Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
A
atlas
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
dataplatform
atlas
Commits
25044cee
Commit
25044cee
authored
5 years ago
by
nixonrodrigues
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
ATLAS-3488 :- Update Simple Authentication(file-based) password with ShaPasswordEncoder with Salt.
parent
7aca24fb
Show whitespace changes
Inline
Side-by-side
Showing
14 changed files
with
103 additions
and
26 deletions
+103
-26
users-credentials.properties
...on-bridge/src/test/resources/users-credentials.properties
+3
-3
users-credentials.properties
...se-bridge/src/test/resources/users-credentials.properties
+2
-2
users-credentials.properties
...ve-bridge/src/test/resources/users-credentials.properties
+2
-2
users-credentials.properties
...la-bridge/src/test/resources/users-credentials.properties
+2
-2
users-credentials.properties
...ka-bridge/src/test/resources/users-credentials.properties
+2
-2
users-credentials.properties
...op-bridge/src/test/resources/users-credentials.properties
+2
-2
users-credentials.properties
...rm-bridge/src/test/resources/users-credentials.properties
+2
-2
users-credentials.properties
distro/src/conf/users-credentials.properties
+2
-2
users-credentials.properties
intg/src/test/resources/users-credentials.properties
+2
-2
CredentialProviderUtility.java
...java/org/apache/atlas/util/CredentialProviderUtility.java
+40
-0
UserDao.java
webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java
+6
-2
AtlasFileAuthenticationProvider.java
...e/atlas/web/security/AtlasFileAuthenticationProvider.java
+21
-1
FileAuthenticationTest.java
...org/apache/atlas/web/security/FileAuthenticationTest.java
+15
-2
users-credentials.properties
webapp/src/test/resources/users-credentials.properties
+2
-2
No files found.
addons/falcon-bridge/src/test/resources/users-credentials.properties
View file @
25044cee
#username=group::sha256-password
#username=group::sha256
+salt
-password
admin
=
ADMIN::
8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
admin
=
ADMIN::
a4a88c0872bf652bb9ed803ece5fd6e82354838a9bf59ab4babb1dab322154e1
rangertagsync
=
RANGER_TAG_SYNC::
e3f67240f5117d1753c940dae9eea772d36ed5fe9bd9c94a300e40413f1afb9d
rangertagsync
=
RANGER_TAG_SYNC::
0afe7a1968b07d4c3ff4ed8c2d809a32ffea706c66cd795ead9048e81cfaf034
This diff is collapsed.
Click to expand it.
addons/hbase-bridge/src/test/resources/users-credentials.properties
View file @
25044cee
#username=group::sha256-password
#username=group::sha256-password
admin
=
ADMIN::
8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
admin
=
ADMIN::
a4a88c0872bf652bb9ed803ece5fd6e82354838a9bf59ab4babb1dab322154e1
rangertagsync
=
RANGER_TAG_SYNC::
e3f67240f5117d1753c940dae9eea772d36ed5fe9bd9c94a300e40413f1afb9d
rangertagsync
=
RANGER_TAG_SYNC::
0afe7a1968b07d4c3ff4ed8c2d809a32ffea706c66cd795ead9048e81cfaf034
This diff is collapsed.
Click to expand it.
addons/hive-bridge/src/test/resources/users-credentials.properties
View file @
25044cee
#username=group::sha256-password
#username=group::sha256-password
admin
=
ADMIN::
8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
admin
=
ADMIN::
a4a88c0872bf652bb9ed803ece5fd6e82354838a9bf59ab4babb1dab322154e1
rangertagsync
=
RANGER_TAG_SYNC::
e3f67240f5117d1753c940dae9eea772d36ed5fe9bd9c94a300e40413f1afb9d
rangertagsync
=
RANGER_TAG_SYNC::
0afe7a1968b07d4c3ff4ed8c2d809a32ffea706c66cd795ead9048e81cfaf034
This diff is collapsed.
Click to expand it.
addons/impala-bridge/src/test/resources/users-credentials.properties
View file @
25044cee
#username=group::sha256-password
#username=group::sha256-password
admin
=
ADMIN::
8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
admin
=
ADMIN::
a4a88c0872bf652bb9ed803ece5fd6e82354838a9bf59ab4babb1dab322154e1
rangertagsync
=
RANGER_TAG_SYNC::
e3f67240f5117d1753c940dae9eea772d36ed5fe9bd9c94a300e40413f1afb9d
rangertagsync
=
RANGER_TAG_SYNC::
0afe7a1968b07d4c3ff4ed8c2d809a32ffea706c66cd795ead9048e81cfaf034
This diff is collapsed.
Click to expand it.
addons/kafka-bridge/src/test/resources/users-credentials.properties
View file @
25044cee
#username=group::sha256-password
#username=group::sha256-password
admin
=
ADMIN::
8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
admin
=
ADMIN::
a4a88c0872bf652bb9ed803ece5fd6e82354838a9bf59ab4babb1dab322154e1
rangertagsync
=
RANGER_TAG_SYNC::
e3f67240f5117d1753c940dae9eea772d36ed5fe9bd9c94a300e40413f1afb9d
rangertagsync
=
RANGER_TAG_SYNC::
0afe7a1968b07d4c3ff4ed8c2d809a32ffea706c66cd795ead9048e81cfaf034
This diff is collapsed.
Click to expand it.
addons/sqoop-bridge/src/test/resources/users-credentials.properties
View file @
25044cee
#username=group::sha256-password
#username=group::sha256-password
admin
=
ADMIN::
8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
admin
=
ADMIN::
a4a88c0872bf652bb9ed803ece5fd6e82354838a9bf59ab4babb1dab322154e1
rangertagsync
=
RANGER_TAG_SYNC::
e3f67240f5117d1753c940dae9eea772d36ed5fe9bd9c94a300e40413f1afb9d
rangertagsync
=
RANGER_TAG_SYNC::
0afe7a1968b07d4c3ff4ed8c2d809a32ffea706c66cd795ead9048e81cfaf034
This diff is collapsed.
Click to expand it.
addons/storm-bridge/src/test/resources/users-credentials.properties
View file @
25044cee
#username=group::sha256-password
#username=group::sha256-password
admin
=
ADMIN::
8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
admin
=
ADMIN::
a4a88c0872bf652bb9ed803ece5fd6e82354838a9bf59ab4babb1dab322154e1
rangertagsync
=
RANGER_TAG_SYNC::
e3f67240f5117d1753c940dae9eea772d36ed5fe9bd9c94a300e40413f1afb9d
rangertagsync
=
RANGER_TAG_SYNC::
0afe7a1968b07d4c3ff4ed8c2d809a32ffea706c66cd795ead9048e81cfaf034
This diff is collapsed.
Click to expand it.
distro/src/conf/users-credentials.properties
View file @
25044cee
#username=group::sha256-password
#username=group::sha256-password
admin
=
ADMIN::
8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
admin
=
ADMIN::
a4a88c0872bf652bb9ed803ece5fd6e82354838a9bf59ab4babb1dab322154e1
rangertagsync
=
RANGER_TAG_SYNC::
e3f67240f5117d1753c940dae9eea772d36ed5fe9bd9c94a300e40413f1afb9d
rangertagsync
=
RANGER_TAG_SYNC::
0afe7a1968b07d4c3ff4ed8c2d809a32ffea706c66cd795ead9048e81cfaf034
This diff is collapsed.
Click to expand it.
intg/src/test/resources/users-credentials.properties
View file @
25044cee
#username=group::sha256-password
#username=group::sha256-password
admin
=
ADMIN::
8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
admin
=
ADMIN::
a4a88c0872bf652bb9ed803ece5fd6e82354838a9bf59ab4babb1dab322154e1
rangertagsync
=
RANGER_TAG_SYNC::
e3f67240f5117d1753c940dae9eea772d36ed5fe9bd9c94a300e40413f1afb9d
rangertagsync
=
RANGER_TAG_SYNC::
0afe7a1968b07d4c3ff4ed8c2d809a32ffea706c66cd795ead9048e81cfaf034
This diff is collapsed.
Click to expand it.
webapp/src/main/java/org/apache/atlas/util/CredentialProviderUtility.java
View file @
25044cee
...
@@ -16,6 +16,10 @@
...
@@ -16,6 +16,10 @@
*/
*/
package
org
.
apache
.
atlas
.
util
;
package
org
.
apache
.
atlas
.
util
;
import
org.apache.atlas.web.dao.UserDao
;
import
org.apache.commons.cli.BasicParser
;
import
org.apache.commons.cli.CommandLine
;
import
org.apache.commons.cli.Options
;
import
org.apache.commons.lang.StringUtils
;
import
org.apache.commons.lang.StringUtils
;
import
org.apache.hadoop.conf.Configuration
;
import
org.apache.hadoop.conf.Configuration
;
import
org.apache.hadoop.security.alias.CredentialProvider
;
import
org.apache.hadoop.security.alias.CredentialProvider
;
...
@@ -71,6 +75,36 @@ public class CredentialProviderUtility {
...
@@ -71,6 +75,36 @@ public class CredentialProviderUtility {
public
static
TextDevice
textDevice
=
DEFAULT_TEXT_DEVICE
;
public
static
TextDevice
textDevice
=
DEFAULT_TEXT_DEVICE
;
public
static
void
main
(
String
[]
args
)
throws
IOException
{
public
static
void
main
(
String
[]
args
)
throws
IOException
{
Options
options
=
new
Options
();
try
{
createOptions
(
options
);
CommandLine
cmd
=
new
BasicParser
().
parse
(
options
,
args
);
boolean
generatePasswordOption
=
cmd
.
hasOption
(
"g"
);
if
(
generatePasswordOption
)
{
String
userName
=
cmd
.
getOptionValue
(
"u"
);
String
password
=
cmd
.
getOptionValue
(
"p"
);
if
(
userName
!=
null
&&
password
!=
null
)
{
String
encryptedPassword
=
UserDao
.
encrypt
(
password
,
userName
);
textDevice
.
printf
(
"Your encrypted password is : "
+
encryptedPassword
,
null
);
textDevice
.
printf
(
"\n"
,
null
);
}
else
{
textDevice
.
printf
(
"Please provide username and password as input. Usage:"
+
" cputil.py -g -u <username> -p <password>"
,
null
);
}
return
;
}
}
catch
(
Exception
e
)
{
System
.
out
.
println
(
"Exception while generatePassword "
+
e
.
getMessage
());
return
;
}
// prompt for the provider name
// prompt for the provider name
CredentialProvider
provider
=
getCredentialProvider
(
textDevice
);
CredentialProvider
provider
=
getCredentialProvider
(
textDevice
);
...
@@ -100,6 +134,12 @@ public class CredentialProviderUtility {
...
@@ -100,6 +134,12 @@ public class CredentialProviderUtility {
}
}
}
}
private
static
void
createOptions
(
Options
options
)
{
options
.
addOption
(
"g"
,
"generatePassword"
,
false
,
"Generate Password"
);
options
.
addOption
(
"u"
,
"username"
,
true
,
"UserName"
);
options
.
addOption
(
"p"
,
"password"
,
true
,
"Password"
);
}
/**
/**
* Retrieves a password from the command line.
* Retrieves a password from the command line.
* @param textDevice the system console.
* @param textDevice the system console.
...
...
This diff is collapsed.
Click to expand it.
webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java
View file @
25044cee
...
@@ -28,6 +28,7 @@ import javax.annotation.PostConstruct;
...
@@ -28,6 +28,7 @@ import javax.annotation.PostConstruct;
import
org.apache.atlas.web.security.AtlasAuthenticationException
;
import
org.apache.atlas.web.security.AtlasAuthenticationException
;
import
org.slf4j.Logger
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
org.slf4j.LoggerFactory
;
import
org.springframework.security.authentication.encoding.ShaPasswordEncoder
;
import
org.springframework.stereotype.Repository
;
import
org.springframework.stereotype.Repository
;
import
org.apache.atlas.ApplicationProperties
;
import
org.apache.atlas.ApplicationProperties
;
import
org.apache.atlas.AtlasException
;
import
org.apache.atlas.AtlasException
;
...
@@ -50,6 +51,8 @@ public class UserDao {
...
@@ -50,6 +51,8 @@ public class UserDao {
private
Properties
userLogins
;
private
Properties
userLogins
;
private
static
final
ShaPasswordEncoder
sha256Encoder
=
new
ShaPasswordEncoder
(
256
);
@PostConstruct
@PostConstruct
public
void
init
()
{
public
void
init
()
{
loadFileLoginsDetails
();
loadFileLoginsDetails
();
...
@@ -107,13 +110,11 @@ public class UserDao {
...
@@ -107,13 +110,11 @@ public class UserDao {
return
userDetails
;
return
userDetails
;
}
}
@VisibleForTesting
@VisibleForTesting
public
void
setUserLogins
(
Properties
userLogins
)
{
public
void
setUserLogins
(
Properties
userLogins
)
{
this
.
userLogins
=
userLogins
;
this
.
userLogins
=
userLogins
;
}
}
public
static
String
getSha256Hash
(
String
base
)
throws
AtlasAuthenticationException
{
public
static
String
getSha256Hash
(
String
base
)
throws
AtlasAuthenticationException
{
try
{
try
{
MessageDigest
digest
=
MessageDigest
.
getInstance
(
"SHA-256"
);
MessageDigest
digest
=
MessageDigest
.
getInstance
(
"SHA-256"
);
...
@@ -132,4 +133,7 @@ public class UserDao {
...
@@ -132,4 +133,7 @@ public class UserDao {
}
}
}
}
public
static
String
encrypt
(
String
password
,
String
salt
)
{
return
sha256Encoder
.
encodePassword
(
password
,
salt
);
}
}
}
This diff is collapsed.
Click to expand it.
webapp/src/main/java/org/apache/atlas/web/security/AtlasFileAuthenticationProvider.java
View file @
25044cee
...
@@ -16,7 +16,9 @@
...
@@ -16,7 +16,9 @@
*/
*/
package
org
.
apache
.
atlas
.
web
.
security
;
package
org
.
apache
.
atlas
.
web
.
security
;
import
org.apache.atlas.ApplicationProperties
;
import
org.apache.atlas.web.dao.UserDao
;
import
org.apache.atlas.web.dao.UserDao
;
import
org.apache.commons.configuration.Configuration
;
import
org.slf4j.Logger
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
org.slf4j.LoggerFactory
;
import
org.springframework.security.authentication.BadCredentialsException
;
import
org.springframework.security.authentication.BadCredentialsException
;
...
@@ -28,6 +30,7 @@ import org.springframework.security.core.userdetails.UserDetails;
...
@@ -28,6 +30,7 @@ import org.springframework.security.core.userdetails.UserDetails;
import
org.springframework.security.core.userdetails.UserDetailsService
;
import
org.springframework.security.core.userdetails.UserDetailsService
;
import
org.springframework.stereotype.Component
;
import
org.springframework.stereotype.Component
;
import
javax.annotation.PostConstruct
;
import
javax.inject.Inject
;
import
javax.inject.Inject
;
import
java.util.Collection
;
import
java.util.Collection
;
...
@@ -38,12 +41,23 @@ public class AtlasFileAuthenticationProvider extends AtlasAbstractAuthentication
...
@@ -38,12 +41,23 @@ public class AtlasFileAuthenticationProvider extends AtlasAbstractAuthentication
private
static
Logger
logger
=
LoggerFactory
.
getLogger
(
AtlasFileAuthenticationProvider
.
class
);
private
static
Logger
logger
=
LoggerFactory
.
getLogger
(
AtlasFileAuthenticationProvider
.
class
);
private
final
UserDetailsService
userDetailsService
;
private
final
UserDetailsService
userDetailsService
;
private
boolean
v1ValidationEnabled
=
true
;
@Inject
@Inject
public
AtlasFileAuthenticationProvider
(
UserDetailsService
userDetailsService
)
{
public
AtlasFileAuthenticationProvider
(
UserDetailsService
userDetailsService
)
{
this
.
userDetailsService
=
userDetailsService
;
this
.
userDetailsService
=
userDetailsService
;
}
}
@PostConstruct
public
void
setup
()
{
try
{
Configuration
configuration
=
ApplicationProperties
.
get
();
v1ValidationEnabled
=
configuration
.
getBoolean
(
"atlas.authentication.method.file.v1-validation.enabled"
,
true
);
}
catch
(
Exception
e
)
{
logger
.
error
(
"Exception while setup"
,
e
);
}
}
@Override
@Override
public
Authentication
authenticate
(
Authentication
authentication
)
throws
AuthenticationException
{
public
Authentication
authenticate
(
Authentication
authentication
)
throws
AuthenticationException
{
String
username
=
authentication
.
getName
();
String
username
=
authentication
.
getName
();
...
@@ -61,8 +75,14 @@ public class AtlasFileAuthenticationProvider extends AtlasAbstractAuthentication
...
@@ -61,8 +75,14 @@ public class AtlasFileAuthenticationProvider extends AtlasAbstractAuthentication
}
}
UserDetails
user
=
userDetailsService
.
loadUserByUsername
(
username
);
UserDetails
user
=
userDetailsService
.
loadUserByUsername
(
username
);
String
encodedPassword
=
UserDao
.
encrypt
(
password
,
username
);
String
encodedPassword
=
UserDao
.
getSha256Hash
(
password
);
boolean
isValidPassword
=
encodedPassword
.
equals
(
user
.
getPassword
());
if
(!
isValidPassword
&&
v1ValidationEnabled
)
{
encodedPassword
=
UserDao
.
getSha256Hash
(
password
);
}
if
(!
encodedPassword
.
equals
(
user
.
getPassword
()))
{
if
(!
encodedPassword
.
equals
(
user
.
getPassword
()))
{
logger
.
error
(
"Wrong password "
+
username
);
logger
.
error
(
"Wrong password "
+
username
);
...
...
This diff is collapsed.
Click to expand it.
webapp/src/test/java/org/apache/atlas/web/security/FileAuthenticationTest.java
View file @
25044cee
...
@@ -92,11 +92,12 @@ public class FileAuthenticationTest {
...
@@ -92,11 +92,12 @@ public class FileAuthenticationTest {
private
void
setupUserCredential
(
String
tmpDir
)
throws
Exception
{
private
void
setupUserCredential
(
String
tmpDir
)
throws
Exception
{
StringBuilder
credentialFileStr
=
new
StringBuilder
(
1024
);
StringBuilder
credentialFileStr
=
new
StringBuilder
(
1024
);
credentialFileStr
.
append
(
"admin=ADMIN::8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918\n"
);
credentialFileStr
.
append
(
"admin=ADMIN::a4a88c0872bf652bb9ed803ece5fd6e82354838a9bf59ab4babb1dab322154e1\n"
);
credentialFileStr
.
append
(
"adminv1=ADMIN::8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918\n"
);
credentialFileStr
.
append
(
"michael=DATA_SCIENTIST::95bfb24de17d285d734b9eaa9109bfe922adc85f20d2e5e66a78bddb4a4ebddb\n"
);
credentialFileStr
.
append
(
"michael=DATA_SCIENTIST::95bfb24de17d285d734b9eaa9109bfe922adc85f20d2e5e66a78bddb4a4ebddb\n"
);
credentialFileStr
.
append
(
"paul=DATA_STEWARD::e7c0dcf5f8a93e93791e9bac1ae454a691c1d2a902fc4256d489e96c1b9ac68c\n"
);
credentialFileStr
.
append
(
"paul=DATA_STEWARD::e7c0dcf5f8a93e93791e9bac1ae454a691c1d2a902fc4256d489e96c1b9ac68c\n"
);
credentialFileStr
.
append
(
"user= \n"
);
credentialFileStr
.
append
(
"user= \n"
);
credentialFileStr
.
append
(
"user12= ::
bd35283fe8fcfd77d7c05a8bf2adb85c773281927e12c9829c72a9462092f7c4
\n"
);
credentialFileStr
.
append
(
"user12= ::
43d864d8f9b53cd913fc6a665c8470595cefa4a360edeb78cf6c4eac00c0a3a0
\n"
);
File
credentialFile
=
new
File
(
tmpDir
,
"users-credentials"
);
File
credentialFile
=
new
File
(
tmpDir
,
"users-credentials"
);
FileUtils
.
write
(
credentialFile
,
credentialFileStr
.
toString
());
FileUtils
.
write
(
credentialFile
,
credentialFileStr
.
toString
());
}
}
...
@@ -123,6 +124,18 @@ public class FileAuthenticationTest {
...
@@ -123,6 +124,18 @@ public class FileAuthenticationTest {
}
}
@Test
@Test
public
void
testValidUserLoginWithV1password
()
{
when
(
authentication
.
getName
()).
thenReturn
(
"adminv1"
);
when
(
authentication
.
getCredentials
()).
thenReturn
(
"admin"
);
Authentication
auth
=
authProvider
.
authenticate
(
authentication
);
LOG
.
debug
(
" {}"
,
auth
);
assertTrue
(
auth
.
isAuthenticated
());
}
@Test
public
void
testInValidPasswordLogin
()
{
public
void
testInValidPasswordLogin
()
{
when
(
authentication
.
getName
()).
thenReturn
(
"admin"
);
when
(
authentication
.
getName
()).
thenReturn
(
"admin"
);
...
...
This diff is collapsed.
Click to expand it.
webapp/src/test/resources/users-credentials.properties
View file @
25044cee
#username=group::sha256-password
#username=group::sha256-password
admin
=
ADMIN::
8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
admin
=
ADMIN::
a4a88c0872bf652bb9ed803ece5fd6e82354838a9bf59ab4babb1dab322154e1
rangertagsync
=
RANGER_TAG_SYNC::
e3f67240f5117d1753c940dae9eea772d36ed5fe9bd9c94a300e40413f1afb9d
rangertagsync
=
RANGER_TAG_SYNC::
0afe7a1968b07d4c3ff4ed8c2d809a32ffea706c66cd795ead9048e81cfaf034
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment