brooklyn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (BROOKLYN-51) Remote access without configuring a username and password
Date Tue, 09 Sep 2014 11:15:29 GMT

    [ https://issues.apache.org/jira/browse/BROOKLYN-51?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14126883#comment-14126883
] 

ASF GitHub Bot commented on BROOKLYN-51:
----------------------------------------

Github user sjcorbett commented on a diff in the pull request:

    https://github.com/apache/incubator-brooklyn/pull/154#discussion_r17294137
  
    --- Diff: usage/launcher/src/main/java/brooklyn/launcher/BrooklynLauncher.java ---
    @@ -595,16 +597,18 @@ private void handleSubsystemStartupError(boolean ignoreSuchErrors,
String system
         }
     
         protected void startWebApps() {
    -        if (BrooklynWebConfig.hasNoSecurityOptions(brooklynProperties)) {
    -            if (bindAddress==null) {
    -                LOG.info("Starting brooklyn web-console on loopback interface because
no security config is set");
    -                bindAddress = Networking.LOOPBACK;
    -            }
    -            if (skipSecurityFilter==null) {
    -                LOG.debug("Starting brooklyn web-console without security because we
are loopback and no security is set");
    -                skipSecurityFilter = true;
    -            }
    +        // No security options in properties and no command line options overriding.
    +        if (Boolean.TRUE.equals(skipSecurityFilter) && bindAddress == null) {
    +            LOG.info("Starting Brooklyn web-console on loopback because security is explicitly
disabled and no bind address was given");
    +            bindAddress = Networking.LOOPBACK;
    +        } else if (BrooklynWebConfig.hasNoSecurityOptions(brooklynProperties) &&
bindAddress == null) {
    +            LOG.info("Starting Brooklyn web-console with passwordless access on localhost
and protected access from other interfaces");
    +            bindAddress = Networking.ANY_NIC;
    +            brooklynProperties.put(
    +                    BrooklynWebConfig.SECURITY_PROVIDER_CLASSNAME,
    +                    BrooklynUserWithRandomPasswordSecurityProvider.class.getName());
    --- End diff --
    
    Yes. Reloading properties after modifying `brooklyn.webconsole.security.provider` will
not cause the new provider to be used because `DelegatingSecurityProvider` caches its delegate.
It would be fairly straightforward to incorporate this - `DelegatingSecurityProvider` can
just check that the classname of its delegate matches the value from the management context's
property, and reload if there is a difference.



> Remote access without configuring a username and password
> ---------------------------------------------------------
>
>                 Key: BROOKLYN-51
>                 URL: https://issues.apache.org/jira/browse/BROOKLYN-51
>             Project: Brooklyn
>          Issue Type: Sub-task
>    Affects Versions: 0.7.0-M1
>            Reporter: Richard Downer
>            Assignee: Sam Corbett
>             Fix For: 0.7.0
>
>
> By default, if Brooklyn is not configured with a username+password in brooklyn.properties,
Brooklyn will *only* bind to the localhost interface, refusing connections from the network.
> To ease first time users starting Brooklyn on a server, change Brooklyn to:
> 1. Always bind on all interfaces;
> 2. If no username and password is configured, generate one randomly and print the details
to the console
> 3. Additionally, if no username and password is configured, continue to allow passwordless
logins on the localhost interface.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message