[
https://issues.apache.org/jira/browse/BROOKLYN-51?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14126879#comment-14126879
]
ASF GitHub Bot commented on BROOKLYN-51:
----------------------------------------
Github user sjcorbett commented on a diff in the pull request:
https://github.com/apache/incubator-brooklyn/pull/154#discussion_r17293749
--- Diff:
usage/rest-server/src/main/java/brooklyn/rest/security/provider/BrooklynUserWithRandomPasswordSecurityProvider.java
---
@@ -0,0 +1,58 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package brooklyn.rest.security.provider;
+
+import javax.servlet.http.HttpSession;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import brooklyn.management.ManagementContext;
+import brooklyn.rest.security.BrooklynPropertiesSecurityFilter;
+import brooklyn.util.text.Identifiers;
+
+public class BrooklynUserWithRandomPasswordSecurityProvider extends
AbstractSecurityProvider implements SecurityProvider {
+
+ public static final Logger LOG =
LoggerFactory.getLogger(BrooklynUserWithRandomPasswordSecurityProvider.class);
+ private static final String USER = "brooklyn";
+ private final String password;
+
+ public BrooklynUserWithRandomPasswordSecurityProvider() {
+ this.password = Identifiers.makeRandomId(10);
+ LOG.info("Allowing access to web console from localhost or with
{}:{}", USER, password);
--- End diff --
I would have used `sysout` from `BrooklynLauncher` but to do that I think I
would have had to have made `password` static. The security provider's
instantiation is deferred until the first request to the server and the
launcher has no way to access the instance used (by
`DelegatingSecurityProvider`). I thought that it was better to keep `password`
different between instances of the class (should there be any).
> Remote access without configuring a username and password
> ---------------------------------------------------------
>
> Key: BROOKLYN-51
> URL: https://issues.apache.org/jira/browse/BROOKLYN-51
> Project: Brooklyn
> Issue Type: Sub-task
> Affects Versions: 0.7.0-M1
> Reporter: Richard Downer
> Assignee: Sam Corbett
> Fix For: 0.7.0
>
>
> By default, if Brooklyn is not configured with a username+password in
> brooklyn.properties, Brooklyn will *only* bind to the localhost interface,
> refusing connections from the network.
> To ease first time users starting Brooklyn on a server, change Brooklyn to:
> 1. Always bind on all interfaces;
> 2. If no username and password is configured, generate one randomly and print
> the details to the console
> 3. Additionally, if no username and password is configured, continue to allow
> passwordless logins on the localhost interface.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
