Repository: brooklyn-server Updated Branches: refs/heads/master 770709475 -> 601ea0d2e
BROOKLYN-417: default to no-auth Project: http://git-wip-us.apache.org/repos/asf/brooklyn-server/repo Commit: http://git-wip-us.apache.org/repos/asf/brooklyn-server/commit/969ed826 Tree: http://git-wip-us.apache.org/repos/asf/brooklyn-server/tree/969ed826 Diff: http://git-wip-us.apache.org/repos/asf/brooklyn-server/diff/969ed826 Branch: refs/heads/master Commit: 969ed826142c9d03605bb75cdc967d54f231cf21 Parents: 7707094 Author: Aled Sage <aled.s...@gmail.com> Authored: Wed Dec 21 14:02:12 2016 +0000 Committer: Aled Sage <aled.s...@gmail.com> Committed: Wed Dec 21 14:45:01 2016 +0000 ---------------------------------------------------------------------- .../brooklyn/launcher/BrooklynLauncher.java | 44 ++++++++++---------- .../brooklyn/launcher/BrooklynLauncherTest.java | 38 +++++++++++++++++ .../org/apache/brooklyn/util/http/HttpTool.java | 2 +- 3 files changed, 62 insertions(+), 22 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/969ed826/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynLauncher.java ---------------------------------------------------------------------- diff --git a/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynLauncher.java b/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynLauncher.java index 1b8e193..fe17b89 100644 --- a/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynLauncher.java +++ b/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynLauncher.java @@ -32,6 +32,7 @@ import org.apache.brooklyn.api.location.Location; import org.apache.brooklyn.api.location.PortRange; import org.apache.brooklyn.api.mgmt.ManagementContext; import org.apache.brooklyn.core.config.ConfigPredicates; +import org.apache.brooklyn.core.config.Sanitizer; import org.apache.brooklyn.core.entity.trait.Startable; import org.apache.brooklyn.core.internal.BrooklynProperties; import org.apache.brooklyn.core.location.PortRanges; @@ -123,7 +124,7 @@ public class BrooklynLauncher extends BasicLauncher<BrooklynLauncher> { } public BrooklynLauncher installSecurityFilter(Boolean val) { - this.skipSecurityFilter = val == null ? null : !val; + this.skipSecurityFilter = (val == null ? null : !val); return this; } @@ -283,31 +284,32 @@ public class BrooklynLauncher extends BasicLauncher<BrooklynLauncher> { // The security provider will let anyone in, but still require a password to be entered. // Skip password request dialog if we know the provider will let users through. boolean anyoneSecurityProvider = AnyoneSecurityProvider.class.getName().equals(securityProvider); + boolean noSecurityOptions = BrooklynWebConfig.hasNoSecurityOptions(managementContext.getConfig()); + boolean skipSecurity = Boolean.TRUE.equals(skipSecurityFilter) || anyoneSecurityProvider || noSecurityOptions; // No security options in properties and no command line options overriding. - if (Boolean.TRUE.equals(skipSecurityFilter) && bindAddress==null) { - LOG.info("Starting Brooklyn web-console on loopback because security is explicitly disabled and no bind address specified"); - bindAddress = Networking.LOOPBACK; - } else if (BrooklynWebConfig.hasNoSecurityOptions(managementContext.getConfig())) { - LOG.info("No security provider options specified. Define a security provider or users to prevent a random password being created and logged."); - - if (bindAddress==null) { - LOG.info("Starting Brooklyn web-console with passwordless access on localhost and protected access from any other interfaces (no bind address specified)"); + if (Boolean.TRUE.equals(skipSecurityFilter)) { + if (bindAddress == null) { + LOG.info("Starting Brooklyn web-console with security explicitly disabled, on loopback because no bind address specified"); + bindAddress = Networking.LOOPBACK; } else { - if (Arrays.equals(new byte[] { 127, 0, 0, 1 }, bindAddress.getAddress())) { - LOG.info("Starting Brooklyn web-console with passwordless access on localhost"); - } else if (Arrays.equals(new byte[] { 0, 0, 0, 0 }, bindAddress.getAddress())) { - LOG.info("Starting Brooklyn web-console with passwordless access on localhost and random password (logged) required from any other interfaces"); - } else { - LOG.info("Starting Brooklyn web-console with passwordless access on localhost (if permitted) and random password (logged) required from any other interfaces"); - } + LOG.info("Starting Brooklyn web-console with security explicitly disabled, on bind address {}", bindAddress.getHostAddress()); } - brooklynProperties.put( - BrooklynWebConfig.SECURITY_PROVIDER_INSTANCE, - new BrooklynUserWithRandomPasswordSecurityProvider(managementContext)); + + } else if (anyoneSecurityProvider) { + String bindAddressMsg = (bindAddress == null ? "<any>" : bindAddress.getHostAddress()); + LOG.info("Starting Brooklyn web-console with AnyoneSecurityProvider (no authentication), on bind address {}", bindAddressMsg); + + } else if (noSecurityOptions) { + String bindAddressMsg = (bindAddress == null ? "<any>" : bindAddress.getHostAddress()); + LOG.info("Starting Brooklyn web-console with no security options (defaulting to no authentication), on bind address {}", bindAddressMsg); + } else { - LOG.debug("Starting Brooklyn using security properties: "+brooklynProperties.submap(ConfigPredicates.nameStartsWith(BrooklynWebConfig.BASE_NAME_SECURITY)).asMapWithStringKeys()); + String bindAddressMsg = (bindAddress == null ? "<any>" : bindAddress.getHostAddress()); + Map<?,?> securityProps = brooklynProperties.submap(ConfigPredicates.nameStartsWith(BrooklynWebConfig.BASE_NAME_SECURITY)).asMapWithStringKeys(); + LOG.debug("Starting Brooklyn (bind address {}), using security properties: {}", bindAddressMsg, Sanitizer.sanitize(securityProps)); } + if (bindAddress == null) bindAddress = Networking.ANY_NIC; LOG.debug("Starting Brooklyn web-console with bindAddress "+bindAddress+" and properties "+brooklynProperties); @@ -319,7 +321,7 @@ public class BrooklynLauncher extends BasicLauncher<BrooklynLauncher> { if (useHttps!=null) webServer.setHttpsEnabled(useHttps); webServer.setShutdownHandler(shutdownHandler); webServer.putAttributes(brooklynProperties); - webServer.skipSecurity(Boolean.TRUE.equals(skipSecurityFilter) || anyoneSecurityProvider); + webServer.skipSecurity(skipSecurity); for (WebAppContextProvider webapp : webApps) { webServer.addWar(webapp); } http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/969ed826/launcher/src/test/java/org/apache/brooklyn/launcher/BrooklynLauncherTest.java ---------------------------------------------------------------------- diff --git a/launcher/src/test/java/org/apache/brooklyn/launcher/BrooklynLauncherTest.java b/launcher/src/test/java/org/apache/brooklyn/launcher/BrooklynLauncherTest.java index b70c1fe..fe5eda6 100644 --- a/launcher/src/test/java/org/apache/brooklyn/launcher/BrooklynLauncherTest.java +++ b/launcher/src/test/java/org/apache/brooklyn/launcher/BrooklynLauncherTest.java @@ -42,11 +42,16 @@ import org.apache.brooklyn.core.test.entity.TestApplicationImpl; import org.apache.brooklyn.core.test.entity.TestEntity; import org.apache.brooklyn.launcher.common.BrooklynPropertiesFactoryHelperTest; import org.apache.brooklyn.location.localhost.LocalhostMachineProvisioningLocation; +import org.apache.brooklyn.rest.BrooklynWebConfig; import org.apache.brooklyn.util.http.HttpAsserts; +import org.apache.brooklyn.util.http.HttpTool; +import org.apache.brooklyn.util.http.HttpToolResponse; import org.apache.brooklyn.util.io.FileUtil; import org.apache.brooklyn.util.net.Urls; import org.apache.brooklyn.util.os.Os; import org.apache.brooklyn.util.text.Strings; +import org.apache.http.auth.UsernamePasswordCredentials; +import org.apache.http.client.methods.HttpGet; import org.testng.Assert; import org.testng.annotations.AfterMethod; import org.testng.annotations.Test; @@ -102,6 +107,39 @@ public class BrooklynLauncherTest { assertEquals(webappTempDir.getAbsolutePath(), expectedTempDir); } + // Integration because takes a few seconds to start web-console + @Test(groups="Integration") + public void testStartsWebServerWithoutAuthentication() throws Exception { + launcher = newLauncherForTests(true) + .start(); + String uri = launcher.getServerDetails().getWebServerUrl(); + + HttpToolResponse response = HttpTool.execAndConsume(HttpTool.httpClientBuilder().build(), new HttpGet(uri)); + assertEquals(response.getResponseCode(), 200); + } + + // Integration because takes a few seconds to start web-console + @Test(groups="Integration") + public void testStartsWebServerWithCredentials() throws Exception { + launcher = newLauncherForTests(true) + .webconsolePort("10000+") + .brooklynProperties(BrooklynWebConfig.USERS, "myname") + .brooklynProperties(BrooklynWebConfig.PASSWORD_FOR_USER("myname"), "mypassword") + .start(); + String uri = launcher.getServerDetails().getWebServerUrl(); + + HttpToolResponse response = HttpTool.execAndConsume(HttpTool.httpClientBuilder().build(), new HttpGet(uri)); + assertEquals(response.getResponseCode(), 401); + + HttpToolResponse response2 = HttpTool.execAndConsume( + HttpTool.httpClientBuilder() + .uri(uri) + .credentials(new UsernamePasswordCredentials("myname", "mypassword")) + .build(), + new HttpGet(uri)); + assertEquals(response2.getResponseCode(), 200); + } + @Test public void testCanDisableWebServerStartup() throws Exception { launcher = newLauncherForTests(true) http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/969ed826/utils/common/src/main/java/org/apache/brooklyn/util/http/HttpTool.java ---------------------------------------------------------------------- diff --git a/utils/common/src/main/java/org/apache/brooklyn/util/http/HttpTool.java b/utils/common/src/main/java/org/apache/brooklyn/util/http/HttpTool.java index bff9dfc..6ee3040 100644 --- a/utils/common/src/main/java/org/apache/brooklyn/util/http/HttpTool.java +++ b/utils/common/src/main/java/org/apache/brooklyn/util/http/HttpTool.java @@ -315,7 +315,7 @@ public class HttpTool { this.credentials = checkNotNull(val, "credentials"); return this; } - public HttpClientBuilder credential(Optional<Credentials> val) { + public HttpClientBuilder credential(Optional<? extends Credentials> val) { if (val.isPresent()) credentials = val.get(); return this; }