Skip to content

A
atlas
Commit 27dc446d by nixonrodrigues
Options

Revert "ATLAS-3667 : Option to store Ldap/AD bind password in jceks keystore file"

This reverts commit 2a9b1ff1.
parent 2a9b1ff1
Showing with 3 additions and 52 deletions
intg/src/main/java/org/apache/atlas/ApplicationProperties.java
......@@ -18,7 +18,6 @@
package org.apache.atlas;
import org.apache.atlas.security.InMemoryJAASConfiguration;
import org.apache.atlas.security.SecurityUtil;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.configuration.ConfigurationConverter;
import org.apache.commons.configuration.ConfigurationException;
......@@ -57,10 +56,6 @@ public final class ApplicationProperties extends PropertiesConfiguration {
public static final String STORAGE_BACKEND_HBASE = "hbase";
public static final String STORAGE_BACKEND_HBASE2 = "hbase2";
public static final String INDEX_BACKEND_SOLR = "solr";
public static final String LDAP_TYPE = "atlas.authentication.method.ldap.type";
public static final String LDAP_AD_BIND_PASSWORD = "atlas.authentication.method.ldap.ad.bind.password";
public static final String LDAP_BIND_PASSWORD = "atlas.authentication.method.ldap.bind.password";
public static final String MASK_LDAP_PASSWORD = "*****";
public static final String DEFAULT_GRAPHDB_BACKEND = GRAPHBD_BACKEND_JANUS;
public static final boolean DEFAULT_SOLR_WAIT_SEARCHER = true;
public static final boolean DEFAULT_INDEX_MAP_NAME = false;
......@@ -140,8 +135,6 @@ public final class ApplicationProperties extends PropertiesConfiguration {
appProperties.setDefaults();
setLdapPasswordFromKeystore(appProperties);
Configuration configuration = appProperties.interpolatedConfiguration();
logConfiguration(configuration);
......@@ -276,28 +269,6 @@ public final class ApplicationProperties extends PropertiesConfiguration {
return inStr;
}
private static void setLdapPasswordFromKeystore(Configuration configuration) {
try {
if (configuration.getString(LDAP_TYPE).equalsIgnoreCase("ldap")) {
String maskPasssword = configuration.getString(LDAP_BIND_PASSWORD);
if (MASK_LDAP_PASSWORD.equals(maskPasssword)) {
String password = SecurityUtil.getPassword(configuration, LDAP_BIND_PASSWORD);
configuration.clearProperty(LDAP_BIND_PASSWORD);
configuration.addProperty(LDAP_BIND_PASSWORD, password);
}
} else if (configuration.getString(LDAP_TYPE).equalsIgnoreCase("ad")) {
String maskPasssword = configuration.getString(LDAP_AD_BIND_PASSWORD);
if (MASK_LDAP_PASSWORD.equals(maskPasssword)) {
String password = SecurityUtil.getPassword(configuration, LDAP_AD_BIND_PASSWORD);
configuration.clearProperty(LDAP_AD_BIND_PASSWORD);
configuration.addProperty(LDAP_AD_BIND_PASSWORD, password);
}
}
} catch (Exception e) {
LOG.info("Error in getting secure password : {} ", e);
}
}
private void setDefaults() {
AtlasRunMode runMode = AtlasRunMode.valueOf(getString(ATLAS_RUN_MODE, DEFAULT_ATLAS_RUN_MODE.name()));
......
webapp/src/main/java/org/apache/atlas/util/CredentialProviderUtility.java
......@@ -28,6 +28,7 @@ import org.apache.hadoop.security.alias.CredentialProviderFactory;
import java.io.Console;
import java.io.IOException;
import java.util.Arrays;
import static org.apache.atlas.security.SecurityProperties.KEYSTORE_PASSWORD_KEY;
import static org.apache.atlas.security.SecurityProperties.SERVER_CERT_PASSWORD_KEY;
import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_PASSWORD_KEY;
......@@ -39,6 +40,7 @@ import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_PASSWORD_K
*/
public class CredentialProviderUtility {
private static final String[] KEYS = new String[] { KEYSTORE_PASSWORD_KEY, TRUSTSTORE_PASSWORD_KEY, SERVER_CERT_PASSWORD_KEY };
public static abstract class TextDevice {
public abstract void printf(String fmt, Object... params);
......@@ -73,17 +75,11 @@ public class CredentialProviderUtility {
try {
CommandLine cmd = new DefaultParser().parse(createOptions(), args);
boolean generatePasswordOption = cmd.hasOption("g");
String key = cmd.getOptionValue("k");
char[] cred = null;
String providerPath = cmd.getOptionValue("f");
if (cmd.hasOption("p")) {
cred = cmd.getOptionValue("p").toCharArray();
}
if (generatePasswordOption) {
String userName = cmd.getOptionValue("u");
String password = cmd.getOptionValue("p");
if (userName != null && password != null) {
String encryptedPassword = UserDao.encrypt(password);
boolean silentOption = cmd.hasOption("s");
......@@ -99,20 +95,6 @@ public class CredentialProviderUtility {
return;
}
if (key != null && cred != null && providerPath != null) {
if (!StringUtils.isEmpty(String.valueOf(cred))) {
Configuration conf = new Configuration(false);
conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerPath);
CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);
provider.createCredentialEntry(key, cred);
provider.flush();
System.out.println("Password is stored in Credential Provider");
} else {
System.out.println("Please enter a valid password");
}
return;
}
} catch (Exception e) {
System.out.println("Exception while generatePassword " + e.getMessage());
return;
......@@ -152,8 +134,6 @@ public class CredentialProviderUtility {
private static Options createOptions() {
Options options = new Options();
options.addOption("k", "ldapkey", true, "key");
options.addOption("f", "ldapPath", true, "path");
options.addOption("g", "generatePassword", false, "Generate Password");
options.addOption("s", "silent", false, "Silent");
options.addOption("u", "username", true, "UserName");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment