[Issue apache#658] create auth-http-basic security module

eventmesh-runtime/build.gradle

@@ -34,6 +34,7 @@ dependencies {
     implementation project(":eventmesh-connector-plugin:eventmesh-connector-standalone")
     implementation project(":eventmesh-security-plugin:eventmesh-security-api")
     implementation project(":eventmesh-security-plugin:eventmesh-security-acl")
+    implementation project(":eventmesh-security-plugin:eventmesh-security-auth-http-basic")
     implementation project(":eventmesh-registry-plugin:eventmesh-registry-api")
     implementation project(":eventmesh-admin:eventmesh-admin-rocketmq")
 

eventmesh-runtime/src/main/java/org/apache/eventmesh/runtime/core/consumergroup/ConsumerGroupTopicConf.java

@@ -24,7 +24,6 @@
 import java.util.Objects;
 import java.util.Set;
 
-import org.apache.eventmesh.runtime.core.urlauth.AuthType;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -58,7 +57,7 @@ public class ConsumerGroupTopicConf {
     /**
      * url auth type
      */
-    private Map<String, AuthType> UrlAuthTypeMap = Maps.newConcurrentMap();
+    private Map<String, String> httpAuthTypeMap = Maps.newConcurrentMap();
 
     @Override
     public boolean equals(Object o) {
@@ -133,7 +132,7 @@ public void setUrls(Set<String> urls) {
         this.urls = urls;
     }
 
-    public Map<String, AuthType> getUrlAuthTypeMap() {
-        return UrlAuthTypeMap;
+    public Map<String, String> getHttpAuthTypeMap() {
+        return httpAuthTypeMap;
     }
 }

eventmesh-runtime/src/main/java/org/apache/eventmesh/runtime/core/plugin/HttpAuthWrapper.java

@@ -0,0 +1,37 @@
+package org.apache.eventmesh.runtime.core.plugin;
+
+import org.apache.eventmesh.api.auth.AuthService;
+import org.apache.eventmesh.spi.EventMeshExtensionFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+public class HttpAuthWrapper {
+
+    private static final Logger logger = LoggerFactory.getLogger(HttpAuthWrapper.class);
+
+    private static Map<String, AuthService> authServices = new ConcurrentHashMap<>();
+
+    public static AuthService getHttpAuthPlugin(String pluginType) {
+        if (authServices.containsKey(pluginType)) {
+            return authServices.get(pluginType);
+        }
+
+        AuthService authService = EventMeshExtensionFactory.getExtension(AuthService.class, pluginType);
+
+        if (authService == null) {
+            logger.error("can't load the authService plugin, please check.");
+            throw new RuntimeException("doesn't load the authService plugin, please check.");
+        }
+        try {
+            authService.init();
+            authServices.put(pluginType, authService);
+            return authService;
+        } catch (Exception e) {
+            logger.error("Error in initializing authService", e);
+        }
+        return null;
+    }
+}

eventmesh-runtime/src/main/java/org/apache/eventmesh/runtime/core/protocol/http/push/AbstractHTTPPushRequest.java

@@ -17,9 +17,12 @@
 
 package org.apache.eventmesh.runtime.core.protocol.http.push;
 
+import org.apache.commons.lang3.StringUtils;
+import org.apache.eventmesh.api.auth.AuthService;
 import org.apache.eventmesh.runtime.boot.EventMeshHTTPServer;
 import org.apache.eventmesh.runtime.configuration.EventMeshHTTPConfiguration;
 import org.apache.eventmesh.runtime.constants.EventMeshConstants;
+import org.apache.eventmesh.runtime.core.plugin.HttpAuthWrapper;
 import org.apache.eventmesh.runtime.core.protocol.http.consumer.HandleMsgContext;
 import org.apache.eventmesh.runtime.core.protocol.http.retry.HttpRetryer;
 import org.apache.eventmesh.runtime.core.protocol.http.retry.RetryContext;
@@ -34,6 +37,7 @@
 import java.util.concurrent.atomic.AtomicBoolean;
 
 import com.google.common.collect.Lists;
+import org.apache.http.message.BasicHeader;
 
 public abstract class AbstractHTTPPushRequest extends RetryContext {
 
@@ -127,4 +131,19 @@ public void timeout() {
             delayRetry();
         }
     }
+
+    public Map<String, String> getHttpAuth(String url) {
+        String httpAuthType = handleMsgContext.getConsumerGroupConfig().getConsumerGroupTopicConf()
+            .get(handleMsgContext.getTopic()).getHttpAuthTypeMap().get(url);
+
+        if (StringUtils.isEmpty(httpAuthType)) {
+            return null;
+        }
+        AuthService authService = HttpAuthWrapper.getHttpAuthPlugin("auth-http-basic");
+        if (authService != null) {
+            return authService.getAuthParams();
+        } else {
+            return null;
+        }
+    }
 }

eventmesh-runtime/src/main/java/org/apache/eventmesh/runtime/core/protocol/http/push/AsyncHTTPPushRequest.java

@@ -34,8 +34,6 @@
 import org.apache.eventmesh.protocol.api.ProtocolPluginFactory;
 import org.apache.eventmesh.runtime.constants.EventMeshConstants;
 import org.apache.eventmesh.runtime.core.protocol.http.consumer.HandleMsgContext;
-import org.apache.eventmesh.runtime.core.urlauth.UrlAuthFactory;
-import org.apache.eventmesh.runtime.core.urlauth.AuthType;
 import org.apache.eventmesh.runtime.util.EventMeshUtil;
 
 import org.apache.commons.lang3.StringUtils;
@@ -48,6 +46,7 @@
 import org.apache.http.client.ResponseHandler;
 import org.apache.http.client.entity.UrlEncodedFormEntity;
 import org.apache.http.client.methods.HttpPost;
+import org.apache.http.message.BasicHeader;
 import org.apache.http.message.BasicNameValuePair;
 import org.apache.http.util.EntityUtils;
 
@@ -171,12 +170,10 @@ public void tryHTTPRequest() {
         builder.setHeader("WebHook-Request-Origin", webHookOrigin);
 
         // For Webhook url authentication
-        AuthType urlAuthType = handleMsgContext.getConsumerGroupConfig().getConsumerGroupTopicConf()
-            .get(handleMsgContext.getTopic()).getUrlAuthTypeMap().get(currPushUrl);
-        Header authHeader = UrlAuthFactory.getProvider(urlAuthType).getAuthHeader();
-        if (authHeader != null) {
-            builder.addHeader(authHeader);
-        }
+       Map<String, String> authParam = getHttpAuth(currPushUrl);
+       if (authParam != null) {
+           authParam.forEach((k, v) -> builder.addHeader(new BasicHeader(k, v)));
+       }
 
         eventMeshHTTPServer.metrics.getSummaryMetrics().recordPushMsg();
 

eventmesh-security-plugin/eventmesh-security-api/build.gradle

@@ -16,6 +16,8 @@
  */
 
 dependencies {
+    implementation 'org.slf4j:slf4j-api'
+
     api project(":eventmesh-spi")
 
     testImplementation project(":eventmesh-spi")

eventmesh-runtime/src/main/java/org/apache/eventmesh/runtime/core/urlauth/NoneUrlAuthProvider.java → eventmesh-security-plugin/eventmesh-security-api/src/main/java/org/apache/eventmesh/api/auth/AuthService.java

@@ -15,14 +15,22 @@
  * limitations under the License.
  */
 
-package org.apache.eventmesh.runtime.core.urlauth;
+package org.apache.eventmesh.api.auth;
 
-import org.apache.http.Header;
+import org.apache.eventmesh.api.exception.AuthException;
+import org.apache.eventmesh.spi.EventMeshExtensionType;
+import org.apache.eventmesh.spi.EventMeshSPI;
 
-@AuthProvider(authType = AuthType.NONE)
-public class NoneUrlAuthProvider implements UrlAuth {
-    @Override
-    public Header getAuthHeader() {
-        return null;
-    }
+import java.util.Map;
+
+@EventMeshSPI(isSingleton = true, eventMeshExtensionType = EventMeshExtensionType.SECURITY)
+public interface AuthService {
+
+    void init() throws AuthException;
+
+    void start() throws AuthException;
+
+    void shutdown() throws AuthException;
+
+    Map getAuthParams() throws AuthException;
 }

eventmesh-security-plugin/eventmesh-security-api/src/main/java/org/apache/eventmesh/api/common/ConfigurationWrapper.java

@@ -0,0 +1,58 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.eventmesh.api.common;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileReader;
+import java.io.IOException;
+import java.net.URL;
+import java.util.Properties;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class ConfigurationWrapper {
+
+    private static Logger logger = LoggerFactory.getLogger("ConfigurationWrapper");
+
+    private static final String EVENTMESH_CONFIG_HOME = System.getProperty("confPath", System.getenv("confPath"));
+
+    public static Properties getConfig(String configFile) {
+        String configFilePath;
+
+        // get from classpath
+        URL resource = ConfigurationWrapper.class.getClassLoader().getResource(configFile);
+        if (resource != null && new File(resource.getPath()).exists()) {
+            configFilePath = resource.getPath();
+        } else {
+            // get from config home
+            configFilePath = EVENTMESH_CONFIG_HOME + File.separator + configFile;
+        }
+
+        logger.info("loading auth config: {}", configFilePath);
+        Properties properties = new Properties();
+        try {
+            properties.load(new BufferedReader(new FileReader(configFilePath)));
+        } catch (IOException e) {
+            throw new IllegalArgumentException(
+                    String.format("Cannot load RocketMQ configuration file from :%s", configFilePath));
+        }
+        return properties;
+    }
+}

eventmesh-runtime/src/main/java/org/apache/eventmesh/runtime/core/urlauth/UrlAuthFactory.java → eventmesh-security-plugin/eventmesh-security-api/src/main/java/org/apache/eventmesh/api/exception/AuthException.java

@@ -15,14 +15,18 @@
  * limitations under the License.
  */
 
-package org.apache.eventmesh.runtime.core.urlauth;
+package org.apache.eventmesh.api.exception;
 
-public class UrlAuthFactory {
-
-    public static UrlAuth getProvider(AuthType authType) {
+/**
+ * HttpAuthException
+ */
+public class AuthException extends RuntimeException {
 
-        Reflections reflections = new Reflectioins()
+    public AuthException(String message) {
+        super(message);
+    }
 
-        return new NoneUrlAuthProvider();
+    public AuthException(String message, Throwable cause) {
+        super(message, cause);
     }
 }

eventmesh-runtime/src/main/java/org/apache/eventmesh/runtime/core/urlauth/UrlAuth.java → eventmesh-security-plugin/eventmesh-security-auth-http-basic/build.gradle

@@ -15,12 +15,8 @@
  * limitations under the License.
  */
 
-package org.apache.eventmesh.runtime.core.urlauth;
+dependencies {
+    implementation project(":eventmesh-security-plugin:eventmesh-security-api")
 
-import org.apache.http.Header;
-
-public interface UrlAuth {
-
-    AuthType
-    Header getAuthHeader();
-}
+    testImplementation project(":eventmesh-security-plugin:eventmesh-security-api")
+}

eventmesh-security-plugin/eventmesh-security-auth-http-basic/gradle.properties

@@ -0,0 +1,18 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+pluginType=security
+pluginName=auth-http-basic

eventmesh-security-plugin/eventmesh-security-auth-http-basic/src/main/java/org/apache/eventmesh/auth/http/basic/config/AuthConfigs.java

@@ -0,0 +1,24 @@
+package org.apache.eventmesh.auth.http.basic.config;
+
+import org.apache.eventmesh.api.common.ConfigurationWrapper;
+
+import java.util.Properties;
+
+public class AuthConfigs {
+
+    public String username;
+
+    public String password;
+
+    private static AuthConfigs instance;
+
+    public static synchronized AuthConfigs getConfigs() {
+        if (instance == null) {
+            Properties props = ConfigurationWrapper.getConfig("auth-http-basic.properties");
+            instance = new AuthConfigs();
+            instance.username = props.getProperty("auth.username");
+            instance.password = props.getProperty("auth.password");
+        }
+        return instance;
+    }
+}