Juan Hernandez has uploaded a new change for review. Change subject: core: Add authentication module ......................................................................
core: Add authentication module This patch adds a new "authentication" backend module intended to contain the builtin authentication and directory implementations. In this initial version it only contains very simple NOP authenticator and an equally simple NOP directory. The NOP authenticator just accepts any user name and any password, without validation. The NOP directory doesn't have any backend, it just creates users as requested. Obviously these aren't very useful outside of testing, althought the NOP directory can be useful when authentication is relevant but user details (mail, name, etc) and groups aren't relevant. In order to use these authenticator and directory a new authentication profile has to be configured creating a "nop.conf" file inside "/etc/ovirt-engine/auth.d". The content of that file should be something like this: # # The name of the authentication profile (this is what will be # displayed to the user in the login dialog): # name=nop # # The name of the JBoss module that contains the implementation of the # authenticator and the directory: # module=org.ovirt.engine.core.authentication # # The type is used to select the implementation of the authenticator # and the directory. The NOP authenticator and directory register # themselves with "nop" as the type: # authenticator.type=nop directory.type=nop With this configuration inside "auth.d" the provisional authentication profile disabled and only "nop" will be available, thus users will be able to login with any name and password that they try. Change-Id: I79ff506bfca42d90a1fbaa7d9bfa8b0c4c140dff Signed-off-by: Juan Hernandez <juan.hernan...@redhat.com> --- A backend/manager/modules/authentication/pom.xml A backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/nop/NopAuthenticator.java A backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/nop/NopAuthenticatorFactory.java A backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/nop/NopDirectory.java A backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/nop/NopDirectoryFactory.java A backend/manager/modules/authentication/src/main/modules/org/ovirt/engine/core/authentication/main/module.xml A backend/manager/modules/authentication/src/main/resources/META-INF/services/org.ovirt.engine.core.authentication.AuthenticatorFactory A backend/manager/modules/authentication/src/main/resources/META-INF/services/org.ovirt.engine.core.authentication.DirectoryFactory M backend/manager/modules/pom.xml M ovirt-engine.spec.in 10 files changed, 310 insertions(+), 0 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/27/21027/1 diff --git a/backend/manager/modules/authentication/pom.xml b/backend/manager/modules/authentication/pom.xml new file mode 100644 index 0000000..179834f --- /dev/null +++ b/backend/manager/modules/authentication/pom.xml @@ -0,0 +1,53 @@ +<project + xmlns="http://maven.apache.org/POM/4.0.0"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> + + <modelVersion>4.0.0</modelVersion> + + <parent> + <groupId>org.ovirt.engine.core</groupId> + <artifactId>manager-modules</artifactId> + <version>3.4.0-SNAPSHOT</version> + </parent> + + <artifactId>authentication</artifactId> + <packaging>jar</packaging> + + <name>Backend Authentication</name> + + <dependencies> + + <dependency> + <groupId>${engine.groupId}</groupId> + <artifactId>common</artifactId> + <version>${engine.version}</version> + </dependency> + + <dependency> + <groupId>org.jboss.spec.javax.servlet</groupId> + <artifactId>jboss-servlet-api_3.0_spec</artifactId> + </dependency> + + <dependency> + <groupId>commons-lang</groupId> + <artifactId>commons-lang</artifactId> + </dependency> + + </dependencies> + + <build> + + <plugins> + + <!-- Create the JBoss module: --> + <plugin> + <groupId>org.ovirt.engine</groupId> + <artifactId>jboss-modules-maven-plugin</artifactId> + </plugin> + + </plugins> + + </build> + +</project> diff --git a/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/nop/NopAuthenticator.java b/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/nop/NopAuthenticator.java new file mode 100644 index 0000000..8eefc6d --- /dev/null +++ b/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/nop/NopAuthenticator.java @@ -0,0 +1,41 @@ +package org.ovirt.engine.core.authentication.nop; + +import org.ovirt.engine.core.authentication.PasswordAuthenticator; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * This authenticator blindly accepts any user, without any check, useful only for testing environments. + */ +public class NopAuthenticator implements PasswordAuthenticator { + // The log: + private static final Logger log = LoggerFactory.getLogger(NopAuthenticator.class); + + // The name of the authenticator: + private String name; + + /** + * Create a new header authenticator. + * + * @param name the name of the authenticator + */ + public NopAuthenticator(String name) { + this.name = name; + } + + /** + * {@inheritDoc} + */ + @Override + public String getName() { + return name; + } + + /** + * {@inheritDoc} + */ + @Override + public boolean authenticate(String name, char[] password) { + return true; + } +} diff --git a/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/nop/NopAuthenticatorFactory.java b/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/nop/NopAuthenticatorFactory.java new file mode 100644 index 0000000..0004795 --- /dev/null +++ b/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/nop/NopAuthenticatorFactory.java @@ -0,0 +1,41 @@ +package org.ovirt.engine.core.authentication.nop; + +import java.io.File; + +import org.ovirt.engine.core.authentication.Authenticator; +import org.ovirt.engine.core.authentication.AuthenticatorFactory; +import org.ovirt.engine.core.authentication.Configuration; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class NopAuthenticatorFactory implements AuthenticatorFactory { + // The log: + private static final Logger log = LoggerFactory.getLogger(NopAuthenticatorFactory.class); + + // The type supported by this factory: + private static final String TYPE = "nop"; + + // Names of the configuration parameters: + private static final String NAME_PARAMETER = "name"; + + @Override + public String getType() { + return TYPE; + } + + @Override + public Authenticator create(File file, Configuration config) { + // Get the name of the authenticator: + String name = config.getInheritedString(NAME_PARAMETER); + if (name == null) { + log.error( + "The configuration file \"{}\" doesn't contain the name of the authenticator.", + file.getAbsolutePath() + ); + return null; + } + + // We are good, create the authenticator: + return new NopAuthenticator(name); + } +} diff --git a/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/nop/NopDirectory.java b/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/nop/NopDirectory.java new file mode 100644 index 0000000..f7d5275 --- /dev/null +++ b/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/nop/NopDirectory.java @@ -0,0 +1,97 @@ +package org.ovirt.engine.core.authentication.nop; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import org.ovirt.engine.core.authentication.Directory; +import org.ovirt.engine.core.authentication.DirectoryGroup; +import org.ovirt.engine.core.authentication.DirectoryUser; +import org.ovirt.engine.core.common.utils.ExternalId; + +public class NopDirectory implements Directory { + // The name of the directory: + private String name; + + /** + * Create a new NOP directory. + * + * @param name the name of the directory + */ + public NopDirectory(String name) { + this.name = name; + } + + /** + * {@inheritDoc} + */ + @Override + public String getName() { + return name; + } + + /** + * {@inheritDoc} + */ + @Override + public DirectoryUser findUser(String name) { + ExternalId id = new ExternalId(name.getBytes()); + return new DirectoryUser(this, id, name); + } + + /** + * {@inheritDoc} + */ + @Override + public DirectoryUser findUser(ExternalId id) { + String name = new String(id.getBytes()); + return new DirectoryUser(this, id, name); + } + + /** + * {@inheritDoc} + */ + @Override + public List<DirectoryUser> findUsers(List<ExternalId> ids) { + List<DirectoryUser> users = new ArrayList<>(ids.size()); + for (ExternalId id : ids) { + DirectoryUser user = findUser(id); + if (user != null) { + users.add(user); + } + } + return users; + } + + /** + * {@inheritDoc} + */ + @Override + public DirectoryGroup findGroup(String name) { + return null; + } + + /** + * {@inheritDoc} + */ + @Override + public DirectoryGroup findGroup(ExternalId id) { + return null; + } + + /** + * {@inheritDoc} + */ + @Override + public List<DirectoryUser> queryUsers(String query) { + return Collections.emptyList(); + } + + /** + * {@inheritDoc} + */ + @Override + public List<DirectoryGroup> queryGroups(String query) { + return Collections.emptyList(); + } +} diff --git a/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/nop/NopDirectoryFactory.java b/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/nop/NopDirectoryFactory.java new file mode 100644 index 0000000..1d7c097 --- /dev/null +++ b/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/nop/NopDirectoryFactory.java @@ -0,0 +1,48 @@ +package org.ovirt.engine.core.authentication.nop; + +import java.io.File; + +import org.ovirt.engine.core.authentication.Configuration; +import org.ovirt.engine.core.authentication.Directory; +import org.ovirt.engine.core.authentication.DirectoryFactory; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * This class implements a directory without any backend, it just creates the users when requested. This is useful when + * there is no need for any of the attribures or groups provided by an external directory. + */ +public class NopDirectoryFactory implements DirectoryFactory { + // The log: + private static final Logger log = LoggerFactory.getLogger(NopDirectoryFactory.class); + + // The type supported by this factory: + private static final String TYPE = "nop"; + + // Names of the configuration parameters: + private static final String NAME_PARAMETER = "name"; + + /** + * {@inheritDoc} + */ + @Override + public String getType() { + return TYPE; + } + + @Override + public Directory create(File file, Configuration config) { + // Get the name of the directory: + String name = config.getInheritedString(NAME_PARAMETER); + if (name == null) { + log.error( + "The configuration file \"{}\" doesn't contain the name of the directory.", + file.getAbsolutePath() + ); + return null; + } + + // We are good, create the directory: + return new NopDirectory(name); + } +} diff --git a/backend/manager/modules/authentication/src/main/modules/org/ovirt/engine/core/authentication/main/module.xml b/backend/manager/modules/authentication/src/main/modules/org/ovirt/engine/core/authentication/main/module.xml new file mode 100644 index 0000000..dba907f --- /dev/null +++ b/backend/manager/modules/authentication/src/main/modules/org/ovirt/engine/core/authentication/main/module.xml @@ -0,0 +1,17 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<module xmlns="urn:jboss:module:1.1" name="org.ovirt.engine.core.authentication"> + + <resources> + <resource-root path="authentication.jar"/> + </resources> + + <dependencies> + <module name="javax.api"/> + <module name="javax.servlet.api"/> + <module name="org.apache.commons.lang"/> + <module name="org.ovirt.engine.core.common"/> + <module name="org.slf4j"/> + </dependencies> + +</module> diff --git a/backend/manager/modules/authentication/src/main/resources/META-INF/services/org.ovirt.engine.core.authentication.AuthenticatorFactory b/backend/manager/modules/authentication/src/main/resources/META-INF/services/org.ovirt.engine.core.authentication.AuthenticatorFactory new file mode 100644 index 0000000..73a291a --- /dev/null +++ b/backend/manager/modules/authentication/src/main/resources/META-INF/services/org.ovirt.engine.core.authentication.AuthenticatorFactory @@ -0,0 +1,5 @@ +# +# This file contains one line per each authenticator factory to be +# automatically registered with the authenticator manager: +# +org.ovirt.engine.core.authentication.nop.NopAuthenticatorFactory diff --git a/backend/manager/modules/authentication/src/main/resources/META-INF/services/org.ovirt.engine.core.authentication.DirectoryFactory b/backend/manager/modules/authentication/src/main/resources/META-INF/services/org.ovirt.engine.core.authentication.DirectoryFactory new file mode 100644 index 0000000..48e5909 --- /dev/null +++ b/backend/manager/modules/authentication/src/main/resources/META-INF/services/org.ovirt.engine.core.authentication.DirectoryFactory @@ -0,0 +1,5 @@ +# +# This file contains one line per each directory factory to be +# automatically registered with the directory manager: +# +org.ovirt.engine.core.authentication.nop.NopDirectoryFactory diff --git a/backend/manager/modules/pom.xml b/backend/manager/modules/pom.xml index 8f7b073..5220169 100644 --- a/backend/manager/modules/pom.xml +++ b/backend/manager/modules/pom.xml @@ -25,6 +25,7 @@ <module>restapi</module> <module>root</module> <module>branding</module> + <module>authentication</module> </modules> <dependencies> diff --git a/ovirt-engine.spec.in b/ovirt-engine.spec.in index 3bebc71..42de5f8 100644 --- a/ovirt-engine.spec.in +++ b/ovirt-engine.spec.in @@ -527,6 +527,7 @@ %{engine_ear}/bll.jar %{engine_ear}/lib/vdsbroker.jar %{engine_ear}/scheduler.jar +%{engine_jboss_modules}/org/ovirt/engine/core/authentication/main/authentication.jar %{engine_jboss_modules}/org/ovirt/engine/core/common/main/common.jar %{engine_jboss_modules}/org/ovirt/engine/core/compat/main/compat.jar %{engine_jboss_modules}/org/ovirt/engine/core/dal/main/dal.jar @@ -716,6 +717,7 @@ %{engine_data}/branding/ovirt.brand/ %{engine_etc}/branding/00-ovirt.brand %{engine_etc}/engine.conf.d/ +%{engine_java}/authentication.jar %{engine_java}/common.jar %{engine_java}/compat.jar %{engine_java}/utils.jar -- To view, visit http://gerrit.ovirt.org/21027 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I79ff506bfca42d90a1fbaa7d9bfa8b0c4c140dff Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Juan Hernandez <juan.hernan...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
