brooklyn-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From aleds...@apache.org
Subject brooklyn-server git commit: BROOKLYN-417: default to no-auth
Date Wed, 21 Dec 2016 16:12:49 GMT
Repository: brooklyn-server
Updated Branches:
  refs/heads/0.10.0 41561635e -> 9dcd2d349


BROOKLYN-417: default to no-auth


Project: http://git-wip-us.apache.org/repos/asf/brooklyn-server/repo
Commit: http://git-wip-us.apache.org/repos/asf/brooklyn-server/commit/9dcd2d34
Tree: http://git-wip-us.apache.org/repos/asf/brooklyn-server/tree/9dcd2d34
Diff: http://git-wip-us.apache.org/repos/asf/brooklyn-server/diff/9dcd2d34

Branch: refs/heads/0.10.0
Commit: 9dcd2d3498c989c2dd7449ccc22f2533ac05eb73
Parents: 4156163
Author: Aled Sage <aled.sage@gmail.com>
Authored: Wed Dec 21 14:02:12 2016 +0000
Committer: Aled Sage <aled.sage@gmail.com>
Committed: Wed Dec 21 15:49:45 2016 +0000

----------------------------------------------------------------------
 .../brooklyn/launcher/BrooklynLauncher.java     | 44 ++++++++++----------
 .../brooklyn/launcher/BrooklynLauncherTest.java | 38 +++++++++++++++++
 .../org/apache/brooklyn/util/http/HttpTool.java |  2 +-
 3 files changed, 62 insertions(+), 22 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/9dcd2d34/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynLauncher.java
----------------------------------------------------------------------
diff --git a/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynLauncher.java b/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynLauncher.java
index 1b8e193..fe17b89 100644
--- a/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynLauncher.java
+++ b/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynLauncher.java
@@ -32,6 +32,7 @@ import org.apache.brooklyn.api.location.Location;
 import org.apache.brooklyn.api.location.PortRange;
 import org.apache.brooklyn.api.mgmt.ManagementContext;
 import org.apache.brooklyn.core.config.ConfigPredicates;
+import org.apache.brooklyn.core.config.Sanitizer;
 import org.apache.brooklyn.core.entity.trait.Startable;
 import org.apache.brooklyn.core.internal.BrooklynProperties;
 import org.apache.brooklyn.core.location.PortRanges;
@@ -123,7 +124,7 @@ public class BrooklynLauncher extends BasicLauncher<BrooklynLauncher>
{
     }
 
     public BrooklynLauncher installSecurityFilter(Boolean val) {
-        this.skipSecurityFilter = val == null ? null : !val;
+        this.skipSecurityFilter = (val == null ? null : !val);
         return this;
     }
 
@@ -283,31 +284,32 @@ public class BrooklynLauncher extends BasicLauncher<BrooklynLauncher>
{
         // The security provider will let anyone in, but still require a password to be entered.
         // Skip password request dialog if we know the provider will let users through.
         boolean anyoneSecurityProvider = AnyoneSecurityProvider.class.getName().equals(securityProvider);
+        boolean noSecurityOptions = BrooklynWebConfig.hasNoSecurityOptions(managementContext.getConfig());
+        boolean skipSecurity = Boolean.TRUE.equals(skipSecurityFilter) || anyoneSecurityProvider
|| noSecurityOptions;
 
         // No security options in properties and no command line options overriding.
-        if (Boolean.TRUE.equals(skipSecurityFilter) && bindAddress==null) {
-            LOG.info("Starting Brooklyn web-console on loopback because security is explicitly
disabled and no bind address specified");
-            bindAddress = Networking.LOOPBACK;
-        } else if (BrooklynWebConfig.hasNoSecurityOptions(managementContext.getConfig()))
{
-            LOG.info("No security provider options specified. Define a security provider
or users to prevent a random password being created and logged.");
-            
-            if (bindAddress==null) {
-                LOG.info("Starting Brooklyn web-console with passwordless access on localhost
and protected access from any other interfaces (no bind address specified)");
+        if (Boolean.TRUE.equals(skipSecurityFilter)) {
+            if (bindAddress == null) {
+                LOG.info("Starting Brooklyn web-console with security explicitly disabled,
on loopback because no bind address specified");
+                bindAddress = Networking.LOOPBACK;
             } else {
-                if (Arrays.equals(new byte[] { 127, 0, 0, 1 }, bindAddress.getAddress()))
{ 
-                    LOG.info("Starting Brooklyn web-console with passwordless access on localhost");
-                } else if (Arrays.equals(new byte[] { 0, 0, 0, 0 }, bindAddress.getAddress()))
{ 
-                    LOG.info("Starting Brooklyn web-console with passwordless access on localhost
and random password (logged) required from any other interfaces");
-                } else { 
-                    LOG.info("Starting Brooklyn web-console with passwordless access on localhost
(if permitted) and random password (logged) required from any other interfaces");
-                }
+                LOG.info("Starting Brooklyn web-console with security explicitly disabled,
on bind address {}", bindAddress.getHostAddress());
             }
-            brooklynProperties.put(
-                    BrooklynWebConfig.SECURITY_PROVIDER_INSTANCE,
-                    new BrooklynUserWithRandomPasswordSecurityProvider(managementContext));
+
+        } else if (anyoneSecurityProvider) {
+            String bindAddressMsg = (bindAddress == null ? "<any>" : bindAddress.getHostAddress());
+            LOG.info("Starting Brooklyn web-console with AnyoneSecurityProvider (no authentication),
on bind address {}", bindAddressMsg);
+            
+        } else if (noSecurityOptions) {
+            String bindAddressMsg = (bindAddress == null ? "<any>" : bindAddress.getHostAddress());
+            LOG.info("Starting Brooklyn web-console with no security options (defaulting
to no authentication), on bind address {}", bindAddressMsg);
+
         } else {
-            LOG.debug("Starting Brooklyn using security properties: "+brooklynProperties.submap(ConfigPredicates.nameStartsWith(BrooklynWebConfig.BASE_NAME_SECURITY)).asMapWithStringKeys());
+            String bindAddressMsg = (bindAddress == null ? "<any>" : bindAddress.getHostAddress());
+            Map<?,?> securityProps = brooklynProperties.submap(ConfigPredicates.nameStartsWith(BrooklynWebConfig.BASE_NAME_SECURITY)).asMapWithStringKeys();
+            LOG.debug("Starting Brooklyn (bind address {}), using security properties: {}",
bindAddressMsg, Sanitizer.sanitize(securityProps));
         }
+        
         if (bindAddress == null) bindAddress = Networking.ANY_NIC;
 
         LOG.debug("Starting Brooklyn web-console with bindAddress "+bindAddress+" and properties
"+brooklynProperties);
@@ -319,7 +321,7 @@ public class BrooklynLauncher extends BasicLauncher<BrooklynLauncher>
{
             if (useHttps!=null) webServer.setHttpsEnabled(useHttps);
             webServer.setShutdownHandler(shutdownHandler);
             webServer.putAttributes(brooklynProperties);
-            webServer.skipSecurity(Boolean.TRUE.equals(skipSecurityFilter) || anyoneSecurityProvider);
+            webServer.skipSecurity(skipSecurity);
             for (WebAppContextProvider webapp : webApps) {
                 webServer.addWar(webapp);
             }

http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/9dcd2d34/launcher/src/test/java/org/apache/brooklyn/launcher/BrooklynLauncherTest.java
----------------------------------------------------------------------
diff --git a/launcher/src/test/java/org/apache/brooklyn/launcher/BrooklynLauncherTest.java
b/launcher/src/test/java/org/apache/brooklyn/launcher/BrooklynLauncherTest.java
index b70c1fe..fe5eda6 100644
--- a/launcher/src/test/java/org/apache/brooklyn/launcher/BrooklynLauncherTest.java
+++ b/launcher/src/test/java/org/apache/brooklyn/launcher/BrooklynLauncherTest.java
@@ -42,11 +42,16 @@ import org.apache.brooklyn.core.test.entity.TestApplicationImpl;
 import org.apache.brooklyn.core.test.entity.TestEntity;
 import org.apache.brooklyn.launcher.common.BrooklynPropertiesFactoryHelperTest;
 import org.apache.brooklyn.location.localhost.LocalhostMachineProvisioningLocation;
+import org.apache.brooklyn.rest.BrooklynWebConfig;
 import org.apache.brooklyn.util.http.HttpAsserts;
+import org.apache.brooklyn.util.http.HttpTool;
+import org.apache.brooklyn.util.http.HttpToolResponse;
 import org.apache.brooklyn.util.io.FileUtil;
 import org.apache.brooklyn.util.net.Urls;
 import org.apache.brooklyn.util.os.Os;
 import org.apache.brooklyn.util.text.Strings;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.http.client.methods.HttpGet;
 import org.testng.Assert;
 import org.testng.annotations.AfterMethod;
 import org.testng.annotations.Test;
@@ -102,6 +107,39 @@ public class BrooklynLauncherTest {
         assertEquals(webappTempDir.getAbsolutePath(), expectedTempDir);
     }
     
+    // Integration because takes a few seconds to start web-console
+    @Test(groups="Integration")
+    public void testStartsWebServerWithoutAuthentication() throws Exception {
+        launcher = newLauncherForTests(true)
+                .start();
+        String uri = launcher.getServerDetails().getWebServerUrl();
+        
+        HttpToolResponse response = HttpTool.execAndConsume(HttpTool.httpClientBuilder().build(),
new HttpGet(uri));
+        assertEquals(response.getResponseCode(), 200);
+    }
+    
+    // Integration because takes a few seconds to start web-console
+    @Test(groups="Integration")
+    public void testStartsWebServerWithCredentials() throws Exception {
+        launcher = newLauncherForTests(true)
+                .webconsolePort("10000+")
+                .brooklynProperties(BrooklynWebConfig.USERS, "myname")
+                .brooklynProperties(BrooklynWebConfig.PASSWORD_FOR_USER("myname"), "mypassword")
+                .start();
+        String uri = launcher.getServerDetails().getWebServerUrl();
+        
+        HttpToolResponse response = HttpTool.execAndConsume(HttpTool.httpClientBuilder().build(),
new HttpGet(uri));
+        assertEquals(response.getResponseCode(), 401);
+        
+        HttpToolResponse response2 = HttpTool.execAndConsume(
+                HttpTool.httpClientBuilder()
+                        .uri(uri)
+                        .credentials(new UsernamePasswordCredentials("myname", "mypassword"))
+                        .build(), 
+                new HttpGet(uri));
+        assertEquals(response2.getResponseCode(), 200);
+    }
+    
     @Test
     public void testCanDisableWebServerStartup() throws Exception {
         launcher = newLauncherForTests(true)

http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/9dcd2d34/utils/common/src/main/java/org/apache/brooklyn/util/http/HttpTool.java
----------------------------------------------------------------------
diff --git a/utils/common/src/main/java/org/apache/brooklyn/util/http/HttpTool.java b/utils/common/src/main/java/org/apache/brooklyn/util/http/HttpTool.java
index bff9dfc..6ee3040 100644
--- a/utils/common/src/main/java/org/apache/brooklyn/util/http/HttpTool.java
+++ b/utils/common/src/main/java/org/apache/brooklyn/util/http/HttpTool.java
@@ -315,7 +315,7 @@ public class HttpTool {
             this.credentials = checkNotNull(val, "credentials");
             return this;
         }
-        public HttpClientBuilder credential(Optional<Credentials> val) {
+        public HttpClientBuilder credential(Optional<? extends Credentials> val) {
             if (val.isPresent()) credentials = val.get();
             return this;
         }


Mime
View raw message