New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[improve][authentication] Improve get the basic authentication config #16526
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -23,6 +23,8 @@ | |
import java.io.File; | ||
import java.io.FileReader; | ||
import java.io.IOException; | ||
import java.io.StringReader; | ||
import java.nio.charset.StandardCharsets; | ||
import java.util.Arrays; | ||
import java.util.Base64; | ||
import java.util.HashMap; | ||
|
@@ -39,6 +41,7 @@ | |
public class AuthenticationProviderBasic implements AuthenticationProvider { | ||
private static final String HTTP_HEADER_NAME = "Authorization"; | ||
private static final String CONF_SYSTEM_PROPERTY_KEY = "pulsar.auth.basic.conf"; | ||
private static final String CONF_PULSAR_PROPERTY_KEY = "basicAuthConf"; | ||
private Map<String, String> users; | ||
|
||
@Override | ||
|
@@ -48,14 +51,28 @@ public void close() throws IOException { | |
|
||
@Override | ||
public void initialize(ServiceConfiguration config) throws IOException { | ||
File confFile = new File(System.getProperty(CONF_SYSTEM_PROPERTY_KEY)); | ||
if (!confFile.exists()) { | ||
throw new IOException("The password auth conf file does not exist"); | ||
} else if (!confFile.isFile()) { | ||
throw new IOException("The path is not a file"); | ||
String data = config.getProperties().getProperty(CONF_PULSAR_PROPERTY_KEY); | ||
if (StringUtils.isEmpty(data)) { | ||
data = System.getProperty(CONF_SYSTEM_PROPERTY_KEY); | ||
} | ||
if (StringUtils.isEmpty(data)) { | ||
throw new IOException("No basic authentication config provided"); | ||
} | ||
|
||
@Cleanup BufferedReader reader = null; | ||
if (org.apache.commons.codec.binary.Base64.isBase64(data)) { | ||
reader = new BufferedReader(new StringReader(new String(Base64.getDecoder().decode(data), | ||
StandardCharsets.UTF_8))); | ||
} else { | ||
Comment on lines
+63
to
+66
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think we can use 2 different config/property names instead of checking isBase64, the isBase64(path) maybe return true? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think we can add a prefix so like:
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ok, looks good to me. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @nodece Could you please update the PR as your description? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @codelipenghui This PR has been merged into master, this config still keep old style. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Let me open a new PR to do that. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Link to #16935. |
||
File confFile = new File(data); | ||
if (!confFile.exists()) { | ||
throw new IOException("The password auth conf file does not exist"); | ||
} else if (!confFile.isFile()) { | ||
throw new IOException("The path is not a file"); | ||
} | ||
reader = new BufferedReader(new FileReader(confFile)); | ||
} | ||
|
||
@Cleanup BufferedReader reader = new BufferedReader(new FileReader(confFile)); | ||
users = new HashMap<>(); | ||
for (String line : reader.lines().toArray(s -> new String[s])) { | ||
List<String> splitLine = Arrays.asList(line.split(":")); | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,90 @@ | ||
/** | ||
* Licensed to the Apache Software Foundation (ASF) under one | ||
* or more contributor license agreements. See the NOTICE file | ||
* distributed with this work for additional information | ||
* regarding copyright ownership. The ASF licenses this file | ||
* to you under the Apache License, Version 2.0 (the | ||
* "License"); you may not use this file except in compliance | ||
* with the License. You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, | ||
* software distributed under the License is distributed on an | ||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
* KIND, either express or implied. See the License for the | ||
* specific language governing permissions and limitations | ||
* under the License. | ||
*/ | ||
package org.apache.pulsar.broker.authentication; | ||
|
||
import com.google.common.io.Resources; | ||
import java.io.IOException; | ||
import java.nio.charset.StandardCharsets; | ||
import java.nio.file.Files; | ||
import java.nio.file.Path; | ||
import java.util.Base64; | ||
import java.util.Properties; | ||
import lombok.Cleanup; | ||
import org.apache.pulsar.broker.ServiceConfiguration; | ||
import org.apache.pulsar.common.api.AuthData; | ||
import org.testng.annotations.Test; | ||
|
||
import javax.naming.AuthenticationException; | ||
|
||
public class AuthenticationProviderBasicTest { | ||
private final String basicAuthConf = Resources.getResource("authentication/basic/.htpasswd").getPath(); | ||
private final String basicAuthConfBase64 = Base64.getEncoder().encodeToString(Files.readAllBytes(Path.of(basicAuthConf))); | ||
|
||
public AuthenticationProviderBasicTest() throws IOException { | ||
} | ||
|
||
private void testAuthenticate(AuthenticationProviderBasic provider) throws AuthenticationException { | ||
AuthData authData = AuthData.of("superUser2:superpassword".getBytes(StandardCharsets.UTF_8)); | ||
provider.newAuthState(authData, null, null); | ||
} | ||
|
||
@Test | ||
public void testLoadFileFromPulsarProperties() throws Exception { | ||
@Cleanup | ||
AuthenticationProviderBasic provider = new AuthenticationProviderBasic(); | ||
ServiceConfiguration serviceConfiguration = new ServiceConfiguration(); | ||
Properties properties = new Properties(); | ||
properties.setProperty("basicAuthConf", basicAuthConf); | ||
serviceConfiguration.setProperties(properties); | ||
provider.initialize(serviceConfiguration); | ||
testAuthenticate(provider); | ||
} | ||
|
||
@Test | ||
public void testLoadBase64FromPulsarProperties() throws Exception { | ||
@Cleanup | ||
AuthenticationProviderBasic provider = new AuthenticationProviderBasic(); | ||
ServiceConfiguration serviceConfiguration = new ServiceConfiguration(); | ||
Properties properties = new Properties(); | ||
properties.setProperty("basicAuthConf", basicAuthConfBase64); | ||
serviceConfiguration.setProperties(properties); | ||
provider.initialize(serviceConfiguration); | ||
testAuthenticate(provider); | ||
} | ||
|
||
@Test | ||
public void testLoadFileFromSystemProperties() throws Exception { | ||
@Cleanup | ||
AuthenticationProviderBasic provider = new AuthenticationProviderBasic(); | ||
ServiceConfiguration serviceConfiguration = new ServiceConfiguration(); | ||
System.setProperty("pulsar.auth.basic.conf", basicAuthConf); | ||
provider.initialize(serviceConfiguration); | ||
testAuthenticate(provider); | ||
} | ||
|
||
@Test | ||
public void testLoadBase64FromSystemProperties() throws Exception { | ||
@Cleanup | ||
AuthenticationProviderBasic provider = new AuthenticationProviderBasic(); | ||
ServiceConfiguration serviceConfiguration = new ServiceConfiguration(); | ||
System.setProperty("pulsar.auth.basic.conf", basicAuthConfBase64); | ||
provider.initialize(serviceConfiguration); | ||
testAuthenticate(provider); | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
superUser:mQQQIsyvvKRtU | ||
superUser2:$apr1$foobarmq$kuSZlLgOITksCkRgl57ie/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you want to add two config?