You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@brooklyn.apache.org by GitBox <gi...@apache.org> on 2019/01/16 02:13:42 UTC
[brooklyn-dist] Diff for: [GitHub] asfgit merged pull request #138: new
version of cxf seems to require this setting
diff --git a/karaf/apache-brooklyn/src/main/resources/etc/system.properties b/karaf/apache-brooklyn/src/main/resources/etc/system.properties
index a95f167a4..ff910ae7d 100644
--- a/karaf/apache-brooklyn/src/main/resources/etc/system.properties
+++ b/karaf/apache-brooklyn/src/main/resources/etc/system.properties
@@ -131,3 +131,6 @@ karaf.secured.services = (&(osgi.command.scope=*)(osgi.command.function=*))
# You can specify the location of the lock file using the
# karaf.lock.dir=/path/to/the/directory/containing/the/lock
#
+
+# Needed to get CXF to run as the Jersey provider
+javax.ws.rs.ext.RuntimeDelegate = org.apache.cxf.jaxrs.impl.RuntimeDelegateImpl
diff --git a/karaf/itest/src/test/java/org/apache/brooklyn/core/catalog/internal/DefaultBomLoadTest.java b/karaf/itest/src/test/java/org/apache/brooklyn/core/catalog/internal/DefaultBomLoadTest.java
index 31d500e5c..64148fc08 100644
--- a/karaf/itest/src/test/java/org/apache/brooklyn/core/catalog/internal/DefaultBomLoadTest.java
+++ b/karaf/itest/src/test/java/org/apache/brooklyn/core/catalog/internal/DefaultBomLoadTest.java
@@ -19,8 +19,14 @@
package org.apache.brooklyn.core.catalog.internal;
-import org.apache.brooklyn.api.catalog.CatalogItem;
+import static org.apache.brooklyn.KarafTestUtils.defaultOptionsWith;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+import javax.inject.Inject;
+
import org.apache.brooklyn.api.mgmt.ManagementContext;
+import org.apache.brooklyn.api.typereg.RegisteredType;
import org.apache.brooklyn.core.BrooklynVersion;
import org.apache.brooklyn.test.IntegrationTest;
import org.apache.karaf.features.BootFinished;
@@ -34,12 +40,6 @@
import org.ops4j.pax.exam.spi.reactors.PerMethod;
import org.ops4j.pax.exam.util.Filter;
-import javax.inject.Inject;
-
-import static org.apache.brooklyn.KarafTestUtils.defaultOptionsWith;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
-
@RunWith(PaxExam.class)
@ExamReactorStrategy(PerMethod.class)
@Category(IntegrationTest.class)
@@ -69,9 +69,8 @@
@Test
@Category(IntegrationTest.class)
public void shouldHaveLoadedDefaultCatalogBom() throws Exception {
- final CatalogItem<?, ?> catalogItem = managementContext.getCatalog()
- .getCatalogItem("server-template", BrooklynVersion.get()); // from brooklyn-software-base catalog.bom
- assertNotNull(catalogItem);
- assertEquals("Template: Server", catalogItem.getDisplayName());
+ RegisteredType item = managementContext.getTypeRegistry().get("server-template", BrooklynVersion.get());
+ assertNotNull(item);
+ assertEquals("Template: Server", item.getDisplayName());
}
}
diff --git a/karaf/itest/src/test/java/org/apache/brooklyn/launcher/osgi/OsgiLauncherTest.java b/karaf/itest/src/test/java/org/apache/brooklyn/launcher/osgi/OsgiLauncherTest.java
index 4623860aa..7da2436a9 100644
--- a/karaf/itest/src/test/java/org/apache/brooklyn/launcher/osgi/OsgiLauncherTest.java
+++ b/karaf/itest/src/test/java/org/apache/brooklyn/launcher/osgi/OsgiLauncherTest.java
@@ -20,7 +20,7 @@
import static org.apache.brooklyn.KarafTestUtils.defaultOptionsWith;
import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
import static org.ops4j.pax.exam.karaf.options.KarafDistributionOption.editConfigurationFilePut;
import static org.ops4j.pax.exam.karaf.options.KarafDistributionOption.features;
@@ -46,12 +46,16 @@
import org.ops4j.pax.exam.spi.reactors.PerClass;
import org.ops4j.pax.exam.util.Filter;
import org.osgi.service.cm.ConfigurationAdmin;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
@RunWith(PaxExam.class)
@ExamReactorStrategy(PerClass.class)
@Category(IntegrationTest.class)
public class OsgiLauncherTest {
+ private static final Logger log = LoggerFactory.getLogger(OsgiLauncherTest.class);
+
private static final String TEST_VALUE_RUNTIME = "test.value";
private static final String TEST_KEY_RUNTIME = "test.key";
private static final String TEST_VALUE_IN_CFG = "test.cfg";
@@ -94,11 +98,12 @@ public void setup() {
@Test
public void testConfig() throws IOException {
- assertFalse(mgmt.getConfig().getAllConfig().containsKey(TEST_KEY_RUNTIME));
+ assertNull(mgmt.getConfig().getFirst(TEST_KEY_RUNTIME));
org.osgi.service.cm.Configuration config = configAdmin.getConfiguration("brooklyn", null);
assertEquals(config.getProperties().get(TEST_KEY_IN_CFG), TEST_VALUE_IN_CFG);
config.getProperties().put(TEST_KEY_RUNTIME, TEST_VALUE_RUNTIME);
config.update();
+ log.info("Waiting for Brooklyn mgmt "+mgmt+" to see updated value...");
Asserts.succeedsEventually(new Runnable() {
@Override
public void run() {
diff --git a/karaf/itest/src/test/java/org/apache/brooklyn/security/CustomSecurityProvider.java b/karaf/itest/src/test/java/org/apache/brooklyn/security/CustomSecurityProvider.java
index ca9ac0ee6..50195bf5b 100644
--- a/karaf/itest/src/test/java/org/apache/brooklyn/security/CustomSecurityProvider.java
+++ b/karaf/itest/src/test/java/org/apache/brooklyn/security/CustomSecurityProvider.java
@@ -24,10 +24,17 @@
import org.apache.brooklyn.rest.security.provider.SecurityProvider;
public class CustomSecurityProvider extends AbstractSecurityProvider implements SecurityProvider {
+
+ static final String USER = "custom";
@Override
public boolean authenticate(HttpSession session, String user, String password) {
- return "custom".equals(user);
+ return USER.equals(user);
+ }
+
+ @Override
+ public boolean requiresUserPass() {
+ return true;
}
}
diff --git a/karaf/itest/src/test/java/org/apache/brooklyn/security/CustomSecurityProviderTest.java b/karaf/itest/src/test/java/org/apache/brooklyn/security/CustomSecurityProviderTest.java
index bfed1b860..cbd330e5d 100644
--- a/karaf/itest/src/test/java/org/apache/brooklyn/security/CustomSecurityProviderTest.java
+++ b/karaf/itest/src/test/java/org/apache/brooklyn/security/CustomSecurityProviderTest.java
@@ -19,32 +19,19 @@
package org.apache.brooklyn.security;
import static org.apache.brooklyn.KarafTestUtils.defaultOptionsWith;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertEquals;
import static org.ops4j.pax.exam.CoreOptions.streamBundle;
+import static org.ops4j.pax.exam.karaf.options.KarafDistributionOption.editConfigurationFilePut;
import java.io.IOException;
import javax.inject.Inject;
-import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.auth.login.AppConfigurationEntry;
-import javax.security.auth.login.FailedLoginException;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
import org.apache.brooklyn.api.mgmt.ManagementContext;
-import org.apache.brooklyn.core.internal.BrooklynProperties;
import org.apache.brooklyn.rest.BrooklynWebConfig;
-import org.apache.brooklyn.rest.security.jaas.BrooklynLoginModule;
-import org.apache.brooklyn.test.Asserts;
import org.apache.brooklyn.test.IntegrationTest;
+import org.apache.brooklyn.util.text.Identifiers;
+import org.apache.http.HttpStatus;
import org.apache.karaf.features.BootFinished;
-import org.junit.Before;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
@@ -57,13 +44,13 @@
import org.ops4j.pax.tinybundles.core.TinyBundles;
import org.osgi.framework.Constants;
-import com.google.common.collect.ImmutableSet;
-
@RunWith(PaxExam.class)
@ExamReactorStrategy(PerClass.class)
@Category(IntegrationTest.class)
public class CustomSecurityProviderTest {
- private static final String WEBCONSOLE_REALM = "webconsole";
+
+ private static final String NEW_SECURITY_TEST_BUNDLE = "org.apache.brooklyn.test.security";
+ private static final String NEW_SECURITY_TEST_BUNDLE_VERSION = "1.0.0";
/**
* To make sure the tests run only when the boot features are fully
@@ -82,76 +69,36 @@
return defaultOptionsWith(
streamBundle(TinyBundles.bundle()
.add(CustomSecurityProvider.class)
- .add("OSGI-INF/blueprint/security.xml", CustomSecurityProviderTest.class.getResource("/custom-security-bp.xml"))
.set(Constants.BUNDLE_MANIFESTVERSION, "2") // defaults to 1 which doesn't work
- .set(Constants.BUNDLE_SYMBOLICNAME, "org.apache.brooklyn.test.security")
- .set(Constants.BUNDLE_VERSION, "1.0.0")
+ .set(Constants.BUNDLE_SYMBOLICNAME, NEW_SECURITY_TEST_BUNDLE)
+ .set(Constants.BUNDLE_VERSION, NEW_SECURITY_TEST_BUNDLE_VERSION)
.set(Constants.DYNAMICIMPORT_PACKAGE, "*")
.set(Constants.EXPORT_PACKAGE, CustomSecurityProvider.class.getPackage().getName())
- .build())
+ .build()),
+ editConfigurationFilePut("etc/brooklyn.cfg",
+ BrooklynWebConfig.SECURITY_PROVIDER_CLASSNAME.getName(), CustomSecurityProvider.class.getCanonicalName()),
+ editConfigurationFilePut("etc/brooklyn.cfg",
+ BrooklynWebConfig.SECURITY_PROVIDER_BUNDLE.getName(), NEW_SECURITY_TEST_BUNDLE),
+ editConfigurationFilePut("etc/brooklyn.cfg",
+ BrooklynWebConfig.SECURITY_PROVIDER_BUNDLE_VERSION.getName(), NEW_SECURITY_TEST_BUNDLE_VERSION)
// Uncomment this for remote debugging the tests on port 5005
// ,KarafDistributionOption.debugConfiguration()
);
}
- @Before
- public void setUp() {
- // Works only before initializing the security provider (i.e. before first use)
- // TODO Dirty hack to inject the needed properties. Improve once managementContext is configurable.
- // Alternatively re-register a test managementContext service (how?)
- BrooklynProperties brooklynProperties = (BrooklynProperties)managementContext.getConfig();
- brooklynProperties.put(BrooklynWebConfig.SECURITY_PROVIDER_CLASSNAME.getName(), CustomSecurityProvider.class.getCanonicalName());
- }
-
- @Test(expected = FailedLoginException.class)
- public void checkLoginFails() throws LoginException {
- assertRealmRegisteredEventually(WEBCONSOLE_REALM);
- doLogin("invalid", "auth");
- }
-
@Test
- public void checkLoginSucceeds() throws LoginException {
- assertRealmRegisteredEventually(WEBCONSOLE_REALM);
- String user = "custom";
- LoginContext lc = doLogin(user, "password");
- Subject subject = lc.getSubject();
- assertNotNull(subject);
- assertEquals(subject.getPrincipals(), ImmutableSet.of(
- new BrooklynLoginModule.UserPrincipal(user),
- new BrooklynLoginModule.RolePrincipal("users")));
+ public void checkRestSecurityNoUserFails() throws IOException {
+ StockSecurityProviderTest.checkSecurity(null, null, HttpStatus.SC_UNAUTHORIZED);
}
- private LoginContext doLogin(final String username, final String password) throws LoginException {
- assertRealmRegisteredEventually(WEBCONSOLE_REALM);
- LoginContext lc = new LoginContext(WEBCONSOLE_REALM, new CallbackHandler() {
- @Override
- public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
- for (int i = 0; i < callbacks.length; i++) {
- Callback callback = callbacks[i];
- if (callback instanceof PasswordCallback) {
- PasswordCallback passwordCallback = (PasswordCallback)callback;
- passwordCallback.setPassword(password.toCharArray());
- } else if (callback instanceof NameCallback) {
- NameCallback nameCallback = (NameCallback)callback;
- nameCallback.setName(username);
- }
- }
- }
- });
- lc.login();
- return lc;
+ @Test
+ public void checkRestSecurityWrongUserFails() throws IOException {
+ StockSecurityProviderTest.checkSecurity("admin", "password", HttpStatus.SC_UNAUTHORIZED);
}
- private void assertRealmRegisteredEventually(final String userPassRealm) {
- // Need to wait a bit for the realm to get registered, any OSGi way to do this?
- Asserts.succeedsEventually(new Runnable() {
- @Override
- public void run() {
- javax.security.auth.login.Configuration initialConfig = javax.security.auth.login.Configuration.getConfiguration();
- AppConfigurationEntry[] realm = initialConfig.getAppConfigurationEntry(userPassRealm);
- assertNotNull(realm);
- }
- });
+ @Test
+ public void checkRestSecuritySucceeds() throws IOException {
+ StockSecurityProviderTest.checkSecurity(CustomSecurityProvider.USER, "any-password-"+Identifiers.makeRandomId(2), HttpStatus.SC_OK);
}
}
diff --git a/karaf/itest/src/test/java/org/apache/brooklyn/security/StockSecurityProviderTest.java b/karaf/itest/src/test/java/org/apache/brooklyn/security/StockSecurityProviderTest.java
index 00d09250c..dbd70f7f7 100644
--- a/karaf/itest/src/test/java/org/apache/brooklyn/security/StockSecurityProviderTest.java
+++ b/karaf/itest/src/test/java/org/apache/brooklyn/security/StockSecurityProviderTest.java
@@ -20,21 +20,12 @@
import static org.apache.brooklyn.KarafTestUtils.defaultOptionsWith;
import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
+import static org.ops4j.pax.exam.karaf.options.KarafDistributionOption.editConfigurationFilePut;
import java.io.IOException;
import java.util.concurrent.Callable;
import javax.inject.Inject;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.auth.login.AppConfigurationEntry;
-import javax.security.auth.login.FailedLoginException;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
import org.apache.brooklyn.api.mgmt.ManagementContext;
import org.apache.brooklyn.core.internal.BrooklynProperties;
@@ -69,7 +60,6 @@
@Category(IntegrationTest.class)
public class StockSecurityProviderTest {
- private static final String WEBCONSOLE_REALM = "webconsole";
private static final String USER = "admin";
private static final String PASSWORD = "password";
@@ -88,6 +78,13 @@
@Configuration
public static Option[] configuration() throws Exception {
return defaultOptionsWith(
+ editConfigurationFilePut("etc/brooklyn.cfg",
+ BrooklynWebConfig.SECURITY_PROVIDER_CLASSNAME.getName(), ExplicitUsersSecurityProvider.class.getCanonicalName()),
+ editConfigurationFilePut("etc/brooklyn.cfg",
+ BrooklynWebConfig.SECURITY_PROVIDER_CLASSNAME.getName()+".users", USER),
+ editConfigurationFilePut("etc/brooklyn.cfg",
+ BrooklynWebConfig.SECURITY_PROVIDER_CLASSNAME.getName()+".user."+USER, PASSWORD)
+
// Uncomment this for remote debugging the tests on port 5005
// KarafDistributionOption.debugConfiguration()
);
@@ -99,28 +96,17 @@ public void setUp() {
addUser(USER, PASSWORD);
}
- @Test(expected = FailedLoginException.class)
- public void checkLoginFails() throws LoginException {
- doLogin("invalid", "auth");
- }
-
- @Test
- public void checkLoginSucceeds() throws LoginException {
- LoginContext lc = doLogin(USER, PASSWORD);
- assertNotNull(lc.getSubject());
- }
-
@Test
public void checkRestSecurityFails() throws IOException {
- checkRestSecurity(null, null, HttpStatus.SC_UNAUTHORIZED);
+ checkSecurity(null, null, HttpStatus.SC_UNAUTHORIZED);
}
@Test
public void checkRestSecuritySucceeds() throws IOException {
- checkRestSecurity(USER, PASSWORD, HttpStatus.SC_OK);
+ checkSecurity(USER, PASSWORD, HttpStatus.SC_OK);
}
- private void checkRestSecurity(String username, String password, final int code) throws IOException {
+ static void checkSecurity(String username, String password, final int code) throws IOException {
CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
if (username != null && password != null) {
credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(username, password));
@@ -130,17 +116,21 @@ private void checkRestSecurity(String username, String password, final int code)
Asserts.succeedsEventually(new Callable<Void>() {
@Override
public Void call() throws Exception {
- assertResponseEquals(client, code);
+ assertResponseEquals(urlBase()+"/v1/server/ha/state", client, code);
+ assertResponseEquals(urlBase()+"/", client, code);
+ assertResponseEquals(urlBase()+"/brooklyn-ui-catalog", client, code);
return null;
}
});
}
}
- private void assertResponseEquals(CloseableHttpClient httpclient, int code) throws IOException, ClientProtocolException {
- // TODO get this dynamically (from CXF service?)
- // TODO port is static, should make it dynamic
- HttpGet httpGet = new HttpGet("http://localhost:8081/v1/server/ha/state");
+ // TODO get this dynamically (from CXF service?)
+ // TODO port is static, should make it dynamic
+ private static String urlBase() { return "http://localhost:8081"; }
+
+ private static void assertResponseEquals(String url, CloseableHttpClient httpclient, int code) throws IOException, ClientProtocolException {
+ HttpGet httpGet = new HttpGet(url);
try (CloseableHttpResponse response = httpclient.execute(httpGet)) {
assertEquals(code, response.getStatusLine().getStatusCode());
}
@@ -156,37 +146,4 @@ private void addUser(String username, String password) {
brooklynProperties.put(BrooklynWebConfig.PASSWORD_FOR_USER(username), password);
}
- private LoginContext doLogin(final String username, final String password) throws LoginException {
- assertRealmRegisteredEventually(WEBCONSOLE_REALM);
- LoginContext lc = new LoginContext(WEBCONSOLE_REALM, new CallbackHandler() {
- @Override
- public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
- for (int i = 0; i < callbacks.length; i++) {
- Callback callback = callbacks[i];
- if (callback instanceof PasswordCallback) {
- PasswordCallback passwordCallback = (PasswordCallback)callback;
- passwordCallback.setPassword(password.toCharArray());
- } else if (callback instanceof NameCallback) {
- NameCallback nameCallback = (NameCallback)callback;
- nameCallback.setName(username);
- }
- }
- }
- });
- lc.login();
- return lc;
- }
-
- private void assertRealmRegisteredEventually(final String userPassRealm) {
- // Need to wait a bit for the realm to get registered, any OSGi way to do this?
- Asserts.succeedsEventually(new Runnable() {
- @Override
- public void run() {
- javax.security.auth.login.Configuration initialConfig = javax.security.auth.login.Configuration.getConfiguration();
- AppConfigurationEntry[] realm = initialConfig.getAppConfigurationEntry(userPassRealm);
- assertNotNull(realm);
- }
- });
- }
-
}
diff --git a/karaf/itest/src/test/resources/custom-security-bp.xml b/karaf/itest/src/test/resources/custom-security-bp.xml
deleted file mode 100644
index ace4454de..000000000
--- a/karaf/itest/src/test/resources/custom-security-bp.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-Copyright 2015 The Apache Software Foundation.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.0.0"
- xmlns:jaxws="http://cxf.apache.org/blueprint/jaxws"
- xmlns:jaxrs="http://cxf.apache.org/blueprint/jaxrs"
- xmlns:cxf="http://cxf.apache.org/blueprint/core"
- xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
- xsi:schemaLocation="
- http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
- http://cxf.apache.org/blueprint/jaxws http://cxf.apache.org/schemas/blueprint/jaxws.xsd
- http://cxf.apache.org/blueprint/jaxrs http://cxf.apache.org/schemas/blueprint/jaxrs.xsd
- http://cxf.apache.org/blueprint/core http://cxf.apache.org/schemas/blueprint/core.xsd
- http://karaf.apache.org/xmlns/jaas/v1.0.0 http://karaf.apache.org/xmlns/jaas/v1.0.0
- ">
-
- <jaas:config name="webconsole" rank="1">
- <jaas:module className="org.apache.brooklyn.rest.security.jaas.BrooklynLoginModule"
- flags="required">
- brooklyn.webconsole.security.provider.symbolicName=org.apache.brooklyn.test.security
- brooklyn.webconsole.security.provider.version=1.0.0
- brooklyn.webconsole.security.provider.role=users
- </jaas:module>
- </jaas:config>
-</blueprint>
diff --git a/karaf/pom.xml b/karaf/pom.xml
index 58109c5f7..19d3c4ee3 100644
--- a/karaf/pom.xml
+++ b/karaf/pom.xml
@@ -42,7 +42,7 @@
<lifecycle-mapping-plugin.version>1.0.0</lifecycle-mapping-plugin.version>
<!-- pax-exam -->
- <pax.exam.version>4.11.0</pax.exam.version>
+ <pax.exam.version>4.13.1</pax.exam.version>
<pax.url.version>2.5.2</pax.url.version>
<ops4j.base.version>1.5.0</ops4j.base.version>
With regards,
Apache Git Services