diff --git a/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authentication/LdapUserPrincipal.java b/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authentication/LdapUserPrincipal.java index bb8845b8625d..649e4d235da0 100644 --- a/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authentication/LdapUserPrincipal.java +++ b/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authentication/LdapUserPrincipal.java @@ -92,9 +92,9 @@ public Instant getLastVerified() return lastVerified.get(); } - public boolean hasSameCredentials(char[] password) + public boolean hasSameCredentials(char[] password, PasswordHashGenerator hashGenerator) { - byte[] recalculatedHash = PasswordHashGenerator.computePasswordHash( + byte[] recalculatedHash = hashGenerator.getOrComputePasswordHash( password, this.credentials.getSalt(), this.credentials.getIterations() diff --git a/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authentication/validator/LDAPCredentialsValidator.java b/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authentication/validator/LDAPCredentialsValidator.java index 226904165fad..b3b52838bb3a 100644 --- a/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authentication/validator/LDAPCredentialsValidator.java +++ b/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authentication/validator/LDAPCredentialsValidator.java @@ -153,14 +153,13 @@ public AuthenticationResult validateCredentials( char[] password ) { - SearchResult userResult; - LdapName userDn; - Map contextMap = new HashMap<>(); + final SearchResult userResult; + final LdapName userDn; + final Map contextMap = new HashMap<>(); + final LdapUserPrincipal principal = this.cache.getOrExpire(username); - LdapUserPrincipal principal = this.cache.getOrExpire(username); - if (principal != null && principal.hasSameCredentials(password)) { + if (principal != null && principal.hasSameCredentials(password, hashGenerator)) { contextMap.put(BasicAuthUtils.SEARCH_RESULT_CONTEXT_KEY, principal.getSearchResult()); - return new AuthenticationResult(username, authorizerName, authenticatorName, contextMap); } else { ClassLoader currentClassLoader = Thread.currentThread().getContextClassLoader(); try { @@ -208,8 +207,8 @@ public AuthenticationResult validateCredentials( this.cache.put(username, newPrincipal); contextMap.put(BasicAuthUtils.SEARCH_RESULT_CONTEXT_KEY, userResult); - return new AuthenticationResult(username, authorizerName, authenticatorName, contextMap); } + return new AuthenticationResult(username, authorizerName, authenticatorName, contextMap); } /** diff --git a/extensions-core/druid-basic-security/src/test/java/org/apache/druid/security/authentication/validator/LDAPCredentialsValidatorTest.java b/extensions-core/druid-basic-security/src/test/java/org/apache/druid/security/authentication/validator/LDAPCredentialsValidatorTest.java index 577312b39c26..7a1ae2cc917b 100644 --- a/extensions-core/druid-basic-security/src/test/java/org/apache/druid/security/authentication/validator/LDAPCredentialsValidatorTest.java +++ b/extensions-core/druid-basic-security/src/test/java/org/apache/druid/security/authentication/validator/LDAPCredentialsValidatorTest.java @@ -36,7 +36,6 @@ import javax.naming.directory.SearchResult; import javax.naming.ldap.LdapContext; import javax.naming.spi.InitialContextFactory; - import java.util.Collections; import java.util.Hashtable; import java.util.Iterator; @@ -94,6 +93,7 @@ public void testValidateCredentials() properties ); validator.validateCredentials("ldap", "ldap", "validUser", "password".toCharArray()); + validator.validateCredentials("ldap", "ldap", "validUser", "password".toCharArray()); } public static class MockContextFactory implements InitialContextFactory diff --git a/extensions-core/druid-basic-security/src/test/java/org/apache/druid/security/authentication/validator/DBCredentialsValidatorTest.java b/extensions-core/druid-basic-security/src/test/java/org/apache/druid/security/basic/authentication/validator/MetadataStoreCredentialsValidatorTest.java similarity index 75% rename from extensions-core/druid-basic-security/src/test/java/org/apache/druid/security/authentication/validator/DBCredentialsValidatorTest.java rename to extensions-core/druid-basic-security/src/test/java/org/apache/druid/security/basic/authentication/validator/MetadataStoreCredentialsValidatorTest.java index 4cd6cb33ec73..2e80575f2bfd 100644 --- a/extensions-core/druid-basic-security/src/test/java/org/apache/druid/security/authentication/validator/DBCredentialsValidatorTest.java +++ b/extensions-core/druid-basic-security/src/test/java/org/apache/druid/security/basic/authentication/validator/MetadataStoreCredentialsValidatorTest.java @@ -17,7 +17,7 @@ * under the License. */ -package org.apache.druid.security.authentication.validator; +package org.apache.druid.security.basic.authentication.validator; import com.google.common.collect.ImmutableMap; import com.google.inject.Provider; @@ -28,28 +28,21 @@ import org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorCredentialUpdate; import org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorCredentials; import org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorUser; -import org.apache.druid.security.basic.authentication.validator.MetadataStoreCredentialsValidator; import org.apache.druid.server.security.Access; import org.apache.druid.server.security.AuthenticationResult; import org.easymock.EasyMock; import org.junit.Assert; -import org.junit.Rule; import org.junit.Test; -import org.junit.rules.ExpectedException; import java.util.Map; -public class DBCredentialsValidatorTest +public class MetadataStoreCredentialsValidatorTest { - - @Rule - public ExpectedException expectedException = ExpectedException.none(); - - private static BasicAuthenticatorCredentials USER_A_CREDENTIALS = new BasicAuthenticatorCredentials( + private static final BasicAuthenticatorCredentials USER_A_CREDENTIALS = new BasicAuthenticatorCredentials( new BasicAuthenticatorCredentialUpdate("helloworld", 20) ); - private static Provider CACHE_MANAGER_PROVIDER = Providers.of( + private static final Provider CACHE_MANAGER_PROVIDER = Providers.of( new BasicAuthenticatorCacheManager() { @Override @@ -69,9 +62,8 @@ public Map getUserMap(String authenticatorPrefix } ); - private static MetadataStoreCredentialsValidator validator = new MetadataStoreCredentialsValidator(CACHE_MANAGER_PROVIDER); - - + private static final MetadataStoreCredentialsValidator VALIDATOR + = new MetadataStoreCredentialsValidator(CACHE_MANAGER_PROVIDER); @Test public void validateBadAuthenticator() @@ -87,9 +79,11 @@ public void validateBadAuthenticator() MetadataStoreCredentialsValidator validator = new MetadataStoreCredentialsValidator(Providers.of(cacheManager)); - expectedException.expect(IAE.class); - expectedException.expectMessage("No userMap is available for authenticator with prefix: [notbasic]"); - validator.validateCredentials(authenticatorName, authorizerName, username, password.toCharArray()); + IAE exception = Assert.assertThrows( + IAE.class, + () -> validator.validateCredentials(authenticatorName, authorizerName, username, password.toCharArray()) + ); + Assert.assertEquals("No userMap is available for authenticator with prefix: [notbasic]", exception.getMessage()); EasyMock.verify(cacheManager); } @@ -102,7 +96,7 @@ public void validateMissingCredentials() String username = "userB"; String password = "helloworld"; - AuthenticationResult result = validator.validateCredentials(authenticatorName, authorizerName, username, password.toCharArray()); + AuthenticationResult result = VALIDATOR.validateCredentials(authenticatorName, authorizerName, username, password.toCharArray()); Assert.assertNull(result); } @@ -114,7 +108,7 @@ public void validateMissingUser() String username = "userC"; String password = "helloworld"; - AuthenticationResult result = validator.validateCredentials(authenticatorName, authorizerName, username, password.toCharArray()); + AuthenticationResult result = VALIDATOR.validateCredentials(authenticatorName, authorizerName, username, password.toCharArray()); Assert.assertNull(result); } @@ -126,7 +120,7 @@ public void validateGoodCredentials() String username = "userA"; String password = "helloworld"; - AuthenticationResult result = validator.validateCredentials(authenticatorName, authorizerName, username, password.toCharArray()); + AuthenticationResult result = VALIDATOR.validateCredentials(authenticatorName, authorizerName, username, password.toCharArray()); Assert.assertNotNull(result); Assert.assertEquals(username, result.getIdentity()); @@ -143,8 +137,10 @@ public void validateBadCredentials() String username = "userA"; String password = "badpassword"; - expectedException.expect(BasicSecurityAuthenticationException.class); - expectedException.expectMessage(Access.DEFAULT_ERROR_MESSAGE); - validator.validateCredentials(authenticatorName, authorizerName, username, password.toCharArray()); + Exception exception = Assert.assertThrows( + BasicSecurityAuthenticationException.class, + () -> VALIDATOR.validateCredentials(authenticatorName, authorizerName, username, password.toCharArray()) + ); + Assert.assertEquals(Access.DEFAULT_ERROR_MESSAGE, exception.getMessage()); } }