metamx · esevastyanov · May 23, 2019 · May 28, 2019 · May 29, 2019 · May 29, 2019
diff --git a/...basic-security/src/main/java/io/druid/security/basic/BasicAuthClassCompositionConfig.java b/...basic-security/src/main/java/io/druid/security/basic/BasicAuthClassCompositionConfig.java
@@ -0,0 +1,128 @@
+/*
+ * Licensed to Metamarkets Group Inc. (Metamarkets) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. Metamarkets licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package io.druid.security.basic;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+/**
+ * Basic authentication storage/cache/resource handler config.
+ * BasicAuthClassCompositionConfig provides options to specify authenticator/authorizer classes of user/role managers,
+ * caches and notifiers. If a field in this class is non-null then the corresponding class is instantiated
+ * regardless of what type of Druid component runs it (see {@link BasicSecurityDruidModule}).
+ * Hence every Druid component might be a user/role manager and notify others by sending notifications.
+ * Every field must be a valid class name (appropriate for the corresponding goal) or null.
+ */
+public class BasicAuthClassCompositionConfig
+{
+  @JsonProperty
+  private final String authenticatorMetadataStorageUpdater;
+
+  @JsonProperty
+  private final String authenticatorCacheManager;
+
+  @JsonProperty
+  private final String authenticatorResourceHandler;
+
+  @JsonProperty
+  private final String authenticatorCacheNotifier;
+
+  @JsonProperty
+  private final String authorizerMetadataStorageUpdater;
+
+  @JsonProperty
+  private final String authorizerCacheManager;
+
+  @JsonProperty
+  private final String authorizerResourceHandler;
+
+  @JsonProperty
+  private final String authorizerCacheNotifier;
+
+  @JsonCreator
+  public BasicAuthClassCompositionConfig(
+      @JsonProperty("authenticatorMetadataStorageUpdater") String authenticatorMetadataStorageUpdater,
+      @JsonProperty("authenticatorCacheManager") String authenticatorCacheManager,
+      @JsonProperty("authenticatorResourceHandler") String authenticatorResourceHandler,
+      @JsonProperty("authenticatorCacheNotifier") String authenticatorCacheNotifier,
+      @JsonProperty("authorizerMetadataStorageUpdater") String authorizerMetadataStorageUpdater,
+      @JsonProperty("authorizerCacheManager") String authorizerCacheManager,
+      @JsonProperty("authorizerResourceHandler") String authorizerResourceHandler,
+      @JsonProperty("authorizerCacheNotifier") String authorizerCacheNotifier
+  )
+  {
+    this.authenticatorMetadataStorageUpdater = authenticatorMetadataStorageUpdater;
+    this.authenticatorCacheManager = authenticatorCacheManager;
+    this.authenticatorResourceHandler = authenticatorResourceHandler;
+    this.authenticatorCacheNotifier = authenticatorCacheNotifier;
+    this.authorizerMetadataStorageUpdater = authorizerMetadataStorageUpdater;
+    this.authorizerCacheManager = authorizerCacheManager;
+    this.authorizerResourceHandler = authorizerResourceHandler;
+    this.authorizerCacheNotifier = authorizerCacheNotifier;
+  }
+
+  @JsonProperty
+  public String getAuthenticatorMetadataStorageUpdater()
+  {
+    return authenticatorMetadataStorageUpdater;
+  }
+
+  @JsonProperty
+  public String getAuthenticatorCacheManager()
+  {
+    return authenticatorCacheManager;
+  }
+
+  @JsonProperty
+  public String getAuthenticatorResourceHandler()
+  {
+    return authenticatorResourceHandler;
+  }
+
+  @JsonProperty
+  public String getAuthenticatorCacheNotifier()
+  {
+    return authenticatorCacheNotifier;
+  }
+
+  @JsonProperty
+  public String getAuthorizerMetadataStorageUpdater()
+  {
+    return authorizerMetadataStorageUpdater;
+  }
+
+  @JsonProperty
+  public String getAuthorizerCacheManager()
+  {
+    return authorizerCacheManager;
+  }
+
+  @JsonProperty
+  public String getAuthorizerResourceHandler()
+  {
+    return authorizerResourceHandler;
+  }
+
+  @JsonProperty
+  public String getAuthorizerCacheNotifier()
+  {
+    return authorizerCacheNotifier;
+  }
+}
diff --git a/.../druid-basic-security/src/main/java/io/druid/security/basic/BasicSecurityDruidModule.java b/.../druid-basic-security/src/main/java/io/druid/security/basic/BasicSecurityDruidModule.java
@@ -39,8 +39,10 @@
 import io.druid.security.basic.authentication.db.cache.CoordinatorBasicAuthenticatorCacheNotifier;
 import io.druid.security.basic.authentication.db.cache.CoordinatorPollingBasicAuthenticatorCacheManager;
 import io.druid.security.basic.authentication.db.cache.MetadataStoragePollingBasicAuthenticatorCacheManager;
+import io.druid.security.basic.authentication.db.cache.NoopBasicAuthenticatorCacheNotifier;
 import io.druid.security.basic.authentication.db.updater.BasicAuthenticatorMetadataStorageUpdater;
 import io.druid.security.basic.authentication.db.updater.CoordinatorBasicAuthenticatorMetadataStorageUpdater;
+import io.druid.security.basic.authentication.db.updater.NoopBasicAuthenticatorMetadataStorageUpdater;
 import io.druid.security.basic.authentication.endpoint.BasicAuthenticatorResource;
 import io.druid.security.basic.authentication.endpoint.BasicAuthenticatorResourceHandler;
 import io.druid.security.basic.authentication.endpoint.CoordinatorBasicAuthenticatorResourceHandler;
@@ -51,8 +53,10 @@
 import io.druid.security.basic.authorization.db.cache.CoordinatorBasicAuthorizerCacheNotifier;
 import io.druid.security.basic.authorization.db.cache.CoordinatorPollingBasicAuthorizerCacheManager;
 import io.druid.security.basic.authorization.db.cache.MetadataStoragePollingBasicAuthorizerCacheManager;
+import io.druid.security.basic.authorization.db.cache.NoopBasicAuthorizerCacheNotifier;
 import io.druid.security.basic.authorization.db.updater.BasicAuthorizerMetadataStorageUpdater;
 import io.druid.security.basic.authorization.db.updater.CoordinatorBasicAuthorizerMetadataStorageUpdater;
+import io.druid.security.basic.authorization.db.updater.NoopBasicAuthorizerMetadataStorageUpdater;
 import io.druid.security.basic.authorization.endpoint.BasicAuthorizerResource;
 import io.druid.security.basic.authorization.endpoint.BasicAuthorizerResourceHandler;
 import io.druid.security.basic.authorization.endpoint.CoordinatorBasicAuthorizerResourceHandler;
@@ -62,10 +66,12 @@
 
 public class BasicSecurityDruidModule implements DruidModule
 {
+
   @Override
   public void configure(Binder binder)
   {
     JsonConfigProvider.bind(binder, "druid.auth.basic.common", BasicAuthCommonCacheConfig.class);
+    JsonConfigProvider.bind(binder, "druid.auth.basic.composition", BasicAuthClassCompositionConfig.class);
 
     LifecycleModule.register(binder, BasicAuthenticatorMetadataStorageUpdater.class);
     LifecycleModule.register(binder, BasicAuthorizerMetadataStorageUpdater.class);
@@ -76,84 +82,124 @@ public void configure(Binder binder)
     Jerseys.addResource(binder, BasicAuthorizerResource.class);
   }
 
-  @Provides @LazySingleton
-  public static BasicAuthenticatorMetadataStorageUpdater createAuthenticatorStorageUpdater(final Injector injector)
+  @Provides
+  @LazySingleton
+  public static BasicAuthenticatorMetadataStorageUpdater createAuthenticatorStorageUpdater(
+      final Injector injector,
+      BasicAuthClassCompositionConfig config
+  ) throws ClassNotFoundException
   {
-    if (isCoordinator(injector)) {
-      return injector.getInstance(CoordinatorBasicAuthenticatorMetadataStorageUpdater.class);
-    } else {
-      return null;
-    }
+    return getInstance(
+        injector,
+        config.getAuthenticatorMetadataStorageUpdater(),
+        CoordinatorBasicAuthenticatorMetadataStorageUpdater.class,
+        NoopBasicAuthenticatorMetadataStorageUpdater.class
+    );
   }
 
-  @Provides @LazySingleton
-  public static BasicAuthenticatorCacheManager createAuthenticatorCacheManager(final Injector injector)
+  @Provides
+  @LazySingleton
+  public static BasicAuthenticatorCacheManager createAuthenticatorCacheManager(
+      final Injector injector,
+      BasicAuthClassCompositionConfig config
+  ) throws ClassNotFoundException
   {
-    if (isCoordinator(injector)) {
-      return injector.getInstance(MetadataStoragePollingBasicAuthenticatorCacheManager.class);
-    } else {
-      return injector.getInstance(CoordinatorPollingBasicAuthenticatorCacheManager.class);
-    }
+    return getInstance(
+        injector,
+        config.getAuthenticatorCacheManager(),
+        MetadataStoragePollingBasicAuthenticatorCacheManager.class,
+        CoordinatorPollingBasicAuthenticatorCacheManager.class
+    );
   }
 
-  @Provides @LazySingleton
-  public static BasicAuthenticatorResourceHandler createAuthenticatorResourceHandler(final Injector injector)
+  @Provides
+  @LazySingleton
+  public static BasicAuthenticatorResourceHandler createAuthenticatorResourceHandler(
+      final Injector injector,
+      BasicAuthClassCompositionConfig config
+  ) throws ClassNotFoundException
   {
-    if (isCoordinator(injector)) {
-      return injector.getInstance(CoordinatorBasicAuthenticatorResourceHandler.class);
-    } else {
-      return injector.getInstance(DefaultBasicAuthenticatorResourceHandler.class);
-    }
+    return getInstance(
+        injector,
+        config.getAuthenticatorResourceHandler(),
+        CoordinatorBasicAuthenticatorResourceHandler.class,
+        DefaultBasicAuthenticatorResourceHandler.class
+    );
   }
 
-  @Provides @LazySingleton
-  public static BasicAuthenticatorCacheNotifier createAuthenticatorCacheNotifier(final Injector injector)
+  @Provides
+  @LazySingleton
+  public static BasicAuthenticatorCacheNotifier createAuthenticatorCacheNotifier(
+      final Injector injector,
+      BasicAuthClassCompositionConfig config
+  ) throws ClassNotFoundException
   {
-    if (isCoordinator(injector)) {
-      return injector.getInstance(CoordinatorBasicAuthenticatorCacheNotifier.class);
-    } else {
-      return null;
-    }
+    return getInstance(
+        injector,
+        config.getAuthenticatorCacheNotifier(),
+        CoordinatorBasicAuthenticatorCacheNotifier.class,
+        NoopBasicAuthenticatorCacheNotifier.class
+    );
   }
 
-  @Provides @LazySingleton
-  public static BasicAuthorizerMetadataStorageUpdater createAuthorizerStorageUpdater(final Injector injector)
+  @Provides
+  @LazySingleton
+  public static BasicAuthorizerMetadataStorageUpdater createAuthorizerStorageUpdater(
+      final Injector injector,
+      BasicAuthClassCompositionConfig config
+  ) throws ClassNotFoundException
   {
-    if (isCoordinator(injector)) {
-      return injector.getInstance(CoordinatorBasicAuthorizerMetadataStorageUpdater.class);
-    } else {
-      return null;
-    }
+    return getInstance(
+        injector,
+        config.getAuthorizerMetadataStorageUpdater(),
+        CoordinatorBasicAuthorizerMetadataStorageUpdater.class,
+        NoopBasicAuthorizerMetadataStorageUpdater.class
+    );
   }
 
-  @Provides @LazySingleton
-  public static BasicAuthorizerCacheManager createAuthorizerCacheManager(final Injector injector)
+  @Provides
+  @LazySingleton
+  public static BasicAuthorizerCacheManager createAuthorizerCacheManager(
+      final Injector injector,
+      BasicAuthClassCompositionConfig config
+  ) throws ClassNotFoundException
   {
-    if (isCoordinator(injector)) {
-      return injector.getInstance(MetadataStoragePollingBasicAuthorizerCacheManager.class);
-    } else {
-      return injector.getInstance(CoordinatorPollingBasicAuthorizerCacheManager.class);
-    }
+    return getInstance(
+        injector,
+        config.getAuthorizerCacheManager(),
+        MetadataStoragePollingBasicAuthorizerCacheManager.class,
+        CoordinatorPollingBasicAuthorizerCacheManager.class
+    );
   }
 
-  @Provides @LazySingleton
-  public static BasicAuthorizerResourceHandler createAuthorizerResourceHandler(final Injector injector)
+  @Provides
+  @LazySingleton
+  public static BasicAuthorizerResourceHandler createAuthorizerResourceHandler(
+      final Injector injector,
+      BasicAuthClassCompositionConfig config
+  ) throws ClassNotFoundException
   {
-    if (isCoordinator(injector)) {
-      return injector.getInstance(CoordinatorBasicAuthorizerResourceHandler.class);
-    } else {
-      return injector.getInstance(DefaultBasicAuthorizerResourceHandler.class);
-    }
+    return getInstance(
+        injector,
+        config.getAuthorizerResourceHandler(),
+        CoordinatorBasicAuthorizerResourceHandler.class,
+        DefaultBasicAuthorizerResourceHandler.class
+    );
   }
 
-  @Provides @LazySingleton
-  public static BasicAuthorizerCacheNotifier createAuthorizerCacheNotifier(final Injector injector)
+  @Provides
+  @LazySingleton
+  public static BasicAuthorizerCacheNotifier createAuthorizerCacheNotifier(
+      final Injector injector,
+      BasicAuthClassCompositionConfig config
+  ) throws ClassNotFoundException
   {
-    if (isCoordinator(injector)) {
-      return injector.getInstance(CoordinatorBasicAuthorizerCacheNotifier.class);
-    } else {
-      return null;
-    }
+    return getInstance(
+        injector,
+        config.getAuthorizerCacheNotifier(),
+        CoordinatorBasicAuthorizerCacheNotifier.class,
+        NoopBasicAuthorizerCacheNotifier.class
+    );
   }
 
   @Override
@@ -168,6 +214,29 @@ public List<? extends Module> getJacksonModules()
     );
   }
 
+  /**
+   * Returns the instance provided either by a config property or coordinator-run class or default class.
+   * The order of check corresponds to the order of method params.
+   */
+  private static <T> T getInstance(
+      Injector injector,
+      String configClassName,
+      Class<? extends T> classRunByCoordinator,
+      Class<? extends T> defaultClass
+  ) throws ClassNotFoundException
+  {
+    if (configClassName != null) {
+      // ClassCastException is thrown in case of a mismatch, configuration fix is required.
+      @SuppressWarnings("unchecked")
+      final T instance = (T) injector.getInstance(Class.forName(configClassName));
+      return instance;
+    }
+    if (isCoordinator(injector)) {
+      return injector.getInstance(classRunByCoordinator);
+    }
+    return injector.getInstance(defaultClass);
+  }
+
   private static boolean isCoordinator(Injector injector)
   {
     final String serviceName;

diff --git a/.../NoopBasicAuthenticatorCacheNotifier.java → .../NoopBasicAuthenticatorCacheNotifier.java b/.../NoopBasicAuthenticatorCacheNotifier.java → .../NoopBasicAuthenticatorCacheNotifier.java
@@ -17,15 +17,18 @@
  * under the License.
  */
 
-package io.druid.security.authentication;
-
-import io.druid.security.basic.authentication.db.cache.BasicAuthenticatorCacheNotifier;
+package io.druid.security.basic.authentication.db.cache;
 
+/**
+ * Noop basic authenticator cache notifier.
+ * No notification is sent on user udpate.
+ * Might be used as a config option to override default authenticator cache notifier.
+ */
 public class NoopBasicAuthenticatorCacheNotifier implements BasicAuthenticatorCacheNotifier
 {
   @Override
   public void addUpdate(String updatedAuthenticatorPrefix, byte[] updatedUserMap)
   {
-
+    // Do nothing as this is a noop implementation
   }
 }