brooklyn-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From henev...@apache.org
Subject [01/16] git commit: launcher defaults to passwordless for localhost if no security, irrespective of bind address
Date Sun, 19 Oct 2014 00:59:48 GMT
Repository: incubator-brooklyn
Updated Branches:
  refs/heads/master 94128c8b9 -> 02bd0a866


launcher defaults to passwordless for localhost if no security, irrespective of bind address


Project: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/commit/306b0274
Tree: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/tree/306b0274
Diff: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/diff/306b0274

Branch: refs/heads/master
Commit: 306b0274247053cb907a3c8183480b763578dac0
Parents: 6c50853
Author: Alex Heneveld <alex.heneveld@cloudsoftcorp.com>
Authored: Mon Oct 6 23:08:14 2014 -0700
Committer: Alex Heneveld <alex.heneveld@cloudsoftcorp.com>
Committed: Sat Oct 18 01:34:00 2014 +0100

----------------------------------------------------------------------
 .../event/feed/AttributePollHandler.java        |  2 +-
 .../brooklyn/launcher/BrooklynLauncher.java     | 25 +++++++++++---------
 2 files changed, 15 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/306b0274/core/src/main/java/brooklyn/event/feed/AttributePollHandler.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/brooklyn/event/feed/AttributePollHandler.java b/core/src/main/java/brooklyn/event/feed/AttributePollHandler.java
index 4ff1a49..42349dd 100644
--- a/core/src/main/java/brooklyn/event/feed/AttributePollHandler.java
+++ b/core/src/main/java/brooklyn/event/feed/AttributePollHandler.java
@@ -176,7 +176,7 @@ public class AttributePollHandler<V> implements PollHandler<V>
{
                 if (expiryTime <= nowTime) {
                     currentProblemLoggedAsWarning = true;
                     log.warn("Read of " + getBriefDescription() + " gave " + type + 
-                            " (grace period expired, occurring for "+Duration.millis(nowTime
- currentProblemStartTimeCache)+", " +
+                            " (grace period expired, occurring for "+Duration.millis(nowTime
- currentProblemStartTimeCache)+
                             (config.hasExceptionHandler() ? "" : ", no exception handler
set for sensor")+
                             ")"+
                             ": " + val);

http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/306b0274/usage/launcher/src/main/java/brooklyn/launcher/BrooklynLauncher.java
----------------------------------------------------------------------
diff --git a/usage/launcher/src/main/java/brooklyn/launcher/BrooklynLauncher.java b/usage/launcher/src/main/java/brooklyn/launcher/BrooklynLauncher.java
index 29a951f..d6dd8a1 100644
--- a/usage/launcher/src/main/java/brooklyn/launcher/BrooklynLauncher.java
+++ b/usage/launcher/src/main/java/brooklyn/launcher/BrooklynLauncher.java
@@ -732,12 +732,21 @@ public class BrooklynLauncher {
 
     protected void startWebApps() {
         // No security options in properties and no command line options overriding.
-        if (Boolean.TRUE.equals(skipSecurityFilter) && isTrivialBindAddress(bindAddress))
{
-            LOG.info("Starting Brooklyn web-console on loopback because security is explicitly
disabled and not binding to public address");
+        if (Boolean.TRUE.equals(skipSecurityFilter) && bindAddress==null) {
+            LOG.info("Starting Brooklyn web-console on loopback because security is explicitly
disabled and no bind address specified");
             bindAddress = Networking.LOOPBACK;
-        } else if (BrooklynWebConfig.hasNoSecurityOptions(brooklynProperties) &&
isTrivialBindAddress(bindAddress)) {
-            LOG.info("Starting Brooklyn web-console with passwordless access on localhost
and protected access from any other interfaces");
-            bindAddress = Networking.ANY_NIC;
+        } else if (BrooklynWebConfig.hasNoSecurityOptions(brooklynProperties)) {
+            if (bindAddress==null) {
+                LOG.info("Starting Brooklyn web-console with passwordless access on localhost
and protected access from any other interfaces (no bind address specified)");
+            } else {
+                if (Arrays.equals(new byte[] { 127, 0, 0, 1 }, bindAddress.getAddress()))
{ 
+                    LOG.info("Starting Brooklyn web-console with passwordless access on localhost");
+                } else if (Arrays.equals(new byte[] { 0, 0, 0, 0 }, bindAddress.getAddress()))
{ 
+                    LOG.info("Starting Brooklyn web-console with passwordless access on localhost
and random password (logged) required from any other interfaces");
+                } else { 
+                    LOG.info("Starting Brooklyn web-console with passwordless access on localhost
(if permitted) and random password (logged) required from any other interfaces");
+                }
+            }
             brooklynProperties.put(
                     BrooklynWebConfig.SECURITY_PROVIDER_CLASSNAME,
                     BrooklynUserWithRandomPasswordSecurityProvider.class.getName());
@@ -765,12 +774,6 @@ public class BrooklynLauncher {
         }
     }
 
-    protected boolean isTrivialBindAddress(InetAddress bindAddress) {
-        if (bindAddress==null) return true;
-        if (Arrays.equals(new byte[] { 127, 0, 0, 1 }, bindAddress.getAddress())) return
true;
-        return false;
-    }
-
     protected void initPersistence() {
         // Prepare the rebind directory, and initialise the RebindManager as required
         final PersistenceObjectStore objectStore;


Mime
View raw message