tool
/
atlas
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ATLAS-4377 : Atlas - Upgrade Spring Security to 5.4.4+/5.3.8+/5.2.9+ 

Signed-off-by: Pinal Shah <pinal.shah@freestoneinfotech.com>
This commit is contained in:
chaitali borole 2021-09-01 12:12:25 +05:30 committed by Pinal Shah
parent 6e4d369fd8
commit 953f65b9c4
13 changed files with 109 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
addons/falcon-bridge-shim/pom.xml
View File

@ -55,6 +55,22 @@
<groupId>org.mortbay.jetty</groupId>
<artifactId>servlet-api</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-jms</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>

12
addons/falcon-bridge/pom.xml
View File

@ -70,6 +70,18 @@
<groupId>org.mortbay.jetty</groupId>
<artifactId>servlet-api</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-jms</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
</exclusion>
</exclusions>
</dependency>

1
authorization/pom.xml
View File

@ -54,6 +54,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>

22
common/src/main/java/org/apache/atlas/utils/OnAtlasPropertyCondition.java
View File

@ -27,7 +27,7 @@ import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Condition;
import org.springframework.context.annotation.ConditionContext;
import org.springframework.core.type.AnnotatedTypeMetadata;
import org.springframework.core.type.classreading.AnnotationMetadataReadingVisitor;
import org.springframework.core.type.AnnotationMetadata;
public class OnAtlasPropertyCondition implements Condition {
private final Logger LOG = LoggerFactory.getLogger(OnAtlasPropertyCondition.class);
@ -37,16 +37,18 @@ public class OnAtlasPropertyCondition implements Condition {
boolean matches = false;
String propertyName = (String) metadata.getAnnotationAttributes(ConditionalOnAtlasProperty.class.getName()).get("property");
boolean isDefault = (Boolean) metadata.getAnnotationAttributes(ConditionalOnAtlasProperty.class.getName()).get("isDefault");
String className = ((AnnotationMetadataReadingVisitor) metadata).getClassName();
if (metadata instanceof AnnotatedTypeMetadata) {
String className = ((AnnotationMetadata) metadata).getClassName();
try {
Configuration configuration = ApplicationProperties.get();
String configuredProperty = configuration.getString(propertyName);
if (StringUtils.isNotEmpty(configuredProperty)) {
matches = configuredProperty.equals(className);
} else if (isDefault) matches = true;
} catch (AtlasException e) {
LOG.error("Unable to load atlas properties. Dependent bean configuration may fail");
try {
Configuration configuration = ApplicationProperties.get();
String configuredProperty = configuration.getString(propertyName);
if (StringUtils.isNotEmpty(configuredProperty)) {
matches = configuredProperty.equals(className);
} else if (isDefault) matches = true;
} catch (AtlasException e) {
LOG.error("Unable to load atlas properties. Dependent bean configuration may fail");
}
}
return matches;
}

75
pom.xml
View File

@ -760,8 +760,8 @@
<solr-test-framework.version>8.6.3</solr-test-framework.version>
<solr.version>8.6.3</solr.version>
<spray.version>1.3.1</spray.version>
<spring.security.version>4.2.17.RELEASE</spring.security.version>
<spring.version>4.3.29.RELEASE</spring.version>
<spring.security.version>5.5.1</spring.security.version>
<spring.version>5.3.8</spring.version>
<sqoop.version>1.4.6.2.3.99.0-195</sqoop.version>
<storm.version>2.1.0</storm.version>
<surefire.forkCount>2C</surefire.forkCount>
@ -1073,6 +1073,22 @@
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId>
<version>${spring.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-bom</artifactId>
<version>${spring.security.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<!-- commons -->
<dependency>
<groupId>commons-configuration</groupId>
@ -1347,61 +1363,6 @@
<version>${javax.servlet.version}</version>
</dependency>
<!-- Spring -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<version>${spring.version}</version>
</dependency>
<!-- atlas modules -->
<dependency>
<groupId>org.apache.atlas</groupId>

2
repository/pom.xml
View File

@ -180,11 +180,13 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>

6
repository/src/main/java/org/apache/atlas/GraphTransactionInterceptor.java
View File

@ -367,13 +367,13 @@ public class GraphTransactionInterceptor implements MethodInterceptor {
}
};
public void lockObject(final List<String> guids) {
public void lockObject(final List<?> guids) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> lockObject(): guids: {}", guids);
}
Collections.sort(guids);
for (String g : guids) {
Collections.sort((List<String>) guids);
for (String g : (List<String>) guids) {
lockObject(g);
}
}

4
test-tools/pom.xml
View File

@ -56,6 +56,10 @@
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-slf4j-impl</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-1.2-api</artifactId>
</exclusion>
</exclusions>
</dependency>

38
webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java
View File

@ -24,11 +24,13 @@ import java.io.IOException;
import java.util.ArrayList;
import java.util.Properties;
import java.util.List;
import java.security.NoSuchAlgorithmException;
import javax.annotation.PostConstruct;
import org.apache.atlas.web.security.AtlasAuthenticationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.encoding.ShaPasswordEncoder;
import org.springframework.security.crypto.codec.Hex;
import org.springframework.security.crypto.codec.Utf8;
import org.springframework.stereotype.Repository;
import org.apache.atlas.ApplicationProperties;
import org.apache.atlas.AtlasException;
@ -48,7 +50,6 @@ public class UserDao {
private static final Logger LOG = LoggerFactory.getLogger(UserDao.class);
private static final String DEFAULT_USER_CREDENTIALS_PROPERTIES = "users-credentials.properties";
private static final ShaPasswordEncoder sha256Encoder = new ShaPasswordEncoder(256);
private static boolean v1ValidationEnabled = true;
private static boolean v2ValidationEnabled = true;
@ -180,7 +181,7 @@ public class UserDao {
boolean ret = false;
try {
String hash = sha256Encoder.encodePassword(password, salt);
String hash = encodePassword(password, salt);
ret = hash != null && hash.equals(encryptedPwd);
} catch (Throwable excp) {
@ -233,4 +234,33 @@ public class UserDao {
throw new AtlasAuthenticationException("Exception while encoding password.", ex);
}
}
}
public static String encodePassword(String rawPass, Object salt) {
String saltedPass = mergePasswordAndSalt(rawPass, salt, false);
MessageDigest messageDigest = getMessageDigest();
byte[] digest = messageDigest.digest(Utf8.encode(saltedPass));
return new String(Hex.encode(digest));
}
protected static final MessageDigest getMessageDigest() throws IllegalArgumentException {
try {
return MessageDigest.getInstance("SHA-256");
} catch (NoSuchAlgorithmException var2) {
throw new IllegalArgumentException("No such algorithm [SHA-256 ]");
}
}
protected static String mergePasswordAndSalt(String password, Object salt, boolean strict) {
if (!StringUtils.hasText(password)) {
password = "";
}
if (strict && salt != null && (salt.toString().lastIndexOf("{") != -1 || salt.toString().lastIndexOf("}") != -1)) {
throw new IllegalArgumentException("Cannot use { or } in salt.toString()");
} else {
return StringUtils.hasText(salt.toString()) ? password + "{" + salt.toString() + "}" : password;
}
}
}

8
webapp/src/main/java/org/apache/atlas/web/util/Servlets.java
View File

@ -214,12 +214,8 @@ public final class Servlets {
}
}
public static String decodeQueryString(String query){
try {
return UriUtils.decode(query,"UTF-8");
public static String decodeQueryString(String query) {
return UriUtils.decode(query,"UTF-8");
} catch (UnsupportedEncodingException e){
return query;
}
}
}

4
webapp/src/main/webapp/WEB-INF/web.xml
View File

@ -97,10 +97,6 @@
<url-pattern>/api/atlas/admin/status</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>

5
webapp/src/test/java/org/apache/atlas/web/security/UserDaoTest.java
View File

@ -65,4 +65,9 @@ public class UserDaoTest {
assertTrue(hadException);
}
@Test
public void testUserDaowithencodePassword() {
assertTrue(UserDao.checkEncrypted("admin", "a4a88c0872bf652bb9ed803ece5fd6e82354838a9bf59ab4babb1dab322154e1", "admin"));
}
}

4
webapp/src/test/webapp/WEB-INF/web.xml
View File

@ -67,10 +67,6 @@
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>