Skip to content

S
SkyWalking

apache / SkyWalking
上一次同步 1 年多

通知 302
Star 21345
Fork 6091
S
SkyWalking

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

未验证 提交 963ac5d3 编写于 作者: wu-sheng's avatar wu-sheng 提交者: GitHub
浏览文件
操作

Remove login permanently. (#2912) 

* Remove login permanently.

* Sync UI change.

* Delete `org.apache.skywalking.apm.webapp.security`

* Delete tests.
上级 ef68b3f2
隐藏空白更改
内联 并排
Showing with 1 addition and 549 deletion
apm-webapp/src/main/assembly/webapp.yml
浏览文件 @ 963ac5d3
......@@ -24,9 +24,3 @@ collector:
# Point to all backend's restHost:restPort, split by ,
listOfServers: 127.0.0.1:12800
security:
user:
# username
admin:
# password
password: admin
apm-webapp/src/main/java/org/apache/skywalking/apm/webapp/security/Account.java 已删除 100644 → 0
浏览文件 @ ef68b3f2
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package org.apache.skywalking.apm.webapp.security;
/**
* Account of Login.
*
* @author gaohongtao
*/
public interface Account {
String userName();
String password();
}
apm-webapp/src/main/java/org/apache/skywalking/apm/webapp/security/LoginFilter.java 已删除 100644 → 0
浏览文件 @ ef68b3f2
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package org.apache.skywalking.apm.webapp.security;
import com.google.gson.Gson;
import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
import java.io.IOException;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Component;
import org.springframework.util.ReflectionUtils;
import static org.springframework.cloud.netflix.zuul.filters.support.FilterConstants.PRE_DECORATION_FILTER_ORDER;
/**
* Filter login request.
*
* @author gaohongtao
*/
@Component
public class LoginFilter extends ZuulFilter {
private static final String REQUEST_URI = "requestURI";
private static final String LOGIN_URI = "/login/account";
private static final int ORDER = PRE_DECORATION_FILTER_ORDER + 1;
private final UserChecker checker;
public LoginFilter(final UserChecker checker) {
this.checker = checker;
}
@Override public String filterType() {
return "pre";
}
@Override public int filterOrder() {
return ORDER;
}
@Override public boolean shouldFilter() {
RequestContext ctx = RequestContext.getCurrentContext();
return ctx.get(REQUEST_URI).equals(LOGIN_URI);
}
@Override public Object run() {
RequestContext ctx = RequestContext.getCurrentContext();
Account loginAccount = null;
try {
loginAccount = ReaderAccount.newReaderAccount(ctx.getRequest().getReader());
} catch (IOException e) {
ReflectionUtils.rethrowRuntimeException(e);
}
Gson gson = new Gson();
String resStr;
if (checker.check(loginAccount)) {
resStr = gson.toJson(new ResponseData("ok", "admin"));
} else {
resStr = gson.toJson(new ResponseData("error", "guest"));
}
HttpServletResponse response = ctx.getResponse();
response.setContentType("application/json");
response.setCharacterEncoding("UTF-8");
ctx.setResponseStatusCode(HttpServletResponse.SC_OK);
ctx.setResponseBody(resStr);
ctx.setSendZuulResponse(false);
return null;
}
private static class ResponseData {
private final String status;
private final String currentAuthority;
ResponseData(final String status, final String currentAuthority) {
this.status = status;
this.currentAuthority = currentAuthority;
}
}
}
apm-webapp/src/main/java/org/apache/skywalking/apm/webapp/security/ReaderAccount.java 已删除 100644 → 0
浏览文件 @ ef68b3f2
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package org.apache.skywalking.apm.webapp.security;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import java.io.BufferedReader;
/**
* A container of login information.
*
* @author gaohongtao
*/
class ReaderAccount implements Account {
private final static Gson GSON = new GsonBuilder().disableHtmlEscaping()
.setLenient().create();
private String userName;
private String password;
static ReaderAccount newReaderAccount(final BufferedReader accountReader) {
return GSON.fromJson(accountReader, ReaderAccount.class);
}
public String userName() {
return userName;
}
public String password() {
return password;
}
}
apm-webapp/src/main/java/org/apache/skywalking/apm/webapp/security/UserChecker.java 已删除 100644 → 0
浏览文件 @ ef68b3f2
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package org.apache.skywalking.apm.webapp.security;
import com.google.common.base.Strings;
import java.util.HashMap;
import java.util.Map;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.stereotype.Component;
/**
* A Checker to check username and password.
*
* @author gaohongtao
*/
@Component
@ConfigurationProperties(prefix = "security")
public class UserChecker {
private Map<String, User> user = new HashMap<>();
public Map<String, User> getUser() {
return user;
}
boolean check(Account account) {
if (Strings.isNullOrEmpty(account.userName()) || Strings.isNullOrEmpty(account.password())) {
return false;
}
if (!user.containsKey(account.userName())) {
return false;
}
return user.get(account.userName()).password.equals(account.password());
}
public static class User {
private String password;
public void setPassword(String password) {
this.password = password;
}
}
}
apm-webapp/src/main/resources/application.yml
浏览文件 @ 963ac5d3
......@@ -33,11 +33,6 @@ collector:
# Point to all backend's restHost:restPort, split by ,
listOfServers: 127.0.0.1:12800
security:
user:
admin:
password: admin
spring:
resources:
add-mappings: false
......
apm-webapp/src/test/java/org/apache/skywalking/apm/webapp/security/LoginFilterTest.java 已删除 100644 → 0
浏览文件 @ ef68b3f2
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package org.apache.skywalking.apm.webapp.security;
import com.netflix.zuul.context.RequestContext;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import static org.hamcrest.core.Is.is;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue;
import static org.springframework.cloud.netflix.zuul.filters.support.FilterConstants.PRE_DECORATION_FILTER_ORDER;
public class LoginFilterTest {
private LoginFilter loginFilter;
@Before
public void setUp() {
UserChecker checker = new UserChecker();
UserChecker.User user = new UserChecker.User();
user.setPassword("admin");
checker.getUser().put("admin", user);
loginFilter = new LoginFilter(checker);
}
@After
public void tearDown() {
RequestContext.testSetCurrentContext(null);
}
@Test
public void assertFilterType() {
assertThat(loginFilter.filterType(), is("pre"));
}
@Test
public void assertFilterOrder() {
assertThat(loginFilter.filterOrder(), is(PRE_DECORATION_FILTER_ORDER + 1));
}
@Test
public void assertShouldFilter() {
RequestContext ctx = new RequestContext();
ctx.set("requestURI", "/login/account");
RequestContext.testSetCurrentContext(ctx);
assertTrue(loginFilter.shouldFilter());
ctx.set("requestURI", "/dashboard");
assertFalse(loginFilter.shouldFilter());
}
}
\ No newline at end of file
apm-webapp/src/test/java/org/apache/skywalking/apm/webapp/security/LoginTest.java 已删除 100644 → 0
浏览文件 @ ef68b3f2
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package org.apache.skywalking.apm.webapp.security;
import com.netflix.zuul.context.RequestContext;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.StringReader;
import java.lang.reflect.UndeclaredThrowableException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.runners.MockitoJUnitRunner;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
@RunWith(MockitoJUnitRunner.class)
public class LoginTest {
private LoginFilter loginFilter;
@Mock
private RequestContext ctx;
@Mock
private HttpServletRequest request;
@Mock
private HttpServletResponse response;
@Before
public void setUp() {
UserChecker checker = new UserChecker();
UserChecker.User user = new UserChecker.User();
user.setPassword("admin");
checker.getUser().put("admin", user);
loginFilter = new LoginFilter(checker);
when(ctx.getRequest()).thenReturn(request);
when(ctx.getResponse()).thenReturn(response);
RequestContext.testSetCurrentContext(ctx);
}
@Test
public void assertSuccessLogin() throws IOException {
when(request.getReader()).thenReturn(new BufferedReader(new StringReader("{\"userName\": \"admin\", \"password\":\"admin\"}")));
loginFilter.run();
assertHeaderAndStatusCode();
verify(ctx).setResponseBody("{\"status\":\"ok\",\"currentAuthority\":\"admin\"}");
}
@Test
public void assertFailLogin() throws IOException {
when(request.getReader()).thenReturn(new BufferedReader(new StringReader("{\"userName\": \"admin\", \"password\":\"888888\"}")));
loginFilter.run();
assertHeaderAndStatusCode();
verify(ctx).setResponseBody("{\"status\":\"error\",\"currentAuthority\":\"guest\"}");
}
@Test(expected = UndeclaredThrowableException.class)
public void assertException() throws IOException {
when(request.getReader()).thenThrow(new IOException());
loginFilter.run();
}
private void assertHeaderAndStatusCode() {
verify(ctx).setResponseStatusCode(HttpServletResponse.SC_OK);
verify(response).setContentType("application/json");
verify(response).setCharacterEncoding("UTF-8");
}
}
apm-webapp/src/test/java/org/apache/skywalking/apm/webapp/security/ReaderAccountTest.java 已删除 100644 → 0
浏览文件 @ ef68b3f2
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package org.apache.skywalking.apm.webapp.security;
import java.io.BufferedReader;
import java.io.StringReader;
import org.junit.Test;
import static org.hamcrest.core.Is.is;
import static org.junit.Assert.*;
public class ReaderAccountTest {
@Test
public void assertNewReaderAccount() {
Account account = ReaderAccount.newReaderAccount(new BufferedReader(new StringReader("{\"userName\": \"admin\", \"password\":\"888888\"}")));
assertThat(account.userName(), is("admin"));
assertThat(account.password(), is("888888"));
}
}
\ No newline at end of file
apm-webapp/src/test/java/org/apache/skywalking/apm/webapp/security/UserCheckerTest.java 已删除 100644 → 0
浏览文件 @ ef68b3f2
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package org.apache.skywalking.apm.webapp.security;
import org.junit.Test;
import static org.junit.Assert.*;
public class UserCheckerTest {
@Test
public void assertCheckSuccess() {
UserChecker checker = new UserChecker();
UserChecker.User user = new UserChecker.User();
user.setPassword("888888");
checker.getUser().put("admin", user);
assertTrue(checker.check(new Account() {
@Override public String userName() {
return "admin";
}
@Override public String password() {
return "888888";
}
}));
}
@Test
public void assertCheckFail() {
UserChecker checker = new UserChecker();
UserChecker.User user = new UserChecker.User();
user.setPassword("123456");
checker.getUser().put("guest", user);
assertFalse(checker.check(new Account() {
@Override public String userName() {
return "admin";
}
@Override public String password() {
return "888888";
}
}));
assertFalse(checker.check(new Account() {
@Override public String userName() {
return "guest";
}
@Override public String password() {
return "888888";
}
}));
assertFalse(checker.check(new Account() {
@Override public String userName() {
return "admin";
}
@Override public String password() {
return "123456";
}
}));
assertFalse(checker.check(new Account() {
@Override public String userName() {
return "";
}
@Override public String password() {
return "123456";
}
}));
assertFalse(checker.check(new Account() {
@Override public String userName() {
return "admin";
}
@Override public String password() {
return "";
}
}));
}
}
\ No newline at end of file
docs/en/setup/backend/ui-setup.md
浏览文件 @ 963ac5d3
......@@ -9,7 +9,6 @@ Setting file of UI is `webapp/webapp.yml` in distribution package. It is consti
1. Listening port.
1. Backend connect info.
1. Auth setting.
```yaml
server:
......@@ -22,12 +21,5 @@ collector:
# Point to all backend's restHost:restPort, split by ,
listOfServers: 10.2.34.1:12800,10.2.34.2:12800
security:
user:
# username
admin:
# password
password: admin
```
skywalking-ui @ 19277949
比较 40036f4c...19277949
Subproject commit 40036f4cba9017d3727f06e5a597aec8183edf8b
Subproject commit 19277949a2883e034a914ab8b9e883e12abe23a6
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册