You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@brooklyn.apache.org by he...@apache.org on 2016/11/16 18:29:15 UTC
[5/6] brooklyn-server git commit: set session/cookie on some server
requests so client gets it early
set session/cookie on some server requests so client gets it early
helps establish csrf protection. done in /server/user and /server/up/extended,
the two main places which an interactive app will hit early.
Project: http://git-wip-us.apache.org/repos/asf/brooklyn-server/repo
Commit: http://git-wip-us.apache.org/repos/asf/brooklyn-server/commit/30a2d852
Tree: http://git-wip-us.apache.org/repos/asf/brooklyn-server/tree/30a2d852
Diff: http://git-wip-us.apache.org/repos/asf/brooklyn-server/diff/30a2d852
Branch: refs/heads/master
Commit: 30a2d8524d7eb920766728cef20fa893f3bd42b4
Parents: c8186f8
Author: Alex Heneveld <al...@cloudsoftcorp.com>
Authored: Sun Nov 13 13:33:48 2016 +0000
Committer: Alex Heneveld <al...@cloudsoftcorp.com>
Committed: Sun Nov 13 09:39:52 2016 -0700
----------------------------------------------------------------------
.../src/main/java/org/apache/brooklyn/rest/api/ServerApi.java | 6 ++++--
.../org/apache/brooklyn/rest/resources/ServerResource.java | 6 ++++++
2 files changed, 10 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/30a2d852/rest/rest-api/src/main/java/org/apache/brooklyn/rest/api/ServerApi.java
----------------------------------------------------------------------
diff --git a/rest/rest-api/src/main/java/org/apache/brooklyn/rest/api/ServerApi.java b/rest/rest-api/src/main/java/org/apache/brooklyn/rest/api/ServerApi.java
index 90a195a..0b56e3c 100644
--- a/rest/rest-api/src/main/java/org/apache/brooklyn/rest/api/ServerApi.java
+++ b/rest/rest-api/src/main/java/org/apache/brooklyn/rest/api/ServerApi.java
@@ -109,7 +109,8 @@ public interface ServerApi {
@GET
@Path("/up/extended")
- @ApiOperation(value = "Returns extended server-up information, a map including up (/up), shuttingDown (/shuttingDown), healthy (/healthy), and ha (/ha/states) (qv)")
+ @ApiOperation(value = "Returns extended server-up information, a map including up (/up), shuttingDown (/shuttingDown), healthy (/healthy), and ha (/ha/states) (qv)"
+ + "; also forces a session, so a useful general-purpose call for a UI client to do when starting")
public Map<String,Object> getUpExtended();
@GET
@@ -198,7 +199,8 @@ public interface ServerApi {
@GET
@Path("/user")
- @ApiOperation(value = "Return user information for this Brooklyn instance",
+ @ApiOperation(value = "Return user information for this Brooklyn instance"
+ + "; also forces a session, so a useful general-purpose call for a UI client to do when starting",
response = String.class,
responseContainer = "List")
public String getUser();
http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/30a2d852/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/resources/ServerResource.java
----------------------------------------------------------------------
diff --git a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/resources/ServerResource.java b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/resources/ServerResource.java
index 7be07de..cfed891 100644
--- a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/resources/ServerResource.java
+++ b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/resources/ServerResource.java
@@ -30,6 +30,7 @@ import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.concurrent.atomic.AtomicBoolean;
+import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@@ -94,6 +95,9 @@ public class ServerResource extends AbstractBrooklynRestResource implements Serv
@Context
private ContextResolver<ShutdownHandler> shutdownHandler;
+ @Context
+ private HttpServletRequest request;
+
@Override
public void reloadBrooklynProperties() {
if (Entitlements.isEntitled(mgmt().getEntitlementManager(), Entitlements.SEE_ALL_SERVER_INFO, null)) {
@@ -365,6 +369,7 @@ public class ServerResource extends AbstractBrooklynRestResource implements Serv
@Override
public Map<String,Object> getUpExtended() {
+ request.getSession();
return MutableMap.<String,Object>of(
"up", isUp(),
"shuttingDown", isShuttingDown(),
@@ -451,6 +456,7 @@ public class ServerResource extends AbstractBrooklynRestResource implements Serv
@Override
public String getUser() {
+ request.getSession();
EntitlementContext entitlementContext = Entitlements.getEntitlementContext();
if (entitlementContext!=null && entitlementContext.user()!=null){
return entitlementContext.user();