Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MYRIAD-243 Support Authentication in Myriad UI and REST APIs #96

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

MYRIAD-243 Support Authentication in Myriad UI and REST APIs #96

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c9f91d8
MYRIAD-243 Support Authentication in Myriad UI and REST APIs
Nov 3, 2016
2813052
MYRIAD-243 Addressing review comments
Nov 4, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions myriad-scheduler/src/main/java/org/apache/myriad/Main.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,9 +83,11 @@ public static void initialize(Configuration hadoopConf, AbstractYarnScheduler ya
InterceptorRegistry registry) throws Exception {
MyriadModule myriadModule = new MyriadModule("myriad-config-default.yml", hadoopConf, yarnScheduler, rmContext, registry);
MesosModule mesosModule = new MesosModule();
injector = Guice.createInjector(myriadModule, mesosModule, new WebAppGuiceModule());
Injector parentInjector = Guice.createInjector(myriadModule, mesosModule);
final MyriadConfiguration cfg = parentInjector.getInstance(MyriadConfiguration.class);
injector = parentInjector.createChildInjector(new WebAppGuiceModule(cfg));

new Main().run(injector.getInstance(MyriadConfiguration.class));
new Main().run(cfg);
}

// TODO (Kannan Rajah) Hack to get injector in unit test.
Expand Down
6 changes: 1 addition & 5 deletions myriad-scheduler/src/main/java/org/apache/myriad/MyriadModule.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,8 +52,6 @@
import org.apache.myriad.scheduler.yarn.interceptor.InterceptorRegistry;
import org.apache.myriad.state.MyriadStateStore;
import org.apache.myriad.state.SchedulerState;
import org.apache.myriad.webapp.HttpConnectorProvider;
import org.apache.myriad.webapp.MyriadWebServer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

Expand Down Expand Up @@ -91,8 +89,6 @@ protected void configure() {
bind(ServiceProfileManager.class).in(Scopes.SINGLETON);
bind(DisruptorManager.class).in(Scopes.SINGLETON);
bind(ReconcileService.class).in(Scopes.SINGLETON);
bind(HttpConnectorProvider.class).in(Scopes.SINGLETON);
bind(MyriadWebServer.class).in(Scopes.SINGLETON);
// add special binding between TaskFactory and NMTaskFactory to ease up
// usage of TaskFactory
bind(TaskFactory.class).annotatedWith(NMTaskFactoryAnnotation.class).to(NMTaskFactory.class);
Expand Down Expand Up @@ -161,7 +157,7 @@ private MyriadStateStore providesMyriadStateStore() {
ExecutorCommandLineGenerator providesCLIGenerator(MyriadConfiguration cfg) {
return new NMExecutorCommandLineGenerator(cfg);
}

protected MyriadConfiguration generateMyriadConfiguration(String configFile) {
ObjectMapper mapper = new ObjectMapper(new YAMLFactory());

Expand Down
8 changes: 8 additions & 0 deletions myriad-scheduler/src/main/java/org/apache/myriad/configuration/MyriadConfiguration.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@ public class MyriadConfiguration {
*/
public static final Boolean DEFAULT_HA_ENABLED = false;

public static final Boolean DEFAULT_SECURITY_ENABLED = false;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

DEFAULT_AUTHENTICATION_ENABLED or DEFAULT_AUTH_ENABLED? "Security" is too vague, since encryption, authorization, and isolation are all parts of "security".

/**
* By default framework failover timeout is 1 day.
*/
Expand Down Expand Up @@ -157,6 +158,9 @@ public class MyriadConfiguration {
@JsonProperty
private Boolean haEnabled;

@JsonProperty
private Boolean isSecurityEnabled;

@JsonProperty
private NodeManagerConfiguration nodemanager;

Expand Down Expand Up @@ -253,6 +257,10 @@ public Boolean isHAEnabled() {
return Optional.fromNullable(haEnabled).or(DEFAULT_HA_ENABLED);
}

public Boolean isSecurityEnabled() {
return Optional.fromNullable(isSecurityEnabled).or(DEFAULT_SECURITY_ENABLED);
}

public NodeManagerConfiguration getNodeManagerConfiguration() {
return nodemanager;
}
Expand Down
55 changes: 55 additions & 0 deletions myriad-scheduler/src/main/java/org/apache/myriad/webapp/MyriadAuthenticationFilter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
* <p/>
* http://www.apache.org/licenses/LICENSE-2.0
* <p/>
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.myriad.webapp;

import com.google.common.annotations.VisibleForTesting;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.AuthenticationFilterInitializer;
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;

import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import java.util.Properties;

/**
* Filter to wrap AuthenticationFilter with specific prefix
*/
public class MyriadAuthenticationFilter extends AuthenticationFilter {

private static final String HTTP_AUTH_PREFIX = "hadoop.http.authentication.";

private static Configuration conf;

@Override
protected Properties getConfiguration(String configPrefix, FilterConfig filterConfig) throws ServletException {
Configuration localConf = new Configuration();
if (conf != null) {
localConf = conf;
}
Properties props = new Properties();
props.putAll(AuthenticationFilterInitializer.getFilterConfigMap(localConf, HTTP_AUTH_PREFIX));
props.putAll(super.getConfiguration(configPrefix, filterConfig));
return props;
}

@VisibleForTesting
static void setConfiguration(Configuration conf) {
MyriadAuthenticationFilter.conf = conf;
}
}
11 changes: 11 additions & 0 deletions myriad-scheduler/src/main/java/org/apache/myriad/webapp/MyriadServletModule.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,13 +26,20 @@
import org.apache.myriad.api.ControllerResource;
import org.apache.myriad.api.SchedulerStateResource;
import org.apache.myriad.api.ArtifactsResource;
import org.apache.myriad.configuration.MyriadConfiguration;
import org.codehaus.jackson.jaxrs.JacksonJaxbJsonProvider;

/**
* The guice module for configuring the myriad dashboard
*/
public class MyriadServletModule extends ServletModule {

private MyriadConfiguration cfg;

MyriadServletModule(MyriadConfiguration cfg) {
this.cfg = cfg;
}

@Override
protected void configureServlets() {
bind(ClustersResource.class);
Expand All @@ -43,6 +50,10 @@ protected void configureServlets() {
bind(GuiceContainer.class);
bind(JacksonJaxbJsonProvider.class).in(Scopes.SINGLETON);

if (cfg.isSecurityEnabled()) {
filter("/api/*").through(MyriadAuthenticationFilter.class);
}

serve("/api/*").with(GuiceContainer.class);
}
}
21 changes: 20 additions & 1 deletion myriad-scheduler/src/main/java/org/apache/myriad/webapp/MyriadWebServer.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@

import com.google.inject.servlet.GuiceFilter;
import javax.inject.Inject;

import org.apache.myriad.configuration.MyriadConfiguration;
import org.mortbay.jetty.Connector;
import org.mortbay.jetty.Handler;
import org.mortbay.jetty.Server;
Expand All @@ -36,17 +38,19 @@ public class MyriadWebServer {
private final Server jetty;
private final Connector connector;
private final GuiceFilter filter;
private final MyriadConfiguration myriadConf;

/**
* Status codes for MyriadWebServer
*/
public enum Status {STARTED, RUNNING, STOPPED, FAILED, UNKNOWN}

@Inject
public MyriadWebServer(Server jetty, Connector connector, GuiceFilter filter) {
public MyriadWebServer(Server jetty, Connector connector, GuiceFilter filter, MyriadConfiguration myriadConf) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If all we're using is isSecurityEnabled maybe just pass a boolean, if you think we'll need more of the config later leave it.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for now it is only for boolean, but we may need more from config later. WOuld be a pain to redo

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Then leave it.

this.jetty = jetty;
this.connector = connector;
this.filter = filter;
this.myriadConf = myriadConf;
}

public void start() throws Exception {
Expand All @@ -65,6 +69,21 @@ public void start() throws Exception {

servletHandler.addFilter(holder, filterMapping);

if (myriadConf.isSecurityEnabled()) {
String authFilterName = "Authentication";
String authFilterClassName = MyriadAuthenticationFilter.class.getName();
FilterHolder authHolder = new FilterHolder();
authHolder.setName(authFilterName);
authHolder.setClassName(authFilterClassName);

FilterMapping authFmap = new FilterMapping();
authFmap.setPathSpec("/*");
authFmap.setDispatches(Handler.ALL);
authFmap.setFilterName(authFilterName);

servletHandler.addFilter(authHolder, authFmap);
}

Context context = new Context();
context.setServletHandler(servletHandler);
context.addServlet(DefaultServlet.class, "/");
Expand Down
14 changes: 13 additions & 1 deletion myriad-scheduler/src/main/java/org/apache/myriad/webapp/WebAppGuiceModule.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,16 +19,28 @@
package org.apache.myriad.webapp;

import com.google.inject.AbstractModule;
import com.google.inject.Scopes;
import org.apache.myriad.configuration.MyriadConfiguration;
import org.mortbay.jetty.Connector;

/**
* The guice web application configuration
*/
public class WebAppGuiceModule extends AbstractModule {

private MyriadConfiguration cfg;

public WebAppGuiceModule(MyriadConfiguration cfg) {
this.cfg = cfg;
}

@Override
protected void configure() {
bind(Connector.class).toProvider(HttpConnectorProvider.class);
install(new MyriadServletModule());
bind(MyriadAuthenticationFilter.class).in(Scopes.SINGLETON);
bind(HttpConnectorProvider.class).in(Scopes.SINGLETON);
bind(MyriadWebServer.class).in(Scopes.SINGLETON);

install(new MyriadServletModule(cfg));
}
}
1 change: 1 addition & 0 deletions myriad-scheduler/src/main/resources/myriad-config-default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
##
mesosMaster: 10.0.2.15:5050
checkpoint: false
isSecurityEnabled: false
frameworkFailoverTimeout: 43200000
frameworkName: MyriadAlpha
frameworkRole: "*"
Expand Down
2 changes: 1 addition & 1 deletion myriad-scheduler/src/test/java/org/apache/myriad/TestObjectFactory.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -268,7 +268,7 @@ public static MyriadWebServer getMyriadWebServer(MyriadConfiguration cfg) {
Server server = TestObjectFactory.getJettyServer();
HttpConnectorProvider provider = new HttpConnectorProvider(cfg);
Connector connector = provider.get();
return new MyriadWebServer(server, connector, new GuiceFilter());
return new MyriadWebServer(server, connector, new GuiceFilter(), cfg);
}

public static MyriadFileSystemRMStateStore getStateStore(Configuration conf, String baseDir) throws Exception {
Expand Down
Loading