1.Unify the json process lib to jackson.

2.Use jackson lib to process the yaml file.
3.Add security feature. Password will be encoded using Bcrypt in Spring Security and store user info in yml format.
4.Make security check parameters configurable.
5.Add CommonUitls to offer some common functions such as BcryptEncoder, yamlParse, getProjectRootFolder,etc.

Author: tinawenqiao

docs/index.pdf

@@ -210,6 +210,17 @@
             <artifactId>jackson-databind</artifactId>
             <version>${jackson.version}</version>
         </dependency>
+        <!-- convert Java 8 date and time classes to JSON representation using the @JsonFormat annotation-->
+        <dependency>
+            <groupId>com.fasterxml.jackson.datatype</groupId>
+            <artifactId>jackson-datatype-jsr310</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.dataformat</groupId>
+            <artifactId>jackson-dataformat-yaml</artifactId>
+            <version>${jackson.version}</version>
+        </dependency>
+
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-collections4</artifactId>
@@ -238,22 +249,6 @@
             <artifactId>curator-framework</artifactId>
             <version>2.11.0</version>
         </dependency>
-        <!-- convert Java 8 date and time classes to JSON representation using the @JsonFormat annotation-->
-        <dependency>
-            <groupId>com.fasterxml.jackson.datatype</groupId>
-            <artifactId>jackson-datatype-jsr310</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.yaml</groupId>
-            <artifactId>snakeyaml</artifactId>
-            <version>${snakeyaml.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>net.sf.json-lib</groupId>
-            <artifactId>json-lib</artifactId>
-            <version>2.4</version>
-            <classifier>jdk15</classifier>
-        </dependency>
     </dependencies>
 
     <build>

pom.xml

@@ -0,0 +1,22 @@
+---
+test4:
+  password: "$2a$10$M9g/YgjQUuEH05RZklnm3u1JWoyRApv/Bfxwe0EiOFMKl2ghQvDK2"
+  role: "user"
+test2:
+  password: "$2a$10$xUisqGbg1lC.F62bwAZ0KuIJ/ltIg.0erANK1rz/gi1qVbRzkb.KC"
+  role: "user"
+test3:
+  password: "$2a$10$5L.EQBqNKBPLsbflg3mYUuZGmH7jh6IUjB6nyecLPo1rGKLu5LXAW"
+  role: "user"
+test:
+  password: "$2a$10$tXq/tF9d5COfuRbS0eyfdOrsgv2mn.xhKT3TdWY8007dsIEhDpItS"
+  role: "user"
+admin:
+  password: "$2a$10$cwkLeAFbPSNWEvjnL.w2FeoEPIv.MMEb0Pk541TiuqGRHP.x8ReoK"
+  role: "admin"
+test1:
+  password: "$2a$10$knZ1h7KIDJeJuJdpmspt9utL.UajESzTlox7X/DFA4YcINbb3TFdC"
+  role: "user"
+tina:
+  password: "$2a$10$e6UbRpWtOP43A/QCOmNCGuJ3BN9OoToiF0HAiZgMW3ktnzvQkjQfC"
+  role: "string"

security/security.yml

@@ -1,10 +1,15 @@
 package org.gnuhpc.bigdata.config;
 
+import org.gnuhpc.bigdata.utils.CommonUtils;
+
+import java.io.File;
+
 public class JMXConfig {
   public static final String JMX_WAIT_TIMEOUT = "jmx.wait_timeout";
   public static final String JMX_FETCH_TIMEOUT = "jmx.fetch_timeout";
   public static final String RMI_CONNECT_TIMEOUT = "rmi.connect_timeout";
   public static final String RMI_HANDSHAKE_TIMEOUT = "rmi.handshake_timeout";
   public static final String RMI_RESPONSE_TIMEOUT = "rmi.response_timeout";
   public static final String JMX_PROTOCOL = "service:jmx:rmi:///jndi/rmi://";
+  public static final String JMX_FILTER_DIR = CommonUtils.PROJECT_ROOT_FOLDER + File.separator + "JMXFilterTemplate";
 }

security/securityFile.txt

@@ -1,9 +1,12 @@
 package org.gnuhpc.bigdata.config;
 
-import org.gnuhpc.bigdata.service.UserDetailsServiceImp;
+import org.gnuhpc.bigdata.security.BasicAuthenticationPoint;
+import org.gnuhpc.bigdata.security.UserDetailsServiceImp;
+import org.gnuhpc.bigdata.utils.CommonUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -12,28 +15,38 @@
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 
+import java.io.File;
+
+@Configuration
 @EnableWebSecurity
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+  public static final String SECURITY_FILE_PATH = CommonUtils.PROJECT_ROOT_FOLDER + File.separator +
+          "security" + File.separator + "security.yml";
+
   @Autowired
   private BasicAuthenticationPoint basicAuthenticationPoint;
 
+  @Value("${server.security.check}")
+  private boolean securityCheck;
+  @Value("${server.security.checkInitDelay}")
+  private int checkInitDelay;
+  @Value("${server.security.checkSecurityInterval}")
+  private int checkSecurityInterval;
+
   @Bean
   public UserDetailsService userDetailsService() {
-    return new UserDetailsServiceImp();
+    return new UserDetailsServiceImp(securityCheck, checkInitDelay, checkSecurityInterval);
   };
 
   @Bean
   public BCryptPasswordEncoder passwordEncoder() {
     return new BCryptPasswordEncoder();
   };
 
-  @Value("${server.security}")
-  private boolean security;
-
   @Override
   protected void configure(HttpSecurity http) throws Exception {
     http.csrf().disable();
-    if (security) {
+    if (securityCheck) {
       http.authorizeRequests().antMatchers("/api", "/swagger-ui.html", "/webjars/**", "/swagger-resources/**", "/v2/**").permitAll()
               .anyRequest().authenticated();
       http.httpBasic().authenticationEntryPoint(basicAuthenticationPoint);
@@ -48,4 +61,8 @@ protected void configure(HttpSecurity http) throws Exception {
   public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
     auth.userDetailsService(userDetailsService()).passwordEncoder(passwordEncoder());
   }
+
+  public static void main(String[] args) {
+    System.out.println(new BCryptPasswordEncoder().encode("admin1234"));
+  }
 }

src/main/java/org/gnuhpc/bigdata/config/JMXConfig.java

@@ -0,0 +1,56 @@
+package org.gnuhpc.bigdata.controller;
+
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+import lombok.extern.log4j.Log4j;
+import org.gnuhpc.bigdata.constant.GeneralResponseState;
+import org.gnuhpc.bigdata.model.GeneralResponse;
+import org.gnuhpc.bigdata.model.User;
+import org.gnuhpc.bigdata.service.UserService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.validation.BindingResult;
+import org.springframework.web.bind.annotation.*;
+
+import javax.validation.Valid;
+import java.util.List;
+
+@Log4j
+@RestController
+@Api(value = "/users", description = "Security User Management Controller.")
+public class UserController {
+  @Autowired
+  private UserService userService;
+
+  @GetMapping("/users")
+  @ApiOperation(value = "Get user list.")
+  public List<String> listUser() {
+    return userService.listUser();
+  }
+
+  @PostMapping("/users")
+  @ApiOperation(value = "Add user.")
+  public GeneralResponse addUser(@RequestBody@Valid User user, BindingResult results) {
+    if (results.hasErrors()) {
+      return new GeneralResponse(GeneralResponseState.failure, results.getFieldError().getDefaultMessage());
+    }
+    log.info("Receive add user request: username:" + user.getUsername());
+    return userService.addUser(user);
+  }
+
+  @PutMapping("/users")
+  @ApiOperation(value = "Modify user information.")
+  public GeneralResponse modifyUser(@RequestBody@Valid User user, BindingResult results) {
+    if (results.hasErrors()) {
+      return new GeneralResponse(GeneralResponseState.failure, results.getFieldError().getDefaultMessage());
+    }
+    log.info("Receive modify user request: username:" + user.getUsername());
+    return userService.modifyUser(user);
+  }
+
+  @DeleteMapping("/users/{username}")
+  @ApiOperation(value = "Delete user.")
+  public GeneralResponse delUser(@PathVariable String username) {
+    log.info("Receive delete user request: username:" + username);
+    return userService.delUser(username);
+  }
+}

src/main/java/org/gnuhpc/bigdata/config/WebSecurityConfig.java

@@ -30,6 +30,7 @@ public class RestErrorResponse {
     private List<RestSubError> subErrorList;
 
     public RestErrorResponse() {
+        //this.timestamp = new Date();
         this.timestamp = LocalDateTime.now();
     }
 

src/main/java/org/gnuhpc/bigdata/controller/UserController.java

@@ -1,18 +1,26 @@
 package org.gnuhpc.bigdata.model;
 
+import lombok.AllArgsConstructor;
 import lombok.Getter;
 import lombok.Setter;
+import org.hibernate.validator.constraints.NotBlank;
+import org.hibernate.validator.constraints.NotEmpty;
+
+import javax.validation.constraints.NotNull;
 
 @Getter
 @Setter
+@AllArgsConstructor
 public class User {
+  @NotNull(message = "Username can not be null.")
+  @NotBlank(message = "Username can not be blank.")
   private String username;
+
+  @NotNull(message = "Password can not be null.")
+  @NotBlank(message = "Password can not be blank.")
   private String password;
-  private String role;
 
-  public User(String username, String password, String role) {
-    this.username = username;
-    this.password = password;
-    this.role = role;
-  }
+  @NotNull(message = "Role can not be null.")
+  @NotBlank(message = "Role can not be blank.")
+  private String role;
 }

src/main/java/org/gnuhpc/bigdata/exception/RestErrorResponse.java

@@ -1,9 +1,13 @@
-package org.gnuhpc.bigdata.config;
+package org.gnuhpc.bigdata.security;
 
-import net.sf.json.JSONObject;
-import net.sf.json.JsonConfig;
-import net.sf.json.processors.JsonValueProcessor;
+import com.fasterxml.jackson.core.JsonGenerator;
+import com.fasterxml.jackson.databind.JsonSerializer;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.SerializerProvider;
+import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
+import lombok.NoArgsConstructor;
 import org.gnuhpc.bigdata.exception.RestErrorResponse;
+import org.springframework.boot.jackson.JsonComponent;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
@@ -25,29 +29,25 @@ public void commence(HttpServletRequest request, HttpServletResponse response, A
     response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
     String error = "Authenciation Error:" + authEx.getClass().getCanonicalName();
     RestErrorResponse restAuthenticationError = new RestErrorResponse(HttpStatus.UNAUTHORIZED, error, authEx);
-    /**
-     * Translate field LocalDateTime to uniform the response format.
-     */
-    JsonConfig jsonConfig = new JsonConfig();
-    jsonConfig.registerJsonValueProcessor(LocalDateTime.class, new JsonValueProcessor() {
-      DateTimeFormatter df = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss");
-      @Override
-      public Object processObjectValue(String propertyName, Object date,JsonConfig config) {
-        return df.format((LocalDateTime)date);
-      }
-
-      @Override
-      public Object processArrayValue(Object date, JsonConfig config) {
-        return df.format((LocalDateTime)date);
-      }
-    });
-
-    response.getWriter().print(JSONObject.fromObject(restAuthenticationError, jsonConfig).toString());
+    ObjectMapper mapper = new ObjectMapper();
+    JavaTimeModule javaTimeModule = new JavaTimeModule();
+    javaTimeModule.addSerializer(LocalDateTime.class, new LocalDateTimeSerializer());
+    mapper.registerModule(javaTimeModule);
+    response.getWriter().print(mapper.writeValueAsString(restAuthenticationError));
   }
 
   @Override
   public void afterPropertiesSet() throws Exception {
     setRealmName("Contact Big Data Infrastructure Team to get available accounts.");
     super.afterPropertiesSet();
   }
+
+  @JsonComponent
+  @NoArgsConstructor
+  private class LocalDateTimeSerializer extends JsonSerializer<LocalDateTime> {
+    @Override
+    public void serialize(LocalDateTime value, JsonGenerator gen, SerializerProvider sp) throws IOException{
+      gen.writeString(value.format(DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss")));
+    }
+  }
 }