DHFPROD-9530: Access HubCentral on ML Cloud

Author: rahulvudutala

marklogic-data-hub-central/src/main/java/com/marklogic/hub/central/CloudParameters.java

@@ -0,0 +1,29 @@
+package com.marklogic.hub.central;
+
+import java.util.HashMap;
+import java.util.Map;
+
+public class CloudParameters {
+    public static String ML_HOST = "localhost";
+    public static int ML_REVERSE_PROXY_PORT = 443;
+    public static String AUTHENTICATION_TYPE = "";
+    public static String HC_BASE_PATH = "";
+    public static String STAGING_BASE_PATH = "";
+    public static String FINAL_BASE_PATH = "";
+    public static String JOB_BASE_PATH = "";
+    public static String MANAGE_BASE_PATH = "";
+    public static String APP_SERVICES_BASE_PATH = "";
+    public static String ADMIN_BASE_PATH = "";
+
+    public static void updateCloudParameters(Map<String, String> cloudProperties) {
+        ML_HOST = cloudProperties.get("mlHost");
+        AUTHENTICATION_TYPE = cloudProperties.get("mlAuthentication");
+        HC_BASE_PATH = cloudProperties.get("mlHcBasePath");
+        STAGING_BASE_PATH = cloudProperties.get("mlStagingBasePath");
+        FINAL_BASE_PATH = cloudProperties.get("mlFinalBasePath");
+        JOB_BASE_PATH = cloudProperties.get("mlJobBasePath");
+        MANAGE_BASE_PATH = cloudProperties.get("mlManageBasePath");
+        APP_SERVICES_BASE_PATH = cloudProperties.get("mlAppServicesBasePath");
+        ADMIN_BASE_PATH = cloudProperties.get("mlAdminBasePath");
+    }
+}

marklogic-data-hub-central/src/main/java/com/marklogic/hub/central/HubCentral.java

@@ -1,11 +1,13 @@
 package com.marklogic.hub.central;
 
 import com.marklogic.client.DatabaseClient;
+import com.marklogic.client.DatabaseClientFactory;
 import com.marklogic.client.ext.ConfiguredDatabaseClientFactory;
 import com.marklogic.client.ext.DatabaseClientConfig;
 import com.marklogic.client.ext.DefaultConfiguredDatabaseClientFactory;
 import com.marklogic.client.ext.SecurityContextType;
 import com.marklogic.client.ext.helper.LoggingObject;
+import com.marklogic.client.ext.modulesloader.ssl.SimpleX509TrustManager;
 import com.marklogic.hub.impl.HubConfigImpl;
 import com.marklogic.mgmt.util.PropertySource;
 import org.springframework.beans.factory.InitializingBean;
@@ -14,6 +16,7 @@
 import org.springframework.core.env.Environment;
 import org.springframework.stereotype.Component;
 
+import javax.net.ssl.SSLContext;
 import java.util.Properties;
 
 /**
@@ -55,6 +58,38 @@ public HubConfigImpl newHubConfig(String username, String password) {
         return hubConfig;
     }
 
+    /**
+     * This constructs a HubConfigImpl by starting with the default property values in HubConfigImpl, and then applying
+     * properties based on the Spring environment of this application plus the username/password provided by the user
+     * logging in.
+     *
+     * @param cloudApiKey
+     * @return
+     */
+    public HubConfigImpl newHubConfig(String cloudApiKey) {
+        HubConfigImpl hubConfig = new HubConfigImpl();
+        DatabaseClient client = getStagingDbClient(cloudApiKey);
+        Properties primaryProperties = hubConfig.getHubPropertiesFromDb(client);
+        primaryProperties.setProperty("mlCloudApiKey", cloudApiKey);
+        primaryProperties.setProperty("mlStagingBasePath", CloudParameters.STAGING_BASE_PATH);
+        primaryProperties.setProperty("mlFinalBasePath", CloudParameters.FINAL_BASE_PATH);
+        primaryProperties.setProperty("mlJobBasePath", CloudParameters.JOB_BASE_PATH);
+
+        primaryProperties.setProperty("mlManageBasePath", CloudParameters.MANAGE_BASE_PATH);
+        primaryProperties.setProperty("mlAppServicesBasePath", CloudParameters.APP_SERVICES_BASE_PATH);
+        primaryProperties.setProperty("mlAdminBasePath", CloudParameters.ADMIN_BASE_PATH);
+
+        primaryProperties.setProperty("mlAdminSimpleSsl", "true");
+        primaryProperties.setProperty("mlManageSimpleSsl", "true");
+        primaryProperties.setProperty("mlAppServicesSimpleSsl", "true");
+
+        primaryProperties.setProperty("mlAuthentication", CloudParameters.AUTHENTICATION_TYPE);
+        primaryProperties.setProperty("mlSslHostnameVerifier", "ANY");
+        primaryProperties.setProperty("mlManageAuthentication", "cloud");
+        hubConfig.applyProperties(buildPropertySource(primaryProperties));
+        return hubConfig;
+    }
+
     /**
      * Construct a PropertySource based on the properties in the Spring Boot environment plus the given username and
      * password, which are supplied when a user authenticates.
@@ -70,7 +105,10 @@ protected PropertySource buildPropertySource(String username, String password) {
     protected PropertySource buildPropertySource(String username, String password, Properties primaryProperties) {
         primaryProperties.setProperty("mlUsername", username);
         primaryProperties.setProperty("mlPassword", password);
+        return buildPropertySource(primaryProperties);
+    }
 
+    protected PropertySource buildPropertySource(Properties primaryProperties) {
         return propertyName -> {
             String value = primaryProperties.getProperty(propertyName);
             if (!propertyName.equals("mlUsername") && !propertyName.equals("mlPassword") && environment.getProperty(propertyName) != null) {
@@ -81,20 +119,53 @@ protected PropertySource buildPropertySource(String username, String password, P
     }
 
     private DatabaseClient getStagingDbClient(String username, String password) {
-        ConfiguredDatabaseClientFactory configuredDatabaseClientFactory = new DefaultConfiguredDatabaseClientFactory();
-        DatabaseClientConfig config = new DatabaseClientConfig("localhost", 8010, username, password);
-        config.setSecurityContextType(SecurityContextType.valueOf("DIGEST"));
+        DatabaseClientConfig config = new DatabaseClientConfig();
+        config.setUsername(username);
+        config.setPassword(password);
+        config.setCloudApiKey("");
+        return getStagingDbClient(config);
+    }
 
-        if(environment.getProperty("mlHost") != null) {
-            config.setHost(environment.getProperty("mlHost"));
-        }
+    private DatabaseClient getStagingDbClient(String cloudApiKey) {
+        DatabaseClientConfig config = new DatabaseClientConfig();
+        config.setCloudApiKey(cloudApiKey);
 
-        if(environment.getProperty("mlStagingPort") != null) {
-            config.setPort(Integer.parseInt(environment.getProperty("mlStagingPort")));
-        }
+        SSLContext stagingSslContext = SimpleX509TrustManager.newSSLContext();
+        DatabaseClientFactory.SSLHostnameVerifier stagingSslHostnameVerifier = DatabaseClientFactory.SSLHostnameVerifier.ANY;
+        SimpleX509TrustManager stagingTrustManager = new SimpleX509TrustManager();
+
+        config.setSslHostnameVerifier(stagingSslHostnameVerifier);
+        config.setSslContext(stagingSslContext);
+        config.setCertFile(null);
+        config.setCertPassword(null);
+        config.setExternalName(null);
+        config.setTrustManager(stagingTrustManager);
+        config.setUsername("");
+        config.setPassword("");
 
-        if(environment.getProperty("mlStagingAuth") != null) {
-            config.setSecurityContextType(SecurityContextType.valueOf(environment.getProperty("mlStagingAuth").toUpperCase()));
+        return getStagingDbClient(config);
+    }
+
+    private DatabaseClient getStagingDbClient(DatabaseClientConfig config) {
+        ConfiguredDatabaseClientFactory configuredDatabaseClientFactory = new DefaultConfiguredDatabaseClientFactory();
+        if(CloudParameters.AUTHENTICATION_TYPE.equals("cloud")) {
+            config.setHost(CloudParameters.ML_HOST);
+            config.setPort(CloudParameters.ML_REVERSE_PROXY_PORT);
+            config.setBasePath(CloudParameters.STAGING_BASE_PATH);
+            config.setSecurityContextType(SecurityContextType.CLOUD);
+        } else {
+            config.setHost(environment.getProperty("mlHost") != null ?
+                environment.getProperty("mlHost") :
+                "localhost"
+            );
+            config.setPort(environment.getProperty("mlStagingPort") != null ?
+                Integer.parseInt(environment.getProperty("mlStagingPort")) :
+                8010
+            );
+            config.setSecurityContextType(environment.getProperty("mlStagingAuth") != null ?
+                SecurityContextType.valueOf(environment.getProperty("mlStagingAuth").toUpperCase()) :
+                SecurityContextType.valueOf("DIGEST")
+            );
         }
         // Need to work on SSL
         return configuredDatabaseClientFactory.newDatabaseClient(config);

marklogic-data-hub-central/src/main/java/com/marklogic/hub/central/auth/AuthenticationFilter.java

@@ -18,10 +18,12 @@
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.marklogic.client.FailedRequestException;
+import com.marklogic.hub.central.CloudParameters;
 import com.marklogic.hub.central.HttpSessionHubClientProvider;
 import com.marklogic.hub.central.HubCentral;
 import com.marklogic.hub.dataservices.HubCentralService;
 import com.marklogic.hub.impl.HubConfigImpl;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.core.Authentication;
@@ -30,7 +32,6 @@
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
-import org.springframework.util.StringUtils;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -79,15 +80,19 @@ public Authentication attemptAuthentication(HttpServletRequest request, HttpServ
      * @param password
      */
     protected AuthenticationToken authenticateUser(String username, String password) {
-        if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
-            throw new BadCredentialsException("Unauthorized");
-        }
 
-        username = username.trim();
+        if(!CloudParameters.AUTHENTICATION_TYPE.equalsIgnoreCase("cloud")) {
+            if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
+                throw new BadCredentialsException("Unauthorized");
+            }
+
+            username = username.trim();
+
+            HubConfigImpl hubClientConfig = hubCentral.newHubConfig(username, password);
+            hubClientProvider.setHubClientConfig(hubClientConfig);
+            hubClientProvider.setHubClientDelegate(hubClientConfig.newHubClient());
+        }
 
-        HubConfigImpl hubClientConfig = hubCentral.newHubConfig(username, password);
-        hubClientProvider.setHubClientConfig(hubClientConfig);
-        hubClientProvider.setHubClientDelegate(hubClientConfig.newHubClient());
         List<GrantedAuthority> authorities = new ArrayList<>();
         JsonNode response;
         try {

marklogic-data-hub-central/src/main/java/com/marklogic/hub/central/controllers/SinglePageAppController.java

@@ -1,21 +1,84 @@
 package com.marklogic.hub.central.controllers;
 
+import com.marklogic.hub.central.CloudParameters;
+import com.marklogic.hub.central.HttpSessionHubClientProvider;
+import com.marklogic.hub.central.HubCentral;
+import com.marklogic.hub.impl.HubConfigImpl;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.web.servlet.error.ErrorController;
+import org.springframework.core.env.Environment;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.stream.Collectors;
+
 @Controller
 public class SinglePageAppController implements ErrorController {
 
+    @Autowired
+    HubCentral hubCentral;
+
+    @Autowired
+    HttpSessionHubClientProvider hubClientProvider;
+
+    @Autowired
+    Environment environment;
+
+
     /**
      * Used when running HC as an executable war file; not used when running it locally for development purposes, as the
      * local Node server handles this route instead.
      *
      * @return
      */
     @RequestMapping(value = {"/"})
-    public String index() {
+    public String index(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
+        if(environment.getProperty("mlAuthentication").equalsIgnoreCase("cloud")) {
+            Map<String, String> headers = getHeadersMap(httpServletRequest);
+            CloudParameters.updateCloudParameters(headers);
+            createHubConfigurations(headers.getOrDefault("mlCloudApiKey", ""));
+            addCookiesToResponse(httpServletResponse);
+        }
         return "forward:index.html";
     }
 
+    private void createHubConfigurations(String cloudApikey) {
+        HubConfigImpl hubClientConfig = hubCentral.newHubConfig(cloudApikey);
+        hubClientProvider.setHubClientConfig(hubClientConfig);
+        hubClientProvider.setHubClientDelegate(hubClientConfig.newHubClient());
+    }
+
+    private Map<String, String> getHeadersMap(HttpServletRequest httpServletRequest) {
+        Map<String, String> headers = new HashMap<>();
+        Collections.list(httpServletRequest.getHeaderNames()).stream()
+            .collect(Collectors.toMap(h -> h, httpServletRequest::getHeader));
+        // These values are for testing
+        addHeadersFromCloudForTesting(headers);
+        return headers;
+    }
+
+    private void addHeadersFromCloudForTesting(Map<String, String> headers) {
+        headers.put("mlCloudApiKey", "hub-developer:password");
+        headers.put("mlHost", "localhost");
+        headers.put("mlAuthentication", "cloud");
+        headers.put("mlManageAuthentication", "cloud");
+        headers.put("mlHcBasePath", "/hc");
+        headers.put("mlStagingBasePath", "/data-hub/staging");
+        headers.put("mlFinalBasePath", "/data-hub/final");
+        headers.put("mlJobBasePath", "/data-hub/jobs");
+        headers.put("mlManageBasePath", "/local/manage");
+        headers.put("mlAppServicesBasePath", "/local/app-services");
+        headers.put("mlAdminBasePath", "/local/admin");
+    }
+
+    private void addCookiesToResponse(HttpServletResponse response) {
+        response.addCookie(new Cookie("mlHcBasePath", "/hc"));
+        response.addCookie(new Cookie("mlAuthentication", "cloud"));
+    }
 }

marklogic-data-hub-central/src/main/resources/application-cloud.properties

@@ -0,0 +1 @@
+mlAuthentication=cloud

marklogic-data-hub-central/ui/package.json

@@ -2,6 +2,7 @@
   "name": "marklogic-data-hub-central",
   "version": "0.1.0",
   "private": true,
+  "homepage": "./",
   "dependencies": {
     "@emotion/css": "^11.1.3",
     "@fortawesome/fontawesome-svg-core": "^1.2.28",