Add security feature for the RestFULL API. Do as the following steps to use this feature. Step 1.Set server.seurity to true in properity file. Step 2.Add user accounts in security/securityFile.txt according to the format username:passwd:role Notice:This feature supports auto reloading the user accounts in the securityFile.txt

Author: tinawenqiao

docs/index.pdf

@@ -80,6 +80,11 @@
             <artifactId>spring-boot-starter-web</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter</artifactId>
@@ -243,6 +248,12 @@
             <artifactId>snakeyaml</artifactId>
             <version>${snakeyaml.version}</version>
         </dependency>
+        <dependency>
+            <groupId>net.sf.json-lib</groupId>
+            <artifactId>json-lib</artifactId>
+            <version>2.4</version>
+            <classifier>jdk15</classifier>
+        </dependency>
     </dependencies>
 
     <build>

pom.xml

@@ -0,0 +1,2 @@
+admin:admin1234:admin
+tina:tina1234:user

security/securityFile.txt

@@ -0,0 +1,53 @@
+package org.gnuhpc.bigdata.config;
+
+import net.sf.json.JSONObject;
+import net.sf.json.JsonConfig;
+import net.sf.json.processors.JsonValueProcessor;
+import org.gnuhpc.bigdata.exception.RestErrorResponse;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.time.LocalDateTime;
+import java.time.format.DateTimeFormatter;
+
+@Component
+public class BasicAuthenticationPoint extends BasicAuthenticationEntryPoint {
+  @Override
+  public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authEx)
+          throws IOException, ServletException {
+    response.addHeader("WWW-Authenticate", "Basic realm=" +getRealmName());
+    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+    String error = "Authenciation Error:" + authEx.getClass().getCanonicalName();
+    RestErrorResponse restAuthenticationError = new RestErrorResponse(HttpStatus.UNAUTHORIZED, error, authEx);
+    /**
+     * Translate field LocalDateTime to uniform the response format.
+     */
+    JsonConfig jsonConfig = new JsonConfig();
+    jsonConfig.registerJsonValueProcessor(LocalDateTime.class, new JsonValueProcessor() {
+      DateTimeFormatter df = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss");
+      @Override
+      public Object processObjectValue(String propertyName, Object date,JsonConfig config) {
+        return df.format((LocalDateTime)date);
+      }
+
+      @Override
+      public Object processArrayValue(Object date, JsonConfig config) {
+        return df.format((LocalDateTime)date);
+      }
+    });
+
+    response.getWriter().print(JSONObject.fromObject(restAuthenticationError, jsonConfig).toString());
+  }
+
+  @Override
+  public void afterPropertiesSet() throws Exception {
+    setRealmName("Contact Big Data Infrastructure Team to get available accounts.");
+    super.afterPropertiesSet();
+  }
+}

src/main/java/org/gnuhpc/bigdata/config/BasicAuthenticationPoint.java

@@ -0,0 +1,51 @@
+package org.gnuhpc.bigdata.config;
+
+import org.gnuhpc.bigdata.service.UserDetailsServiceImp;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
+@EnableWebSecurity
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+  @Autowired
+  private BasicAuthenticationPoint basicAuthenticationPoint;
+
+  @Bean
+  public UserDetailsService userDetailsService() {
+    return new UserDetailsServiceImp();
+  };
+
+  @Bean
+  public BCryptPasswordEncoder passwordEncoder() {
+    return new BCryptPasswordEncoder();
+  };
+
+  @Value("${server.security}")
+  private boolean security;
+
+  @Override
+  protected void configure(HttpSecurity http) throws Exception {
+    http.csrf().disable();
+    if (security) {
+      http.authorizeRequests().antMatchers("/api", "/swagger-ui.html", "/webjars/**", "/swagger-resources/**", "/v2/**").permitAll()
+              .anyRequest().authenticated();
+      http.httpBasic().authenticationEntryPoint(basicAuthenticationPoint);
+      http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+    } else {
+      http.authorizeRequests().antMatchers("/**").permitAll()
+              .anyRequest().authenticated();
+    }
+  }
+
+  @Autowired
+  public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+    auth.userDetailsService(userDetailsService()).passwordEncoder(passwordEncoder());
+  }
+}

src/main/java/org/gnuhpc/bigdata/config/WebSecurityConfig.java

@@ -0,0 +1,18 @@
+package org.gnuhpc.bigdata.model;
+
+import lombok.Getter;
+import lombok.Setter;
+
+@Getter
+@Setter
+public class User {
+  private String username;
+  private String password;
+  private String role;
+
+  public User(String username, String password, String role) {
+    this.username = username;
+    this.password = password;
+    this.role = role;
+  }
+}

src/main/java/org/gnuhpc/bigdata/model/User.java

@@ -0,0 +1,103 @@
+package org.gnuhpc.bigdata.service;
+
+import com.google.common.util.concurrent.ThreadFactoryBuilder;
+import lombok.extern.log4j.Log4j;
+import org.gnuhpc.bigdata.model.User;
+import org.springframework.security.core.userdetails.User.UserBuilder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
+import java.io.*;
+import java.util.ArrayList;
+import java.util.concurrent.Executors;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.TimeUnit;
+
+@Log4j
+public class UserDetailsServiceImp implements UserDetailsService {
+  private ScheduledExecutorService securityFileChecker;
+  private int checkInitDelay = 30;
+  private int checkSecurityInterval = 60;
+  private ArrayList<User> userList = null;
+
+  public UserDetailsServiceImp() {
+    securityFileChecker = Executors.newSingleThreadScheduledExecutor(
+            new ThreadFactoryBuilder().setNameFormat("securityFileChecker").build());
+    securityFileChecker.scheduleWithFixedDelay(new securityFileCheckerRunnable(),
+            checkInitDelay, checkSecurityInterval, TimeUnit.SECONDS);
+    userList = fetchUserListFromSecurtiyFile();
+  }
+
+  @Override
+  public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+    User user = findUserByUsername(username);
+
+    UserBuilder builder = null;
+    if (user != null) {
+      builder = org.springframework.security.core.userdetails.User.withUsername(username);
+      builder.password(new BCryptPasswordEncoder().encode(user.getPassword()));
+      builder.roles(user.getRole());
+    } else {
+      throw new UsernameNotFoundException("User not found.");
+    }
+
+    return builder.build();
+  }
+
+  private User findUserByUsername(String username) {
+    for (User user:userList) {
+      if (username.equals(user.getUsername())) {
+        return user;
+      }
+    }
+    return null;
+  }
+
+  private ArrayList<User> fetchUserListFromSecurtiyFile() {
+    ArrayList userList = new ArrayList();
+    File tempFile = new File("");
+    String securityFilePath = "";
+    try {
+      String projectRootPath = tempFile.getCanonicalPath();
+      securityFilePath = projectRootPath + File.separator + "security/securityFile.txt";
+      FileInputStream inputStream = new FileInputStream(securityFilePath);
+      BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
+      String usernameAndPwd;
+      int lineNum = 0;
+      while((usernameAndPwd = bufferedReader.readLine()) != null)
+      {
+        lineNum++;
+        String[] strArray = usernameAndPwd.split(":");
+        if (strArray.length < 3) {
+          log.error("Security file:" + securityFilePath + ",line " + lineNum + " is " +
+                  usernameAndPwd + ". The correct format should be username:passwd:role.");
+        } else {
+          String usernameInFile = strArray[0];
+          String pwdInFile = strArray[1];
+          String userRole = strArray[2];
+          userList.add(new User(usernameInFile, pwdInFile, userRole));
+        }
+      }
+      inputStream.close();
+      bufferedReader.close();
+    } catch (FileNotFoundException fileNotFoundException) {
+      log.error("Security file in path: " + securityFilePath + " does not exist.", fileNotFoundException);
+    } catch (IOException ioException) {
+      log.error("Security file process exception.", ioException);
+    }
+    return userList;
+  }
+
+  private class securityFileCheckerRunnable implements Runnable {
+    @Override
+    public void run() {
+      try {
+        userList = fetchUserListFromSecurtiyFile();
+      } catch (Throwable t) {
+        log.error("Uncaught exception in securityFileChecker thread", t);
+      }
+    }
+  }
+}

src/main/java/org/gnuhpc/bigdata/service/UserDetailsServiceImp.java

@@ -19,6 +19,7 @@ server:
   port: 8121
   context-path: /
   debug: true
+  security: false
 
 spring:
   kafka: