Alon Bar-Lev has uploaded a new change for review. Change subject: authentication: pki: cleanup properties ......................................................................
authentication: pki: cleanup properties prefix all with ssl, cleanup naming, remove unused getters. rename: servletURL->getSessionUserGetSessionUserServletURL expose: sslTrustStoreType rename: trustStorePath->sslTrustStorePath rename: trustStorePassword->sslTrrustStorePassword rename: sslIgnoreCertErrors->sslInsecure rename: sslIgnoreHostVerification->sslNoHostVerification sslInsecure also triggers sslNoHostVerification. Change-Id: I5ebc86f05b508a069e81639356d10477ee0a3acf Signed-off-by: Alon Bar-Lev <[email protected]> --- M ovirt-engine-reports/EngineAuthentication/src/main/java/org/ovirt/authentication/EngineSimplePreAuthFilter.java M packaging/jasper-customizations/WEB-INF/applicationContext-ovirt-override.xml M packaging/legacy-setup/ovirt-engine-reports-setup.py 3 files changed, 50 insertions(+), 51 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-reports refs/changes/35/23535/1 diff --git a/ovirt-engine-reports/EngineAuthentication/src/main/java/org/ovirt/authentication/EngineSimplePreAuthFilter.java b/ovirt-engine-reports/EngineAuthentication/src/main/java/org/ovirt/authentication/EngineSimplePreAuthFilter.java index 78ead0d..a064f0e 100755 --- a/ovirt-engine-reports/EngineAuthentication/src/main/java/org/ovirt/authentication/EngineSimplePreAuthFilter.java +++ b/ovirt-engine-reports/EngineAuthentication/src/main/java/org/ovirt/authentication/EngineSimplePreAuthFilter.java @@ -50,19 +50,21 @@ * It gets a session ID, and validates it using the oVirt engine, getting the logged-in user. */ public class EngineSimplePreAuthFilter extends AbstractPreAuthenticatedProcessingFilter { - protected AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource(); - // Will be set using the bean properties defined in applicationContext-security-web.xml file - private String servletURL; - private int pollingTimeout; - private String SESSION_DATA_FORMAT = "sessionID=%1$s"; - private int DEFAULT_POLLING_TIMEOUT = 30; // in seconds - private String trustStorePath; - private String trustStorePassword; - private String sslProtocol = "TLS"; - private String trustStoreType = "JKS"; private final Log logger = LogFactory.getLog(EngineSimplePreAuthFilter.class); - private boolean sslIgnoreCertErrors = false; - private boolean sslIgnoreHostVerification = false; + + private final String SESSION_DATA_FORMAT = "sessionID=%1$s"; + private final int DEFAULT_POLLING_TIMEOUT = 60; // in seconds + + private String getSessionUserGetSessionUserServletURL; + private int pollingTimeout; + private String sslTrustStoreType = "JKS"; + private String sslTrustStorePath; + private String sslTrustStorePassword; + private String sslProtocol = "TLS"; + private boolean sslInsecure = false; + private boolean sslNoHostVerification = false; + + protected AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource(); @Override protected Object getPreAuthenticatedCredentials(HttpServletRequest arg0) { @@ -122,20 +124,22 @@ logger.debug( String.format( - "createURLConnection: servletURL=%s, sslIgnoreCertErrors=%s, sslIgnoreHostVerification=%s, trustStorePath=%s", - servletURL, - sslIgnoreCertErrors, - sslIgnoreHostVerification, - trustStorePath + "createURLConnection: getSessionUserGetSessionUserServletURL=%s, sslInsecure=%s, sslNoHostVerification=%s, sslTrustStoreType=%s, sslTrustStorePath=%s, sslProtocol=%s", + getSessionUserGetSessionUserServletURL, + sslInsecure, + sslNoHostVerification, + sslTrustStoreType, + sslTrustStorePath, + sslProtocol ) ); - URL url = new URL(servletURL); + URL url = new URL(getSessionUserGetSessionUserServletURL); HttpURLConnection servletConnection = (HttpURLConnection) url.openConnection(); if ("https".equals(url.getProtocol())) { TrustManager[] trustManagers; - if (sslIgnoreCertErrors) { + if (sslInsecure) { trustManagers = new TrustManager[] { new X509TrustManager() { @Override @@ -150,11 +154,11 @@ }; } else { - if (trustStorePassword == null || trustStorePath == null) { + if (sslTrustStorePassword == null || sslTrustStorePath == null) { throw new RuntimeException("The Supplied URL is secured, however no trust store path or password were supplied."); } - KeyStore trustStore = KeyStore.getInstance(trustStoreType); - trustStore.load(new FileInputStream(trustStorePath), trustStorePassword.toCharArray()); + KeyStore trustStore = KeyStore.getInstance(sslTrustStoreType); + trustStore.load(new FileInputStream(sslTrustStorePath), sslTrustStorePassword.toCharArray()); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); trustManagers = trustManagerFactory.getTrustManagers(); @@ -165,7 +169,7 @@ HttpsURLConnection httpsConnection = (HttpsURLConnection)servletConnection; httpsConnection.setSSLSocketFactory(ctx.getSocketFactory()); - if (sslIgnoreHostVerification) { + if (sslNoHostVerification || sslInsecure) { httpsConnection.setHostnameVerifier( new HostnameVerifier() { @Override @@ -277,12 +281,12 @@ authRequest.setDetails(authenticationDetailsSource.buildDetails(request)); } - public String getServletURL() { - return servletURL; + public String getGetSessionUserServletURL() { + return getSessionUserGetSessionUserServletURL; } - public void setServletURL(String servletURL) { - this.servletURL = servletURL; + public void setGetSessionUserServletURL(String getSessionUserGetSessionUserServletURL) { + this.getSessionUserGetSessionUserServletURL = getSessionUserGetSessionUserServletURL; } public int getPollingTimeout() { @@ -298,31 +302,27 @@ } } - public void setTrustStorePath(String trustStorePath) { - this.trustStorePath = trustStorePath; + public void setSslTrustStoreType(String sslTrustStoreType) { + this.sslTrustStoreType = sslTrustStoreType; } - public void setTrustStorePassword(String trustStorePassword) { - this.trustStorePassword = trustStorePassword; + public void setSslTrustStorePath(String sslTrustStorePath) { + this.sslTrustStorePath = sslTrustStorePath; + } + + public void setSslTrustStorePassword(String sslTrustStorePassword) { + this.sslTrustStorePassword = sslTrustStorePassword; } public void setSslProtocol(String sslProtocol) { this.sslProtocol = sslProtocol; } - public boolean getSslIgnoreCertErrors() { - return sslIgnoreCertErrors; + public void setSslInsecure(boolean sslInsecure) { + this.sslInsecure = sslInsecure; } - public void setSslIgnoreCertErrors(boolean sslIgnoreCertErrors) { - this.sslIgnoreCertErrors = sslIgnoreCertErrors; - } - - public boolean getSslIgnoreHostVerification() { - return sslIgnoreHostVerification; - } - - public void setSslIgnoreHostVerification(boolean sslIgnoreHostVerification) { - this.sslIgnoreHostVerification = sslIgnoreHostVerification; + public void setSslNoHostVerification(boolean sslNoHostVerification) { + this.sslNoHostVerification = sslNoHostVerification; } } diff --git a/packaging/jasper-customizations/WEB-INF/applicationContext-ovirt-override.xml b/packaging/jasper-customizations/WEB-INF/applicationContext-ovirt-override.xml index d296e59..b1c1e27 100644 --- a/packaging/jasper-customizations/WEB-INF/applicationContext-ovirt-override.xml +++ b/packaging/jasper-customizations/WEB-INF/applicationContext-ovirt-override.xml @@ -31,10 +31,9 @@ <property name="authenticationManager"> <ref bean="authenticationManager"/> </property> - <property name="servletURL" value="http://localhost/ovirt-engine/services/get-session-user"/> - <property name="pollingTimeout" value="60"/> - <property name="trustStorePath" value="/usr/local/jboss-as/truststore"/> - <property name="trustStorePassword" value="NoSoup4U"/> + <property name="getSessionUserServletURL" value="http://localhost/ovirt-engine/services/get-session-user"/> + <property name="sslTrustStorePath" value="/usr/local/jboss-as/truststore"/> + <property name="sslTrustStorePassword" value="NoSoup4U"/> </bean> <bean class="org.ovirt.jasperreports.querymodifier.CustomOvirtReportsQueryManipulator" id="CustomOvirtReportsQueryManipulator"> diff --git a/packaging/legacy-setup/ovirt-engine-reports-setup.py b/packaging/legacy-setup/ovirt-engine-reports-setup.py index 8774dea..b21998f 100755 --- a/packaging/legacy-setup/ovirt-engine-reports-setup.py +++ b/packaging/legacy-setup/ovirt-engine-reports-setup.py @@ -937,12 +937,12 @@ logging.debug("replace trust store path and pass") file_content = file_content.replace( - "name=\"trustStorePath\" value=\"/usr/local/jboss-as/truststore\"", - "name=\"trustStorePath\" value=\"%s\"" % OVIRT_REPORTS_TRUST_STORE + "name=\"sslTrustStorePath\" value=\"/usr/local/jboss-as/truststore\"", + "name=\"sslTrustStorePath\" value=\"%s\"" % OVIRT_REPORTS_TRUST_STORE ) file_content = file_content.replace( - "name=\"trustStorePassword\" value=\"NoSoup4U\"", - "name=\"trustStorePassword\" value=\"%s\"" % OVIRT_REPORTS_TRUST_STORE_PASS + "name=\"sslTrustStorePassword\" value=\"NoSoup4U\"", + "name=\"sslTrustStorePassword\" value=\"%s\"" % OVIRT_REPORTS_TRUST_STORE_PASS ) logging.debug("writing replaced content to %s" % FILE_APPLICATION_CONTEXT_OVERRIDE) with open(FILE_APPLICATION_CONTEXT_OVERRIDE, "w") as fd: -- To view, visit http://gerrit.ovirt.org/23535 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I5ebc86f05b508a069e81639356d10477ee0a3acf Gerrit-PatchSet: 1 Gerrit-Project: ovirt-reports Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
