Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
A
atlas
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
dataplatform
atlas
Commits
2a9b1ff1
Commit
2a9b1ff1
authored
5 years ago
by
chaitali borole
Committed by
nixonrodrigues
5 years ago
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
ATLAS-3667 : Option to store Ldap/AD bind password in jceks keystore file
Signed-off-by:
nixonrodrigues
<
nixon@apache.org
>
parent
a78e208d
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
52 additions
and
3 deletions
+52
-3
ApplicationProperties.java
...src/main/java/org/apache/atlas/ApplicationProperties.java
+29
-0
CredentialProviderUtility.java
...java/org/apache/atlas/util/CredentialProviderUtility.java
+23
-3
No files found.
intg/src/main/java/org/apache/atlas/ApplicationProperties.java
View file @
2a9b1ff1
...
@@ -18,6 +18,7 @@
...
@@ -18,6 +18,7 @@
package
org
.
apache
.
atlas
;
package
org
.
apache
.
atlas
;
import
org.apache.atlas.security.InMemoryJAASConfiguration
;
import
org.apache.atlas.security.InMemoryJAASConfiguration
;
import
org.apache.atlas.security.SecurityUtil
;
import
org.apache.commons.configuration.Configuration
;
import
org.apache.commons.configuration.Configuration
;
import
org.apache.commons.configuration.ConfigurationConverter
;
import
org.apache.commons.configuration.ConfigurationConverter
;
import
org.apache.commons.configuration.ConfigurationException
;
import
org.apache.commons.configuration.ConfigurationException
;
...
@@ -56,6 +57,10 @@ public final class ApplicationProperties extends PropertiesConfiguration {
...
@@ -56,6 +57,10 @@ public final class ApplicationProperties extends PropertiesConfiguration {
public
static
final
String
STORAGE_BACKEND_HBASE
=
"hbase"
;
public
static
final
String
STORAGE_BACKEND_HBASE
=
"hbase"
;
public
static
final
String
STORAGE_BACKEND_HBASE2
=
"hbase2"
;
public
static
final
String
STORAGE_BACKEND_HBASE2
=
"hbase2"
;
public
static
final
String
INDEX_BACKEND_SOLR
=
"solr"
;
public
static
final
String
INDEX_BACKEND_SOLR
=
"solr"
;
public
static
final
String
LDAP_TYPE
=
"atlas.authentication.method.ldap.type"
;
public
static
final
String
LDAP_AD_BIND_PASSWORD
=
"atlas.authentication.method.ldap.ad.bind.password"
;
public
static
final
String
LDAP_BIND_PASSWORD
=
"atlas.authentication.method.ldap.bind.password"
;
public
static
final
String
MASK_LDAP_PASSWORD
=
"*****"
;
public
static
final
String
DEFAULT_GRAPHDB_BACKEND
=
GRAPHBD_BACKEND_JANUS
;
public
static
final
String
DEFAULT_GRAPHDB_BACKEND
=
GRAPHBD_BACKEND_JANUS
;
public
static
final
boolean
DEFAULT_SOLR_WAIT_SEARCHER
=
true
;
public
static
final
boolean
DEFAULT_SOLR_WAIT_SEARCHER
=
true
;
public
static
final
boolean
DEFAULT_INDEX_MAP_NAME
=
false
;
public
static
final
boolean
DEFAULT_INDEX_MAP_NAME
=
false
;
...
@@ -135,6 +140,8 @@ public final class ApplicationProperties extends PropertiesConfiguration {
...
@@ -135,6 +140,8 @@ public final class ApplicationProperties extends PropertiesConfiguration {
appProperties
.
setDefaults
();
appProperties
.
setDefaults
();
setLdapPasswordFromKeystore
(
appProperties
);
Configuration
configuration
=
appProperties
.
interpolatedConfiguration
();
Configuration
configuration
=
appProperties
.
interpolatedConfiguration
();
logConfiguration
(
configuration
);
logConfiguration
(
configuration
);
...
@@ -269,6 +276,28 @@ public final class ApplicationProperties extends PropertiesConfiguration {
...
@@ -269,6 +276,28 @@ public final class ApplicationProperties extends PropertiesConfiguration {
return
inStr
;
return
inStr
;
}
}
private
static
void
setLdapPasswordFromKeystore
(
Configuration
configuration
)
{
try
{
if
(
configuration
.
getString
(
LDAP_TYPE
).
equalsIgnoreCase
(
"ldap"
))
{
String
maskPasssword
=
configuration
.
getString
(
LDAP_BIND_PASSWORD
);
if
(
MASK_LDAP_PASSWORD
.
equals
(
maskPasssword
))
{
String
password
=
SecurityUtil
.
getPassword
(
configuration
,
LDAP_BIND_PASSWORD
);
configuration
.
clearProperty
(
LDAP_BIND_PASSWORD
);
configuration
.
addProperty
(
LDAP_BIND_PASSWORD
,
password
);
}
}
else
if
(
configuration
.
getString
(
LDAP_TYPE
).
equalsIgnoreCase
(
"ad"
))
{
String
maskPasssword
=
configuration
.
getString
(
LDAP_AD_BIND_PASSWORD
);
if
(
MASK_LDAP_PASSWORD
.
equals
(
maskPasssword
))
{
String
password
=
SecurityUtil
.
getPassword
(
configuration
,
LDAP_AD_BIND_PASSWORD
);
configuration
.
clearProperty
(
LDAP_AD_BIND_PASSWORD
);
configuration
.
addProperty
(
LDAP_AD_BIND_PASSWORD
,
password
);
}
}
}
catch
(
Exception
e
)
{
LOG
.
info
(
"Error in getting secure password : {} "
,
e
);
}
}
private
void
setDefaults
()
{
private
void
setDefaults
()
{
AtlasRunMode
runMode
=
AtlasRunMode
.
valueOf
(
getString
(
ATLAS_RUN_MODE
,
DEFAULT_ATLAS_RUN_MODE
.
name
()));
AtlasRunMode
runMode
=
AtlasRunMode
.
valueOf
(
getString
(
ATLAS_RUN_MODE
,
DEFAULT_ATLAS_RUN_MODE
.
name
()));
...
...
This diff is collapsed.
Click to expand it.
webapp/src/main/java/org/apache/atlas/util/CredentialProviderUtility.java
View file @
2a9b1ff1
...
@@ -28,7 +28,6 @@ import org.apache.hadoop.security.alias.CredentialProviderFactory;
...
@@ -28,7 +28,6 @@ import org.apache.hadoop.security.alias.CredentialProviderFactory;
import
java.io.Console
;
import
java.io.Console
;
import
java.io.IOException
;
import
java.io.IOException
;
import
java.util.Arrays
;
import
java.util.Arrays
;
import
static
org
.
apache
.
atlas
.
security
.
SecurityProperties
.
KEYSTORE_PASSWORD_KEY
;
import
static
org
.
apache
.
atlas
.
security
.
SecurityProperties
.
KEYSTORE_PASSWORD_KEY
;
import
static
org
.
apache
.
atlas
.
security
.
SecurityProperties
.
SERVER_CERT_PASSWORD_KEY
;
import
static
org
.
apache
.
atlas
.
security
.
SecurityProperties
.
SERVER_CERT_PASSWORD_KEY
;
import
static
org
.
apache
.
atlas
.
security
.
SecurityProperties
.
TRUSTSTORE_PASSWORD_KEY
;
import
static
org
.
apache
.
atlas
.
security
.
SecurityProperties
.
TRUSTSTORE_PASSWORD_KEY
;
...
@@ -40,7 +39,6 @@ import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_PASSWORD_K
...
@@ -40,7 +39,6 @@ import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_PASSWORD_K
*/
*/
public
class
CredentialProviderUtility
{
public
class
CredentialProviderUtility
{
private
static
final
String
[]
KEYS
=
new
String
[]
{
KEYSTORE_PASSWORD_KEY
,
TRUSTSTORE_PASSWORD_KEY
,
SERVER_CERT_PASSWORD_KEY
};
private
static
final
String
[]
KEYS
=
new
String
[]
{
KEYSTORE_PASSWORD_KEY
,
TRUSTSTORE_PASSWORD_KEY
,
SERVER_CERT_PASSWORD_KEY
};
public
static
abstract
class
TextDevice
{
public
static
abstract
class
TextDevice
{
public
abstract
void
printf
(
String
fmt
,
Object
...
params
);
public
abstract
void
printf
(
String
fmt
,
Object
...
params
);
...
@@ -75,11 +73,17 @@ public class CredentialProviderUtility {
...
@@ -75,11 +73,17 @@ public class CredentialProviderUtility {
try
{
try
{
CommandLine
cmd
=
new
DefaultParser
().
parse
(
createOptions
(),
args
);
CommandLine
cmd
=
new
DefaultParser
().
parse
(
createOptions
(),
args
);
boolean
generatePasswordOption
=
cmd
.
hasOption
(
"g"
);
boolean
generatePasswordOption
=
cmd
.
hasOption
(
"g"
);
String
key
=
cmd
.
getOptionValue
(
"k"
);
char
[]
cred
=
null
;
String
providerPath
=
cmd
.
getOptionValue
(
"f"
);
if
(
cmd
.
hasOption
(
"p"
))
{
cred
=
cmd
.
getOptionValue
(
"p"
).
toCharArray
();
}
if
(
generatePasswordOption
)
{
if
(
generatePasswordOption
)
{
String
userName
=
cmd
.
getOptionValue
(
"u"
);
String
userName
=
cmd
.
getOptionValue
(
"u"
);
String
password
=
cmd
.
getOptionValue
(
"p"
);
String
password
=
cmd
.
getOptionValue
(
"p"
);
if
(
userName
!=
null
&&
password
!=
null
)
{
if
(
userName
!=
null
&&
password
!=
null
)
{
String
encryptedPassword
=
UserDao
.
encrypt
(
password
);
String
encryptedPassword
=
UserDao
.
encrypt
(
password
);
boolean
silentOption
=
cmd
.
hasOption
(
"s"
);
boolean
silentOption
=
cmd
.
hasOption
(
"s"
);
...
@@ -95,6 +99,20 @@ public class CredentialProviderUtility {
...
@@ -95,6 +99,20 @@ public class CredentialProviderUtility {
return
;
return
;
}
}
if
(
key
!=
null
&&
cred
!=
null
&&
providerPath
!=
null
)
{
if
(!
StringUtils
.
isEmpty
(
String
.
valueOf
(
cred
)))
{
Configuration
conf
=
new
Configuration
(
false
);
conf
.
set
(
CredentialProviderFactory
.
CREDENTIAL_PROVIDER_PATH
,
providerPath
);
CredentialProvider
provider
=
CredentialProviderFactory
.
getProviders
(
conf
).
get
(
0
);
provider
.
createCredentialEntry
(
key
,
cred
);
provider
.
flush
();
System
.
out
.
println
(
"Password is stored in Credential Provider"
);
}
else
{
System
.
out
.
println
(
"Please enter a valid password"
);
}
return
;
}
}
catch
(
Exception
e
)
{
}
catch
(
Exception
e
)
{
System
.
out
.
println
(
"Exception while generatePassword "
+
e
.
getMessage
());
System
.
out
.
println
(
"Exception while generatePassword "
+
e
.
getMessage
());
return
;
return
;
...
@@ -134,6 +152,8 @@ public class CredentialProviderUtility {
...
@@ -134,6 +152,8 @@ public class CredentialProviderUtility {
private
static
Options
createOptions
()
{
private
static
Options
createOptions
()
{
Options
options
=
new
Options
();
Options
options
=
new
Options
();
options
.
addOption
(
"k"
,
"ldapkey"
,
true
,
"key"
);
options
.
addOption
(
"f"
,
"ldapPath"
,
true
,
"path"
);
options
.
addOption
(
"g"
,
"generatePassword"
,
false
,
"Generate Password"
);
options
.
addOption
(
"g"
,
"generatePassword"
,
false
,
"Generate Password"
);
options
.
addOption
(
"s"
,
"silent"
,
false
,
"Silent"
);
options
.
addOption
(
"s"
,
"silent"
,
false
,
"Silent"
);
options
.
addOption
(
"u"
,
"username"
,
true
,
"UserName"
);
options
.
addOption
(
"u"
,
"username"
,
true
,
"UserName"
);
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment