SEARCH_FILTER_DEFAULT = ""; + public static final String LDAP_REFERRAL_DEFAULT = "ignore"; + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/b0f1e340/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LdapUtil.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LdapUtil.java b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LdapUtil.java new file mode 100644 index 0000000..6248e74 --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LdapUtil.java @@ -0,0 +1,115 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.ambari.logsearch.web.security; + +import java.io.IOException; +import java.util.Properties; + +import org.apache.ambari.logsearch.common.PropertiesHelper; +import org.apache.ambari.logsearch.common.XMLPropertiesHelper; +import org.apache.log4j.Logger; +import org.springframework.core.io.ClassPathResource; + +public class LdapUtil { + + private static Logger logger = Logger.getLogger(LdapUtil.class); + + /** + * Gets parameters of LDAP server to connect to + * + * @return LdapServerProperties object representing connection parameters + */ + public static LdapProperties getLdapServerProperties(Properties properties) { + LdapProperties ldapServerProperties = new LdapProperties(); + + ldapServerProperties.setPrimaryUrl(properties.getProperty(LdapPropertyName.LDAP_PRIMARY_URL_KEY, + LdapPropertyName.LDAP_PRIMARY_URL_DEFAULT)); + ldapServerProperties.setSecondaryUrl(properties.getProperty(LdapPropertyName.LDAP_SECONDARY_URL_KEY)); + ldapServerProperties.setUseSsl("true".equalsIgnoreCase(properties + .getProperty(LdapPropertyName.LDAP_USE_SSL_KEY))); + ldapServerProperties.setAnonymousBind("true".equalsIgnoreCase(properties.getProperty( + LdapPropertyName.LDAP_BIND_ANONYMOUSLY_KEY, LdapPropertyName.LDAP_BIND_ANONYMOUSLY_DEFAULT))); + ldapServerProperties.setManagerDn(properties.getProperty(LdapPropertyName.LDAP_MANAGER_DN_KEY)); + String ldapPasswordProperty = properties.getProperty(LdapPropertyName.LDAP_MANAGER_PASSWORD_KEY); + // TODO read password from password file + ldapServerProperties.setManagerPassword(ldapPasswordProperty); + ldapServerProperties.setBaseDN(properties.getProperty(LdapPropertyName.LDAP_BASE_DN_KEY, + LdapPropertyName.LDAP_BASE_DN_DEFAULT)); + ldapServerProperties.setUsernameAttribute(properties.getProperty(LdapPropertyName.LDAP_USERNAME_ATTRIBUTE_KEY, + LdapPropertyName.LDAP_USERNAME_ATTRIBUTE_DEFAULT)); + + ldapServerProperties.setUserBase(properties.getProperty(LdapPropertyName.LDAP_USER_BASE_KEY, + LdapPropertyName.LDAP_USER_BASE_DEFAULT)); + ldapServerProperties.setUserObjectClass(properties.getProperty(LdapPropertyName.LDAP_USER_OBJECT_CLASS_KEY, + LdapPropertyName.LDAP_USER_OBJECT_CLASS_DEFAULT)); + ldapServerProperties.setDnAttribute(properties.getProperty(LdapPropertyName.LDAP_DN_ATTRIBUTE_KEY, + LdapPropertyName.LDAP_DN_ATTRIBUTE_DEFAULT)); + + ldapServerProperties.setGroupBase(properties.getProperty(LdapPropertyName.LDAP_GROUP_BASE_KEY, + LdapPropertyName.LDAP_GROUP_BASE_DEFAULT)); + ldapServerProperties.setGroupObjectClass(properties.getProperty(LdapPropertyName.LDAP_GROUP_OBJECT_CLASS_KEY, + LdapPropertyName.LDAP_GROUP_OBJECT_CLASS_DEFAULT)); + ldapServerProperties.setGroupMembershipAttr(properties.getProperty( + LdapPropertyName.LDAP_GROUP_MEMEBERSHIP_ATTR_KEY, LdapPropertyName.LDAP_GROUP_MEMBERSHIP_ATTR_DEFAULT)); + ldapServerProperties.setGroupNamingAttr(properties.getProperty(LdapPropertyName.LDAP_GROUP_NAMING_ATTR_KEY, + LdapPropertyName.LDAP_GROUP_NAMING_ATTR_DEFAULT)); + ldapServerProperties.setAdminGroupMappingRules(properties.getProperty( + LdapPropertyName.LDAP_ADMIN_GROUP_MAPPING_RULES_KEY, + LdapPropertyName.LDAP_ADMIN_GROUP_MAPPING_RULES_DEFAULT)); + ldapServerProperties.setGroupSearchFilter(properties.getProperty(LdapPropertyName.LDAP_GROUP_SEARCH_FILTER_KEY, + LdapPropertyName.LDAP_GROUP_SEARCH_FILTER_DEFAULT)); + ldapServerProperties.setReferralMethod(properties.getProperty(LdapPropertyName.LDAP_REFERRAL_KEY, + LdapPropertyName.LDAP_REFERRAL_DEFAULT)); + + if (properties.containsKey(LdapPropertyName.LDAP_GROUP_BASE_KEY) + || properties.containsKey(LdapPropertyName.LDAP_GROUP_OBJECT_CLASS_KEY) + || properties.containsKey(LdapPropertyName.LDAP_GROUP_MEMEBERSHIP_ATTR_KEY) + || properties.containsKey(LdapPropertyName.LDAP_GROUP_NAMING_ATTR_KEY) + || properties.containsKey(LdapPropertyName.LDAP_ADMIN_GROUP_MAPPING_RULES_KEY) + || properties.containsKey(LdapPropertyName.LDAP_GROUP_SEARCH_FILTER_KEY)) { + ldapServerProperties.setGroupMappingEnabled(true); + } + + return ldapServerProperties; + } + + /** + * @return + */ + public static LdapProperties loadLdapProperties() { + LdapProperties ldapServerProperties = null; + String ldapConfigFileName = PropertiesHelper.getProperty("logsearch.login.ldap.config", "logsearch-admin-site.xml"); + Properties props = null; + ClassPathResource resource = new ClassPathResource(ldapConfigFileName); + if (resource != null) { + try { + props = new Properties(); + new XMLPropertiesHelper().loadFromXml(props, resource.getInputStream()); + ldapServerProperties = getLdapServerProperties(props); + } catch (IOException e) { + logger.error("Ldap configudation file loading failed : " + e.getMessage()); + } + } + if (ldapServerProperties == null) { + logger.error("ldapServerProperties object is not created."); + } + return ldapServerProperties; + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/b0f1e340/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAbstractAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAbstractAuthenticationProvider.java b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAbstractAuthenticationProvider.java new file mode 100644 index 0000000..1c7bf3b --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAbstractAuthenticationProvider.java @@ -0,0 +1,48 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.ambari.logsearch.web.security; + +import java.util.ArrayList; +import java.util.List; + +import org.springframework.security.authentication.AuthenticationProvider; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; + +abstract class LogsearchAbstractAuthenticationProvider implements AuthenticationProvider { + + protected enum AuthMethod { + LDAP, FILE, EXTERNAL_AUTH, SIMPLE + }; + + @Override + public boolean supports(Class<?> authentication) { + return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication); + } + + /** + * GET Default GrantedAuthority + */ + protected List<GrantedAuthority> getAuthorities() { + List<GrantedAuthority> grantedAuths = new ArrayList<>(); + grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER")); + return grantedAuths; + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/b0f1e340/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAuthenticationProvider.java b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAuthenticationProvider.java new file mode 100644 index 0000000..711e3ec --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAuthenticationProvider.java @@ -0,0 +1,117 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.ambari.logsearch.web.security; + +import java.util.HashMap; + +import org.apache.ambari.logsearch.util.JSONUtil; +import org.apache.log4j.Level; +import org.apache.log4j.Logger; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.web.authentication.WebAuthenticationDetails; + +import javax.inject.Inject; +import javax.inject.Named; + +@Named +public class LogsearchAuthenticationProvider extends LogsearchAbstractAuthenticationProvider { + private static final Logger logger = Logger .getLogger(LogsearchAuthenticationProvider.class); + private static final Logger auditLogger = Logger.getLogger("org.apache.ambari.logsearch.audit"); + + @Inject + private LogsearchLdapAuthenticationProvider ldapAuthenticationProvider; + + @Inject + private LogsearchFileAuthenticationProvider fileAuthenticationProvider; + + @Inject + private LogsearchExternalServerAuthenticationProvider externalServerAuthenticationProvider; + + @Inject + private LogsearchSimpleAuthenticationProvider simpleAuthenticationProvider; + + @Override + public Authentication authenticate(Authentication inAuthentication) throws AuthenticationException { + logger.info("Authenticating user:" + inAuthentication.getName() + ", userDetail=" + inAuthentication.toString()); + logger.info("authentication.class=" + inAuthentication.getClass().getName()); + + HashMap<String, Object> auditRecord = new HashMap<String, Object>(); + auditRecord.put("user", inAuthentication.getName()); + auditRecord.put("principal", inAuthentication.getPrincipal().toString()); + auditRecord.put("auth_class", inAuthentication.getClass().getName()); + if (inAuthentication instanceof UsernamePasswordAuthenticationToken) { + UsernamePasswordAuthenticationToken authClass = (UsernamePasswordAuthenticationToken) inAuthentication; + Object details = authClass.getDetails(); + if (details instanceof WebAuthenticationDetails) { + WebAuthenticationDetails webAuthentication = (WebAuthenticationDetails) details; + auditRecord.put("remote_ip", webAuthentication.getRemoteAddress()); + auditRecord.put("session", webAuthentication.getSessionId()); + } + } + + boolean isSuccess = false; + try { + Authentication authentication = inAuthentication; + AuthenticationException authException = null; + + for (AuthMethod authMethod : AuthMethod.values()) { + try { + authentication = doAuth(authentication, authMethod); + if (authentication != null && authentication.isAuthenticated()) { + logger.info("Authenticated using method=" + authMethod.name() + ", user=" + authentication.getName()); + auditRecord.put("result", "allowed"); + isSuccess = true; + auditRecord.put("authType", authMethod.name()); + return authentication; + } + } catch (AuthenticationException ex) { + if (authException == null) { + authException = ex; + } + } catch (Exception e) { + logger.error(e, e.getCause()); + } + } + + auditRecord.put("result", "denied"); + logger.warn("Authentication failed for user=" + inAuthentication.getName() + ", userDetail=" + inAuthentication.toString()); + if (authException != null) { + auditRecord.put("reason", authException.getMessage()); + throw authException; + } + return authentication; + } finally { + String jsonStr = JSONUtil.mapToJSON(auditRecord); + auditLogger.log(isSuccess ? Level.INFO : Level.WARN, jsonStr); + } + } + + private Authentication doAuth(Authentication authentication, AuthMethod authMethod) { + switch (authMethod) { + case LDAP: return ldapAuthenticationProvider.authenticate(authentication); + case FILE: return fileAuthenticationProvider.authenticate(authentication); + case EXTERNAL_AUTH: return externalServerAuthenticationProvider.authenticate(authentication); + case SIMPLE: return simpleAuthenticationProvider.authenticate(authentication); + default: logger.error("Invalid authentication method :" + authMethod.name()); + } + return authentication; + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/b0f1e340/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java new file mode 100644 index 0000000..e23f0a2 --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java @@ -0,0 +1,139 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.ambari.logsearch.web.security; + +import java.util.ArrayList; +import java.util.List; + +import javax.inject.Inject; +import javax.inject.Named; + +import org.apache.ambari.logsearch.common.ExternalServerClient; +import org.apache.ambari.logsearch.common.PropertiesHelper; +import org.apache.ambari.logsearch.conf.AuthPropsConfig; +import org.apache.ambari.logsearch.util.JSONUtil; +import org.apache.commons.lang.StringEscapeUtils; +import org.apache.commons.lang.StringUtils; +import org.apache.log4j.Logger; +import org.springframework.security.authentication.BadCredentialsException; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.AuthenticationException; + +/** + * + * Authentication provider to authenticate user from external-server using REST + * call + */ +@Named +public class LogsearchExternalServerAuthenticationProvider extends LogsearchAbstractAuthenticationProvider { + + private static Logger LOG = Logger.getLogger(LogsearchExternalServerAuthenticationProvider.class); + + private static final String ALLOWED_ROLE_PROP = "logsearch.roles.allowed"; + + private static enum PrivilegeInfo { + PERMISSION_LABEL("permission_label"), + PERMISSION_NAME("permission_name"), + PRINCIPAL_NAME("principal_name"), + PRINCIPAL_TYPE("principal_type"), + PRIVILEGE_ID("privilege_id"), + TYPE("type"), + USER_NAME("user_name"); + + private String propertyKey; + + private PrivilegeInfo(String name) { + this.propertyKey = name; + } + + public String toString() { + return propertyKey; + } + } + + @Inject + private ExternalServerClient externalServerClient; + + @Inject + private AuthPropsConfig authPropsConfig; + + /** + * Authenticating user from external-server using REST call + * + * @param authentication the authentication request object. + * @return a fully authenticated object including credentials. + * @throws AuthenticationException if authentication fails. + */ + @Override + public Authentication authenticate(Authentication authentication) throws AuthenticationException { + if (!authPropsConfig.isAuthExternalEnabled()) { + LOG.debug("external server auth is disabled."); + return authentication; + } + + String username = authentication.getName(); + String password = (String) authentication.getCredentials(); + if (StringUtils.isBlank(username)) { + throw new BadCredentialsException("Username can't be null or empty."); + } + if (StringUtils.isBlank(password)) { + throw new BadCredentialsException("Password can't be null or empty."); + } + password = StringEscapeUtils.unescapeHtml(password); + username = StringEscapeUtils.unescapeHtml(username); + + try { + String finalLoginUrl = authPropsConfig.getExternalAuthLoginUrl().replace("$USERNAME", username); + String responseObj = (String) externalServerClient.sendGETRequest(finalLoginUrl, String.class, username, password); + if (!isAllowedRole(responseObj)) { + LOG.error(username + " doesn't have permission"); + throw new BadCredentialsException("Invalid User"); + } + } catch (Exception e) { + LOG.error("Login failed for username :" + username + " Error :" + e.getLocalizedMessage()); + throw new BadCredentialsException("Bad credentials"); + } + authentication = new UsernamePasswordAuthenticationToken(username, password, getAuthorities()); + return authentication; + } + + /** + * Return true/false based on PEMISSION NAME return boolean + */ + private boolean isAllowedRole(String responseJson) { + String allowedRoleList[] = PropertiesHelper.getPropertyStringList(ALLOWED_ROLE_PROP); + + List<String> values = new ArrayList<>(); + JSONUtil.getValuesOfKey(responseJson, PrivilegeInfo.PERMISSION_NAME.toString(), values); + if (values.isEmpty()) + return true; + + if (allowedRoleList.length > 0 && responseJson != null) { + for (String allowedRole : allowedRoleList) { + for (String role : values) { + if (role.equals(allowedRole)) { + return true; + } + } + } + } + return false; + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/b0f1e340/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchFileAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchFileAuthenticationProvider.java b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchFileAuthenticationProvider.java new file mode 100644 index 0000000..8c12e0a --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchFileAuthenticationProvider.java @@ -0,0 +1,88 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.ambari.logsearch.web.security; + +import java.util.Collection; + +import org.apache.ambari.logsearch.conf.AuthPropsConfig; +import org.apache.ambari.logsearch.util.CommonUtil; +import org.apache.commons.lang.StringEscapeUtils; +import org.apache.commons.lang.StringUtils; +import org.apache.log4j.Logger; +import org.springframework.security.authentication.BadCredentialsException; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; + +import javax.inject.Inject; +import javax.inject.Named; + +@Named +public class LogsearchFileAuthenticationProvider extends LogsearchAbstractAuthenticationProvider { + + private static final Logger logger = Logger.getLogger(LogsearchFileAuthenticationProvider.class); + + @Inject + private AuthPropsConfig authPropsConfig; + + @Inject + private UserDetailsService userDetailsService; + + @Override + public Authentication authenticate(Authentication authentication) throws AuthenticationException { + if (!authPropsConfig.isAuthFileEnabled()) { + logger.debug("File auth is disabled."); + return authentication; + } + + String username = authentication.getName(); + String password = (String) authentication.getCredentials(); + if (StringUtils.isBlank(username)) { + throw new BadCredentialsException("Username can't be null or empty."); + } + if (StringUtils.isBlank(password)) { + throw new BadCredentialsException("Password can't be null or empty."); + } + // html unescape + password = StringEscapeUtils.unescapeHtml(password); + username = StringEscapeUtils.unescapeHtml(username); + + UserDetails user = userDetailsService.loadUserByUsername(username); + if (user == null) { + logger.error("Username not found."); + throw new BadCredentialsException("User not found."); + } + if (StringUtils.isEmpty(user.getPassword())) { + logger.error("Password can't be null or empty."); + throw new BadCredentialsException("Password can't be null or empty."); + } + String encPassword = CommonUtil.encryptPassword(username, password); + if (!encPassword.equals(user.getPassword())) { + logger.error("Wrong password for user=" + username); + throw new BadCredentialsException("Wrong password."); + } + + Collection<? extends GrantedAuthority> authorities = user.getAuthorities(); + authentication = new UsernamePasswordAuthenticationToken(username, encPassword, authorities); + return authentication; + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/b0f1e340/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchLdapAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchLdapAuthenticationProvider.java b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchLdapAuthenticationProvider.java new file mode 100644 index 0000000..ed4d7ef --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchLdapAuthenticationProvider.java @@ -0,0 +1,187 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.ambari.logsearch.web.security; + +import java.util.List; + +import org.apache.ambari.logsearch.conf.AuthPropsConfig; +import org.apache.log4j.Logger; +import org.springframework.ldap.CommunicationException; +import org.springframework.ldap.core.support.LdapContextSource; +import org.springframework.security.authentication.BadCredentialsException; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.security.ldap.authentication.LdapAuthenticationProvider; +import org.springframework.security.ldap.search.FilterBasedLdapUserSearch; + +import javax.annotation.PostConstruct; +import javax.inject.Inject; +import javax.inject.Named; + +@Named +public class LogsearchLdapAuthenticationProvider extends + LogsearchAbstractAuthenticationProvider { + + private static Logger logger = Logger + .getLogger(LogsearchLdapAuthenticationProvider.class); + + private static LdapProperties ldapServerProperties = null; + private static LdapAuthenticationProvider ldapAuthProvider = null; + private String logStatement = ""; + + @Inject + private AuthPropsConfig authPropsConfig; + + public LogsearchLdapAuthenticationProvider() { + } + + @PostConstruct + public void postConstruct() { + logger.debug("Creating object of ldap auth provider "); + if (authPropsConfig.isAuthLdapEnabled()) { + ldapAuthProvider = loadLdapAuthenticationProvider(); + } else { + logger.info("Ldap auth is disabled"); + } + } + + @Override + public Authentication authenticate(Authentication authentication) + throws AuthenticationException { + if (!authPropsConfig.isAuthLdapEnabled()) { + logger.debug("Ldap auth is disabled"); + return authentication; + } + try { + LdapAuthenticationProvider authProvider = loadLdapAuthenticationProvider(); + if (authProvider != null) { + return authProvider.authenticate(authentication); + } else { + return authentication; + } + } catch (AuthenticationException e) { + logger.info("Got exception during LDAP authentication attempt", e); + // Try to help in troubleshooting + Throwable cause = e.getCause(); + if (cause != null) { + if ((cause != e) + && (cause instanceof org.springframework.ldap.AuthenticationException)) { + logger.warn( + "Looks like LDAP manager credentials (that are used for " + + "connecting to LDAP server) are invalid.", + e); + } + } + } catch (CommunicationException e) { + logger.error(e); + } catch (Exception e) { + logger.error(e, e.getCause()); + } + if (authentication != null && !authentication.isAuthenticated()) { + logger.warn("Ldap authentication failed. username=" + + authentication.getName() + ", details=" + + authentication.getDetails()); + throw new BadCredentialsException("Invalid credentials!!"); + } + return authentication; + } + + /** + * Reloads LDAP Context Source and depending objects if properties were + * changed + * + * @return corresponding LDAP authentication provider + */ + private LdapAuthenticationProvider loadLdapAuthenticationProvider() { + if (reloadLdapServerProperties()) { + logger.info("LDAP Properties changed - rebuilding Context"); + LdapContextSource springSecurityContextSource = new LdapContextSource(); + List<String> ldapUrls = ldapServerProperties.getLdapUrls(); + logStatement = "ldapUrls=" + ldapUrls; + if (ldapUrls == null || ldapUrls.size() == 0) { + logger.info("LDAP URL is empty. So won't initialize LDAP provider"); + return null; + } + + springSecurityContextSource.setUrls(ldapUrls + .toArray(new String[ldapUrls.size()])); + springSecurityContextSource.setBase(ldapServerProperties + .getBaseDN()); + logStatement = logStatement + ", baseDN=" + + ldapServerProperties.getBaseDN(); + + if (!ldapServerProperties.isAnonymousBind()) { + springSecurityContextSource.setUserDn(ldapServerProperties + .getManagerDn()); + logStatement = logStatement + ", managerDN=" + + ldapServerProperties.getManagerDn(); + springSecurityContextSource.setPassword(ldapServerProperties + .getManagerPassword()); + } + + try { + springSecurityContextSource.afterPropertiesSet(); + } catch (Exception e) { + logger.error("LDAP Context Source not loaded ", e); + throw new UsernameNotFoundException( + "LDAP Context Source not loaded. ldapDetails=" + + logStatement, e); + } + + String userSearchBase = ldapServerProperties.getUserSearchBase(); + logStatement = logStatement + ", userSearchBase=" + userSearchBase; + String userSearchFilter = ldapServerProperties + .getUserSearchFilter(); + logStatement = logStatement + ", userSearchFilter=" + + userSearchFilter; + + logger.info("LDAP properties=" + logStatement); + FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch( + userSearchBase, userSearchFilter, + springSecurityContextSource); + + LogsearchLdapBindAuthenticator bindAuthenticator = new LogsearchLdapBindAuthenticator( + springSecurityContextSource, ldapServerProperties); + bindAuthenticator.setUserSearch(userSearch); + + LdapAuthenticationProvider authenticationProvider = new LdapAuthenticationProvider( + bindAuthenticator); + ldapAuthProvider = authenticationProvider; + + } + return ldapAuthProvider; + } + + /** + * Reloads LDAP Server properties from configuration + * + * @return true if properties were reloaded + */ + private boolean reloadLdapServerProperties() { + LdapProperties properties = LdapUtil.loadLdapProperties(); + if (!properties.equals(ldapServerProperties)) { + logger.info("Reloading properties"); + ldapServerProperties = properties; + return true; + } + return false; + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/b0f1e340/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchLdapBindAuthenticator.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchLdapBindAuthenticator.java b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchLdapBindAuthenticator.java new file mode 100644 index 0000000..10f7507 --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchLdapBindAuthenticator.java @@ -0,0 +1,46 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.ambari.logsearch.web.security; + +import org.apache.log4j.Logger; +import org.springframework.ldap.core.DirContextOperations; +import org.springframework.ldap.core.support.BaseLdapPathContextSource; +import org.springframework.security.core.Authentication; +import org.springframework.security.ldap.authentication.BindAuthenticator; + +public class LogsearchLdapBindAuthenticator extends BindAuthenticator { + private static Logger logger = Logger + .getLogger(LogsearchLdapBindAuthenticator.class); + + LdapProperties ldapServerProperties; + + public LogsearchLdapBindAuthenticator( + BaseLdapPathContextSource contextSource, + LdapProperties ldapServerProperties) { + super(contextSource); + this.ldapServerProperties = ldapServerProperties; + logger.info("LDAP properties=" + ldapServerProperties); + } + + @Override + public DirContextOperations authenticate(Authentication authentication) { + return super.authenticate(authentication); + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/b0f1e340/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchSimpleAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchSimpleAuthenticationProvider.java b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchSimpleAuthenticationProvider.java new file mode 100644 index 0000000..3506264 --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchSimpleAuthenticationProvider.java @@ -0,0 +1,61 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.ambari.logsearch.web.security; + +import org.apache.ambari.logsearch.conf.AuthPropsConfig; +import org.apache.ambari.logsearch.web.model.User; +import org.apache.commons.lang.StringEscapeUtils; +import org.apache.commons.lang.StringUtils; +import org.apache.log4j.Logger; +import org.springframework.security.authentication.BadCredentialsException; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.AuthenticationException; + +import javax.inject.Inject; +import javax.inject.Named; + +@Named +public class LogsearchSimpleAuthenticationProvider extends LogsearchAbstractAuthenticationProvider { + + private static final Logger logger = Logger.getLogger(LogsearchSimpleAuthenticationProvider.class); + + @Inject + private AuthPropsConfig authPropsConfig; + + @Override + public Authentication authenticate(Authentication authentication) throws AuthenticationException { + if (!authPropsConfig.isAuthSimpleEnabled()) { + logger.debug("Simple auth is disabled"); + return authentication; + } + + String username = authentication.getName(); + String password = (String) authentication.getCredentials(); + username = StringEscapeUtils.unescapeHtml(username); + if (StringUtils.isBlank(username)) { + throw new BadCredentialsException("Username can't be null or empty."); + } + + User user = new User(); + user.setUsername(username); + authentication = new UsernamePasswordAuthenticationToken(username, password, getAuthorities()); + return authentication; + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/b0f1e340/ambari-logsearch/ambari-logsearch-server/src/main/resources/HadoopServiceConfig.json ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/resources/HadoopServiceConfig.json b/ambari-logsearch/ambari-logsearch-server/src/main/resources/HadoopServiceConfig.json new file mode 100644 index 0000000..dd4bf6b --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-server/src/main/resources/HadoopServiceConfig.json @@ -0,0 +1,488 @@ +{ + "service": { + "accumulo": { + "label": "Accumulo", + "components": [ + { + "name": "accumulo_gc" + }, + { + "name": "accumulo_master" + }, + { + "name": "accumulo_monitor" + }, + { + "name": "accumulo_tracer" + }, + { + "name": "accumulo_tserver" + } + ], + "dependencies": [ + ] + }, + "atlas": { + "label": "Atlas", + "components": [ + { + "name": "atlas_app" + } + ], + "dependencies": [ + ] + }, + "ambari": { + "label": "Ambari", + "components": [ + { + "name": "ambari_agent" + }, + { + "name": "ambari_server" + }, + { + "name": "ambari_alerts" + }, + { + "name": "ambari_audit" + }, + { + "name": "ambari_config_changes" + }, + { + "name": "ambari_eclipselink" + }, + { + "name": "ambari_server_check_database" + } + ], + "dependencies": [ + ] + }, + "ams": { + "label": "AMS", + "components": [ + { + "name": "ams_hbase_master" + }, + { + "name": "ams_hbase_regionserver" + }, + { + "name": "ams_collector" + }, + { + "name": "ams_monitor" + }, + { + "name": "ams_grafana" + } + ], + "dependencies": [ + ] + }, + "falcon": { + "label": "Falcon", + "components": [ + { + "name": "falcon_app" + } + ], + "dependencies": [ + ] + }, + "flume": { + "label": "Flume", + "components": [ + { + "name": "flume_handler" + } + ], + "dependencies": [ + ] + }, + "hbase": { + "label": "HBase", + "components": [ + { + "name": "hbase_master" + }, + { + "name": "hbase_regionserver" + }, + { + "name": "hbase_phoenix_server" + } + ], + "dependencies": [ + { + "service": "hdfs", + "components": [ + "hdfs_namenode" + ] + } + ] + }, + "hdfs": { + "label": "HDFS", + "components": [ + { + "name": "hdfs_datanode" + }, + { + "name": "hdfs_namenode" + }, + { + "name": "hdfs_journalnode" + }, + { + "name": "hdfs_secondarynamenode" + }, + { + "name": "hdfs_zkfc" + }, + { + "name": "hdfs_nfs3" + }, + { + "name": "hdfs_audit", + "rowtype": "audit" + } + ], + "dependencies": [ + ] + }, + "hive": { + "label": "Hive", + "components": [ + { + "name": "hive_hiveserver2" + }, + { + "name": "hive_metastore" + }, + { + "name": "webhcat_server" + } + ], + "dependencies": [ + { + "service": "hdfs", + "components": [ + "hdfs_namenode" + ] + } + ] + }, + "infra" : { + "label" : "Infra", + "components": [ + { + "name": "infra_solr" + } + ], + "dependencies": [ + ] + }, + "kafka": { + "label": "Kafka", + "components": [ + { + "name": "kafka_controller" + }, + { + "name": "kafka_request" + }, + { + "name": "kafka_logcleaner" + }, + { + "name": "kafka_server" + }, + { + "name": "kafka_statechange" + } + ], + "dependencies": [ + { + "service": "zookeeper", + "components": [ + "zookeeper" + ] + } + ] + }, + "knox": { + "label": "Knox", + "components": [ + { + "name": "knox_gateway" + }, + { + "name": "knox_cli" + }, + { + "name": "knox_ldap" + } + ], + "dependencies": [ + ] + }, + "nifi": { + "label": "NiFi", + "components": [ + { + "name": "nifi_app" + }, + { + "name": "nifi_bootstrap" + }, + { + "name": "nifi_setup" + }, + { + "name": "nifi_user" + } + ], + "dependencies": [ + ] + }, + "mapred": { + "label": "MapReduce", + "components": [ + { + "name": "mapred_historyserver" + } + ], + "dependencies": [ + ] + }, + "logsearch": { + "label": "Logsearch", + "components": [ + { + "name": "logsearch_app" + }, + { + "name": "logsearch_feeder" + }, + { + "name": "logsearch_perf" + }, + { + "name": "logsearch_solr" + } + ], + "dependencies": [ + ] + }, + "ranger": { + "label": "Ranger", + "components": [ + { + "name": "ranger_admin" + }, + { + "name": "ranger_dbpatch" + }, + { + "name": "ranger_kms" + }, + { + "name": "ranger_usersync" + } + ], + "dependencies": [ + { + "service": "hdfs", + "required": "optional", + "components": [ + "hdfs_namenode" + ] + }, + { + "service": "hbase", + "required": "optional", + "components": [ + "hbase_master", + "hbase_regionserver" + ] + }, + { + "service": "hive", + "required": "optional", + "components": [ + "hive_hiveserver2" + ] + }, + { + "service": "kafka", + "required": "optional", + "components": [ + "kafka_ranger" + ] + }, + { + "service": "knox", + "required": "optional", + "components": [ + "knox_gateway" + ] + }, + { + "service": "storm", + "required": "optional", + "components": [ + "storm_supervisor" + ] + }, + { + "service": "yarn", + "required": "optional", + "components": [ + "yarn_resourcemanager" + ] + } + ] + }, + "oozie": { + "label": "Oozie", + "components": [ + { + "name": "oozie_app" + } + ], + "dependencies": [ + ] + }, + "hst": { + "label": "SmartSense", + "components": [ + { + "name": "hst_server" + }, + { + "name": "hst_agent" + }, + { + "name": "activity_analyzer" + }, + { + "name": "activity_explorer" + } + ], + "dependencies": [ + ] + }, + "spark": { + "label": "Spark", + "components": [ + { + "name": "spark_jobhistory_server" + }, + { + "name": "spark_thriftserver" + }, + { + "name": "livy_server" + } + ], + "dependencies": [ + ] + }, + "spark2": { + "label": "Spark 2", + "components": [ + { + "name": "spark2_jobhistory_server" + }, + { + "name": "spark2_thriftserver" + } + ], + "dependencies": [ + ] + }, + "storm": { + "label": "Storm", + "components": [ + { + "name": "storm_drpc" + }, + { + "name": "storm_logviewer" + }, + { + "name": "storm_nimbus" + }, + { + "name": "storm_supervisor" + }, + { + "name": "storm_ui" + }, + { + "name": "storm_worker" + } + ], + "dependencies": [ + ] + }, + "yarn": { + "label": "YARN", + "components": [ + { + "name": "yarn_nodemanager" + }, + { + "name": "yarn_resourcemanager" + }, + { + "name": "yarn_timelineserver" + }, + { + "name": "yarn_historyserver" + }, + { + "name": "yarn_jobsummary" + } + ], + "dependencies": [ + ] + }, + "zeppelin": { + "label": "Zeppelin", + "components": [ + { + "name": "zeppelin" + } + ], + "dependencies": [ + ] + }, + "zookeeper": { + "label": "ZooKeeper", + "components": [ + { + "name": "zookeeper" + } + ], + "dependencies": [ + ] + }, + "System": { + "label": "System", + "components": [ + { + "name": "system_message" + }, + { + "name": "secure_log" + } + ], + "dependencies": [ + ] + } + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/b0f1e340/ambari-logsearch/ambari-logsearch-server/src/main/resources/default.properties ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/resources/default.properties b/ambari-logsearch/ambari-logsearch-server/src/main/resources/default.properties new file mode 100644 index 0000000..cbfe157 --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-server/src/main/resources/default.properties @@ -0,0 +1,29 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +#Note: Simple will be supported only if both file and ldap is disabled. +logsearch.auth.file.enable=true +logsearch.auth.ldap.enable=false +logsearch.auth.simple.enable=false + +logsearch.logfeeder.include.default.level=FATAL,ERROR,WARN,INFO,DEBUG,TRACE + +#login config +logsearch.login.credentials.file=user_pass.json +logsearch.login.ldap.config=logsearch-admin-site.xml + +logsearch.cert.folder.location=/etc/ambari-logsearch-portal/conf/keys +logsearch.cert.algorithm=sha256WithRSAEncryption http://git-wip-us.apache.org/repos/asf/ambari/blob/b0f1e340/ambari-logsearch/ambari-logsearch-server/src/main/resources/log4j.xml ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/resources/log4j.xml b/ambari-logsearch/ambari-logsearch-server/src/main/resources/log4j.xml new file mode 100644 index 0000000..547841a --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-server/src/main/resources/log4j.xml @@ -0,0 +1,119 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor + license agreements. See the NOTICE file distributed with this work for additional + information regarding copyright ownership. The ASF licenses this file to + You under the Apache License, Version 2.0 (the "License"); you may not use + this file except in compliance with the License. You may obtain a copy of + the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required + by applicable law or agreed to in writing, software distributed under the + License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS + OF ANY KIND, either express or implied. See the License for the specific + language governing permissions and limitations under the License. --> +<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd"> +<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/"> + <appender name="console" class="org.apache.log4j.ConsoleAppender"> + <param name="Target" value="System.out" /> + <layout class="org.apache.log4j.PatternLayout"> + <param name="ConversionPattern" value="%d [%t] %-5p %C{6} (%F:%L) - %m%n" /> + </layout> + </appender> + + <!-- <appender name="rolling_file" class="org.apache.log4j.RollingFileAppender"> + <param name="file" value="logs/logsearch-app.log" /> + <param name="Threshold" value="info" /> + <param name="append" value="true" /> + <param name="maxFileSize" value="10MB" /> + <param name="maxBackupIndex" value="10" /> + <layout class="org.apache.log4j.PatternLayout"> + <param name="ConversionPattern" value="%d [%t] %-5p %C{6} (%F:%L) - %m%n" /> + </layout> + </appender> + + <appender name="audit_rolling_file" class="org.apache.log4j.RollingFileAppender"> + <param name="file" value="logs/logsearch-audit.log" /> + <param name="Threshold" value="info" /> + <param name="append" value="true" /> + <param name="maxFileSize" value="10MB" /> + <param name="maxBackupIndex" value="10" /> + <layout class="org.apache.log4j.PatternLayout"> + <param name="ConversionPattern" value="%d [%t] %-5p %C{6} (%F:%L) - %m%n" /> + </layout> + </appender> + + <appender name="performance_analyzer" class="org.apache.log4j.RollingFileAppender"> + <param name="file" value="logs/logsearch-performance.log" /> + <param name="Threshold" value="info" /> + <param name="append" value="true" /> + <param name="maxFileSize" value="10MB" /> + <param name="maxBackupIndex" value="10" /> + + <layout class="org.apache.log4j.PatternLayout"> + <param name="ConversionPattern" value="%d [%t] %-5p %C{6} (%F:%L) - %m%n" /> + </layout> + </appender> + --> + +<!-- logsearch appender config for the all above appender --> + + <appender name="rolling_file_json" + class="org.apache.ambari.logsearch.appender.LogsearchRollingFileAppender"> + <param name="file" value="target/logs/logsearch-app.json" /> + <param name="Threshold" value="info" /> + <param name="append" value="true" /> + <param name="maxFileSize" value="10MB" /> + <param name="maxBackupIndex" value="10" /> + <layout class="org.apache.ambari.logsearch.appender.LogsearchConversion" /> +</appender> + + <appender name="audit_rolling_file_json" + class="org.apache.ambari.logsearch.appender.LogsearchRollingFileAppender"> + <param name="file" value="target/logs/logsearch-audit.json" /> + <param name="Threshold" value="info" /> + <param name="append" value="true" /> + <param name="maxFileSize" value="10MB" /> + <param name="maxBackupIndex" value="10" /> + <layout class="org.apache.ambari.logsearch.appender.LogsearchConversion" /> + </appender> + + <appender name="performance_analyzer_json" + class="org.apache.ambari.logsearch.appender.LogsearchRollingFileAppender"> + <param name="file" value="target/logs/logsearch-performance.json" /> + <param name="Threshold" value="info" /> + <param name="append" value="true" /> + <param name="maxFileSize" value="10MB" /> + <param name="maxBackupIndex" value="10" /> + <layout class="org.apache.ambari.logsearch.appender.LogsearchConversion" /> + </appender> + + <!-- Logs to suppress BEGIN --> + <category name="org.apache.solr.common.cloud.ZkStateReader" additivity="false"> + <priority value="error" /> + <appender-ref ref="console" /> + </category> + <!-- Logs to suppress END --> + + <logger name="org.apache.ambari.logsearch.audit" + additivity="true"> + <!-- <appender-ref ref="audit_rolling_file" />--> + <appender-ref ref="audit_rolling_file_json" /> + </logger> + + <logger name="org.apache.ambari.logsearch.performance" + additivity="false"> + <!-- <appender-ref ref="performance_analyzer" />--> + <appender-ref ref="performance_analyzer_json" /> + </logger> + + <logger name="org.apache.ambari.logsearch" additivity="false"> + <!-- <appender-ref ref="console" /> --> + <!-- <appender-ref ref="rolling_file" />--> + <appender-ref ref="rolling_file_json" /> + </logger> + + <root> + <level value="warn" /> + <!-- <appender-ref ref="console" /> --> + <!--<appender-ref ref="rolling_file" />--> + <appender-ref ref="rolling_file_json" /> + </root> +</log4j:configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/b0f1e340/ambari-logsearch/ambari-logsearch-server/src/main/resources/logsearch-admin-site.xml ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-server/src/main/resources/logsearch-admin-site.xml b/ambari-logsearch/ambari-logsearch-server/src/main/resources/logsearch-admin-site.xml new file mode 100644 index 0000000..049172a --- /dev/null +++ b/ambari-logsearch/ambari-logsearch-server/src/main/resources/logsearch-admin-site.xml @@ -0,0 +1,116 @@ +<!-- Licensed under the Apache License, Version 2.0 (the "License"); you + may not use this file except in compliance with the License. You may obtain + a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless + required by applicable law or agreed to in writing, software distributed + under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES + OR CONDITIONS OF ANY KIND, either express or implied. See the License for + the specific language governing permissions and limitations under the License. + See accompanying LICENSE file. --> + + +<configuration> + <property> + <name>authentication.ldap.primaryUrl</name> + <value></value> + <display-name></display-name> + <description>The hostname and port for the LDAP or AD server. Example: my.ldap.server:389</description> + </property> + <property> + <name>authentication.ldap.useSSL</name> + <value>false</value> + <display-name></display-name> + <description>If true, use SSL when connecting to the LDAP or AD server.</description> + </property> + <property> + <name>authentication.ldap.baseDn</name> + <value>dc=example,dc=com</value> + <display-name></display-name> + <description>The root Distinguished Name to search in the directory for users. Example: ou=people,dc=hadoop,dc=apache,dc=org</description> + </property> + <property> + <name>authentication.ldap.bindAnonymously</name> + <value>false</value> + <display-name></display-name> + <description>If true, bind to the LDAP or AD server anonymously</description> + </property> + <property> + <name>authentication.ldap.managerDn</name> + <value>cn=Manager,dc=example,dc=com</value> + <display-name></display-name> + <description>If Bind anonymous is set to false, the Distinguished Name (âDNâ) for the manager. + Example: uid=hdfs,ou=people,dc=hadoop,dc=apache,dc=org</description> + </property> + <property> + <name>authentication.ldap.managerPassword</name> + <value></value> + <display-name></display-name> + <property-type>PASSWORD</property-type> + <description>If Bind anonymous is set to false, the password for the manager</description> + </property> + <property> + <name>authentication.ldap.dnAttribute</name> + <value>dn</value> + <display-name></display-name> + <description></description> + </property> + <property> + <name>authentication.ldap.usernameAttribute</name> + <value>uid</value> + <display-name></display-name> + <description>The attribute for username. Example: uid</description> + </property> + <property> + <name>authentication.ldap.userBase</name> + <value>ou=people,dc=example,dc=com</value> + <display-name></display-name> + <description></description> + </property> + <property> + <name>authentication.ldap.userObjectClass</name> + <value>person</value> + <display-name></display-name> + <description>The object class that is used for users. Example: organizationalPerson</description> + </property> + <property> + <name>authentication.ldap.groupBase</name> + <value>ou=groups,dc=example,dc=com"</value> + <display-name></display-name> + <description></description> + </property> + <property> + <name>authentication.ldap.groupObjectClass</name> + <value>group</value> + <display-name></display-name> + <description>The object class that is used for groups. Example: groupOfUniqueNames</description> + </property> + <property> + <name>authentication.ldap.groupNamingAttr</name> + <value>cn</value> + <display-name></display-name> + <description>The attribute for group name.</description> + </property> + <property> + <name>authentication.ldap.groupMembershipAttr</name> + <value>member</value> + <display-name></display-name> + <description>The attribute for group membership. Example: uniqueMember</description> + </property> + <property> + <name>authorization.ldap.adminGroupMappingRules</name> + <value>Logsearch Administrators</value> + <display-name></display-name> + <description></description> + </property> + <property> + <name>authorization.ldap.groupSearchFilter</name> + <value></value> + <display-name></display-name> + <description></description> + </property> + <property> + <name>authentication.ldap.referral</name> + <value>ignore</value> + <display-name></display-name> + <description>Determines if LDAP referrals should be followed, or ignored.</description> + </property> +</configuration> \ No newline at end of file