You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ds...@apache.org on 2016/10/28 21:41:47 UTC
[93/98] [abbrv] incubator-geode git commit: GEODE-1983: Swagger is
broken with integrated security
GEODE-1983: Swagger is broken with integrated security
* this closes #273
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/c4e3b155
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/c4e3b155
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/c4e3b155
Branch: refs/heads/feature/GEM-983
Commit: c4e3b155351e37f9d9354d837f5b588a5f236bce
Parents: 3ff33be
Author: Kevin Duling <kd...@pivotal.io>
Authored: Wed Oct 26 12:36:46 2016 -0700
Committer: Jinmei Liao <ji...@pivotal.io>
Committed: Fri Oct 28 08:36:42 2016 -0700
----------------------------------------------------------------------
.../geode/rest/internal/web/SwaggerVerificationTest.java | 3 +++
.../internal/web/security/RestSecurityConfiguration.java | 11 ++++++-----
2 files changed, 9 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c4e3b155/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/SwaggerVerificationTest.java
----------------------------------------------------------------------
diff --git a/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/SwaggerVerificationTest.java b/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/SwaggerVerificationTest.java
index 55cc26e..b550e11 100644
--- a/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/SwaggerVerificationTest.java
+++ b/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/SwaggerVerificationTest.java
@@ -17,12 +17,14 @@ package org.apache.geode.rest.internal.web;
import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_BIND_ADDRESS;
import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_PORT;
+import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
import static org.apache.geode.distributed.ConfigurationProperties.START_DEV_REST_API;
import static org.hamcrest.CoreMatchers.is;
import static org.junit.Assert.assertThat;
import org.apache.geode.internal.AvailablePortHelper;
import org.apache.geode.internal.i18n.LocalizedStrings;
+import org.apache.geode.security.templates.SimpleSecurityManager;
import org.apache.geode.test.dunit.rules.ServerStarter;
import org.apache.geode.test.junit.categories.IntegrationTest;
import org.apache.http.HttpResponse;
@@ -42,6 +44,7 @@ public class SwaggerVerificationTest {
static Properties properties = new Properties() {
{
setProperty(START_DEV_REST_API, "true");
+ setProperty(SECURITY_MANAGER, SimpleSecurityManager.class.getName());
setProperty(HTTP_SERVICE_BIND_ADDRESS, "localhost");
setProperty(HTTP_SERVICE_PORT, restPort + "");
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c4e3b155/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/security/RestSecurityConfiguration.java
----------------------------------------------------------------------
diff --git a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/security/RestSecurityConfiguration.java b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/security/RestSecurityConfiguration.java
index b9b9477..3aa5622 100644
--- a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/security/RestSecurityConfiguration.java
+++ b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/security/RestSecurityConfiguration.java
@@ -15,6 +15,8 @@
*/
package org.apache.geode.rest.internal.web.security;
+import org.apache.geode.internal.security.IntegratedSecurityService;
+import org.apache.geode.internal.security.SecurityService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
@@ -27,9 +29,6 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
-import org.apache.geode.internal.security.IntegratedSecurityService;
-import org.apache.geode.internal.security.SecurityService;
-
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@@ -54,8 +53,10 @@ public class RestSecurityConfiguration extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
- .authorizeRequests().antMatchers("/ping", "/api-docs/**", "/docs/**").permitAll()
- .anyRequest().authenticated().and().formLogin().and().csrf().disable();
+ .authorizeRequests()
+ .antMatchers("/ping", "/docs/**", "/swagger-ui.html", "/v2/api-docs/**",
+ "/webjars/springfox-swagger-ui/**", "/swagger-resources/**")
+ .permitAll().anyRequest().authenticated().and().formLogin().and().csrf().disable();
if (securityService.isIntegratedSecurity()) {
http.httpBasic();