You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@brooklyn.apache.org by he...@apache.org on 2019/01/16 02:12:12 UTC
[brooklyn-server] 32/49: Updated dependencies and test corrected
This is an automated email from the ASF dual-hosted git repository.
heneveld pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/brooklyn-server.git
commit 1402f10139922c1d50cafa65af6461851af17cb0
Author: Juan Cabrerizo <ju...@cloudsoft.io>
AuthorDate: Thu Jan 10 10:22:23 2019 +0000
Updated dependencies and test corrected
---
.../rest/filter/EntitlementContextFilter.java | 41 +++++++++++++++++-----
.../rest/filter/EntitlementContextFilterTest.java | 2 +-
software/winrm/pom.xml | 8 +++++
3 files changed, 42 insertions(+), 9 deletions(-)
diff --git a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/EntitlementContextFilter.java b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/EntitlementContextFilter.java
index c7a9a5c..58ba340 100644
--- a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/EntitlementContextFilter.java
+++ b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/EntitlementContextFilter.java
@@ -23,35 +23,60 @@ import java.security.Principal;
import javax.annotation.Priority;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.core.Context;
+import javax.ws.rs.core.Request;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.ext.Provider;
+import org.apache.brooklyn.api.mgmt.entitlement.EntitlementContext;
import org.apache.brooklyn.core.mgmt.entitlement.Entitlements;
import org.apache.brooklyn.core.mgmt.entitlement.WebEntitlementContext;
+import org.apache.brooklyn.util.text.Strings;
@Provider
@Priority(400)
public class EntitlementContextFilter implements ContainerRequestFilter, ContainerResponseFilter {
@Context
private HttpServletRequest request;
-
+
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
+ String userName = null;
+
+ // first see if there is a principal
SecurityContext securityContext = requestContext.getSecurityContext();
Principal user = securityContext.getUserPrincipal();
+ if (user!=null) {
+ userName = user.getName();
+ } else {
+
+ // now look in session attribute - because principals hard to set from javax filter
+ if (request!=null) {
+ HttpSession s = request.getSession(false);
+ if (s!=null) {
+ userName = Strings.toString(s.getAttribute(
+ BrooklynSecurityProviderFilterHelper.AUTHENTICATED_USER_SESSION_ATTRIBUTE));
+ }
+ }
+ }
+
+ if (userName != null) {
+ EntitlementContext oldEntitlement = Entitlements.getEntitlementContext();
+ if (oldEntitlement!=null && !userName.equals(oldEntitlement.user())) {
+ throw new IllegalStateException("Illegal entitement context switch, from user "+oldEntitlement.user()+" to "+userName);
+ }
+
+ String uri = request.getRequestURI();
+ String remoteAddr = request.getRemoteAddr();
- if (user != null) {
- String uri = request.getRequestURI();
- String remoteAddr = request.getRemoteAddr();
-
- String uid = RequestTaggingRsFilter.getTag();
- WebEntitlementContext entitlementContext = new WebEntitlementContext(user.getName(), remoteAddr, uri, uid);
- Entitlements.setEntitlementContext(entitlementContext);
+ String uid = RequestTaggingRsFilter.getTag();
+ WebEntitlementContext entitlementContext = new WebEntitlementContext(userName, remoteAddr, uri, uid);
+ Entitlements.setEntitlementContext(entitlementContext);
}
}
diff --git a/rest/rest-resources/src/test/java/org/apache/brooklyn/rest/filter/EntitlementContextFilterTest.java b/rest/rest-resources/src/test/java/org/apache/brooklyn/rest/filter/EntitlementContextFilterTest.java
index 7b75428..b266bd4 100644
--- a/rest/rest-resources/src/test/java/org/apache/brooklyn/rest/filter/EntitlementContextFilterTest.java
+++ b/rest/rest-resources/src/test/java/org/apache/brooklyn/rest/filter/EntitlementContextFilterTest.java
@@ -63,7 +63,7 @@ public class EntitlementContextFilterTest extends BrooklynRestResourceTest {
@Override
protected void addBrooklynResources() {
- addResource(new BrooklynSecurityProviderFilterHelper());
+ addResource(new BrooklynSecurityProviderFilterJersey());
addResource(new RequestTaggingRsFilter());
addResource(new EntitlementContextFilter());
addResource(new EntitlementResource());
diff --git a/software/winrm/pom.xml b/software/winrm/pom.xml
index b4a3f7e..8882c03 100644
--- a/software/winrm/pom.xml
+++ b/software/winrm/pom.xml
@@ -52,6 +52,14 @@
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-core</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-transports-http</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<!--