use of org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorCredentialUpdate in project druid by druid-io.
the class CoordinatorBasicAuthenticatorMetadataStorageUpdaterTest method setCredentials.
@Test
public void setCredentials() {
updater.createUser(AUTHENTICATOR_NAME, "druid");
updater.setUserCredentials(AUTHENTICATOR_NAME, "druid", new BasicAuthenticatorCredentialUpdate("helloworld", null));
Map<String, BasicAuthenticatorUser> userMap = BasicAuthUtils.deserializeAuthenticatorUserMap(objectMapper, updater.getCurrentUserMapBytes(AUTHENTICATOR_NAME));
BasicAuthenticatorCredentials credentials = userMap.get("druid").getCredentials();
byte[] recalculatedHash = BasicAuthUtils.hashPassword("helloworld".toCharArray(), credentials.getSalt(), credentials.getIterations());
Assert.assertArrayEquals(credentials.getHash(), recalculatedHash);
// Validate cache user map methods
Map<String, BasicAuthenticatorUser> expectedUserMap = ImmutableMap.of("druid", new BasicAuthenticatorUser("druid", credentials));
byte[] expectedSerializeUserMap = BasicAuthUtils.serializeAuthenticatorUserMap(objectMapper, expectedUserMap);
Assert.assertArrayEquals(expectedSerializeUserMap, updater.getCurrentUserMapBytes(AUTHENTICATOR_NAME));
Assert.assertEquals(expectedUserMap, updater.getCachedUserMap(AUTHENTICATOR_NAME));
Assert.assertArrayEquals(expectedSerializeUserMap, updater.getCachedSerializedUserMap(AUTHENTICATOR_NAME));
}
use of org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorCredentialUpdate in project druid by druid-io.
the class CoordinatorBasicAuthenticatorResourceTest method testUserCredentials.
@Test
public void testUserCredentials() {
Response response = resource.createUser(req, AUTHENTICATOR_NAME, "druid");
Assert.assertEquals(200, response.getStatus());
response = resource.updateUserCredentials(req, AUTHENTICATOR_NAME, "druid", new BasicAuthenticatorCredentialUpdate("helloworld", null));
Assert.assertEquals(200, response.getStatus());
response = resource.getUser(req, AUTHENTICATOR_NAME, "druid");
Assert.assertEquals(200, response.getStatus());
BasicAuthenticatorUser actualUser = (BasicAuthenticatorUser) response.getEntity();
Assert.assertEquals("druid", actualUser.getName());
BasicAuthenticatorCredentials credentials = actualUser.getCredentials();
byte[] salt = credentials.getSalt();
byte[] hash = credentials.getHash();
int iterations = credentials.getIterations();
Assert.assertEquals(BasicAuthUtils.SALT_LENGTH, salt.length);
Assert.assertEquals(BasicAuthUtils.KEY_LENGTH / 8, hash.length);
Assert.assertEquals(BasicAuthUtils.DEFAULT_KEY_ITERATIONS, iterations);
byte[] recalculatedHash = BasicAuthUtils.hashPassword("helloworld".toCharArray(), salt, iterations);
Assert.assertArrayEquals(recalculatedHash, hash);
response = resource.getCachedSerializedUserMap(req, AUTHENTICATOR_NAME);
Assert.assertEquals(200, response.getStatus());
Assert.assertTrue(response.getEntity() instanceof byte[]);
Map<String, BasicAuthenticatorUser> cachedUserMap = BasicAuthUtils.deserializeAuthenticatorUserMap(objectMapper, (byte[]) response.getEntity());
Assert.assertNotNull(cachedUserMap);
Assert.assertNotNull(cachedUserMap.get("druid"));
Assert.assertEquals("druid", cachedUserMap.get("druid").getName());
BasicAuthenticatorCredentials cachedUserCredentials = cachedUserMap.get("druid").getCredentials();
salt = cachedUserCredentials.getSalt();
hash = cachedUserCredentials.getHash();
iterations = cachedUserCredentials.getIterations();
Assert.assertEquals(BasicAuthUtils.SALT_LENGTH, salt.length);
Assert.assertEquals(BasicAuthUtils.KEY_LENGTH / 8, hash.length);
Assert.assertEquals(BasicAuthUtils.DEFAULT_KEY_ITERATIONS, iterations);
recalculatedHash = BasicAuthUtils.hashPassword("helloworld".toCharArray(), salt, iterations);
Assert.assertArrayEquals(recalculatedHash, hash);
response = resource.deleteUser(req, AUTHENTICATOR_NAME, "druid");
Assert.assertEquals(200, response.getStatus());
response = resource.getUser(req, AUTHENTICATOR_NAME, "druid");
Assert.assertEquals(400, response.getStatus());
Assert.assertEquals(errorMapWithMsg("User [druid] does not exist."), response.getEntity());
response = resource.updateUserCredentials(req, AUTHENTICATOR_NAME, "druid", new BasicAuthenticatorCredentialUpdate("helloworld", null));
Assert.assertEquals(400, response.getStatus());
Assert.assertEquals(errorMapWithMsg("User [druid] does not exist."), response.getEntity());
}
use of org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorCredentialUpdate in project druid by druid-io.
the class ITBasicAuthConfigurationTest method setupTestSpecificHttpClients.
@Override
protected void setupTestSpecificHttpClients() throws Exception {
// create a new user+role that can read /status
createUserAndRoleWithPermissions(adminClient, "druid", "helloworld", "druidrole", STATE_ONLY_PERMISSIONS);
// create 100 users
for (int i = 0; i < 100; i++) {
HttpUtil.makeRequest(adminClient, HttpMethod.POST, config.getCoordinatorUrl() + "/druid-ext/basic-security/authentication/db/basic/users/druid" + i, null);
HttpUtil.makeRequest(adminClient, HttpMethod.POST, config.getCoordinatorUrl() + "/druid-ext/basic-security/authorization/db/basic/users/druid" + i, null);
LOG.info("Finished creating user druid" + i);
}
// setup the last of 100 users and check that it works
HttpUtil.makeRequest(adminClient, HttpMethod.POST, config.getCoordinatorUrl() + "/druid-ext/basic-security/authentication/db/basic/users/druid99/credentials", jsonMapper.writeValueAsBytes(new BasicAuthenticatorCredentialUpdate("helloworld", 5000)));
HttpUtil.makeRequest(adminClient, HttpMethod.POST, config.getCoordinatorUrl() + "/druid-ext/basic-security/authorization/db/basic/users/druid99/roles/druidrole", null);
druid99 = new CredentialedHttpClient(new BasicCredentials("druid99", "helloworld"), httpClient);
}
use of org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorCredentialUpdate in project druid by druid-io.
the class CoordinatorBasicAuthenticatorMetadataStorageUpdater method setUserCredentialsInternal.
private void setUserCredentialsInternal(String prefix, String userName, BasicAuthenticatorCredentialUpdate update) {
BasicAuthenticatorCredentials credentials;
// use default iteration count from Authenticator if not specified in request
if (update.getIterations() == -1) {
BasicHTTPAuthenticator authenticator = (BasicHTTPAuthenticator) authenticatorMapper.getAuthenticatorMap().get(prefix);
credentials = new BasicAuthenticatorCredentials(new BasicAuthenticatorCredentialUpdate(update.getPassword(), authenticator.getDbConfig().getCredentialIterations()));
} else {
credentials = new BasicAuthenticatorCredentials(update);
}
int attempts = 0;
while (attempts < numRetries) {
if (setUserCredentialOnce(prefix, userName, credentials)) {
return;
} else {
attempts++;
}
try {
Thread.sleep(ThreadLocalRandom.current().nextLong(UPDATE_RETRY_DELAY));
} catch (InterruptedException ie) {
throw new RuntimeException(ie);
}
}
throw new ISE("Could not set credentials for user[%s] due to concurrent update contention.", userName);
}
use of org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorCredentialUpdate in project druid by druid-io.
the class CoordinatorBasicAuthenticatorMetadataStorageUpdater method start.
@LifecycleStart
public void start() {
if (!lifecycleLock.canStart()) {
throw new ISE("can't start.");
}
if (authenticatorMapper == null || authenticatorMapper.getAuthenticatorMap() == null) {
return;
}
try {
LOG.info("Starting CoordinatorBasicAuthenticatorMetadataStorageUpdater.");
BasicAuthUtils.maybeInitialize(() -> {
for (Map.Entry<String, Authenticator> entry : authenticatorMapper.getAuthenticatorMap().entrySet()) {
Authenticator authenticator = entry.getValue();
if (authenticator instanceof BasicHTTPAuthenticator) {
String authenticatorName = entry.getKey();
authenticatorPrefixes.add(authenticatorName);
BasicHTTPAuthenticator basicHTTPAuthenticator = (BasicHTTPAuthenticator) authenticator;
BasicAuthDBConfig dbConfig = basicHTTPAuthenticator.getDbConfig();
byte[] userMapBytes = getCurrentUserMapBytes(authenticatorName);
Map<String, BasicAuthenticatorUser> userMap = BasicAuthUtils.deserializeAuthenticatorUserMap(objectMapper, userMapBytes);
cachedUserMaps.put(authenticatorName, new BasicAuthenticatorUserMapBundle(userMap, userMapBytes));
if (dbConfig.getInitialAdminPassword() != null && !userMap.containsKey(BasicAuthUtils.ADMIN_NAME)) {
createUserInternal(authenticatorName, BasicAuthUtils.ADMIN_NAME);
setUserCredentialsInternal(authenticatorName, BasicAuthUtils.ADMIN_NAME, new BasicAuthenticatorCredentialUpdate(dbConfig.getInitialAdminPassword().getPassword(), BasicAuthUtils.DEFAULT_KEY_ITERATIONS));
}
if (dbConfig.getInitialInternalClientPassword() != null && !userMap.containsKey(BasicAuthUtils.INTERNAL_USER_NAME)) {
createUserInternal(authenticatorName, BasicAuthUtils.INTERNAL_USER_NAME);
setUserCredentialsInternal(authenticatorName, BasicAuthUtils.INTERNAL_USER_NAME, new BasicAuthenticatorCredentialUpdate(dbConfig.getInitialInternalClientPassword().getPassword(), BasicAuthUtils.DEFAULT_KEY_ITERATIONS));
}
}
}
return true;
});
ScheduledExecutors.scheduleWithFixedDelay(exec, new Duration(commonCacheConfig.getPollingPeriod()), new Duration(commonCacheConfig.getPollingPeriod()), new Callable<ScheduledExecutors.Signal>() {
@Override
public ScheduledExecutors.Signal call() {
if (stopped) {
return ScheduledExecutors.Signal.STOP;
}
try {
LOG.debug("Scheduled db userMap poll is running");
for (String authenticatorPrefix : authenticatorPrefixes) {
byte[] userMapBytes = getCurrentUserMapBytes(authenticatorPrefix);
Map<String, BasicAuthenticatorUser> userMap = BasicAuthUtils.deserializeAuthenticatorUserMap(objectMapper, userMapBytes);
if (userMapBytes != null) {
cachedUserMaps.put(authenticatorPrefix, new BasicAuthenticatorUserMapBundle(userMap, userMapBytes));
}
}
LOG.debug("Scheduled db userMap poll is done");
} catch (Throwable t) {
LOG.makeAlert(t, "Error occured while polling for cachedUserMaps.").emit();
}
return ScheduledExecutors.Signal.REPEAT;
}
});
lifecycleLock.started();
} finally {
lifecycleLock.exitStart();
}
}
Aggregations