ATLAS-2087: Allow Atlas server to bind on a specific address

Signed-off-by: Madhan Neethiraj <madhan@apache.org>

ATLAS-2087: Allow Atlas server to bind on a specific address
42ccc44a · Richard Ding · Madhan Neethiraj · f59284ad · 42ccc44a · 42ccc44a
Commit 42ccc44a authored Aug 29, 2017 by Richard Ding Committed by Madhan Neethiraj Aug 29, 2017
8 changed files
--- a/webapp/src/main/java/org/apache/atlas/Atlas.java
+++ b/webapp/src/main/java/org/apache/atlas/Atlas.java
@@ -33,6 +33,10 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.slf4j.bridge.SLF4JBridgeHandler;
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.NetworkInterface;
+import java.net.SocketException;
 import java.util.Iterator;
 /**
@@ -105,6 +109,17 @@ public final class Atlas {
        setApplicationHome();
        Configuration configuration = ApplicationProperties.get();
        final String enableTLSFlag = configuration.getString(SecurityProperties.TLS_ENABLED);
+        final String appHost = configuration.getString(SecurityProperties.BIND_ADDRESS, EmbeddedServer.ATLAS_DEFAULT_BIND_ADDRESS);
+        if (!isLocalAddress(InetAddress.getByName(appHost))) {
+            String msg =
+                "Failed to start Atlas server. Address " + appHost
+                    + " does not belong to this host. Correct configuration parameter: "
+                    + SecurityProperties.BIND_ADDRESS;
+            LOG.error(msg);
+            throw new IOException(msg);
+        }
        final int appPort = getApplicationPort(cmd, enableTLSFlag, configuration);
        System.setProperty(AtlasConstants.SYSTEM_PROPERTY_APP_PORT, String.valueOf(appPort));
        final boolean enableTLS = isTLSEnabled(enableTLSFlag, appPort);
@@ -112,7 +127,7 @@ public final class Atlas {
        showStartupInfo(buildConfiguration, enableTLS, appPort);
-        server = EmbeddedServer.newServer(appPort, appPath, enableTLS);
+        server = EmbeddedServer.newServer(appHost, appPort, appPath, enableTLS);
        installLogBridge();
        server.start();
@@ -164,6 +179,21 @@ public final class Atlas {
                System.getProperty(SecurityProperties.TLS_ENABLED, (appPort % 1000) == 443 ? "true" : "false") : enableTLSFlag);
    }
+    private static boolean isLocalAddress(InetAddress addr) {
+        // Check if the address is any local or loop back
+        boolean local = addr.isAnyLocalAddress() || addr.isLoopbackAddress();
+        // Check if the address is defined on any interface
+        if (!local) {
+            try {
+                local = NetworkInterface.getByInetAddress(addr) != null;
+            } catch (SocketException e) {
+                local = false;
+            }
+        }
+        return local;
+    }
    private static void showStartupInfo(PropertiesConfiguration buildConfiguration, boolean enableTLS, int appPort) {
        StringBuilder buffer = new StringBuilder();
        buffer.append("\n############################################");

--- a/webapp/src/main/java/org/apache/atlas/web/service/EmbeddedServer.java
+++ b/webapp/src/main/java/org/apache/atlas/web/service/EmbeddedServer.java
@@ -41,9 +41,11 @@ import java.util.concurrent.TimeUnit;
 public class EmbeddedServer {
    public static final Logger LOG = LoggerFactory.getLogger(EmbeddedServer.class);
+    public static final String ATLAS_DEFAULT_BIND_ADDRESS = "0.0.0.0";
    protected final Server server;
-    public EmbeddedServer(int port, String path) throws IOException {
+    public EmbeddedServer(String host, int port, String path) throws IOException {
        int queueSize = AtlasConfiguration.WEBSERVER_QUEUE_SIZE.getInt();
        LinkedBlockingQueue<Runnable> queue = new LinkedBlockingQueue<>(queueSize);
@@ -54,7 +56,7 @@ public class EmbeddedServer {
                new ExecutorThreadPool(minThreads, maxThreads, keepAliveTime, TimeUnit.SECONDS, queue);
        server = new Server(pool);
-        Connector connector = getConnector(port);
+        Connector connector = getConnector(host, port);
        server.addConnector(connector);
        WebAppContext application = getWebAppContext(path);
@@ -69,15 +71,16 @@ public class EmbeddedServer {
        return application;
    }
-    public static EmbeddedServer newServer(int port, String path, boolean secure) throws IOException {
+    public static EmbeddedServer newServer(String host, int port, String path, boolean secure)
+            throws IOException {
        if (secure) {
-            return new SecureEmbeddedServer(port, path);
+            return new SecureEmbeddedServer(host, port, path);
        } else {
-            return new EmbeddedServer(port, path);
+            return new EmbeddedServer(host, port, path);
        }
    }
-    protected Connector getConnector(int port) throws IOException {
+    protected Connector getConnector(String host, int port) throws IOException {
        HttpConfiguration http_config = new HttpConfiguration();
        // this is to enable large header sizes when Kerberos is enabled with AD
        final int bufferSize = AtlasConfiguration.WEBSERVER_REQUEST_BUFFER_SIZE.getInt();;
@@ -86,7 +89,7 @@ public class EmbeddedServer {
        ServerConnector connector = new ServerConnector(server, new HttpConnectionFactory(http_config));
        connector.setPort(port);
-        connector.setHost("0.0.0.0");
+        connector.setHost(host);
        return connector;
    }

--- a/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
+++ b/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
@@ -60,8 +60,8 @@ public class SecureEmbeddedServer extends EmbeddedServer {
    private static final Logger LOG = LoggerFactory.getLogger(SecureEmbeddedServer.class);
-    public SecureEmbeddedServer(int port, String path) throws IOException {
+    public SecureEmbeddedServer(String host, int port, String path) throws IOException {
-        super(port, path);
+        super(host, port, path);
    }
    protected Connector getConnector(int port) throws IOException {

--- a/webapp/src/test/java/org/apache/atlas/web/filters/AtlasAuthenticationKerberosFilterTest.java
+++ b/webapp/src/test/java/org/apache/atlas/web/filters/AtlasAuthenticationKerberosFilterTest.java
@@ -55,7 +55,7 @@ public class AtlasAuthenticationKerberosFilterTest extends BaseSecurityTest {
    class TestEmbeddedServer extends EmbeddedServer {
        public TestEmbeddedServer(int port, String path) throws IOException {
-            super(port, path);
+            super(ATLAS_DEFAULT_BIND_ADDRESS, port, path);
        }
        Server getServer() {

--- a/webapp/src/test/java/org/apache/atlas/web/security/BaseSSLAndKerberosTest.java
+++ b/webapp/src/test/java/org/apache/atlas/web/security/BaseSSLAndKerberosTest.java
@@ -49,7 +49,7 @@ public class BaseSSLAndKerberosTest extends BaseSecurityTest {
    class TestSecureEmbeddedServer extends SecureEmbeddedServer {
        public TestSecureEmbeddedServer(int port, String path) throws IOException {
-            super(port, path);
+            super(ATLAS_DEFAULT_BIND_ADDRESS, port, path);
        }
        public Server getServer() {

--- a/webapp/src/test/java/org/apache/atlas/web/security/SSLTest.java
+++ b/webapp/src/test/java/org/apache/atlas/web/security/SSLTest.java
@@ -52,7 +52,7 @@ public class SSLTest extends BaseSSLAndKerberosTest {
    class TestSecureEmbeddedServer extends SecureEmbeddedServer {
        public TestSecureEmbeddedServer(int port, String path) throws IOException {
-            super(port, path);
+            super(ATLAS_DEFAULT_BIND_ADDRESS, port, path);
        }
        public Server getServer() {

--- a/webapp/src/test/java/org/apache/atlas/web/service/SecureEmbeddedServerTest.java
+++ b/webapp/src/test/java/org/apache/atlas/web/service/SecureEmbeddedServerTest.java
@@ -49,7 +49,8 @@ public class SecureEmbeddedServerTest extends SecureEmbeddedServerTestBase {
        ApplicationProperties.forceReload();
        SecureEmbeddedServer secureEmbeddedServer = null;
        try {
-            secureEmbeddedServer = new SecureEmbeddedServer(21443, TestUtils.getWarPath()) {
+            secureEmbeddedServer = new SecureEmbeddedServer(ATLAS_DEFAULT_HOST_ADDRESS,
+                21443, TestUtils.getWarPath()) {
                @Override
                protected PropertiesConfiguration getConfiguration() {
                    return configuration;

--- a/webapp/src/test/java/org/apache/atlas/web/service/SecureEmbeddedServerTestBase.java
+++ b/webapp/src/test/java/org/apache/atlas/web/service/SecureEmbeddedServerTestBase.java
@@ -105,7 +105,8 @@ public class SecureEmbeddedServerTestBase {
            originalConf = System.getProperty("atlas.conf");
            System.clearProperty("atlas.conf");
            ApplicationProperties.forceReload();
-            secureEmbeddedServer = new SecureEmbeddedServer(securePort, TestUtils.getWarPath());
+            secureEmbeddedServer = new SecureEmbeddedServer(
+                EmbeddedServer.ATLAS_DEFAULT_BIND_ADDRESS, securePort, TestUtils.getWarPath());
            secureEmbeddedServer.server.start();
            Assert.fail("Should have thrown an exception");
@@ -132,7 +133,8 @@ public class SecureEmbeddedServerTestBase {
        configuration.setProperty(CERT_STORES_CREDENTIAL_PROVIDER_PATH, providerUrl);
        try {
-            secureEmbeddedServer = new SecureEmbeddedServer(securePort, TestUtils.getWarPath()) {
+            secureEmbeddedServer = new SecureEmbeddedServer(
+                EmbeddedServer.ATLAS_DEFAULT_BIND_ADDRESS, securePort, TestUtils.getWarPath()) {
                @Override
                protected PropertiesConfiguration getConfiguration() {
                    return configuration;
@@ -159,7 +161,8 @@ public class SecureEmbeddedServerTestBase {
        setupCredentials();
        try {
-            secureEmbeddedServer = new SecureEmbeddedServer(securePort, TestUtils.getWarPath()) {
+            secureEmbeddedServer = new SecureEmbeddedServer(
+                EmbeddedServer.ATLAS_DEFAULT_BIND_ADDRESS, securePort, TestUtils.getWarPath()) {
                @Override
                protected PropertiesConfiguration getConfiguration() {
                    return configuration;