ATLAS-869 Make LDAP/AD properties to be configurable. (nixonrodrigues via yhemanth)

67a1133a · Hemanth Yamijala · 7e3830a7 · 67a1133a · 67a1133a · 67a1133a
Commit 67a1133a authored Jun 13, 2016 by Hemanth Yamijala
6 changed files
--- a/distro/src/conf/atlas-application.properties
+++ b/distro/src/conf/atlas-application.properties
@@ -89,10 +89,37 @@ atlas.authentication.method.kerberos=false
 atlas.authentication.method.ldap=false
 atlas.authentication.method.file=true

+#### ldap.type= LDAP or AD
 atlas.authentication.method.ldap.type=LDAP
-atlas.authentication.method.ldap.url=
+
+#### user credentials file
 atlas.authentication.method.file.filename=${sys:atlas.home}/conf/users-credentials.properties

+
+######## LDAP properties #########
+#atlas.authentication.method.ldap.url=ldap://<ldap server url>:389
+#atlas.authentication.method.ldap.userDNpattern=uid={0}\,ou=People\,dc=example\,dc=com
+#atlas.authentication.method.ldap.groupSearchBase=dc=example\,dc=com
+#atlas.authentication.method.ldap.groupSearchFilter=(member=uid={0}\,ou=Users\,dc=example\,dc=com)
+#atlas.authentication.method.ldap.groupRoleAttribute=cn
+#atlas.authentication.method.ldap.base.dn=dc=example\,dc=com
+#atlas.authentication.method.ldap.bind.dn=cn=Manager\,dc=example\,dc=com
+#atlas.authentication.method.ldap.bind.password=<password>
+#atlas.authentication.method.ldap.referral=ignore
+#atlas.authentication.method.ldap.user.searchfilter=(uid={0})
+#atlas.authentication.method.ldap.default.role=<default role>
+
+
+######### Active directory properties #######
+#atlas.authentication.method.ldap.ad.domain=example.com
+#atlas.authentication.method.ldap.ad.url=ldap://<AD server url>:389
+#atlas.authentication.method.ldap.ad.base.dn=(sAMAccountName={0})
+#atlas.authentication.method.ldap.ad.bind.dn=CN=team\,CN=Users\,DC=example\,DC=com
+#atlas.authentication.method.ldap.ad.bind.password=<password>
+#atlas.authentication.method.ldap.ad.referral=ignore
+#atlas.authentication.method.ldap.ad.user.searchfilter=(sAMAccountName={0})
+#atlas.authentication.method.ldap.ad.default.role=<default role>
+
 #########  JAAS Configuration ########

 #atlas.jaas.KafkaClient.loginModuleName = com.sun.security.auth.module.Krb5LoginModule

--- a/release-log.txt
+++ b/release-log.txt
@@ -22,6 +22,7 @@ ATLAS-409 Atlas will not import avro tables with schema read from a file (dosset
 ATLAS-379 Create sqoop and falcon metadata addons (venkatnrangan,bvellanki,sowmyaramesh via shwethags)

 ALL CHANGES:
+ATLAS-869 Make LDAP/AD properties to be configurable. (nixonrodrigues via yhemanth)
 ATLAS-730 Change titan hbase table name (svimal2106 via sumasai )
 ATLAS-871 Make audit repository implementation configurable (jnhagelb via shwethags)
 ATLAS-885 optimize HBaseStoreManager to avoid expensive HTable instantiation every 5 seconds (madhan.neethiraj via yhemanth)

--- a/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java
+++ b/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java
@@ -22,8 +22,9 @@ import java.util.List;

 import javax.annotation.PostConstruct;

-import org.apache.atlas.utils.PropertiesUtil;
+import org.apache.atlas.ApplicationProperties;
 import org.apache.atlas.web.model.User;
+import org.apache.commons.configuration.Configuration;
 import org.apache.log4j.Logger;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -97,18 +98,21 @@ public class AtlasADAuthenticationProvider extends
    }

    private void setADProperties() {
-        adDomain = PropertiesUtil.getProperty("atlas.ad.domain", adDomain);
-        adURL = PropertiesUtil.getProperty("atlas.ad.url", adURL);
-        adBindDN = PropertiesUtil.getProperty("atlas.ad.bind.dn", adBindDN);
-        adBindPassword = PropertiesUtil.getProperty("atlas.ad.bind.password",
-                adBindPassword);
-        adUserSearchFilter = PropertiesUtil.getProperty(
-                "atlas.ad.user.searchfilter", adUserSearchFilter);
-        adBase = PropertiesUtil.getProperty("atlas.ad.base.dn", adBase);
-        adReferral = PropertiesUtil
-                .getProperty("atlas.ad.referral", adReferral);
-        adDefaultRole = PropertiesUtil.getProperty("atlas.ad.default.role",
-                adDefaultRole);
+        try {
+
+            Configuration configuration = ApplicationProperties.get();
+            this.adDomain = configuration.getString("atlas.authentication.method.ldap.ad.domain");
+            this.adURL = configuration.getString("atlas.authentication.method.ldap.ad.url");
+            this.adBindDN = configuration.getString("atlas.authentication.method.ldap.ad.bind.dn");
+            this.adBindPassword = configuration.getString("atlas.authentication.method.ldap.ad.bind.password");
+            this.adUserSearchFilter = configuration.getString("atlas.authentication.method.ldap.ad.user.searchfilter");
+            this.adBase = configuration.getString("atlas.authentication.method.ldap.ad.base.dn");
+            this.adReferral = configuration.getString("atlas.authentication.method.ldap.ad.referral");
+            this.adDefaultRole = configuration.getString("atlas.authentication.method.ldap.ad.default.role");
+
+        } catch (Exception e) {
+            LOG.error("Exception while setADProperties", e);
+        }
    }

 }
--- a/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java
+++ b/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java
@@ -20,8 +20,9 @@ package org.apache.atlas.web.security;

 import java.util.List;
 import javax.annotation.PostConstruct;
-import org.apache.atlas.utils.PropertiesUtil;
+import org.apache.atlas.ApplicationProperties;
 import org.apache.atlas.web.model.User;
+import org.apache.commons.configuration.Configuration;
 import org.apache.log4j.Logger;
 import org.springframework.ldap.core.support.LdapContextSource;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -120,26 +121,31 @@ public class AtlasLdapAuthenticationProvider extends
    }

    private void setLdapProperties() {
-        ldapURL = PropertiesUtil.getProperty("atlas.ldap.url", ldapURL);
-        ldapUserDNPattern = PropertiesUtil.getProperty(
-                "atlas.ldap.user.dnpattern", ldapUserDNPattern);
-        ldapGroupSearchBase = PropertiesUtil.getProperty(
-                "atlas.ldap.group.searchbase", ldapGroupSearchBase);
-        ldapGroupSearchFilter = PropertiesUtil.getProperty(
-                "atlas.ldap.group.searchfilter", ldapGroupSearchFilter);
-        ldapGroupRoleAttribute = PropertiesUtil.getProperty(
-                "atlas.ldap.group.roleattribute", ldapGroupRoleAttribute);
-        ldapBindDN = PropertiesUtil.getProperty("atlas.ldap.bind.dn",
-                ldapBindDN);
-        ldapBindPassword = PropertiesUtil.getProperty(
-                "atlas.ldap.bind.password", ldapBindDN);
-        ldapDefaultRole = PropertiesUtil.getProperty("atlas.ldap.default.role",
-                ldapDefaultRole);
-        ldapUserSearchFilter = PropertiesUtil.getProperty(
-                "atlas.ldap.user.searchfilter", ldapUserSearchFilter);
-        ldapReferral = PropertiesUtil.getProperty("atlas.ldap.referral",
-                ldapReferral);
-        ldapBase = PropertiesUtil.getProperty("atlas.ldap.base.dn", ldapBase);
+        try {
+            Configuration configuration = ApplicationProperties.get();
+
+            ldapURL = configuration.getString("atlas.authentication.method.ldap.url");
+            ldapUserDNPattern = configuration.getString(
+                    "atlas.authentication.method.ldap.userDNpattern");
+            ldapGroupSearchBase = configuration.getString(
+                    "atlas.authentication.method.ldap.groupSearchBase");
+            ldapGroupSearchFilter = configuration.getString(
+                    "atlas.authentication.method.ldap.groupSearchFilter");
+            ldapGroupRoleAttribute = configuration.getString(
+                    "atlas.authentication.method.ldap.groupRoleAttribute");
+            ldapBindDN = configuration.getString("atlas.authentication.method.ldap.bind.dn");
+            ldapBindPassword = configuration.getString(
+                    "atlas.authentication.method.ldap.bind.password");
+            ldapDefaultRole = configuration.getString("atlas.authentication.method.ldap.default.role");
+            ldapUserSearchFilter = configuration.getString(
+                    "atlas.authentication.method.ldap.user.searchfilter");
+            ldapReferral = configuration.getString("atlas.authentication.method.ldap.ad.referral");
+            ldapBase = configuration.getString("atlas.authentication.method.ldap.base.dn");
+
+        } catch (Exception e) {
+            LOG.error("Exception while setLdapProperties", e);
+        }
+
    }

    private LdapContextSource getLdapContextSource() throws Exception {

--- a/webapp/src/main/resources/atlas-admin-site.xml
+++ b/webapp/src/main/resources/atlas-admin-site.xml
-<!-- Licensed under the Apache License, Version 2.0 (the "License"); you 
-    may not use this file except in compliance with the License. You may obtain 
-    a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless 
-    required by applicable law or agreed to in writing, software distributed 
-    under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES 
-    OR CONDITIONS OF ANY KIND, either express or implied. See the License for 
-    the specific language governing permissions and limitations under the License. 
-    See accompanying LICENSE file. -->
-
-
-<configuration>
-    <!-- # Ldap info start -->
-
-        <property>
-                <name>atlas.ldap.url</name>
-                <display-name>LDAP URL</display-name>
-                <value>ldap://172.22.98.129:389</value>
-                <description>LDAP Server URL, only used if
-                        Authentication method
-                        is LDAP
-                </description>
-        </property>
-        <property>
-                <name>atlas.ldap.user.dnpattern</name>
-                <value>uid={0},ou=People,dc=example,dc=com</value>
-                <description></description>
-        </property>
-        <property>
-                <name>atlas.ldap.group.searchbase</name>
-                <display-name>Group Search Base</display-name>
-                <value>dc=example,dc=com</value>
-                <description></description>
-        </property>
-        <property>
-                <name>atlas.ldap.group.searchfilter</name>
-                <display-name>Group Search Filter</display-name>
-                <value>(member=uid={0},ou=Users,dc=example,dc=com)
-                </value>
-                <description></description>
-        </property>
-        <property>
-                <name>atlas.ldap.group.roleattribute</name>
-                <value>cn</value>
-                <description></description>
-        </property>
-
-        <property>
-                <name>atlas.ldap.base.dn</name>
-                <value>dc=example,dc=com</value>
-                <description>LDAP base dn or search base</description>
-        </property>
-        <property>
-                <name>atlas.ldap.bind.dn</name>
-                <display-name>Bind User</display-name>
-                <value>cn=Manager,dc=example,dc=com</value>
-                <description>LDAP bind dn or manager dn</description>
-        </property>
-        <property>
-                <name>atlas.ldap.bind.password</name>
-                <display-name>Bind User Password</display-name>
-                <value>p@ssword</value>
-                <property-type>PASSWORD</property-type>
-                <description>Password for the account that can search
-                        for users
-                </description>
-                <value-attributes>
-                        <type>password</type>
-                        <overridable>false</overridable>
-                </value-attributes>
-        </property>
-        <property>
-                <name>atlas.ldap.user.searchfilter</name>
-                <display-name>User Search Filter</display-name>
-                <value>(uid={0})</value>
-                <description></description>
-        </property>
-
-        <property>
-                <name>atlas.ldap.default.role</name>
-                <value>ROLE_USER</value>
-        </property>
-        <property>
-                <name>atlas.ldap.referral</name>
-                <value>ignore</value>
-                <description>follow or ignore</description>
-        </property>
-
-
-    <!-- # Ldap Info end -->
-
-    <!-- #AD info start -->
-        <property>
-                <name>atlas.ad.url</name>
-                <value>ldap://13.76.128.185:389</value>
-                <description></description>
-        </property>
-        <property>
-                <name>atlas.ad.domain</name>
-                <value>example.com</value>
-                <description>Ad Domain</description>
-        </property>
-        <property>
-                <name>atlas.ad.bind.dn</name>
-                <value>CN=adadmin admin,CN=Users,DC=example,DC=com</value>
-                <description>AD bind dn or manager dn</description>
-        </property>
-        <property>
-                <name>atlas.ad.bind.password</name>
-                <value>p@ssword</value>
-                <description>AD bind password</description>
-        </property>
-        <property>
-                <name>atlas.ad.user.searchfilter</name>
-                <display-name>User Search Filter</display-name>
-                <value>(sAMAccountName={0})</value>
-                <description></description>
-        </property>
-        <property>
-                <name>atlas.ad.base.dn</name>
-                <value>dc=example,dc=com</value>
-                <description>AD base dn or search base</description>
-        </property>
-        <property>
-                <name>atlas.ad.referral</name>
-                <value>ignore</value>
-                <description>follow or ignore</description>
-        </property>
-        <property>
-                <name>atlas.ad.default.role</name>
-                <value>ROLE_USER</value>
-        </property>
-    <!-- AD info end -->
-</configuration>
\ No newline at end of file
--- a/webapp/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/webapp/src/main/webapp/WEB-INF/applicationContext.xml
@@ -22,18 +22,6 @@
 	http://www.springframework.org/schema/context 
 	http://www.springframework.org/schema/context/spring-context-3.1.xsd">

-
        <import resource="classpath:/spring-security.xml" />
-        <bean id="xmlPropertyConfigurer" class="org.apache.atlas.utils.XMLPropertiesUtil" />
-
-        <bean id="propertyConfigurer" class="org.apache.atlas.utils.PropertiesUtil">
-                <property name="locations">
-                        <list>
-                                <value>classpath:atlas-admin-site.xml
-                                </value>
-                        </list>
-                </property>
-                <property name="propertiesPersister" ref="xmlPropertyConfigurer" />
-        </bean>

 </beans>
\ No newline at end of file