Juan Hernandez has uploaded a new change for review.
Change subject: core: Add internal authenticator
......................................................................
core: Add internal authenticator
This patch adds an internal authenticator based on the new
authentication interfaces previously introduced. This authenticator
behaves exactly like the previous one, taking the user name and password
from the AdminUser and AdminPassword configuration parameters stored in
the database.
To use it create a "internal.conf" file in the
"/etc/ovirt-engine/auth.d" directory with the following content:
#
# The name of the authentication profile (this is what will be
# displayed in the login form):
#
name=internal
#
# The types of the authenticator and the directory:
#
authenticator.type=internal
directory.type=internal
Change-Id: I005e7e721b6342b292cf79ccf1e0355c65bd116f
Signed-off-by: Juan Hernandez <juan.hernan...@redhat.com>
---
A
backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/internal/InternalAuthenticator.java
A
backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/internal/InternalAuthenticatorFactory.java
A
backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/internal/InternalDirectory.java
A
backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/internal/InternalDirectoryFactory.java
M
backend/manager/modules/authentication/src/main/resources/META-INF/services/org.ovirt.engine.core.authentication.AuthenticatorFactory
M
backend/manager/modules/authentication/src/main/resources/META-INF/services/org.ovirt.engine.core.authentication.DirectoryFactory
6 files changed, 254 insertions(+), 0 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/29/21029/1
diff --git
a/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/internal/InternalAuthenticator.java
b/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/internal/InternalAuthenticator.java
new file mode 100644
index 0000000..a61e50a
--- /dev/null
+++
b/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/internal/InternalAuthenticator.java
@@ -0,0 +1,51 @@
+package org.ovirt.engine.core.authentication.internal;
+
+import java.util.Arrays;
+
+import org.apache.commons.lang.ObjectUtils;
+import org.ovirt.engine.core.authentication.PasswordAuthenticator;
+import org.ovirt.engine.core.common.config.Config;
+import org.ovirt.engine.core.common.config.ConfigValues;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * This authenticator authenticates the internal user as specified in the
{@code AdminUser} and {@code AdminPassword}
+ * configuration parameters stored in the database.
+ */
+public class InternalAuthenticator implements PasswordAuthenticator {
+ // The log:
+ private static final Logger log =
LoggerFactory.getLogger(InternalAuthenticator.class);
+
+ // The name of the authenticator:
+ private String name;
+
+ /**
+ * Create a new internal authenticator.
+ *
+ * @param name the name of the authenticator
+ */
+ public InternalAuthenticator(String name) {
+ this.name = name;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public boolean authenticate(String name, char[] password) {
+ String adminName = Config.<String> GetValue(ConfigValues.AdminUser);
+ String adminPassword = Config.<String>
GetValue(ConfigValues.AdminPassword);
+ return
+ ObjectUtils.equals(name, adminName) &&
+ Arrays.equals(password, adminPassword.toCharArray());
+ }
+}
diff --git
a/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/internal/InternalAuthenticatorFactory.java
b/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/internal/InternalAuthenticatorFactory.java
new file mode 100644
index 0000000..9552b93
--- /dev/null
+++
b/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/internal/InternalAuthenticatorFactory.java
@@ -0,0 +1,41 @@
+package org.ovirt.engine.core.authentication.internal;
+
+import java.io.File;
+
+import org.ovirt.engine.core.authentication.Authenticator;
+import org.ovirt.engine.core.authentication.AuthenticatorFactory;
+import org.ovirt.engine.core.authentication.Configuration;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class InternalAuthenticatorFactory implements AuthenticatorFactory {
+ // The log:
+ private static final Logger log =
LoggerFactory.getLogger(InternalAuthenticatorFactory.class);
+
+ // The type supported by this factory:
+ private static final String TYPE = "internal";
+
+ // Names of the configuration parameters:
+ private static final String NAME_PARAMETER = "name";
+
+ @Override
+ public String getType() {
+ return TYPE;
+ }
+
+ @Override
+ public Authenticator create(File file, Configuration config) {
+ // Get the name of the authenticator:
+ String name = config.getInheritedString(NAME_PARAMETER);
+ if (name == null) {
+ log.error(
+ "The configuration file \"{}\" doesn't contain the name of the
authenticator.",
+ file.getAbsolutePath()
+ );
+ return null;
+ }
+
+ // We are good, create the authenticator:
+ return new InternalAuthenticator(name);
+ }
+}
diff --git
a/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/internal/InternalDirectory.java
b/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/internal/InternalDirectory.java
new file mode 100644
index 0000000..e29a02e
--- /dev/null
+++
b/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/internal/InternalDirectory.java
@@ -0,0 +1,116 @@
+package org.ovirt.engine.core.authentication.internal;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.ovirt.engine.core.authentication.Directory;
+import org.ovirt.engine.core.authentication.DirectoryGroup;
+import org.ovirt.engine.core.authentication.DirectoryUser;
+import org.ovirt.engine.core.common.config.Config;
+import org.ovirt.engine.core.common.config.ConfigValues;
+import org.ovirt.engine.core.common.utils.ExternalId;
+
+/**
+ * This directory contains only the internal user as specified in the {@code
AdminUser} configuration parameter.
+ */
+public class InternalDirectory implements Directory {
+ // The name of the directory:
+ private String name;
+
+ // The name of the admin user and of the internal domain come from the
configuration of the engine:
+ private static final String ADMIN_NAME = Config.<String>
GetValue(ConfigValues.AdminUser);
+
+ // The identifier of the admin user of the internal directory is inserted
in the database when it is created, we
+ // need to use exactly the same here:
+ private static final ExternalId ADMIN_ID = new ExternalId(
+ 0xfd, 0xfc, 0x62, 0x7c, 0xd8, 0x75, 0x11, 0xe0, 0x90, 0xf0, 0x83,
0xdf, 0x13, 0x3b, 0x58, 0xcc
+ );
+
+ // The only user supported by this directory:
+ private DirectoryUser admin;
+
+ /**
+ * Create a new internal directory.
+ *
+ * @param name the name of the directory
+ */
+ public InternalDirectory(String name) {
+ // Save the name of the domain:
+ this.name = name;
+
+ // Create the builtin user:
+ admin = new DirectoryUser(this, ADMIN_ID, ADMIN_NAME);
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public DirectoryUser findUser(String name) {
+ return ADMIN_NAME.equals(name)? admin: null;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public DirectoryUser findUser(ExternalId id) {
+ return ADMIN_ID.equals(id)? admin: null;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public List<DirectoryUser> findUsers(List<ExternalId> ids) {
+ List<DirectoryUser> users = new ArrayList<>(ids.size());
+ for (ExternalId id : ids) {
+ DirectoryUser user = findUser(id);
+ if (user != null) {
+ users.add(user);
+ }
+ }
+ return users;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public DirectoryGroup findGroup(String name) {
+ return null;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public DirectoryGroup findGroup(ExternalId id) {
+ return null;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public List<DirectoryUser> queryUsers(String query) {
+ return Collections.singletonList(admin);
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public List<DirectoryGroup> queryGroups(String query) {
+ return Collections.emptyList();
+ }
+}
diff --git
a/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/internal/InternalDirectoryFactory.java
b/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/internal/InternalDirectoryFactory.java
new file mode 100644
index 0000000..21d27a0
--- /dev/null
+++
b/backend/manager/modules/authentication/src/main/java/org/ovirt/engine/core/authentication/internal/InternalDirectoryFactory.java
@@ -0,0 +1,44 @@
+package org.ovirt.engine.core.authentication.internal;
+
+import java.io.File;
+
+import org.ovirt.engine.core.authentication.Configuration;
+import org.ovirt.engine.core.authentication.Directory;
+import org.ovirt.engine.core.authentication.DirectoryFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class InternalDirectoryFactory implements DirectoryFactory {
+ // The log:
+ private static final Logger log =
LoggerFactory.getLogger(InternalDirectoryFactory.class);
+
+ // The type supported by this factory:
+ private static final String TYPE = "internal";
+
+ // Names of the configuration parameters:
+ private static final String NAME_PARAMETER = "name";
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public String getType() {
+ return TYPE;
+ }
+
+ @Override
+ public Directory create(File file, Configuration config) {
+ // Get the name of the directory:
+ String name = config.getInheritedString(NAME_PARAMETER);
+ if (name == null) {
+ log.error(
+ "The configuration file \"{}\" doesn't contain the name of the
directory.",
+ file.getAbsolutePath()
+ );
+ return null;
+ }
+
+ // We are good, create the directory:
+ return new InternalDirectory(name);
+ }
+}
diff --git
a/backend/manager/modules/authentication/src/main/resources/META-INF/services/org.ovirt.engine.core.authentication.AuthenticatorFactory
b/backend/manager/modules/authentication/src/main/resources/META-INF/services/org.ovirt.engine.core.authentication.AuthenticatorFactory
index d9c5f32..3f8a7a1 100644
---
a/backend/manager/modules/authentication/src/main/resources/META-INF/services/org.ovirt.engine.core.authentication.AuthenticatorFactory
+++
b/backend/manager/modules/authentication/src/main/resources/META-INF/services/org.ovirt.engine.core.authentication.AuthenticatorFactory
@@ -3,4 +3,5 @@
# automatically registered with the authenticator manager:
#
org.ovirt.engine.core.authentication.header.HeaderAuthenticatorFactory
+org.ovirt.engine.core.authentication.internal.InternalAuthenticatorFactory
org.ovirt.engine.core.authentication.nop.NopAuthenticatorFactory
diff --git
a/backend/manager/modules/authentication/src/main/resources/META-INF/services/org.ovirt.engine.core.authentication.DirectoryFactory
b/backend/manager/modules/authentication/src/main/resources/META-INF/services/org.ovirt.engine.core.authentication.DirectoryFactory
index 48e5909..d5da945 100644
---
a/backend/manager/modules/authentication/src/main/resources/META-INF/services/org.ovirt.engine.core.authentication.DirectoryFactory
+++
b/backend/manager/modules/authentication/src/main/resources/META-INF/services/org.ovirt.engine.core.authentication.DirectoryFactory
@@ -2,4 +2,5 @@
# This file contains one line per each directory factory to be
# automatically registered with the directory manager:
#
+org.ovirt.engine.core.authentication.internal.InternalDirectoryFactory
org.ovirt.engine.core.authentication.nop.NopDirectoryFactory
--
To view, visit http://gerrit.ovirt.org/21029
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I005e7e721b6342b292cf79ccf1e0355c65bd116f
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Juan Hernandez <juan.hernan...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
