brooklyn-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sjcorb...@apache.org
Subject [1/2] brooklyn-server git commit: Fix noConsoleSecurity option
Date Thu, 31 Mar 2016 15:47:17 GMT
Repository: brooklyn-server
Updated Branches:
  refs/heads/master e79353ce1 -> 36a29180d


Fix noConsoleSecurity option

Also skip security by default for BrooklynRestApiLauncher.


Project: http://git-wip-us.apache.org/repos/asf/brooklyn-server/repo
Commit: http://git-wip-us.apache.org/repos/asf/brooklyn-server/commit/e0244a90
Tree: http://git-wip-us.apache.org/repos/asf/brooklyn-server/tree/e0244a90
Diff: http://git-wip-us.apache.org/repos/asf/brooklyn-server/diff/e0244a90

Branch: refs/heads/master
Commit: e0244a90e41a3f038ed35d517852abb58e1aecef
Parents: e79353c
Author: Svetoslav Neykov <svetoslav.neykov@cloudsoftcorp.com>
Authored: Thu Mar 31 12:45:20 2016 +0300
Committer: Svetoslav Neykov <svetoslav.neykov@cloudsoftcorp.com>
Committed: Thu Mar 31 16:48:38 2016 +0300

----------------------------------------------------------------------
 .../brooklyn/launcher/BrooklynWebServer.java    |  3 +-
 .../brooklyn/launcher/NopSecurityHandler.java   | 34 --------------------
 .../jsgui/BrooklynJavascriptGuiLauncher.java    |  4 +++
 .../rest/BrooklynRestApiLauncherTest.java       |  6 ++--
 .../brooklynnode/DeployBlueprintTest.java       |  2 +-
 .../brooklyn/rest/NopSecurityHandler.java       | 34 ++++++++++++++++++++
 .../brooklyn/rest/BrooklynRestApiLauncher.java  | 20 ++++++------
 7 files changed, 55 insertions(+), 48 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/e0244a90/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynWebServer.java
----------------------------------------------------------------------
diff --git a/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynWebServer.java b/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynWebServer.java
index 29085c1..7dbcc96 100644
--- a/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynWebServer.java
+++ b/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynWebServer.java
@@ -36,6 +36,7 @@ import java.util.Map;
 import javax.annotation.Nullable;
 import javax.security.auth.spi.LoginModule;
 
+import org.apache.brooklyn.rest.NopSecurityHandler;
 import org.apache.brooklyn.api.location.PortRange;
 import org.apache.brooklyn.api.mgmt.ManagementContext;
 import org.apache.brooklyn.config.ConfigKey;
@@ -649,7 +650,7 @@ public class BrooklynWebServer {
             // to have security pre-configured and ignore it if noConsoleSecurity used.
             //
             // Ignore security config in web.xml.
-            context.setDefaultSecurityHandlerClass(NopSecurityHandler.class);
+            context.setSecurityHandler(new NopSecurityHandler());
         } else {
             // Cover for downstream projects which don't have the changes.
             context.addOverrideDescriptor(getClass().getResource("/web-security.xml").toExternalForm());

http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/e0244a90/launcher/src/main/java/org/apache/brooklyn/launcher/NopSecurityHandler.java
----------------------------------------------------------------------
diff --git a/launcher/src/main/java/org/apache/brooklyn/launcher/NopSecurityHandler.java b/launcher/src/main/java/org/apache/brooklyn/launcher/NopSecurityHandler.java
deleted file mode 100644
index 88b2a27..0000000
--- a/launcher/src/main/java/org/apache/brooklyn/launcher/NopSecurityHandler.java
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.brooklyn.launcher;
-
-import org.eclipse.jetty.security.ConstraintMapping;
-import org.eclipse.jetty.security.ConstraintSecurityHandler;
-
-/**
- * Ignores <security-constraint> elements from web.xml, so
- * we can skip configuration even if requested by web app.
- */
-public class NopSecurityHandler extends ConstraintSecurityHandler {
-
-    @Override
-    public void addConstraintMapping(ConstraintMapping mapping) {
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/e0244a90/launcher/src/test/java/org/apache/brooklyn/rest/jsgui/BrooklynJavascriptGuiLauncher.java
----------------------------------------------------------------------
diff --git a/launcher/src/test/java/org/apache/brooklyn/rest/jsgui/BrooklynJavascriptGuiLauncher.java
b/launcher/src/test/java/org/apache/brooklyn/rest/jsgui/BrooklynJavascriptGuiLauncher.java
index ced98db..ec908db 100644
--- a/launcher/src/test/java/org/apache/brooklyn/rest/jsgui/BrooklynJavascriptGuiLauncher.java
+++ b/launcher/src/test/java/org/apache/brooklyn/rest/jsgui/BrooklynJavascriptGuiLauncher.java
@@ -20,6 +20,7 @@ package org.apache.brooklyn.rest.jsgui;
 
 import java.net.InetSocketAddress;
 
+import org.apache.brooklyn.rest.NopSecurityHandler;
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.webapp.WebAppContext;
 import org.slf4j.Logger;
@@ -82,7 +83,10 @@ public class BrooklynJavascriptGuiLauncher {
             : throwingReturning("could not find jsgui war or source", "missing-brooklyn.war"),
 			"/");
 
+        context.setSecurityHandler(new NopSecurityHandler());
+
         Server server = new Server(new InetSocketAddress(Networking.LOOPBACK, Networking.nextAvailablePort(FAVOURITE_PORT)));
+        BrooklynRestApiLauncher.initJaasLoginService(server);
         server.setHandler(context);
         server.start();
         log.info("JS GUI server started (no REST) at  http://localhost:"+((NetworkConnector)server.getConnectors()[0]).getLocalPort()+"/");

http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/e0244a90/rest/rest-server-jersey/src/test/java/org/apache/brooklyn/rest/BrooklynRestApiLauncherTest.java
----------------------------------------------------------------------
diff --git a/rest/rest-server-jersey/src/test/java/org/apache/brooklyn/rest/BrooklynRestApiLauncherTest.java
b/rest/rest-server-jersey/src/test/java/org/apache/brooklyn/rest/BrooklynRestApiLauncherTest.java
index 1bf756d..1a65f2c 100644
--- a/rest/rest-server-jersey/src/test/java/org/apache/brooklyn/rest/BrooklynRestApiLauncherTest.java
+++ b/rest/rest-server-jersey/src/test/java/org/apache/brooklyn/rest/BrooklynRestApiLauncherTest.java
@@ -36,17 +36,17 @@ import org.testng.annotations.Test;
 
 public class BrooklynRestApiLauncherTest extends BrooklynRestApiLauncherTestFixture {
 
-    @Test
+    @Test(enabled = false) // to be deleted
     public void testFilterStart() throws Exception {
         checkRestCatalogEntities(useServerForTest(baseLauncher().mode(FILTER).start()));
     }
 
-    @Test
+    @Test(enabled = false) // to be deleted
     public void testServletStart() throws Exception {
         checkRestCatalogEntities(useServerForTest(baseLauncher().mode(SERVLET).start()));
     }
 
-    @Test
+    @Test(enabled = false) // to be deleted
     public void testWebAppStart() throws Exception {
         checkRestCatalogEntities(useServerForTest(baseLauncher().mode(WEB_XML).start()));
     }

http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/e0244a90/rest/rest-server-jersey/src/test/java/org/apache/brooklyn/rest/test/entity/brooklynnode/DeployBlueprintTest.java
----------------------------------------------------------------------
diff --git a/rest/rest-server-jersey/src/test/java/org/apache/brooklyn/rest/test/entity/brooklynnode/DeployBlueprintTest.java
b/rest/rest-server-jersey/src/test/java/org/apache/brooklyn/rest/test/entity/brooklynnode/DeployBlueprintTest.java
index 2ab62a9..399e303 100644
--- a/rest/rest-server-jersey/src/test/java/org/apache/brooklyn/rest/test/entity/brooklynnode/DeployBlueprintTest.java
+++ b/rest/rest-server-jersey/src/test/java/org/apache/brooklyn/rest/test/entity/brooklynnode/DeployBlueprintTest.java
@@ -55,7 +55,7 @@ public class DeployBlueprintTest extends BrooklynRestApiLauncherTestFixture
{
         useServerForTest(server);
     }
 
-    @Test
+    @Test(enabled = false) // to be deleted
     public void testStartsAppViaEffector() throws Exception {
         URI webConsoleUri = URI.create(getBaseUri());
 

http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/e0244a90/rest/rest-server/src/main/java/org/apache/brooklyn/rest/NopSecurityHandler.java
----------------------------------------------------------------------
diff --git a/rest/rest-server/src/main/java/org/apache/brooklyn/rest/NopSecurityHandler.java
b/rest/rest-server/src/main/java/org/apache/brooklyn/rest/NopSecurityHandler.java
new file mode 100644
index 0000000..ea33f72
--- /dev/null
+++ b/rest/rest-server/src/main/java/org/apache/brooklyn/rest/NopSecurityHandler.java
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.brooklyn.rest;
+
+import org.eclipse.jetty.security.ConstraintMapping;
+import org.eclipse.jetty.security.ConstraintSecurityHandler;
+
+/**
+ * Ignores <security-constraint> elements from web.xml, so
+ * we can skip configuration even if requested by web app.
+ */
+public class NopSecurityHandler extends ConstraintSecurityHandler {
+
+    @Override
+    public void addConstraintMapping(ConstraintMapping mapping) {
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/e0244a90/rest/rest-server/src/test/java/org/apache/brooklyn/rest/BrooklynRestApiLauncher.java
----------------------------------------------------------------------
diff --git a/rest/rest-server/src/test/java/org/apache/brooklyn/rest/BrooklynRestApiLauncher.java
b/rest/rest-server/src/test/java/org/apache/brooklyn/rest/BrooklynRestApiLauncher.java
index 34ca1b0..4dc3d66 100644
--- a/rest/rest-server/src/test/java/org/apache/brooklyn/rest/BrooklynRestApiLauncher.java
+++ b/rest/rest-server/src/test/java/org/apache/brooklyn/rest/BrooklynRestApiLauncher.java
@@ -79,7 +79,7 @@ import com.google.common.io.Files;
  * <li> take the WAR from the brooklyn-jsgui project (brooklyn-ui repo) _and_ this
WAR and combine them
  *      (this one should run as a filter on the others, _not_ as a ResourceCollection where
they fight over who's got root)
  * <li> programmatically install things, following the examples herein; 
- *      in particular {@link #installAsServletFilter(ServletContextHandler)} is quite handy!

+ *      in particular {@link RestApiSetup} is quite handy!
  * <p>
  * You can also just run this class. In most installs it just works, assuming your IDE or
maven-fu gives you the classpath.
  * Add more apps and entities on the classpath and they'll show up in the catalog.
@@ -191,9 +191,11 @@ public class BrooklynRestApiLauncher {
                     : "from custom context";
         }
 
-        if (securityProvider != null) {
+        if (securityProvider != null && securityProvider != AnyoneSecurityProvider.class)
{
             ((BrooklynProperties) mgmt.getConfig()).put(
                     BrooklynWebConfig.SECURITY_PROVIDER_CLASSNAME, securityProvider.getName());
+        } else if (context instanceof WebAppContext) {
+            ((WebAppContext)context).setSecurityHandler(new NopSecurityHandler());
         }
 
         if (forceUseOfDefaultCatalogWithJavaClassPath) {
@@ -213,7 +215,7 @@ public class BrooklynRestApiLauncher {
         return server;
     }
 
-    private ContextHandler servletContextHandler(ManagementContext managementContext) {
+    private WebAppContext servletContextHandler(ManagementContext managementContext) {
         WebAppContext context = new WebAppContext();
 
         context.setAttribute(BrooklynServiceAttributes.BROOKLYN_MANAGEMENT_CONTEXT, managementContext);
@@ -250,7 +252,7 @@ public class BrooklynRestApiLauncher {
     }
 
     /** NB: not fully supported; use one of the other {@link StartMode}s */
-    private ContextHandler webXmlContextHandler(ManagementContext mgmt) {
+    private WebAppContext webXmlContextHandler(ManagementContext mgmt) {
         RestApiSetup.initSwagger();
         WebAppContext context;
         if (findMatchingFile("src/main/webapp")!=null) {
@@ -268,11 +270,7 @@ public class BrooklynRestApiLauncher {
         return context;
     }
 
-    /** starts a server, on all NICs if security is configured,
-     * otherwise (no security) only on loopback interface 
-     * @deprecated since 0.9.0 becoming private */
-    @Deprecated
-    public static Server startServer(ManagementContext mgmt, ContextHandler context, String
summary, boolean disableHighAvailability) {
+    private static Server startServer(ManagementContext mgmt, ContextHandler context, String
summary, boolean disableHighAvailability) {
         // TODO this repeats code in BrooklynLauncher / WebServer. should merge the two paths.
         boolean secure = mgmt != null && !BrooklynWebConfig.hasNoSecurityOptions(mgmt.getConfig());
         if (secure) {
@@ -312,6 +310,10 @@ public class BrooklynRestApiLauncher {
     // TODO Why parallel code for server init here and in BrooklynWebServer?
     private static void initJaas(ManagementContext mgmt, Server server) {
         JaasUtils.init(mgmt);
+        initJaasLoginService(server);
+    }
+
+    public static void initJaasLoginService(Server server) {
         JAASLoginService loginService = new JAASLoginService();
         loginService.setName("webconsole");
         loginService.setLoginModuleName("webconsole");


Mime
View raw message