Browse Source
* Refactor login verification process * Delete application-combined.properties application-combined.properties doesn't needed Co-authored-by: dailidong <dailidong66@gmail.com>pull/2/head
elonlo
5 years ago
committed by
dailidong
12 changed files with 515 additions and 44 deletions
@ -0,0 +1,37 @@ |
|||||||
|
/* |
||||||
|
* Licensed to the Apache Software Foundation (ASF) under one or more |
||||||
|
* contributor license agreements. See the NOTICE file distributed with |
||||||
|
* this work for additional information regarding copyright ownership. |
||||||
|
* The ASF licenses this file to You under the Apache License, Version 2.0 |
||||||
|
* (the "License"); you may not use this file except in compliance with |
||||||
|
* the License. You may obtain a copy of the License at |
||||||
|
* |
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
* |
||||||
|
* Unless required by applicable law or agreed to in writing, software |
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, |
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||||
|
* See the License for the specific language governing permissions and |
||||||
|
* limitations under the License. |
||||||
|
*/ |
||||||
|
package org.apache.dolphinscheduler.api.security; |
||||||
|
|
||||||
|
import com.baomidou.mybatisplus.annotation.EnumValue; |
||||||
|
|
||||||
|
/** |
||||||
|
* authentication type |
||||||
|
*/ |
||||||
|
public enum AuthenticationType { |
||||||
|
|
||||||
|
PASSWORD(0, "verify via user name and password"), |
||||||
|
; |
||||||
|
|
||||||
|
AuthenticationType(int code, String desc) { |
||||||
|
this.code = code; |
||||||
|
this.desc = desc; |
||||||
|
} |
||||||
|
|
||||||
|
@EnumValue |
||||||
|
private final int code; |
||||||
|
private final String desc; |
||||||
|
} |
@ -0,0 +1,40 @@ |
|||||||
|
/* |
||||||
|
* Licensed to the Apache Software Foundation (ASF) under one or more |
||||||
|
* contributor license agreements. See the NOTICE file distributed with |
||||||
|
* this work for additional information regarding copyright ownership. |
||||||
|
* The ASF licenses this file to You under the Apache License, Version 2.0 |
||||||
|
* (the "License"); you may not use this file except in compliance with |
||||||
|
* the License. You may obtain a copy of the License at |
||||||
|
* |
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
* |
||||||
|
* Unless required by applicable law or agreed to in writing, software |
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, |
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||||
|
* See the License for the specific language governing permissions and |
||||||
|
* limitations under the License. |
||||||
|
*/ |
||||||
|
package org.apache.dolphinscheduler.api.security; |
||||||
|
|
||||||
|
import org.apache.dolphinscheduler.api.utils.Result; |
||||||
|
import org.apache.dolphinscheduler.dao.entity.User; |
||||||
|
import javax.servlet.http.HttpServletRequest; |
||||||
|
import java.util.Map; |
||||||
|
|
||||||
|
public interface Authenticator { |
||||||
|
/** |
||||||
|
* Verifying legality via username and password |
||||||
|
* @param username user name |
||||||
|
* @param password user password |
||||||
|
* @param extra extra info |
||||||
|
* @return result object |
||||||
|
*/ |
||||||
|
Result<Map<String, String>> authenticate(String username, String password, String extra); |
||||||
|
|
||||||
|
/** |
||||||
|
* Get authenticated user |
||||||
|
* @param request http servlet request |
||||||
|
* @return user |
||||||
|
*/ |
||||||
|
User getAuthUser(HttpServletRequest request); |
||||||
|
} |
@ -0,0 +1,76 @@ |
|||||||
|
/* |
||||||
|
* Licensed to the Apache Software Foundation (ASF) under one or more |
||||||
|
* contributor license agreements. See the NOTICE file distributed with |
||||||
|
* this work for additional information regarding copyright ownership. |
||||||
|
* The ASF licenses this file to You under the Apache License, Version 2.0 |
||||||
|
* (the "License"); you may not use this file except in compliance with |
||||||
|
* the License. You may obtain a copy of the License at |
||||||
|
* |
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
* |
||||||
|
* Unless required by applicable law or agreed to in writing, software |
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, |
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||||
|
* See the License for the specific language governing permissions and |
||||||
|
* limitations under the License. |
||||||
|
*/ |
||||||
|
package org.apache.dolphinscheduler.api.security; |
||||||
|
|
||||||
|
import org.apache.dolphinscheduler.api.enums.Status; |
||||||
|
import org.apache.dolphinscheduler.api.service.SessionService; |
||||||
|
import org.apache.dolphinscheduler.api.service.UsersService; |
||||||
|
import org.apache.dolphinscheduler.api.utils.Result; |
||||||
|
import org.apache.dolphinscheduler.common.Constants; |
||||||
|
import org.apache.dolphinscheduler.dao.entity.Session; |
||||||
|
import org.apache.dolphinscheduler.dao.entity.User; |
||||||
|
import org.slf4j.Logger; |
||||||
|
import org.slf4j.LoggerFactory; |
||||||
|
import org.springframework.beans.factory.annotation.Autowired; |
||||||
|
import javax.servlet.http.HttpServletRequest; |
||||||
|
import java.util.Collections; |
||||||
|
import java.util.Map; |
||||||
|
|
||||||
|
public class PasswordAuthenticator implements Authenticator { |
||||||
|
private static final Logger logger = LoggerFactory.getLogger(PasswordAuthenticator.class); |
||||||
|
|
||||||
|
@Autowired |
||||||
|
private UsersService userService; |
||||||
|
@Autowired |
||||||
|
private SessionService sessionService; |
||||||
|
|
||||||
|
@Override |
||||||
|
public Result<Map<String, String>> authenticate(String username, String password, String extra) { |
||||||
|
Result<Map<String, String>> result = new Result<>(); |
||||||
|
// verify username and password
|
||||||
|
User user = userService.queryUser(username, password); |
||||||
|
if (user == null) { |
||||||
|
result.setCode(Status.USER_NAME_PASSWD_ERROR.getCode()); |
||||||
|
result.setMsg(Status.USER_NAME_PASSWD_ERROR.getMsg()); |
||||||
|
return result; |
||||||
|
} |
||||||
|
|
||||||
|
// create session
|
||||||
|
String sessionId = sessionService.createSession(user, extra); |
||||||
|
if (sessionId == null) { |
||||||
|
result.setCode(Status.LOGIN_SESSION_FAILED.getCode()); |
||||||
|
result.setMsg(Status.LOGIN_SESSION_FAILED.getMsg()); |
||||||
|
return result; |
||||||
|
} |
||||||
|
logger.info("sessionId : {}" , sessionId); |
||||||
|
result.setData(Collections.singletonMap(Constants.SESSION_ID, sessionId)); |
||||||
|
result.setCode(Status.SUCCESS.getCode()); |
||||||
|
result.setMsg(Status.LOGIN_SUCCESS.getMsg()); |
||||||
|
return result; |
||||||
|
} |
||||||
|
|
||||||
|
@Override |
||||||
|
public User getAuthUser(HttpServletRequest request) { |
||||||
|
Session session = sessionService.getSession(request); |
||||||
|
if (session == null) { |
||||||
|
logger.info("session info is null "); |
||||||
|
return null; |
||||||
|
} |
||||||
|
//get user object from session
|
||||||
|
return userService.queryUser(session.getUserId()); |
||||||
|
} |
||||||
|
} |
@ -0,0 +1,67 @@ |
|||||||
|
/* |
||||||
|
* Licensed to the Apache Software Foundation (ASF) under one or more |
||||||
|
* contributor license agreements. See the NOTICE file distributed with |
||||||
|
* this work for additional information regarding copyright ownership. |
||||||
|
* The ASF licenses this file to You under the Apache License, Version 2.0 |
||||||
|
* (the "License"); you may not use this file except in compliance with |
||||||
|
* the License. You may obtain a copy of the License at |
||||||
|
* |
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
* |
||||||
|
* Unless required by applicable law or agreed to in writing, software |
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, |
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||||
|
* See the License for the specific language governing permissions and |
||||||
|
* limitations under the License. |
||||||
|
*/ |
||||||
|
package org.apache.dolphinscheduler.api.security; |
||||||
|
|
||||||
|
import org.apache.commons.lang3.StringUtils; |
||||||
|
import org.slf4j.Logger; |
||||||
|
import org.slf4j.LoggerFactory; |
||||||
|
import org.springframework.beans.factory.annotation.Autowired; |
||||||
|
import org.springframework.beans.factory.annotation.Value; |
||||||
|
import org.springframework.beans.factory.config.AutowireCapableBeanFactory; |
||||||
|
import org.springframework.context.annotation.Bean; |
||||||
|
import org.springframework.context.annotation.Configuration; |
||||||
|
|
||||||
|
@Configuration |
||||||
|
public class SecurityConfig { |
||||||
|
private static final Logger logger = LoggerFactory.getLogger(SecurityConfig.class); |
||||||
|
|
||||||
|
@Value("${security.authentication.type:PASSWORD}") |
||||||
|
private String type; |
||||||
|
|
||||||
|
private AutowireCapableBeanFactory beanFactory; |
||||||
|
private AuthenticationType authenticationType; |
||||||
|
|
||||||
|
@Autowired |
||||||
|
public SecurityConfig(AutowireCapableBeanFactory beanFactory) { |
||||||
|
this.beanFactory = beanFactory; |
||||||
|
} |
||||||
|
|
||||||
|
private void setAuthenticationType(String type) { |
||||||
|
if (StringUtils.isBlank(type)) { |
||||||
|
logger.info("security.authentication.type configuration is empty, the default value 'PASSWORD'"); |
||||||
|
this.authenticationType = AuthenticationType.PASSWORD; |
||||||
|
return; |
||||||
|
} |
||||||
|
|
||||||
|
this.authenticationType = AuthenticationType.valueOf(type); |
||||||
|
} |
||||||
|
|
||||||
|
@Bean(name = "authenticator") |
||||||
|
public Authenticator authenticator() { |
||||||
|
setAuthenticationType(type); |
||||||
|
Authenticator authenticator; |
||||||
|
switch (authenticationType) { |
||||||
|
case PASSWORD: |
||||||
|
authenticator = new PasswordAuthenticator(); |
||||||
|
break; |
||||||
|
default: |
||||||
|
throw new IllegalStateException("Unexpected value: " + authenticationType); |
||||||
|
} |
||||||
|
beanFactory.autowireBean(authenticator); |
||||||
|
return authenticator; |
||||||
|
} |
||||||
|
} |
@ -0,0 +1,71 @@ |
|||||||
|
/* |
||||||
|
* Licensed to the Apache Software Foundation (ASF) under one or more |
||||||
|
* contributor license agreements. See the NOTICE file distributed with |
||||||
|
* this work for additional information regarding copyright ownership. |
||||||
|
* The ASF licenses this file to You under the Apache License, Version 2.0 |
||||||
|
* (the "License"); you may not use this file except in compliance with |
||||||
|
* the License. You may obtain a copy of the License at |
||||||
|
* |
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
* |
||||||
|
* Unless required by applicable law or agreed to in writing, software |
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, |
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||||
|
* See the License for the specific language governing permissions and |
||||||
|
* limitations under the License. |
||||||
|
*/ |
||||||
|
package org.apache.dolphinscheduler.api.interceptor; |
||||||
|
|
||||||
|
import org.apache.dolphinscheduler.api.ApiApplicationServer; |
||||||
|
import org.apache.dolphinscheduler.api.security.Authenticator; |
||||||
|
import org.apache.dolphinscheduler.common.enums.UserType; |
||||||
|
import org.apache.dolphinscheduler.dao.entity.User; |
||||||
|
import org.apache.dolphinscheduler.dao.mapper.UserMapper; |
||||||
|
import org.junit.Assert; |
||||||
|
import org.junit.Test; |
||||||
|
import org.junit.runner.RunWith; |
||||||
|
import org.mockito.Mockito; |
||||||
|
import org.slf4j.Logger; |
||||||
|
import org.slf4j.LoggerFactory; |
||||||
|
import org.springframework.beans.factory.annotation.Autowired; |
||||||
|
import org.springframework.boot.test.context.SpringBootTest; |
||||||
|
import org.springframework.boot.test.mock.mockito.MockBean; |
||||||
|
import org.springframework.test.context.junit4.SpringRunner; |
||||||
|
import javax.servlet.http.HttpServletRequest; |
||||||
|
import javax.servlet.http.HttpServletResponse; |
||||||
|
import static org.mockito.Mockito.when; |
||||||
|
|
||||||
|
@RunWith(SpringRunner.class) |
||||||
|
@SpringBootTest(classes = ApiApplicationServer.class) |
||||||
|
public class LoginHandlerInterceptorTest { |
||||||
|
private static final Logger logger = LoggerFactory.getLogger(LoginHandlerInterceptorTest.class); |
||||||
|
|
||||||
|
@Autowired |
||||||
|
LoginHandlerInterceptor interceptor; |
||||||
|
@MockBean |
||||||
|
private Authenticator authenticator; |
||||||
|
@MockBean |
||||||
|
private UserMapper userMapper; |
||||||
|
|
||||||
|
@Test |
||||||
|
public void testPreHandle() { |
||||||
|
HttpServletRequest request = Mockito.mock(HttpServletRequest.class); |
||||||
|
HttpServletResponse response = Mockito.mock(HttpServletResponse.class); |
||||||
|
// test no token and no cookie
|
||||||
|
Assert.assertFalse(interceptor.preHandle(request, response, null)); |
||||||
|
|
||||||
|
User mockUser = new User(); |
||||||
|
mockUser.setId(1); |
||||||
|
mockUser.setUserType(UserType.GENERAL_USER); |
||||||
|
|
||||||
|
// test no token
|
||||||
|
when(authenticator.getAuthUser(request)).thenReturn(mockUser); |
||||||
|
Assert.assertTrue(interceptor.preHandle(request, response, null)); |
||||||
|
|
||||||
|
// test token
|
||||||
|
String token = "123456"; |
||||||
|
when(request.getHeader("token")).thenReturn(token); |
||||||
|
when(userMapper.queryUserByToken(token)).thenReturn(mockUser); |
||||||
|
Assert.assertTrue(interceptor.preHandle(request, response, null)); |
||||||
|
} |
||||||
|
} |
@ -0,0 +1,96 @@ |
|||||||
|
/* |
||||||
|
* Licensed to the Apache Software Foundation (ASF) under one or more |
||||||
|
* contributor license agreements. See the NOTICE file distributed with |
||||||
|
* this work for additional information regarding copyright ownership. |
||||||
|
* The ASF licenses this file to You under the Apache License, Version 2.0 |
||||||
|
* (the "License"); you may not use this file except in compliance with |
||||||
|
* the License. You may obtain a copy of the License at |
||||||
|
* |
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
* |
||||||
|
* Unless required by applicable law or agreed to in writing, software |
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, |
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||||
|
* See the License for the specific language governing permissions and |
||||||
|
* limitations under the License. |
||||||
|
*/ |
||||||
|
package org.apache.dolphinscheduler.api.security; |
||||||
|
|
||||||
|
import org.apache.dolphinscheduler.api.ApiApplicationServer; |
||||||
|
import org.apache.dolphinscheduler.api.enums.Status; |
||||||
|
import org.apache.dolphinscheduler.api.service.SessionService; |
||||||
|
import org.apache.dolphinscheduler.api.service.UsersService; |
||||||
|
import org.apache.dolphinscheduler.api.utils.Result; |
||||||
|
import org.apache.dolphinscheduler.dao.entity.Session; |
||||||
|
import org.apache.dolphinscheduler.dao.entity.User; |
||||||
|
import org.junit.Assert; |
||||||
|
import org.junit.Before; |
||||||
|
import org.junit.Test; |
||||||
|
import org.junit.runner.RunWith; |
||||||
|
import org.mockito.Mockito; |
||||||
|
import static org.mockito.Mockito.*; |
||||||
|
import org.slf4j.Logger; |
||||||
|
import org.slf4j.LoggerFactory; |
||||||
|
import org.springframework.beans.factory.annotation.Autowired; |
||||||
|
import org.springframework.beans.factory.config.AutowireCapableBeanFactory; |
||||||
|
import org.springframework.boot.test.context.SpringBootTest; |
||||||
|
import org.springframework.boot.test.mock.mockito.MockBean; |
||||||
|
import org.springframework.test.context.junit4.SpringRunner; |
||||||
|
import javax.servlet.http.HttpServletRequest; |
||||||
|
import java.util.Date; |
||||||
|
import java.util.UUID; |
||||||
|
|
||||||
|
@RunWith(SpringRunner.class) |
||||||
|
@SpringBootTest(classes = ApiApplicationServer.class) |
||||||
|
public class PasswordAuthenticatorTest { |
||||||
|
private static Logger logger = LoggerFactory.getLogger(PasswordAuthenticatorTest.class); |
||||||
|
|
||||||
|
@Autowired |
||||||
|
private AutowireCapableBeanFactory beanFactory; |
||||||
|
@MockBean |
||||||
|
private SessionService sessionService; |
||||||
|
@MockBean |
||||||
|
private UsersService usersService; |
||||||
|
|
||||||
|
private PasswordAuthenticator authenticator; |
||||||
|
|
||||||
|
private User mockUser; |
||||||
|
private Session mockSession; |
||||||
|
|
||||||
|
@Before |
||||||
|
public void setUp() throws Exception { |
||||||
|
authenticator = new PasswordAuthenticator(); |
||||||
|
beanFactory.autowireBean(authenticator); |
||||||
|
|
||||||
|
mockUser = new User(); |
||||||
|
mockUser.setUserName("test"); |
||||||
|
mockUser.setEmail("test@test.com"); |
||||||
|
mockUser.setUserPassword("test"); |
||||||
|
mockUser.setId(1); |
||||||
|
|
||||||
|
mockSession = new Session(); |
||||||
|
mockSession.setId(UUID.randomUUID().toString()); |
||||||
|
mockSession.setIp("127.0.0.1"); |
||||||
|
mockSession.setUserId(1); |
||||||
|
mockSession.setLastLoginTime(new Date()); |
||||||
|
} |
||||||
|
|
||||||
|
@Test |
||||||
|
public void testAuthenticate() { |
||||||
|
when(usersService.queryUser("test", "test")).thenReturn(mockUser); |
||||||
|
when(sessionService.createSession(mockUser, "127.0.0.1")).thenReturn(mockSession.getId()); |
||||||
|
Result result = authenticator.authenticate("test", "test", "127.0.0.1"); |
||||||
|
Assert.assertEquals(Status.SUCCESS.getCode(), (int) result.getCode()); |
||||||
|
logger.info(result.toString()); |
||||||
|
} |
||||||
|
|
||||||
|
@Test |
||||||
|
public void testGetAuthUser() { |
||||||
|
HttpServletRequest request = Mockito.mock(HttpServletRequest.class); |
||||||
|
when(usersService.queryUser(mockUser.getId())).thenReturn(mockUser); |
||||||
|
when(sessionService.getSession(request)).thenReturn(mockSession); |
||||||
|
|
||||||
|
User user = authenticator.getAuthUser(request); |
||||||
|
Assert.assertNotNull(user); |
||||||
|
} |
||||||
|
} |
@ -0,0 +1,43 @@ |
|||||||
|
/* |
||||||
|
* Licensed to the Apache Software Foundation (ASF) under one or more |
||||||
|
* contributor license agreements. See the NOTICE file distributed with |
||||||
|
* this work for additional information regarding copyright ownership. |
||||||
|
* The ASF licenses this file to You under the Apache License, Version 2.0 |
||||||
|
* (the "License"); you may not use this file except in compliance with |
||||||
|
* the License. You may obtain a copy of the License at |
||||||
|
* |
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
* |
||||||
|
* Unless required by applicable law or agreed to in writing, software |
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, |
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||||
|
* See the License for the specific language governing permissions and |
||||||
|
* limitations under the License. |
||||||
|
*/ |
||||||
|
package org.apache.dolphinscheduler.api.security; |
||||||
|
|
||||||
|
import org.apache.dolphinscheduler.api.ApiApplicationServer; |
||||||
|
import org.junit.Assert; |
||||||
|
import org.junit.Test; |
||||||
|
import org.junit.runner.RunWith; |
||||||
|
import org.springframework.beans.factory.annotation.Autowired; |
||||||
|
import org.springframework.boot.test.context.SpringBootTest; |
||||||
|
import org.springframework.test.context.TestPropertySource; |
||||||
|
import org.springframework.test.context.junit4.SpringRunner; |
||||||
|
|
||||||
|
@RunWith(SpringRunner.class) |
||||||
|
@SpringBootTest(classes = ApiApplicationServer.class) |
||||||
|
@TestPropertySource(properties = { |
||||||
|
"security.authentication.type=PASSWORD", |
||||||
|
}) |
||||||
|
public class SecurityConfigTest { |
||||||
|
|
||||||
|
@Autowired |
||||||
|
private SecurityConfig securityConfig; |
||||||
|
|
||||||
|
@Test |
||||||
|
public void testAuthenticator() { |
||||||
|
Authenticator authenticator = securityConfig.authenticator(); |
||||||
|
Assert.assertNotNull(authenticator); |
||||||
|
} |
||||||
|
} |
Loading…
Reference in new issue