Add a flag to configure Shiro at runtime.

kevints · kevints · commit e11ed5b7f351 · 2015-03-14T15:57:43.000-07:00
Testing Done: ./gradlew -Pq build Bugs closed: AURORA-809 Reviewed at https://reviews.apache.org/r/32055/
diff --git a/src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java b/src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java
@@ -13,10 +13,13 @@
  */
 package org.apache.aurora.scheduler.http.api.security;
 
+import java.util.Set;
+
 import javax.inject.Singleton;
 
 import com.google.common.annotations.VisibleForTesting;
-import com.google.common.base.Optional;
+import com.google.common.collect.ImmutableSet;
+import com.google.inject.Module;
 import com.google.inject.Provides;
 import com.google.inject.matcher.Matchers;
 import com.google.inject.name.Names;
@@ -31,13 +34,14 @@
 import org.apache.aurora.gen.AuroraSchedulerManager;
 import org.apache.aurora.scheduler.http.api.ApiModule;
 import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.config.Ini;
 import org.apache.shiro.guice.aop.ShiroAopModule;
 import org.apache.shiro.guice.web.ShiroWebModule;
 import org.apache.shiro.realm.text.IniRealm;
 import org.apache.shiro.subject.Subject;
 import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter;
 
+import static java.util.Objects.requireNonNull;
+
 /**
  * Provides HTTP Basic Authentication for the API using Apache Shiro. When enabled, prevents
  * unauthenticated access to write APIs. Write API access must also be authorized, with permissions
@@ -51,25 +55,26 @@ public class ApiSecurityModule extends ServletModule {
       help = "Enable security for the Thrift API (beta).")
   private static final Arg<Boolean> ENABLE_API_SECURITY = Arg.create(false);
 
-  @CmdLine(name = "shiro_ini_path",
-      help = "Path to shiro.ini for authentication and authorization configuration.")
-  private static final Arg<Ini> SHIRO_INI_PATH = Arg.create(null);
+  @CmdLine(name = "shiro_realm_modules",
+      help = "Guice modules for configuring Shiro Realms.")
+  private static final Arg<Set<Module>> SHIRO_REALM_MODULE =
+      Arg.<Set<Module>>create(ImmutableSet.<Module>of(new IniShiroRealmModule()));
 
   private final boolean enableApiSecurity;
-  private final Optional<Ini> shiroIni;
+  private final Set<Module> shiroConfigurationModules;
 
   public ApiSecurityModule() {
-    this(ENABLE_API_SECURITY.get(), Optional.fromNullable(SHIRO_INI_PATH.get()));
+    this(ENABLE_API_SECURITY.get(), SHIRO_REALM_MODULE.get());
   }
 
   @VisibleForTesting
-  ApiSecurityModule(Ini shiroIni) {
-    this(true, Optional.of(shiroIni));
+  ApiSecurityModule(Module shiroConfigurationModule) {
+    this(true, ImmutableSet.of(shiroConfigurationModule));
   }
 
-  private ApiSecurityModule(boolean enableApiSecurity, Optional<Ini> shiroIni) {
+  private ApiSecurityModule(boolean enableApiSecurity, Set<Module> shiroConfigurationModules) {
     this.enableApiSecurity = enableApiSecurity;
-    this.shiroIni = shiroIni;
+    this.shiroConfigurationModules = requireNonNull(shiroConfigurationModules);
   }
 
   @Override
@@ -85,10 +90,10 @@ private void doConfigureServlets() {
       @Override
       @SuppressWarnings("unchecked")
       protected void configureShiroWeb() {
-        try {
-          bindRealm().toConstructor(IniRealm.class.getConstructor(Ini.class));
-        } catch (NoSuchMethodException e) {
-          addError(e);
+        for (Module module : shiroConfigurationModules) {
+          // We can't wrap this in a PrivateModule because Guice Multibindings don't work with them
+          // and we need a Set<Realm>.
+          install(module);
         }
 
         addFilterChain("/**",
@@ -97,11 +102,6 @@ protected void configureShiroWeb() {
       }
     });
 
-    if (shiroIni.isPresent()) {
-      bind(Ini.class).toInstance(shiroIni.get());
-    } else {
-      addError("shiro.ini is required.");
-    }
     bind(IniRealm.class).in(Singleton.class);
     bindConstant().annotatedWith(Names.named("shiro.applicationName")).to(HTTP_REALM_NAME);
 
diff --git a/src/main/java/org/apache/aurora/scheduler/http/api/security/IniShiroRealmModule.java b/src/main/java/org/apache/aurora/scheduler/http/api/security/IniShiroRealmModule.java
@@ -0,0 +1,68 @@
+/**
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.aurora.scheduler.http.api.security;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Optional;
+import com.google.inject.AbstractModule;
+import com.google.inject.multibindings.Multibinder;
+import com.twitter.common.args.Arg;
+import com.twitter.common.args.CmdLine;
+
+import org.apache.shiro.config.Ini;
+import org.apache.shiro.realm.Realm;
+import org.apache.shiro.realm.text.IniRealm;
+
+/**
+ * Provides an implementation of a Shiro {@link IniRealm} that uses a flat shiro.ini file for
+ * authentication and authorization. Should be used in conjunction with the
+ * {@link org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter} or other filter that
+ * produces {@link org.apache.shiro.authc.UsernamePasswordToken}s.
+ */
+public class IniShiroRealmModule extends AbstractModule {
+  @CmdLine(name = "shiro_ini_path",
+      help = "Path to shiro.ini for authentication and authorization configuration.")
+  private static final Arg<Ini> SHIRO_INI_PATH = Arg.create(null);
+
+  private final Optional<Ini> ini;
+
+  public IniShiroRealmModule() {
+    this(Optional.fromNullable(SHIRO_INI_PATH.get()));
+  }
+
+  @VisibleForTesting
+  IniShiroRealmModule(Ini ini) {
+    this(Optional.of(ini));
+  }
+
+  private IniShiroRealmModule(Optional<Ini> ini) {
+    this.ini = ini;
+  }
+
+  @Override
+  protected void configure() {
+    if (ini.isPresent()) {
+      bind(Ini.class).toInstance(ini.get());
+    } else {
+      addError("shiro.ini is required.");
+    }
+
+    try {
+      Multibinder.newSetBinder(binder(), Realm.class).addBinding()
+          .toConstructor(IniRealm.class.getConstructor(Ini.class));
+    } catch (NoSuchMethodException e) {
+      addError(e);
+    }
+  }
+}
diff --git a/src/main/java/org/apache/aurora/scheduler/http/api/security/ModuleParser.java b/src/main/java/org/apache/aurora/scheduler/http/api/security/ModuleParser.java
@@ -0,0 +1,60 @@
+/**
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.aurora.scheduler.http.api.security;
+
+import java.lang.reflect.Constructor;
+import java.lang.reflect.InvocationTargetException;
+
+import com.google.inject.Module;
+import com.twitter.common.args.ArgParser;
+import com.twitter.common.args.parsers.NonParameterizedTypeParser;
+
+/**
+ * ArgParser for Guice modules. Constructs an instance of a Module with a given FQCN if it has a
+ * public no-args constructor.
+ */
+@ArgParser
+public class ModuleParser extends NonParameterizedTypeParser<Module> {
+  @Override
+  public Module doParse(String raw) throws IllegalArgumentException {
+    Class<?> rawClass;
+    try {
+      rawClass = Class.forName(raw);
+    } catch (ClassNotFoundException e) {
+      throw new IllegalArgumentException(e);
+    }
+
+    if (!Module.class.isAssignableFrom(rawClass)) {
+      throw new IllegalArgumentException(
+          "Class " + raw + " must implement " + Module.class.getName());
+    }
+    @SuppressWarnings("unchecked")
+    Class<? extends Module> moduleClass = (Class<? extends Module>) rawClass;
+
+    Constructor<? extends Module> moduleConstructor;
+    try {
+      moduleConstructor = moduleClass.getConstructor();
+    } catch (NoSuchMethodException e) {
+      throw new IllegalArgumentException(
+          "Module " + raw + " must have a public no-args constructor.",
+          e);
+    }
+
+    try {
+      return moduleConstructor.newInstance();
+    } catch (InvocationTargetException | InstantiationException | IllegalAccessException e) {
+      throw new IllegalArgumentException(e);
+    }
+  }
+}
diff --git a/src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java b/src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java
@@ -106,7 +106,7 @@ public void setUp() {
   protected Module getChildServletModule() {
     return Modules.combine(
         new ApiModule(),
-        new ApiSecurityModule(ini),
+        new ApiSecurityModule(new IniShiroRealmModule(ini)),
         new AbstractModule() {
           @Override
           protected void configure() {
diff --git a/src/test/java/org/apache/aurora/scheduler/http/api/security/ModuleParserTest.java b/src/test/java/org/apache/aurora/scheduler/http/api/security/ModuleParserTest.java
@@ -0,0 +1,81 @@
+/**
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.aurora.scheduler.http.api.security;
+
+import com.google.inject.Binder;
+import com.google.inject.Module;
+
+import org.junit.Test;
+
+public class ModuleParserTest {
+  static class NoOpModule implements Module {
+    public NoOpModule() {
+      // No-op.
+    }
+
+    @Override
+    public void configure(Binder binder) {
+      // No-op.
+    }
+  }
+
+  static class NoNullaryConstructorModule implements Module {
+    private String name;
+
+    NoNullaryConstructorModule(String name) {
+      this.name = name;
+    }
+
+    @Override
+    public void configure(Binder binder) {
+      binder.bind(String.class).toInstance(name);
+    }
+  }
+
+  static class ThrowingConstructorModule implements Module {
+    ThrowingConstructorModule() {
+      throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public void configure(Binder binder) {
+      // Unreachable.
+    }
+  }
+
+  @Test
+  public void testDoParseSuccess() {
+    new ModuleParser().doParse(NoOpModule.class.getName());
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testDoParseClassNotFound() {
+    new ModuleParser().doParse("invalid.class.name");
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testDoParseNotModule() {
+    new ModuleParser().doParse(String.class.getCanonicalName());
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testDoParseNoNullaryConstructor() {
+    new ModuleParser().doParse(NoNullaryConstructorModule.class.getCanonicalName());
+  }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testDoParseThrowingConstructorModule() {
+    new ModuleParser().doParse(ThrowingConstructorModule.class.getCanonicalName());
+  }
+}
