You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@aurora.apache.org by Maxim Khutornenko <ma...@apache.org> on 2015/05/21 23:15:16 UTC
Review Request 34566: Adding H2 management console.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/
-----------------------------------------------------------
Review request for Aurora, Joshua Cohen and Kevin Sweeney.
Bugs: AURORA-1287
https://issues.apache.org/jira/browse/AURORA-1287
Repository: aurora
Description
-------
Adding support for connecting to H2 DB via management console: http://www.h2database.com/html/quickstart.html
The DB turns on basic authentication when a "-db_authentication_file" is provided (similar to "-framework_authentication_file"). The TCP server is then started to proxy H2 management console requests.
Vagrant example URL: jdbc:h2:tcp://192.168.33.7:9092/mem:aurora
Diffs
-----
config/legacy_untested_classes.txt f50b812459bd6b59d1a03e6814caa2daae133fe9
examples/vagrant/provision-dev-cluster.sh 853ccac35f2befa31716a9ed686df650cd913c90
examples/vagrant/upstart/aurora-scheduler-kerberos.conf 414539b1917b5d33c577f1539575934c7f7c8167
examples/vagrant/upstart/aurora-scheduler.conf f4b867cbbcdbcc792518c2f90807834e47dce253
src/main/java/org/apache/aurora/SecurityUtils.java PRE-CREATION
src/main/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModule.java 54608c8f819b65186ea0d000fc01b9538d5cb4ee
src/main/java/org/apache/aurora/scheduler/storage/db/DbModule.java 436d3841b9361df4db98a2217e61abb95e6e6bab
src/test/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModuleTest.java 9e176882246b48ac87bf35c77ac8c449a0a53352
Diff: https://reviews.apache.org/r/34566/diff/
Testing
-------
./gradlew -Pq build
Connecting to H2 in Vagrant.
Thanks,
Maxim Khutornenko
Re: Review Request 34566: Adding H2 management console.
Posted by Aurora ReviewBot <wf...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review84794
-----------------------------------------------------------
Ship it!
Master (998993d) is green with this patch.
./build-support/jenkins/build.sh
I will refresh this build result if you post a review containing "@ReviewBot retry"
- Aurora ReviewBot
On May 21, 2015, 9:15 p.m., Maxim Khutornenko wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> -----------------------------------------------------------
>
> (Updated May 21, 2015, 9:15 p.m.)
>
>
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
>
>
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
>
>
> Repository: aurora
>
>
> Description
> -------
>
> Adding support for connecting to H2 DB via management console: http://www.h2database.com/html/quickstart.html
>
> The DB turns on basic authentication when a "-db_authentication_file" is provided (similar to "-framework_authentication_file"). The TCP server is then started to proxy H2 management console requests.
>
> Vagrant example URL: jdbc:h2:tcp://192.168.33.7:9092/mem:aurora
>
>
> Diffs
> -----
>
> config/legacy_untested_classes.txt f50b812459bd6b59d1a03e6814caa2daae133fe9
> examples/vagrant/provision-dev-cluster.sh 853ccac35f2befa31716a9ed686df650cd913c90
> examples/vagrant/upstart/aurora-scheduler-kerberos.conf 414539b1917b5d33c577f1539575934c7f7c8167
> examples/vagrant/upstart/aurora-scheduler.conf f4b867cbbcdbcc792518c2f90807834e47dce253
> src/main/java/org/apache/aurora/SecurityUtils.java PRE-CREATION
> src/main/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModule.java 54608c8f819b65186ea0d000fc01b9538d5cb4ee
> src/main/java/org/apache/aurora/scheduler/storage/db/DbModule.java 436d3841b9361df4db98a2217e61abb95e6e6bab
> src/test/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModuleTest.java 9e176882246b48ac87bf35c77ac8c449a0a53352
>
> Diff: https://reviews.apache.org/r/34566/diff/
>
>
> Testing
> -------
>
> ./gradlew -Pq build
> Connecting to H2 in Vagrant.
>
>
> Thanks,
>
> Maxim Khutornenko
>
>
Re: Review Request 34566: Adding H2 management console.
Posted by Joshua Cohen <jc...@apache.org>.
> On June 4, 2015, 4:36 p.m., Joshua Cohen wrote:
> > src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilter.java, lines 78-80
> > <https://reviews.apache.org/r/34566/diff/2/?file=977711#file977711line78>
> >
> > Why don't need this anymore?
Er, ignore this, I meant to delete after I read through the rest of the diff ;).
- Joshua
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review86634
-----------------------------------------------------------
On June 3, 2015, 10:08 p.m., Maxim Khutornenko wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> -----------------------------------------------------------
>
> (Updated June 3, 2015, 10:08 p.m.)
>
>
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
>
>
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
>
>
> Repository: aurora
>
>
> Description
> -------
>
> Adding support for connecting to H2 DB via management console: http://www.h2database.com/html/quickstart.html
>
> The H2 console servlet is put behind Shiro. Users are expected to have `h2_management_console` permission or be a member of admin role to access the console.
>
> Vagrant example JDBC URL: jdbc:h2:mem:aurora
>
>
> Diffs
> -----
>
> src/main/java/org/apache/aurora/scheduler/http/H2ConsoleModule.java PRE-CREATION
> src/main/java/org/apache/aurora/scheduler/http/JettyServerModule.java 16515f6ce4518e0d7eec27dfcde6fe036ee05d1d
> src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java 079ff5d2c30cc94bf4aef97cd4d791d480ebeab9
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroIniParser.java 0163ba1a6df647a644948a42f772bd838c2146ef
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilter.java 28e6b98b39a073251bfae483575edd9635ae783a
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilter.java PRE-CREATION
> src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java PRE-CREATION
> src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java 6743d06be828247b1c3a232aea145b0a0c492eca
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptorTest.java 33783c88b7c6c1a7343f3271523a7db39c73e4a1
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilterTest.java e335a439a6ccc301cf7c93e138c90660fbfdc6d0
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilterTest.java PRE-CREATION
> src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 6e9e3b2a8d731e51d0d55d0a5075b6d2d51a02ac
>
> Diff: https://reviews.apache.org/r/34566/diff/
>
>
> Testing
> -------
>
> ./gradlew -Pq build
> ./src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh
> Connecting to H2 in Vagrant.
>
>
> Thanks,
>
> Maxim Khutornenko
>
>
Re: Review Request 34566: Adding H2 management console.
Posted by Maxim Khutornenko <ma...@apache.org>.
> On June 4, 2015, 4:36 p.m., Joshua Cohen wrote:
> > src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java, lines 136-141
> > <https://reviews.apache.org/r/34566/diff/2/?file=977709#file977709line136>
> >
> > Do you foresee us exposing other authorized servlets in this manner? If so, how does this scale in those cases? Might it make sense to extract something that can act on a set of servlet/auth configuration rather than explicitly listing each servlet for each switch case?
> >
> > A TODO acknowledging that we'd want to address if/when we add more is probably fine for now.
I am hesitant to refactor without seeing more use cases first. The registration order is important here and having all filters close by really helps. Punting for now as any attempt to refactor will add verbosity and reduce readability.
> On June 4, 2015, 4:36 p.m., Joshua Cohen wrote:
> > src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java, line 36
> > <https://reviews.apache.org/r/34566/diff/2/?file=977713#file977713line36>
> >
> > Use constant for this?
> >
> > assertEquals(ClientResponse.Status.OK.getStatusCode(), response.getStatus())
Done.
> On June 4, 2015, 4:36 p.m., Joshua Cohen wrote:
> > src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java, line 303
> > <https://reviews.apache.org/r/34566/diff/2/?file=977714#file977714line303>
> >
> > Same here and below.
Done.
- Maxim
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review86634
-----------------------------------------------------------
On June 3, 2015, 10:08 p.m., Maxim Khutornenko wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> -----------------------------------------------------------
>
> (Updated June 3, 2015, 10:08 p.m.)
>
>
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
>
>
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
>
>
> Repository: aurora
>
>
> Description
> -------
>
> Adding support for connecting to H2 DB via management console: http://www.h2database.com/html/quickstart.html
>
> The H2 console servlet is put behind Shiro. Users are expected to have `h2_management_console` permission or be a member of admin role to access the console.
>
> Vagrant example JDBC URL: jdbc:h2:mem:aurora
>
>
> Diffs
> -----
>
> src/main/java/org/apache/aurora/scheduler/http/H2ConsoleModule.java PRE-CREATION
> src/main/java/org/apache/aurora/scheduler/http/JettyServerModule.java 16515f6ce4518e0d7eec27dfcde6fe036ee05d1d
> src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java 079ff5d2c30cc94bf4aef97cd4d791d480ebeab9
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroIniParser.java 0163ba1a6df647a644948a42f772bd838c2146ef
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilter.java 28e6b98b39a073251bfae483575edd9635ae783a
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilter.java PRE-CREATION
> src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java PRE-CREATION
> src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java 6743d06be828247b1c3a232aea145b0a0c492eca
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptorTest.java 33783c88b7c6c1a7343f3271523a7db39c73e4a1
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilterTest.java e335a439a6ccc301cf7c93e138c90660fbfdc6d0
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilterTest.java PRE-CREATION
> src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 6e9e3b2a8d731e51d0d55d0a5075b6d2d51a02ac
>
> Diff: https://reviews.apache.org/r/34566/diff/
>
>
> Testing
> -------
>
> ./gradlew -Pq build
> ./src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh
> Connecting to H2 in Vagrant.
>
>
> Thanks,
>
> Maxim Khutornenko
>
>
Re: Review Request 34566: Adding H2 management console.
Posted by Joshua Cohen <jc...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review86634
-----------------------------------------------------------
src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java
<https://reviews.apache.org/r/34566/#comment138681>
Do you foresee us exposing other authorized servlets in this manner? If so, how does this scale in those cases? Might it make sense to extract something that can act on a set of servlet/auth configuration rather than explicitly listing each servlet for each switch case?
A TODO acknowledging that we'd want to address if/when we add more is probably fine for now.
src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilter.java
<https://reviews.apache.org/r/34566/#comment138682>
Why don't need this anymore?
src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java
<https://reviews.apache.org/r/34566/#comment138689>
Use constant for this?
assertEquals(ClientResponse.Status.OK.getStatusCode(), response.getStatus())
src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java
<https://reviews.apache.org/r/34566/#comment138690>
Same here and below.
- Joshua Cohen
On June 3, 2015, 10:08 p.m., Maxim Khutornenko wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> -----------------------------------------------------------
>
> (Updated June 3, 2015, 10:08 p.m.)
>
>
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
>
>
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
>
>
> Repository: aurora
>
>
> Description
> -------
>
> Adding support for connecting to H2 DB via management console: http://www.h2database.com/html/quickstart.html
>
> The H2 console servlet is put behind Shiro. Users are expected to have `h2_management_console` permission or be a member of admin role to access the console.
>
> Vagrant example JDBC URL: jdbc:h2:mem:aurora
>
>
> Diffs
> -----
>
> src/main/java/org/apache/aurora/scheduler/http/H2ConsoleModule.java PRE-CREATION
> src/main/java/org/apache/aurora/scheduler/http/JettyServerModule.java 16515f6ce4518e0d7eec27dfcde6fe036ee05d1d
> src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java 079ff5d2c30cc94bf4aef97cd4d791d480ebeab9
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroIniParser.java 0163ba1a6df647a644948a42f772bd838c2146ef
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilter.java 28e6b98b39a073251bfae483575edd9635ae783a
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilter.java PRE-CREATION
> src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java PRE-CREATION
> src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java 6743d06be828247b1c3a232aea145b0a0c492eca
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptorTest.java 33783c88b7c6c1a7343f3271523a7db39c73e4a1
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilterTest.java e335a439a6ccc301cf7c93e138c90660fbfdc6d0
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilterTest.java PRE-CREATION
> src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 6e9e3b2a8d731e51d0d55d0a5075b6d2d51a02ac
>
> Diff: https://reviews.apache.org/r/34566/diff/
>
>
> Testing
> -------
>
> ./gradlew -Pq build
> ./src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh
> Connecting to H2 in Vagrant.
>
>
> Thanks,
>
> Maxim Khutornenko
>
>
Re: Review Request 34566: Adding H2 management console.
Posted by Maxim Khutornenko <ma...@apache.org>.
> On June 4, 2015, 8:12 p.m., Kevin Sweeney wrote:
> > src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java, line 37
> > <https://reviews.apache.org/r/34566/diff/3/?file=979284#file979284line37>
> >
> > Use a MediaType constant here.
Done.
> On June 4, 2015, 8:12 p.m., Kevin Sweeney wrote:
> > src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java, line 128
> > <https://reviews.apache.org/r/34566/diff/3/?file=979280#file979280line128>
> >
> > Either static import the above API_PATH or qualify H2_PATH, but please use a consistent style.
Done.
- Maxim
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review86710
-----------------------------------------------------------
On June 4, 2015, 7:31 p.m., Maxim Khutornenko wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> -----------------------------------------------------------
>
> (Updated June 4, 2015, 7:31 p.m.)
>
>
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
>
>
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
>
>
> Repository: aurora
>
>
> Description
> -------
>
> Adding support for connecting to H2 DB via management console: http://www.h2database.com/html/quickstart.html
>
> The H2 console servlet is put behind Shiro. Users are expected to have `h2_management_console` permission or be a member of admin role to access the console.
>
> Vagrant example JDBC URL: jdbc:h2:mem:aurora
>
>
> Diffs
> -----
>
> src/main/java/org/apache/aurora/scheduler/http/H2ConsoleModule.java PRE-CREATION
> src/main/java/org/apache/aurora/scheduler/http/JettyServerModule.java 16515f6ce4518e0d7eec27dfcde6fe036ee05d1d
> src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java 079ff5d2c30cc94bf4aef97cd4d791d480ebeab9
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroIniParser.java 0163ba1a6df647a644948a42f772bd838c2146ef
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilter.java 28e6b98b39a073251bfae483575edd9635ae783a
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilter.java PRE-CREATION
> src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java PRE-CREATION
> src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java 6743d06be828247b1c3a232aea145b0a0c492eca
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptorTest.java 33783c88b7c6c1a7343f3271523a7db39c73e4a1
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilterTest.java e335a439a6ccc301cf7c93e138c90660fbfdc6d0
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilterTest.java PRE-CREATION
> src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 6e9e3b2a8d731e51d0d55d0a5075b6d2d51a02ac
>
> Diff: https://reviews.apache.org/r/34566/diff/
>
>
> Testing
> -------
>
> ./gradlew -Pq build
> ./src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh
> Connecting to H2 in Vagrant.
>
>
> Thanks,
>
> Maxim Khutornenko
>
>
Re: Review Request 34566: Adding H2 management console.
Posted by Kevin Sweeney <ke...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review86710
-----------------------------------------------------------
Ship it!
Looks good, only style nits
src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java
<https://reviews.apache.org/r/34566/#comment138773>
Either static import the above API_PATH or qualify H2_PATH, but please use a consistent style.
src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java
<https://reviews.apache.org/r/34566/#comment138774>
Use a MediaType constant here.
- Kevin Sweeney
On June 4, 2015, 12:31 p.m., Maxim Khutornenko wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> -----------------------------------------------------------
>
> (Updated June 4, 2015, 12:31 p.m.)
>
>
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
>
>
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
>
>
> Repository: aurora
>
>
> Description
> -------
>
> Adding support for connecting to H2 DB via management console: http://www.h2database.com/html/quickstart.html
>
> The H2 console servlet is put behind Shiro. Users are expected to have `h2_management_console` permission or be a member of admin role to access the console.
>
> Vagrant example JDBC URL: jdbc:h2:mem:aurora
>
>
> Diffs
> -----
>
> src/main/java/org/apache/aurora/scheduler/http/H2ConsoleModule.java PRE-CREATION
> src/main/java/org/apache/aurora/scheduler/http/JettyServerModule.java 16515f6ce4518e0d7eec27dfcde6fe036ee05d1d
> src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java 079ff5d2c30cc94bf4aef97cd4d791d480ebeab9
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroIniParser.java 0163ba1a6df647a644948a42f772bd838c2146ef
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilter.java 28e6b98b39a073251bfae483575edd9635ae783a
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilter.java PRE-CREATION
> src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java PRE-CREATION
> src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java 6743d06be828247b1c3a232aea145b0a0c492eca
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptorTest.java 33783c88b7c6c1a7343f3271523a7db39c73e4a1
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilterTest.java e335a439a6ccc301cf7c93e138c90660fbfdc6d0
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilterTest.java PRE-CREATION
> src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 6e9e3b2a8d731e51d0d55d0a5075b6d2d51a02ac
>
> Diff: https://reviews.apache.org/r/34566/diff/
>
>
> Testing
> -------
>
> ./gradlew -Pq build
> ./src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh
> Connecting to H2 in Vagrant.
>
>
> Thanks,
>
> Maxim Khutornenko
>
>
Re: Review Request 34566: Adding H2 management console.
Posted by Aurora ReviewBot <wf...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review86718
-----------------------------------------------------------
Ship it!
Master (ed4415c) is green with this patch.
./build-support/jenkins/build.sh
I will refresh this build result if you post a review containing "@ReviewBot retry"
- Aurora ReviewBot
On June 4, 2015, 8:56 p.m., Maxim Khutornenko wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> -----------------------------------------------------------
>
> (Updated June 4, 2015, 8:56 p.m.)
>
>
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
>
>
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
>
>
> Repository: aurora
>
>
> Description
> -------
>
> Adding support for connecting to H2 DB via management console: http://www.h2database.com/html/quickstart.html
>
> The H2 console servlet is put behind Shiro. Users are expected to have `h2_management_console` permission or be a member of admin role to access the console.
>
> Vagrant example JDBC URL: jdbc:h2:mem:aurora
>
>
> Diffs
> -----
>
> src/main/java/org/apache/aurora/scheduler/http/H2ConsoleModule.java PRE-CREATION
> src/main/java/org/apache/aurora/scheduler/http/JettyServerModule.java 16515f6ce4518e0d7eec27dfcde6fe036ee05d1d
> src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java 079ff5d2c30cc94bf4aef97cd4d791d480ebeab9
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroIniParser.java 0163ba1a6df647a644948a42f772bd838c2146ef
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilter.java 28e6b98b39a073251bfae483575edd9635ae783a
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilter.java PRE-CREATION
> src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java PRE-CREATION
> src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java 6743d06be828247b1c3a232aea145b0a0c492eca
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptorTest.java 33783c88b7c6c1a7343f3271523a7db39c73e4a1
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilterTest.java e335a439a6ccc301cf7c93e138c90660fbfdc6d0
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilterTest.java PRE-CREATION
> src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 6e9e3b2a8d731e51d0d55d0a5075b6d2d51a02ac
>
> Diff: https://reviews.apache.org/r/34566/diff/
>
>
> Testing
> -------
>
> ./gradlew -Pq build
> ./src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh
> Connecting to H2 in Vagrant.
>
>
> Thanks,
>
> Maxim Khutornenko
>
>
Re: Review Request 34566: Adding H2 management console.
Posted by Maxim Khutornenko <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/
-----------------------------------------------------------
(Updated June 4, 2015, 8:56 p.m.)
Review request for Aurora, Joshua Cohen and Kevin Sweeney.
Changes
-------
comment typo
Bugs: AURORA-1287
https://issues.apache.org/jira/browse/AURORA-1287
Repository: aurora
Description
-------
Adding support for connecting to H2 DB via management console: http://www.h2database.com/html/quickstart.html
The H2 console servlet is put behind Shiro. Users are expected to have `h2_management_console` permission or be a member of admin role to access the console.
Vagrant example JDBC URL: jdbc:h2:mem:aurora
Diffs (updated)
-----
src/main/java/org/apache/aurora/scheduler/http/H2ConsoleModule.java PRE-CREATION
src/main/java/org/apache/aurora/scheduler/http/JettyServerModule.java 16515f6ce4518e0d7eec27dfcde6fe036ee05d1d
src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java 079ff5d2c30cc94bf4aef97cd4d791d480ebeab9
src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroIniParser.java 0163ba1a6df647a644948a42f772bd838c2146ef
src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilter.java 28e6b98b39a073251bfae483575edd9635ae783a
src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilter.java PRE-CREATION
src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java PRE-CREATION
src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java 6743d06be828247b1c3a232aea145b0a0c492eca
src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptorTest.java 33783c88b7c6c1a7343f3271523a7db39c73e4a1
src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilterTest.java e335a439a6ccc301cf7c93e138c90660fbfdc6d0
src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilterTest.java PRE-CREATION
src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 6e9e3b2a8d731e51d0d55d0a5075b6d2d51a02ac
Diff: https://reviews.apache.org/r/34566/diff/
Testing
-------
./gradlew -Pq build
./src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh
Connecting to H2 in Vagrant.
Thanks,
Maxim Khutornenko
Re: Review Request 34566: Adding H2 management console.
Posted by Maxim Khutornenko <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/
-----------------------------------------------------------
(Updated June 4, 2015, 8:49 p.m.)
Review request for Aurora, Joshua Cohen and Kevin Sweeney.
Changes
-------
Kevin's comments.
Bugs: AURORA-1287
https://issues.apache.org/jira/browse/AURORA-1287
Repository: aurora
Description
-------
Adding support for connecting to H2 DB via management console: http://www.h2database.com/html/quickstart.html
The H2 console servlet is put behind Shiro. Users are expected to have `h2_management_console` permission or be a member of admin role to access the console.
Vagrant example JDBC URL: jdbc:h2:mem:aurora
Diffs (updated)
-----
src/main/java/org/apache/aurora/scheduler/http/H2ConsoleModule.java PRE-CREATION
src/main/java/org/apache/aurora/scheduler/http/JettyServerModule.java 16515f6ce4518e0d7eec27dfcde6fe036ee05d1d
src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java 079ff5d2c30cc94bf4aef97cd4d791d480ebeab9
src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroIniParser.java 0163ba1a6df647a644948a42f772bd838c2146ef
src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilter.java 28e6b98b39a073251bfae483575edd9635ae783a
src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilter.java PRE-CREATION
src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java PRE-CREATION
src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java 6743d06be828247b1c3a232aea145b0a0c492eca
src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptorTest.java 33783c88b7c6c1a7343f3271523a7db39c73e4a1
src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilterTest.java e335a439a6ccc301cf7c93e138c90660fbfdc6d0
src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilterTest.java PRE-CREATION
src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 6e9e3b2a8d731e51d0d55d0a5075b6d2d51a02ac
Diff: https://reviews.apache.org/r/34566/diff/
Testing
-------
./gradlew -Pq build
./src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh
Connecting to H2 in Vagrant.
Thanks,
Maxim Khutornenko
Re: Review Request 34566: Adding H2 management console.
Posted by Aurora ReviewBot <wf...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review86706
-----------------------------------------------------------
Ship it!
Master (ed4415c) is green with this patch.
./build-support/jenkins/build.sh
I will refresh this build result if you post a review containing "@ReviewBot retry"
- Aurora ReviewBot
On June 4, 2015, 7:31 p.m., Maxim Khutornenko wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> -----------------------------------------------------------
>
> (Updated June 4, 2015, 7:31 p.m.)
>
>
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
>
>
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
>
>
> Repository: aurora
>
>
> Description
> -------
>
> Adding support for connecting to H2 DB via management console: http://www.h2database.com/html/quickstart.html
>
> The H2 console servlet is put behind Shiro. Users are expected to have `h2_management_console` permission or be a member of admin role to access the console.
>
> Vagrant example JDBC URL: jdbc:h2:mem:aurora
>
>
> Diffs
> -----
>
> src/main/java/org/apache/aurora/scheduler/http/H2ConsoleModule.java PRE-CREATION
> src/main/java/org/apache/aurora/scheduler/http/JettyServerModule.java 16515f6ce4518e0d7eec27dfcde6fe036ee05d1d
> src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java 079ff5d2c30cc94bf4aef97cd4d791d480ebeab9
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroIniParser.java 0163ba1a6df647a644948a42f772bd838c2146ef
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilter.java 28e6b98b39a073251bfae483575edd9635ae783a
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilter.java PRE-CREATION
> src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java PRE-CREATION
> src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java 6743d06be828247b1c3a232aea145b0a0c492eca
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptorTest.java 33783c88b7c6c1a7343f3271523a7db39c73e4a1
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilterTest.java e335a439a6ccc301cf7c93e138c90660fbfdc6d0
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilterTest.java PRE-CREATION
> src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 6e9e3b2a8d731e51d0d55d0a5075b6d2d51a02ac
>
> Diff: https://reviews.apache.org/r/34566/diff/
>
>
> Testing
> -------
>
> ./gradlew -Pq build
> ./src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh
> Connecting to H2 in Vagrant.
>
>
> Thanks,
>
> Maxim Khutornenko
>
>
Re: Review Request 34566: Adding H2 management console.
Posted by Joshua Cohen <jc...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review86711
-----------------------------------------------------------
Ship it!
Ship It!
- Joshua Cohen
On June 4, 2015, 7:31 p.m., Maxim Khutornenko wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> -----------------------------------------------------------
>
> (Updated June 4, 2015, 7:31 p.m.)
>
>
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
>
>
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
>
>
> Repository: aurora
>
>
> Description
> -------
>
> Adding support for connecting to H2 DB via management console: http://www.h2database.com/html/quickstart.html
>
> The H2 console servlet is put behind Shiro. Users are expected to have `h2_management_console` permission or be a member of admin role to access the console.
>
> Vagrant example JDBC URL: jdbc:h2:mem:aurora
>
>
> Diffs
> -----
>
> src/main/java/org/apache/aurora/scheduler/http/H2ConsoleModule.java PRE-CREATION
> src/main/java/org/apache/aurora/scheduler/http/JettyServerModule.java 16515f6ce4518e0d7eec27dfcde6fe036ee05d1d
> src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java 079ff5d2c30cc94bf4aef97cd4d791d480ebeab9
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroIniParser.java 0163ba1a6df647a644948a42f772bd838c2146ef
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilter.java 28e6b98b39a073251bfae483575edd9635ae783a
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilter.java PRE-CREATION
> src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java PRE-CREATION
> src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java 6743d06be828247b1c3a232aea145b0a0c492eca
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptorTest.java 33783c88b7c6c1a7343f3271523a7db39c73e4a1
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilterTest.java e335a439a6ccc301cf7c93e138c90660fbfdc6d0
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilterTest.java PRE-CREATION
> src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 6e9e3b2a8d731e51d0d55d0a5075b6d2d51a02ac
>
> Diff: https://reviews.apache.org/r/34566/diff/
>
>
> Testing
> -------
>
> ./gradlew -Pq build
> ./src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh
> Connecting to H2 in Vagrant.
>
>
> Thanks,
>
> Maxim Khutornenko
>
>
Re: Review Request 34566: Adding H2 management console.
Posted by Maxim Khutornenko <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/
-----------------------------------------------------------
(Updated June 4, 2015, 7:31 p.m.)
Review request for Aurora, Joshua Cohen and Kevin Sweeney.
Changes
-------
Joshua's comments.
Bugs: AURORA-1287
https://issues.apache.org/jira/browse/AURORA-1287
Repository: aurora
Description
-------
Adding support for connecting to H2 DB via management console: http://www.h2database.com/html/quickstart.html
The H2 console servlet is put behind Shiro. Users are expected to have `h2_management_console` permission or be a member of admin role to access the console.
Vagrant example JDBC URL: jdbc:h2:mem:aurora
Diffs (updated)
-----
src/main/java/org/apache/aurora/scheduler/http/H2ConsoleModule.java PRE-CREATION
src/main/java/org/apache/aurora/scheduler/http/JettyServerModule.java 16515f6ce4518e0d7eec27dfcde6fe036ee05d1d
src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java 079ff5d2c30cc94bf4aef97cd4d791d480ebeab9
src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroIniParser.java 0163ba1a6df647a644948a42f772bd838c2146ef
src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilter.java 28e6b98b39a073251bfae483575edd9635ae783a
src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilter.java PRE-CREATION
src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java PRE-CREATION
src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java 6743d06be828247b1c3a232aea145b0a0c492eca
src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptorTest.java 33783c88b7c6c1a7343f3271523a7db39c73e4a1
src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilterTest.java e335a439a6ccc301cf7c93e138c90660fbfdc6d0
src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilterTest.java PRE-CREATION
src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 6e9e3b2a8d731e51d0d55d0a5075b6d2d51a02ac
Diff: https://reviews.apache.org/r/34566/diff/
Testing
-------
./gradlew -Pq build
./src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh
Connecting to H2 in Vagrant.
Thanks,
Maxim Khutornenko
Re: Review Request 34566: Adding H2 management console.
Posted by Aurora ReviewBot <wf...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review86495
-----------------------------------------------------------
Ship it!
Master (ed4415c) is green with this patch.
./build-support/jenkins/build.sh
I will refresh this build result if you post a review containing "@ReviewBot retry"
- Aurora ReviewBot
On June 3, 2015, 10:08 p.m., Maxim Khutornenko wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> -----------------------------------------------------------
>
> (Updated June 3, 2015, 10:08 p.m.)
>
>
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
>
>
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
>
>
> Repository: aurora
>
>
> Description
> -------
>
> Adding support for connecting to H2 DB via management console: http://www.h2database.com/html/quickstart.html
>
> The H2 console servlet is put behind Shiro. Users are expected to have `h2_management_console` permission or be a member of admin role to access the console.
>
> Vagrant example JDBC URL: jdbc:h2:mem:aurora
>
>
> Diffs
> -----
>
> src/main/java/org/apache/aurora/scheduler/http/H2ConsoleModule.java PRE-CREATION
> src/main/java/org/apache/aurora/scheduler/http/JettyServerModule.java 16515f6ce4518e0d7eec27dfcde6fe036ee05d1d
> src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java 079ff5d2c30cc94bf4aef97cd4d791d480ebeab9
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroIniParser.java 0163ba1a6df647a644948a42f772bd838c2146ef
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilter.java 28e6b98b39a073251bfae483575edd9635ae783a
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilter.java PRE-CREATION
> src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java PRE-CREATION
> src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java 6743d06be828247b1c3a232aea145b0a0c492eca
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptorTest.java 33783c88b7c6c1a7343f3271523a7db39c73e4a1
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilterTest.java e335a439a6ccc301cf7c93e138c90660fbfdc6d0
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilterTest.java PRE-CREATION
> src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 6e9e3b2a8d731e51d0d55d0a5075b6d2d51a02ac
>
> Diff: https://reviews.apache.org/r/34566/diff/
>
>
> Testing
> -------
>
> ./gradlew -Pq build
> ./src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh
> Connecting to H2 in Vagrant.
>
>
> Thanks,
>
> Maxim Khutornenko
>
>
Re: Review Request 34566: Adding H2 management console.
Posted by Maxim Khutornenko <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/
-----------------------------------------------------------
(Updated June 3, 2015, 10:08 p.m.)
Review request for Aurora, Joshua Cohen and Kevin Sweeney.
Changes
-------
Implementing H2 console via servlet behind Shiro.
Bugs: AURORA-1287
https://issues.apache.org/jira/browse/AURORA-1287
Repository: aurora
Description (updated)
-------
Adding support for connecting to H2 DB via management console: http://www.h2database.com/html/quickstart.html
The H2 console servlet is put behind Shiro. Users are expected to have `h2_management_console` permission or be a member of admin role to access the console.
Vagrant example JDBC URL: jdbc:h2:mem:aurora
Diffs (updated)
-----
src/main/java/org/apache/aurora/scheduler/http/H2ConsoleModule.java PRE-CREATION
src/main/java/org/apache/aurora/scheduler/http/JettyServerModule.java 16515f6ce4518e0d7eec27dfcde6fe036ee05d1d
src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java 079ff5d2c30cc94bf4aef97cd4d791d480ebeab9
src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroIniParser.java 0163ba1a6df647a644948a42f772bd838c2146ef
src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilter.java 28e6b98b39a073251bfae483575edd9635ae783a
src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilter.java PRE-CREATION
src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java PRE-CREATION
src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java 6743d06be828247b1c3a232aea145b0a0c492eca
src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptorTest.java 33783c88b7c6c1a7343f3271523a7db39c73e4a1
src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilterTest.java e335a439a6ccc301cf7c93e138c90660fbfdc6d0
src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilterTest.java PRE-CREATION
src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 6e9e3b2a8d731e51d0d55d0a5075b6d2d51a02ac
Diff: https://reviews.apache.org/r/34566/diff/
Testing (updated)
-------
./gradlew -Pq build
./src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh
Connecting to H2 in Vagrant.
Thanks,
Maxim Khutornenko
Re: Review Request 34566: Adding H2 management console.
Posted by Joshua Cohen <jc...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review84821
-----------------------------------------------------------
Might be worth adding tests for the conditional startup of the admin server (if it's feasible to do so?).
If not, would it be worth adding an e2e test that we can connect to it?
src/main/java/org/apache/aurora/scheduler/storage/db/DbModule.java
<https://reviews.apache.org/r/34566/#comment136217>
nit: s/TCP/database TCP
I might go one step further and say "database admin TCP server"
- Joshua Cohen
On May 21, 2015, 9:15 p.m., Maxim Khutornenko wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> -----------------------------------------------------------
>
> (Updated May 21, 2015, 9:15 p.m.)
>
>
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
>
>
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
>
>
> Repository: aurora
>
>
> Description
> -------
>
> Adding support for connecting to H2 DB via management console: http://www.h2database.com/html/quickstart.html
>
> The DB turns on basic authentication when a "-db_authentication_file" is provided (similar to "-framework_authentication_file"). The TCP server is then started to proxy H2 management console requests.
>
> Vagrant example URL: jdbc:h2:tcp://192.168.33.7:9092/mem:aurora
>
>
> Diffs
> -----
>
> config/legacy_untested_classes.txt f50b812459bd6b59d1a03e6814caa2daae133fe9
> examples/vagrant/provision-dev-cluster.sh 853ccac35f2befa31716a9ed686df650cd913c90
> examples/vagrant/upstart/aurora-scheduler-kerberos.conf 414539b1917b5d33c577f1539575934c7f7c8167
> examples/vagrant/upstart/aurora-scheduler.conf f4b867cbbcdbcc792518c2f90807834e47dce253
> src/main/java/org/apache/aurora/SecurityUtils.java PRE-CREATION
> src/main/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModule.java 54608c8f819b65186ea0d000fc01b9538d5cb4ee
> src/main/java/org/apache/aurora/scheduler/storage/db/DbModule.java 436d3841b9361df4db98a2217e61abb95e6e6bab
> src/test/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModuleTest.java 9e176882246b48ac87bf35c77ac8c449a0a53352
>
> Diff: https://reviews.apache.org/r/34566/diff/
>
>
> Testing
> -------
>
> ./gradlew -Pq build
> Connecting to H2 in Vagrant.
>
>
> Thanks,
>
> Maxim Khutornenko
>
>
Re: Review Request 34566: Adding H2 management console.
Posted by Maxim Khutornenko <ma...@apache.org>.
> On May 21, 2015, 11:34 p.m., Kevin Sweeney wrote:
> > Have you investigated using the [Console Servlet](http://www.h2database.com/html/tutorial.html) directly? Then we can use the Shiro filter directly and avoid adding another mechanism to configure security as well as avoid adding another listening port.
That's what I run locally to connect to H2 TCP server. Embedding H2 console directly into the scheduler would not help as it does not support any other security mechanisms besides basic auth (AFAICT). Theoretically, we could put TCP server behind Shiro but then we would face the same problem of client not supporting kerberos.
- Maxim
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review84823
-----------------------------------------------------------
On May 21, 2015, 9:15 p.m., Maxim Khutornenko wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> -----------------------------------------------------------
>
> (Updated May 21, 2015, 9:15 p.m.)
>
>
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
>
>
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
>
>
> Repository: aurora
>
>
> Description
> -------
>
> Adding support for connecting to H2 DB via management console: http://www.h2database.com/html/quickstart.html
>
> The DB turns on basic authentication when a "-db_authentication_file" is provided (similar to "-framework_authentication_file"). The TCP server is then started to proxy H2 management console requests.
>
> Vagrant example URL: jdbc:h2:tcp://192.168.33.7:9092/mem:aurora
>
>
> Diffs
> -----
>
> config/legacy_untested_classes.txt f50b812459bd6b59d1a03e6814caa2daae133fe9
> examples/vagrant/provision-dev-cluster.sh 853ccac35f2befa31716a9ed686df650cd913c90
> examples/vagrant/upstart/aurora-scheduler-kerberos.conf 414539b1917b5d33c577f1539575934c7f7c8167
> examples/vagrant/upstart/aurora-scheduler.conf f4b867cbbcdbcc792518c2f90807834e47dce253
> src/main/java/org/apache/aurora/SecurityUtils.java PRE-CREATION
> src/main/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModule.java 54608c8f819b65186ea0d000fc01b9538d5cb4ee
> src/main/java/org/apache/aurora/scheduler/storage/db/DbModule.java 436d3841b9361df4db98a2217e61abb95e6e6bab
> src/test/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModuleTest.java 9e176882246b48ac87bf35c77ac8c449a0a53352
>
> Diff: https://reviews.apache.org/r/34566/diff/
>
>
> Testing
> -------
>
> ./gradlew -Pq build
> Connecting to H2 in Vagrant.
>
>
> Thanks,
>
> Maxim Khutornenko
>
>
Re: Review Request 34566: Adding H2 management console.
Posted by Maxim Khutornenko <ma...@apache.org>.
> On May 21, 2015, 11:34 p.m., Kevin Sweeney wrote:
> > Have you investigated using the [Console Servlet](http://www.h2database.com/html/tutorial.html) directly? Then we can use the Shiro filter directly and avoid adding another mechanism to configure security as well as avoid adding another listening port.
>
> Maxim Khutornenko wrote:
> That's what I run locally to connect to H2 TCP server. Embedding H2 console directly into the scheduler would not help as it does not support any other security mechanisms besides basic auth (AFAICT). Theoretically, we could put TCP server behind Shiro but then we would face the same problem of client not supporting kerberos.
>
> Kevin Sweeney wrote:
> I might be missing something here. You're connecting to a management console via a browser, right? The console servlet doesn't need to know anything about the filters in front of it, so if your browser supports whatever auth mechanism the filter requires you're in business.
>
> If you've got the servlet setup somewhere with
>
> ```java
> serve("/h2console/*").with(H2Console.class);
> ```
>
> somewhere you can add something like
>
> ```java
> install(ShiroWebModule.guiceFilter("/h2console/*");
> addFilterChain("/h2console/**",
> ShiroWebModule.NO_SESSION_CREATION,
> ShiroWebModule.AUTHC_BASIC,
> config(ShiroWebModule.PERMS, "h2:console"));
> ```
>
> to `ApiSecurityModule` and users can login with their existing credentials, and configure ACLs around `h2:console` in the same way as they configure all other ACLs. Why introduce another way to do it?
>
> Maxim Khutornenko wrote:
> The servlet is hosted within the browser but it still connects to the TCP server that we have to expose for it to connect to. So, the way it works now (referring to the boxes in http://www.h2database.com/html/tutorial.html):
> a. Web Browser: loads a servlet UI, which has "Connect" button to connect to the TCP server;
> b. H2 console server: that's the TCP server endpoint (in DBModule) that proxies requests from the servlet to the H2;
> c. H2: our in-memory DB
>
> I guess we could potentially embed (a) into scheduler (subject to verificaiont) and hide it behind Shiro. However, it would still have to connect to a TCP endpoint (b), so we would also need to add Shiro there as well. The problem (as I see it) is how to relay credentials from (a) to (b) as servlet opens its own connection to talk to (b) where kerberos headers will not be available.
>
> > Why introduce another way to do it?
>
> No reason at all. I hate dealing with DB credentials, just don't see a way to make it work without hacking into the servlet itself.
AFAICT, there are only two ways to connect to the H2 DB: AUTO_SERVER and TCP server. I explored the AUTO_SERVER earlier but unfortunately it does not work for in-memory DBs (http://h2database.com/html/features.html#auto_mixed_mode):
> Multiple processes can access the same database without having to start the server manually. To do that, append ;AUTO_SERVER=TRUE to the database URL. You can use the same database URL independent of whether the database is already open or not. This feature doesn't work with in-memory databases.
So, all we left with is a H2 dedicated server instance.
- Maxim
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review84823
-----------------------------------------------------------
On May 21, 2015, 9:15 p.m., Maxim Khutornenko wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> -----------------------------------------------------------
>
> (Updated May 21, 2015, 9:15 p.m.)
>
>
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
>
>
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
>
>
> Repository: aurora
>
>
> Description
> -------
>
> Adding support for connecting to H2 DB via management console: http://www.h2database.com/html/quickstart.html
>
> The DB turns on basic authentication when a "-db_authentication_file" is provided (similar to "-framework_authentication_file"). The TCP server is then started to proxy H2 management console requests.
>
> Vagrant example URL: jdbc:h2:tcp://192.168.33.7:9092/mem:aurora
>
>
> Diffs
> -----
>
> config/legacy_untested_classes.txt f50b812459bd6b59d1a03e6814caa2daae133fe9
> examples/vagrant/provision-dev-cluster.sh 853ccac35f2befa31716a9ed686df650cd913c90
> examples/vagrant/upstart/aurora-scheduler-kerberos.conf 414539b1917b5d33c577f1539575934c7f7c8167
> examples/vagrant/upstart/aurora-scheduler.conf f4b867cbbcdbcc792518c2f90807834e47dce253
> src/main/java/org/apache/aurora/SecurityUtils.java PRE-CREATION
> src/main/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModule.java 54608c8f819b65186ea0d000fc01b9538d5cb4ee
> src/main/java/org/apache/aurora/scheduler/storage/db/DbModule.java 436d3841b9361df4db98a2217e61abb95e6e6bab
> src/test/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModuleTest.java 9e176882246b48ac87bf35c77ac8c449a0a53352
>
> Diff: https://reviews.apache.org/r/34566/diff/
>
>
> Testing
> -------
>
> ./gradlew -Pq build
> Connecting to H2 in Vagrant.
>
>
> Thanks,
>
> Maxim Khutornenko
>
>
Re: Review Request 34566: Adding H2 management console.
Posted by Kevin Sweeney <ke...@apache.org>.
> On May 21, 2015, 4:34 p.m., Kevin Sweeney wrote:
> > Have you investigated using the [Console Servlet](http://www.h2database.com/html/tutorial.html) directly? Then we can use the Shiro filter directly and avoid adding another mechanism to configure security as well as avoid adding another listening port.
>
> Maxim Khutornenko wrote:
> That's what I run locally to connect to H2 TCP server. Embedding H2 console directly into the scheduler would not help as it does not support any other security mechanisms besides basic auth (AFAICT). Theoretically, we could put TCP server behind Shiro but then we would face the same problem of client not supporting kerberos.
I might be missing something here. You're connecting to a management console via a browser, right? The console servlet doesn't need to know anything about the filters in front of it, so if your browser supports whatever auth mechanism the filter requires you're in business.
If you've got the servlet setup somewhere with
```java
serve("/h2console/*").with(H2Console.class);
```
somewhere you can add something like
```java
install(ShiroWebModule.guiceFilter("/h2console/*");
addFilterChain("/h2console/**",
ShiroWebModule.NO_SESSION_CREATION,
ShiroWebModule.AUTHC_BASIC,
config(ShiroWebModule.PERMS, "h2:console"));
```
to `ApiSecurityModule` and users can login with their existing credentials, and configure ACLs around `h2:console` in the same way as they configure all other ACLs. Why introduce another way to do it?
- Kevin
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review84823
-----------------------------------------------------------
On May 21, 2015, 2:15 p.m., Maxim Khutornenko wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> -----------------------------------------------------------
>
> (Updated May 21, 2015, 2:15 p.m.)
>
>
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
>
>
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
>
>
> Repository: aurora
>
>
> Description
> -------
>
> Adding support for connecting to H2 DB via management console: http://www.h2database.com/html/quickstart.html
>
> The DB turns on basic authentication when a "-db_authentication_file" is provided (similar to "-framework_authentication_file"). The TCP server is then started to proxy H2 management console requests.
>
> Vagrant example URL: jdbc:h2:tcp://192.168.33.7:9092/mem:aurora
>
>
> Diffs
> -----
>
> config/legacy_untested_classes.txt f50b812459bd6b59d1a03e6814caa2daae133fe9
> examples/vagrant/provision-dev-cluster.sh 853ccac35f2befa31716a9ed686df650cd913c90
> examples/vagrant/upstart/aurora-scheduler-kerberos.conf 414539b1917b5d33c577f1539575934c7f7c8167
> examples/vagrant/upstart/aurora-scheduler.conf f4b867cbbcdbcc792518c2f90807834e47dce253
> src/main/java/org/apache/aurora/SecurityUtils.java PRE-CREATION
> src/main/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModule.java 54608c8f819b65186ea0d000fc01b9538d5cb4ee
> src/main/java/org/apache/aurora/scheduler/storage/db/DbModule.java 436d3841b9361df4db98a2217e61abb95e6e6bab
> src/test/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModuleTest.java 9e176882246b48ac87bf35c77ac8c449a0a53352
>
> Diff: https://reviews.apache.org/r/34566/diff/
>
>
> Testing
> -------
>
> ./gradlew -Pq build
> Connecting to H2 in Vagrant.
>
>
> Thanks,
>
> Maxim Khutornenko
>
>
Re: Review Request 34566: Adding H2 management console.
Posted by Maxim Khutornenko <ma...@apache.org>.
> On May 21, 2015, 11:34 p.m., Kevin Sweeney wrote:
> > Have you investigated using the [Console Servlet](http://www.h2database.com/html/tutorial.html) directly? Then we can use the Shiro filter directly and avoid adding another mechanism to configure security as well as avoid adding another listening port.
>
> Maxim Khutornenko wrote:
> That's what I run locally to connect to H2 TCP server. Embedding H2 console directly into the scheduler would not help as it does not support any other security mechanisms besides basic auth (AFAICT). Theoretically, we could put TCP server behind Shiro but then we would face the same problem of client not supporting kerberos.
>
> Kevin Sweeney wrote:
> I might be missing something here. You're connecting to a management console via a browser, right? The console servlet doesn't need to know anything about the filters in front of it, so if your browser supports whatever auth mechanism the filter requires you're in business.
>
> If you've got the servlet setup somewhere with
>
> ```java
> serve("/h2console/*").with(H2Console.class);
> ```
>
> somewhere you can add something like
>
> ```java
> install(ShiroWebModule.guiceFilter("/h2console/*");
> addFilterChain("/h2console/**",
> ShiroWebModule.NO_SESSION_CREATION,
> ShiroWebModule.AUTHC_BASIC,
> config(ShiroWebModule.PERMS, "h2:console"));
> ```
>
> to `ApiSecurityModule` and users can login with their existing credentials, and configure ACLs around `h2:console` in the same way as they configure all other ACLs. Why introduce another way to do it?
>
> Maxim Khutornenko wrote:
> The servlet is hosted within the browser but it still connects to the TCP server that we have to expose for it to connect to. So, the way it works now (referring to the boxes in http://www.h2database.com/html/tutorial.html):
> a. Web Browser: loads a servlet UI, which has "Connect" button to connect to the TCP server;
> b. H2 console server: that's the TCP server endpoint (in DBModule) that proxies requests from the servlet to the H2;
> c. H2: our in-memory DB
>
> I guess we could potentially embed (a) into scheduler (subject to verificaiont) and hide it behind Shiro. However, it would still have to connect to a TCP endpoint (b), so we would also need to add Shiro there as well. The problem (as I see it) is how to relay credentials from (a) to (b) as servlet opens its own connection to talk to (b) where kerberos headers will not be available.
>
> > Why introduce another way to do it?
>
> No reason at all. I hate dealing with DB credentials, just don't see a way to make it work without hacking into the servlet itself.
>
> Maxim Khutornenko wrote:
> AFAICT, there are only two ways to connect to the H2 DB: AUTO_SERVER and TCP server. I explored the AUTO_SERVER earlier but unfortunately it does not work for in-memory DBs (http://h2database.com/html/features.html#auto_mixed_mode):
> > Multiple processes can access the same database without having to start the server manually. To do that, append ;AUTO_SERVER=TRUE to the database URL. You can use the same database URL independent of whether the database is already open or not. This feature doesn't work with in-memory databases.
>
> So, all we left with is a H2 dedicated server instance.
>
> Maxim Khutornenko wrote:
> Actually, looking at their sources it appears that WebServlet creates its own WebServer instance, which in turn may serve the WebApp. This is promising. Will give it a try and report back.
Thanks for the nudge. The servlet works just fine in embedded mode against in-memory DB (contrary to what I read elsewhere). I had some concerns about the servlet creating its own instance of WebServer (as that would easily bypass our security model) but turned out it's being used to serve content within the servlet web context. Even though a new http port is assigned, it's not being backed up by the native socket and not accepting connections. Now to figure out how to wire in Shiro filters...
- Maxim
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review84823
-----------------------------------------------------------
On May 21, 2015, 9:15 p.m., Maxim Khutornenko wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> -----------------------------------------------------------
>
> (Updated May 21, 2015, 9:15 p.m.)
>
>
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
>
>
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
>
>
> Repository: aurora
>
>
> Description
> -------
>
> Adding support for connecting to H2 DB via management console: http://www.h2database.com/html/quickstart.html
>
> The DB turns on basic authentication when a "-db_authentication_file" is provided (similar to "-framework_authentication_file"). The TCP server is then started to proxy H2 management console requests.
>
> Vagrant example URL: jdbc:h2:tcp://192.168.33.7:9092/mem:aurora
>
>
> Diffs
> -----
>
> config/legacy_untested_classes.txt f50b812459bd6b59d1a03e6814caa2daae133fe9
> examples/vagrant/provision-dev-cluster.sh 853ccac35f2befa31716a9ed686df650cd913c90
> examples/vagrant/upstart/aurora-scheduler-kerberos.conf 414539b1917b5d33c577f1539575934c7f7c8167
> examples/vagrant/upstart/aurora-scheduler.conf f4b867cbbcdbcc792518c2f90807834e47dce253
> src/main/java/org/apache/aurora/SecurityUtils.java PRE-CREATION
> src/main/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModule.java 54608c8f819b65186ea0d000fc01b9538d5cb4ee
> src/main/java/org/apache/aurora/scheduler/storage/db/DbModule.java 436d3841b9361df4db98a2217e61abb95e6e6bab
> src/test/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModuleTest.java 9e176882246b48ac87bf35c77ac8c449a0a53352
>
> Diff: https://reviews.apache.org/r/34566/diff/
>
>
> Testing
> -------
>
> ./gradlew -Pq build
> Connecting to H2 in Vagrant.
>
>
> Thanks,
>
> Maxim Khutornenko
>
>
Re: Review Request 34566: Adding H2 management console.
Posted by Maxim Khutornenko <ma...@apache.org>.
> On May 21, 2015, 11:34 p.m., Kevin Sweeney wrote:
> > Have you investigated using the [Console Servlet](http://www.h2database.com/html/tutorial.html) directly? Then we can use the Shiro filter directly and avoid adding another mechanism to configure security as well as avoid adding another listening port.
>
> Maxim Khutornenko wrote:
> That's what I run locally to connect to H2 TCP server. Embedding H2 console directly into the scheduler would not help as it does not support any other security mechanisms besides basic auth (AFAICT). Theoretically, we could put TCP server behind Shiro but then we would face the same problem of client not supporting kerberos.
>
> Kevin Sweeney wrote:
> I might be missing something here. You're connecting to a management console via a browser, right? The console servlet doesn't need to know anything about the filters in front of it, so if your browser supports whatever auth mechanism the filter requires you're in business.
>
> If you've got the servlet setup somewhere with
>
> ```java
> serve("/h2console/*").with(H2Console.class);
> ```
>
> somewhere you can add something like
>
> ```java
> install(ShiroWebModule.guiceFilter("/h2console/*");
> addFilterChain("/h2console/**",
> ShiroWebModule.NO_SESSION_CREATION,
> ShiroWebModule.AUTHC_BASIC,
> config(ShiroWebModule.PERMS, "h2:console"));
> ```
>
> to `ApiSecurityModule` and users can login with their existing credentials, and configure ACLs around `h2:console` in the same way as they configure all other ACLs. Why introduce another way to do it?
The servlet is hosted within the browser but it still connects to the TCP server that we have to expose for it to connect to. So, the way it works now (referring to the boxes in http://www.h2database.com/html/tutorial.html):
a. Web Browser: loads a servlet UI, which has "Connect" button to connect to the TCP server;
b. H2 console server: that's the TCP server endpoint (in DBModule) that proxies requests from the servlet to the H2;
c. H2: our in-memory DB
I guess we could potentially embed (a) into scheduler (subject to verificaiont) and hide it behind Shiro. However, it would still have to connect to a TCP endpoint (b), so we would also need to add Shiro there as well. The problem (as I see it) is how to relay credentials from (a) to (b) as servlet opens its own connection to talk to (b) where kerberos headers will not be available.
> Why introduce another way to do it?
No reason at all. I hate dealing with DB credentials, just don't see a way to make it work without hacking into the servlet itself.
- Maxim
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review84823
-----------------------------------------------------------
On May 21, 2015, 9:15 p.m., Maxim Khutornenko wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> -----------------------------------------------------------
>
> (Updated May 21, 2015, 9:15 p.m.)
>
>
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
>
>
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
>
>
> Repository: aurora
>
>
> Description
> -------
>
> Adding support for connecting to H2 DB via management console: http://www.h2database.com/html/quickstart.html
>
> The DB turns on basic authentication when a "-db_authentication_file" is provided (similar to "-framework_authentication_file"). The TCP server is then started to proxy H2 management console requests.
>
> Vagrant example URL: jdbc:h2:tcp://192.168.33.7:9092/mem:aurora
>
>
> Diffs
> -----
>
> config/legacy_untested_classes.txt f50b812459bd6b59d1a03e6814caa2daae133fe9
> examples/vagrant/provision-dev-cluster.sh 853ccac35f2befa31716a9ed686df650cd913c90
> examples/vagrant/upstart/aurora-scheduler-kerberos.conf 414539b1917b5d33c577f1539575934c7f7c8167
> examples/vagrant/upstart/aurora-scheduler.conf f4b867cbbcdbcc792518c2f90807834e47dce253
> src/main/java/org/apache/aurora/SecurityUtils.java PRE-CREATION
> src/main/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModule.java 54608c8f819b65186ea0d000fc01b9538d5cb4ee
> src/main/java/org/apache/aurora/scheduler/storage/db/DbModule.java 436d3841b9361df4db98a2217e61abb95e6e6bab
> src/test/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModuleTest.java 9e176882246b48ac87bf35c77ac8c449a0a53352
>
> Diff: https://reviews.apache.org/r/34566/diff/
>
>
> Testing
> -------
>
> ./gradlew -Pq build
> Connecting to H2 in Vagrant.
>
>
> Thanks,
>
> Maxim Khutornenko
>
>
Re: Review Request 34566: Adding H2 management console.
Posted by Maxim Khutornenko <ma...@apache.org>.
> On May 21, 2015, 11:34 p.m., Kevin Sweeney wrote:
> > Have you investigated using the [Console Servlet](http://www.h2database.com/html/tutorial.html) directly? Then we can use the Shiro filter directly and avoid adding another mechanism to configure security as well as avoid adding another listening port.
>
> Maxim Khutornenko wrote:
> That's what I run locally to connect to H2 TCP server. Embedding H2 console directly into the scheduler would not help as it does not support any other security mechanisms besides basic auth (AFAICT). Theoretically, we could put TCP server behind Shiro but then we would face the same problem of client not supporting kerberos.
>
> Kevin Sweeney wrote:
> I might be missing something here. You're connecting to a management console via a browser, right? The console servlet doesn't need to know anything about the filters in front of it, so if your browser supports whatever auth mechanism the filter requires you're in business.
>
> If you've got the servlet setup somewhere with
>
> ```java
> serve("/h2console/*").with(H2Console.class);
> ```
>
> somewhere you can add something like
>
> ```java
> install(ShiroWebModule.guiceFilter("/h2console/*");
> addFilterChain("/h2console/**",
> ShiroWebModule.NO_SESSION_CREATION,
> ShiroWebModule.AUTHC_BASIC,
> config(ShiroWebModule.PERMS, "h2:console"));
> ```
>
> to `ApiSecurityModule` and users can login with their existing credentials, and configure ACLs around `h2:console` in the same way as they configure all other ACLs. Why introduce another way to do it?
>
> Maxim Khutornenko wrote:
> The servlet is hosted within the browser but it still connects to the TCP server that we have to expose for it to connect to. So, the way it works now (referring to the boxes in http://www.h2database.com/html/tutorial.html):
> a. Web Browser: loads a servlet UI, which has "Connect" button to connect to the TCP server;
> b. H2 console server: that's the TCP server endpoint (in DBModule) that proxies requests from the servlet to the H2;
> c. H2: our in-memory DB
>
> I guess we could potentially embed (a) into scheduler (subject to verificaiont) and hide it behind Shiro. However, it would still have to connect to a TCP endpoint (b), so we would also need to add Shiro there as well. The problem (as I see it) is how to relay credentials from (a) to (b) as servlet opens its own connection to talk to (b) where kerberos headers will not be available.
>
> > Why introduce another way to do it?
>
> No reason at all. I hate dealing with DB credentials, just don't see a way to make it work without hacking into the servlet itself.
>
> Maxim Khutornenko wrote:
> AFAICT, there are only two ways to connect to the H2 DB: AUTO_SERVER and TCP server. I explored the AUTO_SERVER earlier but unfortunately it does not work for in-memory DBs (http://h2database.com/html/features.html#auto_mixed_mode):
> > Multiple processes can access the same database without having to start the server manually. To do that, append ;AUTO_SERVER=TRUE to the database URL. You can use the same database URL independent of whether the database is already open or not. This feature doesn't work with in-memory databases.
>
> So, all we left with is a H2 dedicated server instance.
Actually, looking at their sources it appears that WebServlet creates its own WebServer instance, which in turn may serve the WebApp. This is promising. Will give it a try and report back.
- Maxim
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review84823
-----------------------------------------------------------
On May 21, 2015, 9:15 p.m., Maxim Khutornenko wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> -----------------------------------------------------------
>
> (Updated May 21, 2015, 9:15 p.m.)
>
>
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
>
>
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
>
>
> Repository: aurora
>
>
> Description
> -------
>
> Adding support for connecting to H2 DB via management console: http://www.h2database.com/html/quickstart.html
>
> The DB turns on basic authentication when a "-db_authentication_file" is provided (similar to "-framework_authentication_file"). The TCP server is then started to proxy H2 management console requests.
>
> Vagrant example URL: jdbc:h2:tcp://192.168.33.7:9092/mem:aurora
>
>
> Diffs
> -----
>
> config/legacy_untested_classes.txt f50b812459bd6b59d1a03e6814caa2daae133fe9
> examples/vagrant/provision-dev-cluster.sh 853ccac35f2befa31716a9ed686df650cd913c90
> examples/vagrant/upstart/aurora-scheduler-kerberos.conf 414539b1917b5d33c577f1539575934c7f7c8167
> examples/vagrant/upstart/aurora-scheduler.conf f4b867cbbcdbcc792518c2f90807834e47dce253
> src/main/java/org/apache/aurora/SecurityUtils.java PRE-CREATION
> src/main/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModule.java 54608c8f819b65186ea0d000fc01b9538d5cb4ee
> src/main/java/org/apache/aurora/scheduler/storage/db/DbModule.java 436d3841b9361df4db98a2217e61abb95e6e6bab
> src/test/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModuleTest.java 9e176882246b48ac87bf35c77ac8c449a0a53352
>
> Diff: https://reviews.apache.org/r/34566/diff/
>
>
> Testing
> -------
>
> ./gradlew -Pq build
> Connecting to H2 in Vagrant.
>
>
> Thanks,
>
> Maxim Khutornenko
>
>
Re: Review Request 34566: Adding H2 management console.
Posted by Kevin Sweeney <ke...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review84823
-----------------------------------------------------------
Have you investigated using the [Console Servlet](http://www.h2database.com/html/tutorial.html) directly? Then we can use the Shiro filter directly and avoid adding another mechanism to configure security as well as avoid adding another listening port.
- Kevin Sweeney
On May 21, 2015, 2:15 p.m., Maxim Khutornenko wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> -----------------------------------------------------------
>
> (Updated May 21, 2015, 2:15 p.m.)
>
>
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
>
>
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
>
>
> Repository: aurora
>
>
> Description
> -------
>
> Adding support for connecting to H2 DB via management console: http://www.h2database.com/html/quickstart.html
>
> The DB turns on basic authentication when a "-db_authentication_file" is provided (similar to "-framework_authentication_file"). The TCP server is then started to proxy H2 management console requests.
>
> Vagrant example URL: jdbc:h2:tcp://192.168.33.7:9092/mem:aurora
>
>
> Diffs
> -----
>
> config/legacy_untested_classes.txt f50b812459bd6b59d1a03e6814caa2daae133fe9
> examples/vagrant/provision-dev-cluster.sh 853ccac35f2befa31716a9ed686df650cd913c90
> examples/vagrant/upstart/aurora-scheduler-kerberos.conf 414539b1917b5d33c577f1539575934c7f7c8167
> examples/vagrant/upstart/aurora-scheduler.conf f4b867cbbcdbcc792518c2f90807834e47dce253
> src/main/java/org/apache/aurora/SecurityUtils.java PRE-CREATION
> src/main/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModule.java 54608c8f819b65186ea0d000fc01b9538d5cb4ee
> src/main/java/org/apache/aurora/scheduler/storage/db/DbModule.java 436d3841b9361df4db98a2217e61abb95e6e6bab
> src/test/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModuleTest.java 9e176882246b48ac87bf35c77ac8c449a0a53352
>
> Diff: https://reviews.apache.org/r/34566/diff/
>
>
> Testing
> -------
>
> ./gradlew -Pq build
> Connecting to H2 in Vagrant.
>
>
> Thanks,
>
> Maxim Khutornenko
>
>