You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ds...@apache.org on 2016/10/28 21:41:47 UTC

[93/98] [abbrv] incubator-geode git commit: GEODE-1983: Swagger is broken with integrated security

GEODE-1983: Swagger is broken with integrated security

* this closes #273


Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/c4e3b155
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/c4e3b155
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/c4e3b155

Branch: refs/heads/feature/GEM-983
Commit: c4e3b155351e37f9d9354d837f5b588a5f236bce
Parents: 3ff33be
Author: Kevin Duling <kd...@pivotal.io>
Authored: Wed Oct 26 12:36:46 2016 -0700
Committer: Jinmei Liao <ji...@pivotal.io>
Committed: Fri Oct 28 08:36:42 2016 -0700

----------------------------------------------------------------------
 .../geode/rest/internal/web/SwaggerVerificationTest.java |  3 +++
 .../internal/web/security/RestSecurityConfiguration.java | 11 ++++++-----
 2 files changed, 9 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c4e3b155/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/SwaggerVerificationTest.java
----------------------------------------------------------------------
diff --git a/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/SwaggerVerificationTest.java b/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/SwaggerVerificationTest.java
index 55cc26e..b550e11 100644
--- a/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/SwaggerVerificationTest.java
+++ b/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/SwaggerVerificationTest.java
@@ -17,12 +17,14 @@ package org.apache.geode.rest.internal.web;
 
 import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_BIND_ADDRESS;
 import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_PORT;
+import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
 import static org.apache.geode.distributed.ConfigurationProperties.START_DEV_REST_API;
 import static org.hamcrest.CoreMatchers.is;
 import static org.junit.Assert.assertThat;
 
 import org.apache.geode.internal.AvailablePortHelper;
 import org.apache.geode.internal.i18n.LocalizedStrings;
+import org.apache.geode.security.templates.SimpleSecurityManager;
 import org.apache.geode.test.dunit.rules.ServerStarter;
 import org.apache.geode.test.junit.categories.IntegrationTest;
 import org.apache.http.HttpResponse;
@@ -42,6 +44,7 @@ public class SwaggerVerificationTest {
   static Properties properties = new Properties() {
     {
       setProperty(START_DEV_REST_API, "true");
+      setProperty(SECURITY_MANAGER, SimpleSecurityManager.class.getName());
       setProperty(HTTP_SERVICE_BIND_ADDRESS, "localhost");
       setProperty(HTTP_SERVICE_PORT, restPort + "");
     }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c4e3b155/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/security/RestSecurityConfiguration.java
----------------------------------------------------------------------
diff --git a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/security/RestSecurityConfiguration.java b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/security/RestSecurityConfiguration.java
index b9b9477..3aa5622 100644
--- a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/security/RestSecurityConfiguration.java
+++ b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/security/RestSecurityConfiguration.java
@@ -15,6 +15,8 @@
  */
 package org.apache.geode.rest.internal.web.security;
 
+import org.apache.geode.internal.security.IntegratedSecurityService;
+import org.apache.geode.internal.security.SecurityService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
@@ -27,9 +29,6 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
 
-import org.apache.geode.internal.security.IntegratedSecurityService;
-import org.apache.geode.internal.security.SecurityService;
-
 @Configuration
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true)
@@ -54,8 +53,10 @@ public class RestSecurityConfiguration extends WebSecurityConfigurerAdapter {
 
   protected void configure(HttpSecurity http) throws Exception {
     http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
-        .authorizeRequests().antMatchers("/ping", "/api-docs/**", "/docs/**").permitAll()
-        .anyRequest().authenticated().and().formLogin().and().csrf().disable();
+        .authorizeRequests()
+        .antMatchers("/ping", "/docs/**", "/swagger-ui.html", "/v2/api-docs/**",
+            "/webjars/springfox-swagger-ui/**", "/swagger-resources/**")
+        .permitAll().anyRequest().authenticated().and().formLogin().and().csrf().disable();
 
     if (securityService.isIntegratedSecurity()) {
       http.httpBasic();