ATLAS-4377 : Atlas - Upgrade Spring Security to 5.4.4+/5.3.8+/5.2.9+
Signed-off-by: Pinal Shah <pinal.shah@freestoneinfotech.com>
diff --git a/addons/falcon-bridge-shim/pom.xml b/addons/falcon-bridge-shim/pom.xml
index 02da049..c554e89 100755
--- a/addons/falcon-bridge-shim/pom.xml
+++ b/addons/falcon-bridge-shim/pom.xml
@@ -55,6 +55,22 @@
<groupId>org.mortbay.jetty</groupId>
<artifactId>servlet-api</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-beans</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-jms</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-tx</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-context</artifactId>
+ </exclusion>
</exclusions>
</dependency>
</dependencies>
diff --git a/addons/falcon-bridge/pom.xml b/addons/falcon-bridge/pom.xml
index e0d2f3b..de22fa5 100644
--- a/addons/falcon-bridge/pom.xml
+++ b/addons/falcon-bridge/pom.xml
@@ -70,6 +70,18 @@
<groupId>org.mortbay.jetty</groupId>
<artifactId>servlet-api</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-beans</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-jms</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-tx</artifactId>
+ </exclusion>
</exclusions>
</dependency>
diff --git a/authorization/pom.xml b/authorization/pom.xml
index 8e5a85d..7a11084 100644
--- a/authorization/pom.xml
+++ b/authorization/pom.xml
@@ -54,6 +54,7 @@
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
+ <version>${spring.security.version}</version>
</dependency>
<dependency>
diff --git a/common/src/main/java/org/apache/atlas/utils/OnAtlasPropertyCondition.java b/common/src/main/java/org/apache/atlas/utils/OnAtlasPropertyCondition.java
index ece6e37..7259036 100644
--- a/common/src/main/java/org/apache/atlas/utils/OnAtlasPropertyCondition.java
+++ b/common/src/main/java/org/apache/atlas/utils/OnAtlasPropertyCondition.java
@@ -27,7 +27,7 @@
import org.springframework.context.annotation.Condition;
import org.springframework.context.annotation.ConditionContext;
import org.springframework.core.type.AnnotatedTypeMetadata;
-import org.springframework.core.type.classreading.AnnotationMetadataReadingVisitor;
+import org.springframework.core.type.AnnotationMetadata;
public class OnAtlasPropertyCondition implements Condition {
private final Logger LOG = LoggerFactory.getLogger(OnAtlasPropertyCondition.class);
@@ -37,16 +37,18 @@
boolean matches = false;
String propertyName = (String) metadata.getAnnotationAttributes(ConditionalOnAtlasProperty.class.getName()).get("property");
boolean isDefault = (Boolean) metadata.getAnnotationAttributes(ConditionalOnAtlasProperty.class.getName()).get("isDefault");
- String className = ((AnnotationMetadataReadingVisitor) metadata).getClassName();
+ if (metadata instanceof AnnotatedTypeMetadata) {
+ String className = ((AnnotationMetadata) metadata).getClassName();
- try {
- Configuration configuration = ApplicationProperties.get();
- String configuredProperty = configuration.getString(propertyName);
- if (StringUtils.isNotEmpty(configuredProperty)) {
- matches = configuredProperty.equals(className);
- } else if (isDefault) matches = true;
- } catch (AtlasException e) {
- LOG.error("Unable to load atlas properties. Dependent bean configuration may fail");
+ try {
+ Configuration configuration = ApplicationProperties.get();
+ String configuredProperty = configuration.getString(propertyName);
+ if (StringUtils.isNotEmpty(configuredProperty)) {
+ matches = configuredProperty.equals(className);
+ } else if (isDefault) matches = true;
+ } catch (AtlasException e) {
+ LOG.error("Unable to load atlas properties. Dependent bean configuration may fail");
+ }
}
return matches;
}
diff --git a/pom.xml b/pom.xml
index 263b3e1..a3f30e8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -760,8 +760,8 @@
<solr-test-framework.version>8.6.3</solr-test-framework.version>
<solr.version>8.6.3</solr.version>
<spray.version>1.3.1</spray.version>
- <spring.security.version>4.2.17.RELEASE</spring.security.version>
- <spring.version>4.3.29.RELEASE</spring.version>
+ <spring.security.version>5.5.1</spring.security.version>
+ <spring.version>5.3.8</spring.version>
<sqoop.version>1.4.6.2.3.99.0-195</sqoop.version>
<storm.version>2.1.0</storm.version>
<surefire.forkCount>2C</surefire.forkCount>
@@ -1073,6 +1073,22 @@
<scope>import</scope>
</dependency>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-framework-bom</artifactId>
+ <version>${spring.version}</version>
+ <type>pom</type>
+ <scope>import</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-bom</artifactId>
+ <version>${spring.security.version}</version>
+ <type>pom</type>
+ <scope>import</scope>
+ </dependency>
+
<!-- commons -->
<dependency>
<groupId>commons-configuration</groupId>
@@ -1347,61 +1363,6 @@
<version>${javax.servlet.version}</version>
</dependency>
- <!-- Spring -->
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-core</artifactId>
- <version>${spring.version}</version>
- </dependency>
-
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-web</artifactId>
- <version>${spring.version}</version>
- </dependency>
-
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-webmvc</artifactId>
- <version>${spring.version}</version>
- </dependency>
-
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-core</artifactId>
- <version>${spring.security.version}</version>
- </dependency>
-
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-web</artifactId>
- <version>${spring.security.version}</version>
- </dependency>
-
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-config</artifactId>
- <version>${spring.security.version}</version>
- </dependency>
-
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-ldap</artifactId>
- <version>${spring.security.version}</version>
- </dependency>
-
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-aop</artifactId>
- <version>${spring.version}</version>
- </dependency>
-
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-test</artifactId>
- <version>${spring.version}</version>
- </dependency>
-
<!-- atlas modules -->
<dependency>
<groupId>org.apache.atlas</groupId>
diff --git a/repository/pom.xml b/repository/pom.xml
index bf34efe..1607d9a 100755
--- a/repository/pom.xml
+++ b/repository/pom.xml
@@ -180,11 +180,13 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
+ <version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
+ <version>${spring.version}</version>
</dependency>
<dependency>
diff --git a/repository/src/main/java/org/apache/atlas/GraphTransactionInterceptor.java b/repository/src/main/java/org/apache/atlas/GraphTransactionInterceptor.java
index 343d00d..c8b7ff8 100644
--- a/repository/src/main/java/org/apache/atlas/GraphTransactionInterceptor.java
+++ b/repository/src/main/java/org/apache/atlas/GraphTransactionInterceptor.java
@@ -367,13 +367,13 @@
}
};
- public void lockObject(final List<String> guids) {
+ public void lockObject(final List<?> guids) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> lockObject(): guids: {}", guids);
}
- Collections.sort(guids);
- for (String g : guids) {
+ Collections.sort((List<String>) guids);
+ for (String g : (List<String>) guids) {
lockObject(g);
}
}
diff --git a/test-tools/pom.xml b/test-tools/pom.xml
index c861ea6..991fa14 100644
--- a/test-tools/pom.xml
+++ b/test-tools/pom.xml
@@ -56,6 +56,10 @@
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-slf4j-impl</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-1.2-api</artifactId>
+ </exclusion>
</exclusions>
</dependency>
diff --git a/webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java b/webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java
index e16796f..cc23976 100644
--- a/webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java
+++ b/webapp/src/main/java/org/apache/atlas/web/dao/UserDao.java
@@ -24,11 +24,13 @@
import java.util.ArrayList;
import java.util.Properties;
import java.util.List;
+import java.security.NoSuchAlgorithmException;
import javax.annotation.PostConstruct;
import org.apache.atlas.web.security.AtlasAuthenticationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.springframework.security.authentication.encoding.ShaPasswordEncoder;
+import org.springframework.security.crypto.codec.Hex;
+import org.springframework.security.crypto.codec.Utf8;
import org.springframework.stereotype.Repository;
import org.apache.atlas.ApplicationProperties;
import org.apache.atlas.AtlasException;
@@ -48,7 +50,6 @@
private static final Logger LOG = LoggerFactory.getLogger(UserDao.class);
private static final String DEFAULT_USER_CREDENTIALS_PROPERTIES = "users-credentials.properties";
- private static final ShaPasswordEncoder sha256Encoder = new ShaPasswordEncoder(256);
private static boolean v1ValidationEnabled = true;
private static boolean v2ValidationEnabled = true;
@@ -180,7 +181,7 @@
boolean ret = false;
try {
- String hash = sha256Encoder.encodePassword(password, salt);
+ String hash = encodePassword(password, salt);
ret = hash != null && hash.equals(encryptedPwd);
} catch (Throwable excp) {
@@ -233,4 +234,33 @@
throw new AtlasAuthenticationException("Exception while encoding password.", ex);
}
}
-}
+
+ public static String encodePassword(String rawPass, Object salt) {
+ String saltedPass = mergePasswordAndSalt(rawPass, salt, false);
+ MessageDigest messageDigest = getMessageDigest();
+ byte[] digest = messageDigest.digest(Utf8.encode(saltedPass));
+
+ return new String(Hex.encode(digest));
+ }
+
+ protected static final MessageDigest getMessageDigest() throws IllegalArgumentException {
+ try {
+ return MessageDigest.getInstance("SHA-256");
+ } catch (NoSuchAlgorithmException var2) {
+ throw new IllegalArgumentException("No such algorithm [SHA-256 ]");
+ }
+ }
+
+ protected static String mergePasswordAndSalt(String password, Object salt, boolean strict) {
+ if (!StringUtils.hasText(password)) {
+ password = "";
+ }
+
+ if (strict && salt != null && (salt.toString().lastIndexOf("{") != -1 || salt.toString().lastIndexOf("}") != -1)) {
+ throw new IllegalArgumentException("Cannot use { or } in salt.toString()");
+ } else {
+ return StringUtils.hasText(salt.toString()) ? password + "{" + salt.toString() + "}" : password;
+ }
+ }
+
+}
\ No newline at end of file
diff --git a/webapp/src/main/java/org/apache/atlas/web/util/Servlets.java b/webapp/src/main/java/org/apache/atlas/web/util/Servlets.java
index 71eca2e..bc7e71b 100755
--- a/webapp/src/main/java/org/apache/atlas/web/util/Servlets.java
+++ b/webapp/src/main/java/org/apache/atlas/web/util/Servlets.java
@@ -214,12 +214,8 @@
}
}
- public static String decodeQueryString(String query){
- try {
- return UriUtils.decode(query,"UTF-8");
+ public static String decodeQueryString(String query) {
+ return UriUtils.decode(query,"UTF-8");
- } catch (UnsupportedEncodingException e){
- return query;
- }
}
}
diff --git a/webapp/src/main/webapp/WEB-INF/web.xml b/webapp/src/main/webapp/WEB-INF/web.xml
index 7fb56ef..7bc9319 100755
--- a/webapp/src/main/webapp/WEB-INF/web.xml
+++ b/webapp/src/main/webapp/WEB-INF/web.xml
@@ -98,10 +98,6 @@
</filter-mapping>
<listener>
- <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
- </listener>
-
- <listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
diff --git a/webapp/src/test/java/org/apache/atlas/web/security/UserDaoTest.java b/webapp/src/test/java/org/apache/atlas/web/security/UserDaoTest.java
index 519be80..1422799 100644
--- a/webapp/src/test/java/org/apache/atlas/web/security/UserDaoTest.java
+++ b/webapp/src/test/java/org/apache/atlas/web/security/UserDaoTest.java
@@ -65,4 +65,9 @@
assertTrue(hadException);
}
+ @Test
+ public void testUserDaowithencodePassword() {
+ assertTrue(UserDao.checkEncrypted("admin", "a4a88c0872bf652bb9ed803ece5fd6e82354838a9bf59ab4babb1dab322154e1", "admin"));
+ }
+
}
\ No newline at end of file
diff --git a/webapp/src/test/webapp/WEB-INF/web.xml b/webapp/src/test/webapp/WEB-INF/web.xml
index 2388fbf..fd1d492 100755
--- a/webapp/src/test/webapp/WEB-INF/web.xml
+++ b/webapp/src/test/webapp/WEB-INF/web.xml
@@ -68,10 +68,6 @@
</filter-mapping>
<listener>
- <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
- </listener>
-
- <listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
