diff --git a/presto-main/pom.xml b/presto-main/pom.xml
index 72a7dd00d73d..9d1f400ea103 100644
--- a/presto-main/pom.xml
+++ b/presto-main/pom.xml
@@ -16,6 +16,33 @@
+
+ com.squareup.okhttp3
+ okhttp
+ 3.9.0
+
+
+ org.jetbrains.kotlin
+ kotlin-stdlib
+
+
+
+
+
+ net.jodah
+ failsafe
+
+
+
+ io.jsonwebtoken
+ jjwt-api
+
+
+
+ io.jsonwebtoken
+ jjwt-jackson
+
+
com.esri.geometry
esri-geometry-api
@@ -134,6 +161,12 @@
com.facebook.airlift
http-server
+
+
+ io.jsonwebtoken
+ jjwt
+
+
@@ -357,20 +390,6 @@
jts-core
-
- io.jsonwebtoken
- jjwt-api
-
-
- io.jsonwebtoken
- jjwt-impl
- runtime
-
-
- io.jsonwebtoken
- jjwt-jackson
-
-
org.apache.datasketches
datasketches-memory
@@ -514,6 +533,51 @@
mockwebserver
test
+
+
+ com.nimbusds
+ nimbus-jose-jwt
+ 9.14
+
+
+
+ com.nimbusds
+ oauth2-oidc-sdk
+ 9.18
+
+
+ org.aw2
+ asm
+
+
+
+
+ org.apache.commons
+ commons-lang3
+ 3.12.0
+ compile
+
+
+ io.jsonwebtoken
+ jjwt-impl
+ compile
+
+
+ org.testcontainers
+ testcontainers
+ test
+
+
+ org.testcontainers
+ postgresql
+
+
+ org.slf4j
+ slf4j-api
+
+
+ test
+
@@ -574,6 +638,9 @@
com.facebook.presto.testing.assertions
+
+ com/facebook/presto/server/MockHttpServletRequest
+
diff --git a/presto-main/src/main/java/com/facebook/presto/server/PrestoServer.java b/presto-main/src/main/java/com/facebook/presto/server/PrestoServer.java
index 87fc1c387e5d..aa74458f2fd6 100644
--- a/presto-main/src/main/java/com/facebook/presto/server/PrestoServer.java
+++ b/presto-main/src/main/java/com/facebook/presto/server/PrestoServer.java
@@ -19,7 +19,6 @@
import com.facebook.airlift.discovery.client.ServiceAnnouncement;
import com.facebook.airlift.event.client.HttpEventModule;
import com.facebook.airlift.event.client.JsonEventModule;
-import com.facebook.airlift.http.server.HttpServerModule;
import com.facebook.airlift.jaxrs.JaxrsModule;
import com.facebook.airlift.jmx.JmxHttpModule;
import com.facebook.airlift.jmx.JmxModule;
@@ -52,8 +51,8 @@
import com.facebook.presto.security.AccessControlManager;
import com.facebook.presto.security.AccessControlModule;
import com.facebook.presto.server.security.PasswordAuthenticatorManager;
-import com.facebook.presto.server.security.SecurityConfig;
import com.facebook.presto.server.security.PrestoAuthenticatorManager;
+import com.facebook.presto.server.security.SecurityConfig;
import com.facebook.presto.server.security.ServerSecurityModule;
import com.facebook.presto.server.security.oauth2.OAuth2Client;
import com.facebook.presto.sql.analyzer.FeaturesConfig;
@@ -151,7 +150,7 @@ public void run()
modules.addAll(getAdditionalModules());
- Bootstrap app = new Bootstrap(modules.build());
+ Bootstrap app = new Bootstrap((Module) modules.build());
try {
Injector injector = app.initialize();
diff --git a/presto-main/src/main/java/com/facebook/presto/server/security/AuthenticationFilter.java b/presto-main/src/main/java/com/facebook/presto/server/security/AuthenticationFilter.java
index 94b9bd78e140..8d7f5ded1707 100644
--- a/presto-main/src/main/java/com/facebook/presto/server/security/AuthenticationFilter.java
+++ b/presto-main/src/main/java/com/facebook/presto/server/security/AuthenticationFilter.java
@@ -16,9 +16,9 @@
import com.facebook.airlift.http.server.AuthenticationException;
import com.facebook.airlift.http.server.Authenticator;
import com.facebook.presto.ClientRequestFilterManager;
+import com.facebook.presto.server.security.oauth2.OAuth2Authenticator;
import com.facebook.presto.spi.ClientRequestFilter;
import com.facebook.presto.spi.PrestoException;
-import com.facebook.presto.server.security.oauth2.OAuth2Authenticator;
import com.google.common.base.Joiner;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableList;
@@ -49,10 +49,10 @@
import java.util.Set;
import java.util.stream.Collectors;
-import static com.facebook.presto.spi.StandardErrorCode.HEADER_MODIFICATION_ATTEMPT;
import static com.facebook.presto.server.WebUiResource.UI_ENDPOINT;
import static com.facebook.presto.server.security.oauth2.OAuth2CallbackResource.CALLBACK_ENDPOINT;
import static com.facebook.presto.server.security.oauth2.OAuth2TokenExchangeResource.TOKEN_ENDPOINT;
+import static com.facebook.presto.spi.StandardErrorCode.HEADER_MODIFICATION_ATTEMPT;
import static com.google.common.io.ByteStreams.copy;
import static com.google.common.io.ByteStreams.nullOutputStream;
import static com.google.common.net.HttpHeaders.WWW_AUTHENTICATE;
@@ -66,7 +66,7 @@ public class AuthenticationFilter
implements Filter
{
private static final String HTTPS_PROTOCOL = "https";
- private final List authenticators;
+ private static List authenticators;
private static boolean allowForwardedHttps;
private final ClientRequestFilterManager clientRequestFilterManager;
private final List headersBlockList = ImmutableList.of("X-Presto-Transaction-Id", "X-Presto-Started-Transaction-Id", "X-Presto-Clear-Transaction-Id", "X-Presto-Trace-Token");
@@ -86,10 +86,14 @@ public AuthenticationFilter(List authenticators, SecurityConfig s
}
@Override
- public void init(FilterConfig filterConfig) {}
+ public void init(FilterConfig filterConfig)
+ {
+ }
@Override
- public void destroy() {}
+ public void destroy()
+ {
+ }
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain nextFilter)
@@ -160,6 +164,12 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo
}
}
+ private boolean isWebUiRequest(HttpServletRequest request)
+ {
+ String pathInfo = request.getPathInfo();
+ return pathInfo == null || pathInfo.equals(UI_ENDPOINT) || pathInfo.startsWith("/ui");
+ }
+
public HttpServletRequest mergeExtraHeaders(HttpServletRequest request, Principal principal)
{
List clientRequestFilters = clientRequestFilterManager.getClientRequestFilters();
@@ -218,8 +228,7 @@ private boolean doesRequestSupportAuthentication(HttpServletRequest request)
public static ServletRequest withPrincipal(HttpServletRequest request, Principal principal)
{
requireNonNull(principal, "principal is null");
- return new HttpServletRequestWrapper(request)
- {
+ return new HttpServletRequestWrapper(request) {
@Override
public Principal getUserPrincipal()
{
@@ -284,25 +293,6 @@ public Enumeration getHeaders(String name)
return enumeration(ImmutableList.of(customHeaders.get(name)));
}
return super.getHeaders(name);
- }
-
- private boolean doesRequestSupportAuthentication(HttpServletRequest request)
- {
- if (isPublic(request)) {
- return false;
- }
- if (authenticators.isEmpty()) {
- return false;
- }
- if (request.isSecure()) {
- return true;
}
- return allowForwardedHttps && Strings.nullToEmpty(request.getHeader(HttpHeaders.X_FORWARDED_PROTO)).equalsIgnoreCase(HTTPS_PROTOCOL);
- }
-
- private boolean isWebUiRequest(HttpServletRequest request)
- {
- String pathInfo = request.getPathInfo();
- return pathInfo == null || pathInfo.equals(UI_ENDPOINT) || pathInfo.startsWith("/ui");
}
}
diff --git a/presto-main/src/main/java/com/facebook/presto/server/security/ServerSecurityModule.java b/presto-main/src/main/java/com/facebook/presto/server/security/ServerSecurityModule.java
index 064bdb3db8ee..cc2382be7174 100644
--- a/presto-main/src/main/java/com/facebook/presto/server/security/ServerSecurityModule.java
+++ b/presto-main/src/main/java/com/facebook/presto/server/security/ServerSecurityModule.java
@@ -18,6 +18,7 @@
import com.facebook.airlift.http.server.CertificateAuthenticator;
import com.facebook.airlift.http.server.KerberosAuthenticator;
import com.facebook.airlift.http.server.KerberosConfig;
+import com.facebook.airlift.http.server.TheServlet;
import com.facebook.presto.server.security.SecurityConfig.AuthenticationType;
import com.facebook.presto.server.security.oauth2.OAuth2AuthenticationSupportModule;
import com.facebook.presto.server.security.oauth2.OAuth2Authenticator;
@@ -27,6 +28,8 @@
import com.google.inject.Scopes;
import com.google.inject.multibindings.Multibinder;
+import javax.servlet.Filter;
+
import java.util.List;
import static com.facebook.airlift.configuration.ConfigBinder.configBinder;
@@ -34,8 +37,10 @@
import static com.facebook.presto.server.security.SecurityConfig.AuthenticationType.CUSTOM;
import static com.facebook.presto.server.security.SecurityConfig.AuthenticationType.JWT;
import static com.facebook.presto.server.security.SecurityConfig.AuthenticationType.KERBEROS;
+import static com.facebook.presto.server.security.SecurityConfig.AuthenticationType.OAUTH2;
import static com.facebook.presto.server.security.SecurityConfig.AuthenticationType.PASSWORD;
import static com.google.inject.multibindings.Multibinder.newSetBinder;
+import static com.google.inject.multibindings.OptionalBinder.newOptionalBinder;
public class ServerSecurityModule
extends AbstractConfigurationAwareModule
diff --git a/presto-main/src/test/java/com/facebook/presto/TestClientRequestFilterPlugin.java b/presto-main/src/test/java/com/facebook/presto/TestClientRequestFilterPlugin.java
index 0f7fcf750196..c25a13390c28 100644
--- a/presto-main/src/test/java/com/facebook/presto/TestClientRequestFilterPlugin.java
+++ b/presto-main/src/test/java/com/facebook/presto/TestClientRequestFilterPlugin.java
@@ -16,7 +16,9 @@
import com.facebook.airlift.http.server.Authenticator;
import com.facebook.presto.server.MockHttpServletRequest;
import com.facebook.presto.server.security.AuthenticationFilter;
+import com.facebook.presto.server.security.DefaultWebUiAuthenticationManager;
import com.facebook.presto.server.security.SecurityConfig;
+import com.facebook.presto.server.security.WebUiAuthenticationManager;
import com.facebook.presto.server.testing.TestingPrestoServer;
import com.facebook.presto.spi.ClientRequestFilter;
import com.facebook.presto.spi.ClientRequestFilterFactory;
@@ -38,6 +40,8 @@
public class TestClientRequestFilterPlugin
{
+ private final WebUiAuthenticationManager webUiAuthenticationManager = new DefaultWebUiAuthenticationManager();
+
@Test
public void testCustomRequestFilterWithHeaders() throws Exception
{
@@ -112,7 +116,7 @@ private AuthenticationFilter setupAuthenticationFilter(List authenticators = createAuthenticators();
SecurityConfig securityConfig = createSecurityConfig();
- return new AuthenticationFilter(authenticators, securityConfig, clientRequestFilterManager);
+ return new AuthenticationFilter(authenticators, securityConfig, webUiAuthenticationManager, clientRequestFilterManager);
}
}
diff --git a/presto-main/src/test/java/com/facebook/presto/server/MockHttpServletRequest.java b/presto-main/src/test/java/com/facebook/presto/server/MockHttpServletRequest.java
index bf26dfe635d9..793f566ec943 100644
--- a/presto-main/src/test/java/com/facebook/presto/server/MockHttpServletRequest.java
+++ b/presto-main/src/test/java/com/facebook/presto/server/MockHttpServletRequest.java
@@ -52,6 +52,7 @@ public class MockHttpServletRequest
private final ListMultimap headers;
private final String remoteAddress;
private final Map attributes;
+ private final String requestUrl;
public MockHttpServletRequest(ListMultimap headers, String remoteAddress, Map attributes)
{
@@ -67,10 +68,11 @@ public MockHttpServletRequest(ListMultimap headers)
this(headers, DEFAULT_ADDRESS, ImmutableMap.of());
}
- public MockHttpServletRequest(ListMultimap headers, String remoteAddress, String requestUrl)
+ public MockHttpServletRequest(ListMultimap headers, String remoteAddress, String requestUrl, Map attributes)
{
this.headers = ImmutableListMultimap.copyOf(requireNonNull(headers, "headers is null"));
this.remoteAddress = requireNonNull(remoteAddress, "remoteAddress is null");
+ this.attributes = attributes;
this.requestUrl = requireNonNull(requestUrl, "requestUrl is null");
}
diff --git a/presto-main/src/test/java/com/facebook/presto/server/security/oauth2/TestOAuth2Utils.java b/presto-main/src/test/java/com/facebook/presto/server/security/oauth2/TestOAuth2Utils.java
index 0d21db65f4ec..ab4154b26561 100644
--- a/presto-main/src/test/java/com/facebook/presto/server/security/oauth2/TestOAuth2Utils.java
+++ b/presto-main/src/test/java/com/facebook/presto/server/security/oauth2/TestOAuth2Utils.java
@@ -15,6 +15,7 @@
import com.facebook.presto.server.MockHttpServletRequest;
import com.google.common.collect.ImmutableListMultimap;
+import com.google.common.collect.ImmutableMap;
import org.testng.annotations.Test;
import javax.servlet.http.HttpServletRequest;
@@ -33,7 +34,8 @@ public void testGetSchemeUriBuilderNoProtoHeader()
ImmutableListMultimap.builder()
.build(),
"testRemote",
- "http://www.example.com");
+ "http://www.example.com",
+ ImmutableMap.of());
UriBuilder builder = getSchemeUriBuilder(request);
assertEquals(builder.build().getScheme(), "http");
@@ -47,7 +49,8 @@ public void testGetSchemeUriBuilderProtoHeader()
.put(X_FORWARDED_PROTO, "https")
.build(),
"testRemote",
- "http://www.example.com");
+ "http://www.example.com",
+ ImmutableMap.of());
UriBuilder builder = getSchemeUriBuilder(request);
assertEquals(builder.build().getScheme(), "https");
diff --git a/presto-native-execution/pom.xml b/presto-native-execution/pom.xml
index 79271d2bb3ca..0a39b87951d4 100644
--- a/presto-native-execution/pom.xml
+++ b/presto-native-execution/pom.xml
@@ -51,6 +51,12 @@
com.facebook.presto
presto-main
+
+
+ org.apache.commons
+ commons-lang3
+
+
@@ -68,6 +74,12 @@
com.facebook.presto
presto-tests
+
+
+ org.apache.commons
+ commons-lang3
+
+