1.Change hashmap traverse to java 8 code style. 2.Add security feature in readme.

tinawenqiao · tinawenqiao · commit 6416d37cee2b · 2018-06-01T11:23:08.000+08:00
diff --git a/README.adoc b/README.adoc
@@ -15,6 +15,7 @@ Kafka/ZK REST API is to provide the production-ready endpoints to perform some a
 * Consumer Group Lag check
 * Collect JMX metrics from brokers that expose JMX metrics +
   More details refer to https://github.com/gnuhpc/Kafka-zk-restapi/blob/master/docs/JMXCollector.adoc[JMXCollector API Specification]
+* Secure the REST API with Spring Security
 // end::base-t[]
 
 image::https://raw.githubusercontent.com/gnuhpc/Kafka-zk-restapi/master/pics/ShowApi.png[API]
@@ -38,12 +39,46 @@ Change the following settings of application-home.yml in src/main/resources to v
 kafka.brokers
 zookeeper.uris
 
+Change security related parameters in application config file:
+See below: <<_security,'How to config security'>>
+
+server.security.check
+server.security.checkInitDelay
+server.security.checkSecurityInterval
+
+If you want to use JMX Query Filter function, you can add your own custom filter files to JMXFilterTemplate directory in project root folder.
+More details refer to https://github.com/gnuhpc/Kafka-zk-restapi/blob/master/docs/JMXCollector.adoc[JMXCollector API Specification]
+
 #mvn clean package -Dmaven.test.skip=true+
 
 You will find zip/tar under directory: Kafka-zk-restapi/target
 
 You can get it running by unzip/untaring the distribution package and run bin/start.sh
 
+[[_security]]
+=== Security
+Public REST services without access control make the sensitive data under risk.Then we provide a simple authentication mechanism using Spring Security.
+In order to make the project lighter, we use yml file to store user information, not using database.
+
+Follow the steps to enable security feature：
+
+Step 1：Modify the application config file and set server.security.check to true. +
+
+* server.security.check:
+  ** True: Add security for the API. Clients can access the API with valid username and password stored in security.yml, or the Swagger UI(http://127.0.0.1:8121/api) is only
+                        allowed to access.
+  ** False: All the endpoints can be accessed without authentication.
+* server.security.checkInitDelay: The number of seconds of init delay for the timing thread to check the security file.
+* server.security.checkSecurityInterval: The number of seconds of check interval for the timing thread to check the security file.
+
+Step 2: Make sure security/security.yml exist in application root folder.
+
+Step 3: Use user controller API to add user to security file security/security.yml. +
+**Notice**:
+
+* The first user should be added manually. Password need to be encoded using bcrypt before saving to the yml file.For convenience, we provide CommonUtils to encode the password.
+* No need to restart server after adding new user or update user info. Timing thread introduced in Step 1 will refresh the user list according to your settings.
+
 === Support Kafka Version Information
 Currently, this rest api (master branch) supports Kafka 0.10.x brokers. The master branch is the most active branch.
 
@@ -66,6 +101,7 @@ You can access Swagger-UI by accessing http://127.0.0.1:8121/api
 * kafka-controller : Kafka Api
 * zookeeper-controller : Zookeeper Api
 * collector-controller : JMX Metric Collector Api
+* user-controller : User management Api
 
 
 === https://github.com/gnuhpc/Kafka-zk-restapi/blob/master/docs/definitions.adoc[Data Model Definitions for 0.10]
diff --git a/docs/JMXCollector.adoc b/docs/JMXCollector.adoc
@@ -302,7 +302,7 @@ The response is as follows:
 ----
 
 ==== How to add filter template
-You can add filter template yml file in the resources/JMXFilterTempalte directory. The fields of the file are the same with the query filter that noticed above.
+You can add filter template yml files to JMXFilterTemplate directory in project root folder. The fields of the file are the same with the query filter that noticed above.
 
 Sample filter template is as follows:
 [source, yml]
diff --git a/docs/security.adoc b/docs/security.adoc
diff --git a/pics/ShowApi.png b/pics/ShowApi.png
diff --git a/security/security.yml b/security/security.yml
@@ -1,22 +1,4 @@
 ---
-test4:
-  password: "$2a$10$M9g/YgjQUuEH05RZklnm3u1JWoyRApv/Bfxwe0EiOFMKl2ghQvDK2"
-  role: "user"
-test2:
-  password: "$2a$10$xUisqGbg1lC.F62bwAZ0KuIJ/ltIg.0erANK1rz/gi1qVbRzkb.KC"
-  role: "user"
-test3:
-  password: "$2a$10$5L.EQBqNKBPLsbflg3mYUuZGmH7jh6IUjB6nyecLPo1rGKLu5LXAW"
-  role: "user"
-test:
-  password: "$2a$10$tXq/tF9d5COfuRbS0eyfdOrsgv2mn.xhKT3TdWY8007dsIEhDpItS"
-  role: "user"
 admin:
   password: "$2a$10$cwkLeAFbPSNWEvjnL.w2FeoEPIv.MMEb0Pk541TiuqGRHP.x8ReoK"
   role: "admin"
-test1:
-  password: "$2a$10$knZ1h7KIDJeJuJdpmspt9utL.UajESzTlox7X/DFA4YcINbb3TFdC"
-  role: "user"
-tina:
-  password: "$2a$10$e6UbRpWtOP43A/QCOmNCGuJ3BN9OoToiF0HAiZgMW3ktnzvQkjQfC"
-  role: "string"
diff --git a/src/main/java/org/gnuhpc/bigdata/security/UserDetailsServiceImp.java b/src/main/java/org/gnuhpc/bigdata/security/UserDetailsServiceImp.java
@@ -68,13 +68,11 @@ private ArrayList<User> fetchUserListFromSecurtiyFile() {
     String securityFilePath = WebSecurityConfig.SECURITY_FILE_PATH;
     try {
       HashMap<Object, Object> accounts = CommonUtils.yamlParse(securityFilePath);
-      Iterator iter = accounts.entrySet().iterator();
-      while (iter.hasNext()) {
-        HashMap.Entry entry = (HashMap.Entry) iter.next();
-        String username = (String)entry.getKey();
-        Map<String, String> userInfo = (Map)entry.getValue();
+      accounts.forEach((key, value)->{
+        String username = (String)key;
+        Map<String, String> userInfo = (Map)value;
         userList.add(new User(username, userInfo.get("password"), userInfo.get("role")));
-      }
+      });
     } catch (IOException ioException) {
       log.error("Security file process exception.", ioException);
     }
diff --git a/src/main/java/org/gnuhpc/bigdata/service/UserService.java b/src/main/java/org/gnuhpc/bigdata/service/UserService.java
@@ -24,12 +24,9 @@ public List<String> listUser() {
     List<String> userList = new ArrayList<>();
     try {
       accounts = CommonUtils.yamlParse(WebSecurityConfig.SECURITY_FILE_PATH);
-      Iterator iterator = accounts.entrySet().iterator();
-      while (iterator.hasNext()) {
-        Map.Entry entry = (Map.Entry) iterator.next();
-        String username = (String)entry.getKey();
-        userList.add(username);
-      }
+      accounts.forEach((username, value)->{
+        userList.add((String)username);
+      });
     } catch (IOException ioException) {
       log.error("Failed to get user list. Reason : " + ioException.getLocalizedMessage());
     }
