You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@brooklyn.apache.org by al...@apache.org on 2016/12/21 16:12:49 UTC
brooklyn-server git commit: BROOKLYN-417: default to no-auth
Repository: brooklyn-server
Updated Branches:
refs/heads/0.10.0 41561635e -> 9dcd2d349
BROOKLYN-417: default to no-auth
Project: http://git-wip-us.apache.org/repos/asf/brooklyn-server/repo
Commit: http://git-wip-us.apache.org/repos/asf/brooklyn-server/commit/9dcd2d34
Tree: http://git-wip-us.apache.org/repos/asf/brooklyn-server/tree/9dcd2d34
Diff: http://git-wip-us.apache.org/repos/asf/brooklyn-server/diff/9dcd2d34
Branch: refs/heads/0.10.0
Commit: 9dcd2d3498c989c2dd7449ccc22f2533ac05eb73
Parents: 4156163
Author: Aled Sage <al...@gmail.com>
Authored: Wed Dec 21 14:02:12 2016 +0000
Committer: Aled Sage <al...@gmail.com>
Committed: Wed Dec 21 15:49:45 2016 +0000
----------------------------------------------------------------------
.../brooklyn/launcher/BrooklynLauncher.java | 44 ++++++++++----------
.../brooklyn/launcher/BrooklynLauncherTest.java | 38 +++++++++++++++++
.../org/apache/brooklyn/util/http/HttpTool.java | 2 +-
3 files changed, 62 insertions(+), 22 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/9dcd2d34/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynLauncher.java
----------------------------------------------------------------------
diff --git a/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynLauncher.java b/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynLauncher.java
index 1b8e193..fe17b89 100644
--- a/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynLauncher.java
+++ b/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynLauncher.java
@@ -32,6 +32,7 @@ import org.apache.brooklyn.api.location.Location;
import org.apache.brooklyn.api.location.PortRange;
import org.apache.brooklyn.api.mgmt.ManagementContext;
import org.apache.brooklyn.core.config.ConfigPredicates;
+import org.apache.brooklyn.core.config.Sanitizer;
import org.apache.brooklyn.core.entity.trait.Startable;
import org.apache.brooklyn.core.internal.BrooklynProperties;
import org.apache.brooklyn.core.location.PortRanges;
@@ -123,7 +124,7 @@ public class BrooklynLauncher extends BasicLauncher<BrooklynLauncher> {
}
public BrooklynLauncher installSecurityFilter(Boolean val) {
- this.skipSecurityFilter = val == null ? null : !val;
+ this.skipSecurityFilter = (val == null ? null : !val);
return this;
}
@@ -283,31 +284,32 @@ public class BrooklynLauncher extends BasicLauncher<BrooklynLauncher> {
// The security provider will let anyone in, but still require a password to be entered.
// Skip password request dialog if we know the provider will let users through.
boolean anyoneSecurityProvider = AnyoneSecurityProvider.class.getName().equals(securityProvider);
+ boolean noSecurityOptions = BrooklynWebConfig.hasNoSecurityOptions(managementContext.getConfig());
+ boolean skipSecurity = Boolean.TRUE.equals(skipSecurityFilter) || anyoneSecurityProvider || noSecurityOptions;
// No security options in properties and no command line options overriding.
- if (Boolean.TRUE.equals(skipSecurityFilter) && bindAddress==null) {
- LOG.info("Starting Brooklyn web-console on loopback because security is explicitly disabled and no bind address specified");
- bindAddress = Networking.LOOPBACK;
- } else if (BrooklynWebConfig.hasNoSecurityOptions(managementContext.getConfig())) {
- LOG.info("No security provider options specified. Define a security provider or users to prevent a random password being created and logged.");
-
- if (bindAddress==null) {
- LOG.info("Starting Brooklyn web-console with passwordless access on localhost and protected access from any other interfaces (no bind address specified)");
+ if (Boolean.TRUE.equals(skipSecurityFilter)) {
+ if (bindAddress == null) {
+ LOG.info("Starting Brooklyn web-console with security explicitly disabled, on loopback because no bind address specified");
+ bindAddress = Networking.LOOPBACK;
} else {
- if (Arrays.equals(new byte[] { 127, 0, 0, 1 }, bindAddress.getAddress())) {
- LOG.info("Starting Brooklyn web-console with passwordless access on localhost");
- } else if (Arrays.equals(new byte[] { 0, 0, 0, 0 }, bindAddress.getAddress())) {
- LOG.info("Starting Brooklyn web-console with passwordless access on localhost and random password (logged) required from any other interfaces");
- } else {
- LOG.info("Starting Brooklyn web-console with passwordless access on localhost (if permitted) and random password (logged) required from any other interfaces");
- }
+ LOG.info("Starting Brooklyn web-console with security explicitly disabled, on bind address {}", bindAddress.getHostAddress());
}
- brooklynProperties.put(
- BrooklynWebConfig.SECURITY_PROVIDER_INSTANCE,
- new BrooklynUserWithRandomPasswordSecurityProvider(managementContext));
+
+ } else if (anyoneSecurityProvider) {
+ String bindAddressMsg = (bindAddress == null ? "<any>" : bindAddress.getHostAddress());
+ LOG.info("Starting Brooklyn web-console with AnyoneSecurityProvider (no authentication), on bind address {}", bindAddressMsg);
+
+ } else if (noSecurityOptions) {
+ String bindAddressMsg = (bindAddress == null ? "<any>" : bindAddress.getHostAddress());
+ LOG.info("Starting Brooklyn web-console with no security options (defaulting to no authentication), on bind address {}", bindAddressMsg);
+
} else {
- LOG.debug("Starting Brooklyn using security properties: "+brooklynProperties.submap(ConfigPredicates.nameStartsWith(BrooklynWebConfig.BASE_NAME_SECURITY)).asMapWithStringKeys());
+ String bindAddressMsg = (bindAddress == null ? "<any>" : bindAddress.getHostAddress());
+ Map<?,?> securityProps = brooklynProperties.submap(ConfigPredicates.nameStartsWith(BrooklynWebConfig.BASE_NAME_SECURITY)).asMapWithStringKeys();
+ LOG.debug("Starting Brooklyn (bind address {}), using security properties: {}", bindAddressMsg, Sanitizer.sanitize(securityProps));
}
+
if (bindAddress == null) bindAddress = Networking.ANY_NIC;
LOG.debug("Starting Brooklyn web-console with bindAddress "+bindAddress+" and properties "+brooklynProperties);
@@ -319,7 +321,7 @@ public class BrooklynLauncher extends BasicLauncher<BrooklynLauncher> {
if (useHttps!=null) webServer.setHttpsEnabled(useHttps);
webServer.setShutdownHandler(shutdownHandler);
webServer.putAttributes(brooklynProperties);
- webServer.skipSecurity(Boolean.TRUE.equals(skipSecurityFilter) || anyoneSecurityProvider);
+ webServer.skipSecurity(skipSecurity);
for (WebAppContextProvider webapp : webApps) {
webServer.addWar(webapp);
}
http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/9dcd2d34/launcher/src/test/java/org/apache/brooklyn/launcher/BrooklynLauncherTest.java
----------------------------------------------------------------------
diff --git a/launcher/src/test/java/org/apache/brooklyn/launcher/BrooklynLauncherTest.java b/launcher/src/test/java/org/apache/brooklyn/launcher/BrooklynLauncherTest.java
index b70c1fe..fe5eda6 100644
--- a/launcher/src/test/java/org/apache/brooklyn/launcher/BrooklynLauncherTest.java
+++ b/launcher/src/test/java/org/apache/brooklyn/launcher/BrooklynLauncherTest.java
@@ -42,11 +42,16 @@ import org.apache.brooklyn.core.test.entity.TestApplicationImpl;
import org.apache.brooklyn.core.test.entity.TestEntity;
import org.apache.brooklyn.launcher.common.BrooklynPropertiesFactoryHelperTest;
import org.apache.brooklyn.location.localhost.LocalhostMachineProvisioningLocation;
+import org.apache.brooklyn.rest.BrooklynWebConfig;
import org.apache.brooklyn.util.http.HttpAsserts;
+import org.apache.brooklyn.util.http.HttpTool;
+import org.apache.brooklyn.util.http.HttpToolResponse;
import org.apache.brooklyn.util.io.FileUtil;
import org.apache.brooklyn.util.net.Urls;
import org.apache.brooklyn.util.os.Os;
import org.apache.brooklyn.util.text.Strings;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.http.client.methods.HttpGet;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.Test;
@@ -102,6 +107,39 @@ public class BrooklynLauncherTest {
assertEquals(webappTempDir.getAbsolutePath(), expectedTempDir);
}
+ // Integration because takes a few seconds to start web-console
+ @Test(groups="Integration")
+ public void testStartsWebServerWithoutAuthentication() throws Exception {
+ launcher = newLauncherForTests(true)
+ .start();
+ String uri = launcher.getServerDetails().getWebServerUrl();
+
+ HttpToolResponse response = HttpTool.execAndConsume(HttpTool.httpClientBuilder().build(), new HttpGet(uri));
+ assertEquals(response.getResponseCode(), 200);
+ }
+
+ // Integration because takes a few seconds to start web-console
+ @Test(groups="Integration")
+ public void testStartsWebServerWithCredentials() throws Exception {
+ launcher = newLauncherForTests(true)
+ .webconsolePort("10000+")
+ .brooklynProperties(BrooklynWebConfig.USERS, "myname")
+ .brooklynProperties(BrooklynWebConfig.PASSWORD_FOR_USER("myname"), "mypassword")
+ .start();
+ String uri = launcher.getServerDetails().getWebServerUrl();
+
+ HttpToolResponse response = HttpTool.execAndConsume(HttpTool.httpClientBuilder().build(), new HttpGet(uri));
+ assertEquals(response.getResponseCode(), 401);
+
+ HttpToolResponse response2 = HttpTool.execAndConsume(
+ HttpTool.httpClientBuilder()
+ .uri(uri)
+ .credentials(new UsernamePasswordCredentials("myname", "mypassword"))
+ .build(),
+ new HttpGet(uri));
+ assertEquals(response2.getResponseCode(), 200);
+ }
+
@Test
public void testCanDisableWebServerStartup() throws Exception {
launcher = newLauncherForTests(true)
http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/9dcd2d34/utils/common/src/main/java/org/apache/brooklyn/util/http/HttpTool.java
----------------------------------------------------------------------
diff --git a/utils/common/src/main/java/org/apache/brooklyn/util/http/HttpTool.java b/utils/common/src/main/java/org/apache/brooklyn/util/http/HttpTool.java
index bff9dfc..6ee3040 100644
--- a/utils/common/src/main/java/org/apache/brooklyn/util/http/HttpTool.java
+++ b/utils/common/src/main/java/org/apache/brooklyn/util/http/HttpTool.java
@@ -315,7 +315,7 @@ public class HttpTool {
this.credentials = checkNotNull(val, "credentials");
return this;
}
- public HttpClientBuilder credential(Optional<Credentials> val) {
+ public HttpClientBuilder credential(Optional<? extends Credentials> val) {
if (val.isPresent()) credentials = val.get();
return this;
}