Repository: brooklyn-server Updated Branches: refs/heads/master be89a8dd2 -> 2e4114259
Initialize REST API security correctly for integration tests Also add checks for it in the tests. Tests had different behaviour depending on whether brooklyn-ui existed along brooklyn-server on disk. When brooklyn-ui was there tests would find it and use the web app code from there, including the web.xml which restricts requests to only authorized users. When brooklyn-ui is missing though a default web app without web.xml was being created. This would result in non-authorized requests succeeding. In this case requests including the authorization header would be accepted and rejected if the password is invalid. But in order to include the authorization header the server must first respond with a 401 which didn't happen. Moving web-security.xml to rest-server allows us to force request authentication for tests even if there's no web.xml in the web app. Should be fine moving web-security.xml to rest-server (which is only used in classic) because it's only inserted by classic related code. Karaf Brooklyn doesn't have control over the web apps. Project: http://git-wip-us.apache.org/repos/asf/brooklyn-server/repo Commit: http://git-wip-us.apache.org/repos/asf/brooklyn-server/commit/cd07d816 Tree: http://git-wip-us.apache.org/repos/asf/brooklyn-server/tree/cd07d816 Diff: http://git-wip-us.apache.org/repos/asf/brooklyn-server/diff/cd07d816 Branch: refs/heads/master Commit: cd07d8161ae4688900b824a449760986806c814f Parents: 9b24f7d Author: Svetoslav Neykov <svetoslav.ney...@cloudsoftcorp.com> Authored: Mon Nov 14 12:08:39 2016 +0200 Committer: Svetoslav Neykov <svetoslav.ney...@cloudsoftcorp.com> Committed: Mon Nov 14 12:08:39 2016 +0200 ---------------------------------------------------------------------- launcher/src/main/resources/web-security.xml | 51 ---------------- .../launcher/BrooklynWebServerTest.java | 61 +++++++++++++++----- .../src/main/resources/web-security.xml | 51 ++++++++++++++++ .../brooklyn/rest/BrooklynRestApiLauncher.java | 1 + .../AbstractRestApiEntitlementsTest.java | 18 ++++-- .../ActivityApiEntitlementsTest.java | 17 +++--- .../EntityConfigApiEntitlementsTest.java | 2 + .../entitlement/ScriptApiEntitlementsTest.java | 14 +++-- .../entitlement/SensorApiEntitlementsTest.java | 2 + .../entitlement/ServerApiEntitlementsTest.java | 3 + .../ServerResourceIntegrationTest.java | 2 +- 11 files changed, 139 insertions(+), 83 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/cd07d816/launcher/src/main/resources/web-security.xml ---------------------------------------------------------------------- diff --git a/launcher/src/main/resources/web-security.xml b/launcher/src/main/resources/web-security.xml deleted file mode 100644 index 2311458..0000000 --- a/launcher/src/main/resources/web-security.xml +++ /dev/null @@ -1,51 +0,0 @@ -<!-- - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> -<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" - version="3.1"> - - <security-constraint> - <web-resource-collection> - <web-resource-name>Logout</web-resource-name> - <url-pattern>/v1/logout</url-pattern> - </web-resource-collection> - </security-constraint> - - <!-- Ignored programmatically if noConsoleSecurity --> - <security-constraint> - <web-resource-collection> - <web-resource-name>All</web-resource-name> - <url-pattern>/</url-pattern> - </web-resource-collection> - <auth-constraint> - <role-name>webconsole</role-name> - </auth-constraint> - </security-constraint> - - <login-config> - <auth-method>BASIC</auth-method> - <realm-name>webconsole</realm-name> - </login-config> - - <security-role> - <role-name>webconsole</role-name> - </security-role> - -</web-app> http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/cd07d816/launcher/src/test/java/org/apache/brooklyn/launcher/BrooklynWebServerTest.java ---------------------------------------------------------------------- diff --git a/launcher/src/test/java/org/apache/brooklyn/launcher/BrooklynWebServerTest.java b/launcher/src/test/java/org/apache/brooklyn/launcher/BrooklynWebServerTest.java index 2b8406e..e1eb1b3 100644 --- a/launcher/src/test/java/org/apache/brooklyn/launcher/BrooklynWebServerTest.java +++ b/launcher/src/test/java/org/apache/brooklyn/launcher/BrooklynWebServerTest.java @@ -18,17 +18,13 @@ */ package org.apache.brooklyn.launcher; -import org.apache.brooklyn.core.entity.Entities; -import org.apache.brooklyn.core.internal.BrooklynProperties; -import org.apache.brooklyn.core.mgmt.internal.LocalManagementContext; -import org.apache.brooklyn.core.test.entity.LocalManagementContextForTests; - import static org.testng.Assert.assertEquals; import static org.testng.Assert.assertTrue; import static org.testng.Assert.fail; import java.io.File; import java.io.FileInputStream; +import java.net.SocketException; import java.net.URISyntaxException; import java.net.URL; import java.security.KeyStore; @@ -38,24 +34,31 @@ import java.util.Map; import javax.net.ssl.SSLHandshakeException; +import org.apache.brooklyn.core.entity.Entities; +import org.apache.brooklyn.core.internal.BrooklynProperties; +import org.apache.brooklyn.core.mgmt.internal.LocalManagementContext; +import org.apache.brooklyn.core.test.entity.LocalManagementContextForTests; +import org.apache.brooklyn.rest.BrooklynWebConfig; +import org.apache.brooklyn.util.collections.MutableMap; +import org.apache.brooklyn.util.exceptions.Exceptions; +import org.apache.brooklyn.util.http.HttpTool; +import org.apache.brooklyn.util.http.HttpToolResponse; +import org.apache.http.auth.AuthScope; +import org.apache.http.auth.UsernamePasswordCredentials; +import org.apache.http.client.CredentialsProvider; +import org.apache.http.client.HttpClient; import org.apache.http.client.methods.HttpGet; import org.apache.http.conn.ssl.SSLSocketFactory; -import org.apache.http.impl.client.DefaultHttpClient; +import org.apache.http.impl.client.BasicCredentialsProvider; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.testng.annotations.AfterMethod; import org.testng.annotations.BeforeMethod; import org.testng.annotations.DataProvider; import org.testng.annotations.Test; -import org.apache.brooklyn.rest.BrooklynWebConfig; -import org.apache.brooklyn.util.collections.MutableMap; -import org.apache.brooklyn.util.http.HttpTool; -import org.apache.brooklyn.util.http.HttpToolResponse; -import org.apache.brooklyn.util.exceptions.Exceptions; import com.google.common.collect.ImmutableMap; import com.google.common.collect.Lists; -import java.net.SocketException; public class BrooklynWebServerTest { @@ -92,13 +95,45 @@ public class BrooklynWebServerTest { try { webServer.start(); - HttpToolResponse response = HttpTool.execAndConsume(new DefaultHttpClient(), new HttpGet(webServer.getRootUrl())); + HttpToolResponse response = HttpTool.execAndConsume(HttpTool.httpClientBuilder().build(), new HttpGet(webServer.getRootUrl())); assertEquals(response.getResponseCode(), 200); } finally { webServer.stop(); } } + @Test + public void verifySecurityInitialized() throws Exception { + webServer = new BrooklynWebServer(newManagementContext(brooklynProperties)); + webServer.start(); + try { + HttpToolResponse response = HttpTool.execAndConsume(HttpTool.httpClientBuilder().build(), new HttpGet(webServer.getRootUrl())); + assertEquals(response.getResponseCode(), 401); + } finally { + webServer.stop(); + } + } + + @Test + public void verifySecurityInitializedExplicitUser() throws Exception { + webServer = new BrooklynWebServer(newManagementContext(brooklynProperties)); + webServer.start(); + + CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); + credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("myuser", "somepass")); + HttpClient client = HttpTool.httpClientBuilder() + .credentials(new UsernamePasswordCredentials("myuser", "somepass")) + .uri(webServer.getRootUrl()) + .build(); + + try { + HttpToolResponse response = HttpTool.execAndConsume(client, new HttpGet(webServer.getRootUrl())); + assertEquals(response.getResponseCode(), 401); + } finally { + webServer.stop(); + } + } + @DataProvider(name="keystorePaths") public Object[][] getKeystorePaths() { return new Object[][] { http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/cd07d816/rest/rest-server/src/main/resources/web-security.xml ---------------------------------------------------------------------- diff --git a/rest/rest-server/src/main/resources/web-security.xml b/rest/rest-server/src/main/resources/web-security.xml new file mode 100644 index 0000000..2311458 --- /dev/null +++ b/rest/rest-server/src/main/resources/web-security.xml @@ -0,0 +1,51 @@ +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" + version="3.1"> + + <security-constraint> + <web-resource-collection> + <web-resource-name>Logout</web-resource-name> + <url-pattern>/v1/logout</url-pattern> + </web-resource-collection> + </security-constraint> + + <!-- Ignored programmatically if noConsoleSecurity --> + <security-constraint> + <web-resource-collection> + <web-resource-name>All</web-resource-name> + <url-pattern>/</url-pattern> + </web-resource-collection> + <auth-constraint> + <role-name>webconsole</role-name> + </auth-constraint> + </security-constraint> + + <login-config> + <auth-method>BASIC</auth-method> + <realm-name>webconsole</realm-name> + </login-config> + + <security-role> + <role-name>webconsole</role-name> + </security-role> + +</web-app> http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/cd07d816/rest/rest-server/src/test/java/org/apache/brooklyn/rest/BrooklynRestApiLauncher.java ---------------------------------------------------------------------- diff --git a/rest/rest-server/src/test/java/org/apache/brooklyn/rest/BrooklynRestApiLauncher.java b/rest/rest-server/src/test/java/org/apache/brooklyn/rest/BrooklynRestApiLauncher.java index 4dc3d66..b600159 100644 --- a/rest/rest-server/src/test/java/org/apache/brooklyn/rest/BrooklynRestApiLauncher.java +++ b/rest/rest-server/src/test/java/org/apache/brooklyn/rest/BrooklynRestApiLauncher.java @@ -194,6 +194,7 @@ public class BrooklynRestApiLauncher { if (securityProvider != null && securityProvider != AnyoneSecurityProvider.class) { ((BrooklynProperties) mgmt.getConfig()).put( BrooklynWebConfig.SECURITY_PROVIDER_CLASSNAME, securityProvider.getName()); + ((WebAppContext)context).addOverrideDescriptor(getClass().getResource("/web-security.xml").toExternalForm()); } else if (context instanceof WebAppContext) { ((WebAppContext)context).setSecurityHandler(new NopSecurityHandler()); } http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/cd07d816/rest/rest-server/src/test/java/org/apache/brooklyn/rest/entitlement/AbstractRestApiEntitlementsTest.java ---------------------------------------------------------------------- diff --git a/rest/rest-server/src/test/java/org/apache/brooklyn/rest/entitlement/AbstractRestApiEntitlementsTest.java b/rest/rest-server/src/test/java/org/apache/brooklyn/rest/entitlement/AbstractRestApiEntitlementsTest.java index 4a0d568..c858799 100644 --- a/rest/rest-server/src/test/java/org/apache/brooklyn/rest/entitlement/AbstractRestApiEntitlementsTest.java +++ b/rest/rest-server/src/test/java/org/apache/brooklyn/rest/entitlement/AbstractRestApiEntitlementsTest.java @@ -37,6 +37,7 @@ import org.apache.brooklyn.rest.BrooklynRestApiLauncher; import org.apache.brooklyn.rest.BrooklynRestApiLauncherTestFixture; import org.apache.brooklyn.util.http.HttpAsserts; import org.apache.brooklyn.util.http.HttpTool; +import org.apache.brooklyn.util.http.HttpTool.HttpClientBuilder; import org.apache.brooklyn.util.http.HttpToolResponse; import org.apache.http.auth.UsernamePasswordCredentials; import org.apache.http.client.HttpClient; @@ -65,7 +66,7 @@ public abstract class AbstractRestApiEntitlementsTest extends BrooklynRestApiLau props.put(PerUserEntitlementManager.PER_USER_ENTITLEMENTS_CONFIG_PREFIX+".myUser", "user"); props.put(PerUserEntitlementManager.PER_USER_ENTITLEMENTS_CONFIG_PREFIX+".myCustom", StaticDelegatingEntitlementManager.class.getName()); - mgmt = LocalManagementContextForTests.builder(true).useProperties(props).build(); + mgmt = LocalManagementContextForTests.builder(false).useProperties(props).build(); app = mgmt.getEntityManager().createEntity(EntitySpec.create(TestApplication.class) .child(EntitySpec.create(TestEntity.class)) .configure(TestEntity.CONF_NAME, "myname")); @@ -84,10 +85,12 @@ public abstract class AbstractRestApiEntitlementsTest extends BrooklynRestApiLau } protected HttpClient newClient(String user) throws Exception { - return httpClientBuilder() - .uri(getBaseUriRest()) - .credentials(new UsernamePasswordCredentials(user, "ignoredPassword")) - .build(); + HttpClientBuilder builder = httpClientBuilder() + .uri(getBaseUriRest()); + if (user != null) { + builder.credentials(new UsernamePasswordCredentials(user, "ignoredPassword")); + } + return builder.build(); } protected String httpGet(String user, String path) throws Exception { @@ -130,6 +133,11 @@ public abstract class AbstractRestApiEntitlementsTest extends BrooklynRestApiLau assertStatusCodeEquals(response, 404); } + protected void assert401(String path) throws Exception { + HttpToolResponse response = HttpTool.httpGet(newClient(null), URI.create(getBaseUriRest()).resolve(path), ImmutableMap.<String, String>of()); + assertStatusCodeEquals(response, 401); + } + protected void assertStatusCodeEquals(HttpToolResponse response, int expected) { assertEquals(response.getResponseCode(), expected, "code="+response.getResponseCode()+"; reason="+response.getReasonPhrase()+"; content="+response.getContentAsString()); http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/cd07d816/rest/rest-server/src/test/java/org/apache/brooklyn/rest/entitlement/ActivityApiEntitlementsTest.java ---------------------------------------------------------------------- diff --git a/rest/rest-server/src/test/java/org/apache/brooklyn/rest/entitlement/ActivityApiEntitlementsTest.java b/rest/rest-server/src/test/java/org/apache/brooklyn/rest/entitlement/ActivityApiEntitlementsTest.java index 4a7a0b3..0b61e43 100644 --- a/rest/rest-server/src/test/java/org/apache/brooklyn/rest/entitlement/ActivityApiEntitlementsTest.java +++ b/rest/rest-server/src/test/java/org/apache/brooklyn/rest/entitlement/ActivityApiEntitlementsTest.java @@ -75,6 +75,7 @@ public class ActivityApiEntitlementsTest extends AbstractRestApiEntitlementsTest @Test(groups = "Integration") public void testGetTask() throws Exception { String path = "/v1/activities/"+subTask.getId(); + assert401(path); assertPermitted("myRoot", path); assertPermitted("myUser", path); assertPermitted("myReadonly", path); @@ -88,18 +89,20 @@ public class ActivityApiEntitlementsTest extends AbstractRestApiEntitlementsTest for (Map.Entry<String, String> entry : streams.entrySet()) { String streamId = entry.getKey(); String expectedStream = entry.getValue(); + String path = pathPrefix+streamId; - assertEquals(httpGet("myRoot", pathPrefix+streamId), expectedStream); - assertEquals(httpGet("myUser", pathPrefix+streamId), expectedStream); - assertEquals(httpGet("myReadonly", pathPrefix+streamId), expectedStream); - assertForbidden("myMinimal", pathPrefix+streamId); - assertForbidden("unrecognisedUser", pathPrefix+streamId); + assert401(path); + assertEquals(httpGet("myRoot", path), expectedStream); + assertEquals(httpGet("myUser", path), expectedStream); + assertEquals(httpGet("myReadonly", path), expectedStream); + assertForbidden("myMinimal", path); + assertForbidden("unrecognisedUser", path); StaticDelegatingEntitlementManager.setDelegate(new SeeSelectiveStreams(streamId)); - assertEquals(httpGet("myCustom", pathPrefix+streamId), expectedStream); + assertEquals(httpGet("myCustom", path), expectedStream); StaticDelegatingEntitlementManager.setDelegate(new SeeSelectiveStreams("differentStreamId")); - assertForbidden("myCustom", pathPrefix+streamId); + assertForbidden("myCustom", path); } } http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/cd07d816/rest/rest-server/src/test/java/org/apache/brooklyn/rest/entitlement/EntityConfigApiEntitlementsTest.java ---------------------------------------------------------------------- diff --git a/rest/rest-server/src/test/java/org/apache/brooklyn/rest/entitlement/EntityConfigApiEntitlementsTest.java b/rest/rest-server/src/test/java/org/apache/brooklyn/rest/entitlement/EntityConfigApiEntitlementsTest.java index b95392b..fd2ffef 100644 --- a/rest/rest-server/src/test/java/org/apache/brooklyn/rest/entitlement/EntityConfigApiEntitlementsTest.java +++ b/rest/rest-server/src/test/java/org/apache/brooklyn/rest/entitlement/EntityConfigApiEntitlementsTest.java @@ -49,6 +49,7 @@ public class EntityConfigApiEntitlementsTest extends AbstractRestApiEntitlements String path = "/v1/applications/"+app.getId()+"/entities/"+entity.getId()+"/config/"+TestEntity.CONF_NAME.getName(); String val = "\"myname\""; + assert401(path); assertEquals(httpGet("myRoot", path), val); assertEquals(httpGet("myUser", path), val); assertEquals(httpGet("myReadonly", path), val); @@ -68,6 +69,7 @@ public class EntityConfigApiEntitlementsTest extends AbstractRestApiEntitlements String confName = TestEntity.CONF_NAME.getName(); String regex = ".*"+confName+".*myname.*"; + assert401(path); Asserts.assertStringMatchesRegex(httpGet("myRoot", path), regex); Asserts.assertStringMatchesRegex(httpGet("myUser", path), regex); Asserts.assertStringMatchesRegex(httpGet("myReadonly", path), regex); http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/cd07d816/rest/rest-server/src/test/java/org/apache/brooklyn/rest/entitlement/ScriptApiEntitlementsTest.java ---------------------------------------------------------------------- diff --git a/rest/rest-server/src/test/java/org/apache/brooklyn/rest/entitlement/ScriptApiEntitlementsTest.java b/rest/rest-server/src/test/java/org/apache/brooklyn/rest/entitlement/ScriptApiEntitlementsTest.java index 5f6498a..7f76e0c 100644 --- a/rest/rest-server/src/test/java/org/apache/brooklyn/rest/entitlement/ScriptApiEntitlementsTest.java +++ b/rest/rest-server/src/test/java/org/apache/brooklyn/rest/entitlement/ScriptApiEntitlementsTest.java @@ -36,14 +36,16 @@ public class ScriptApiEntitlementsTest extends AbstractRestApiEntitlementsTest { @Test(groups = "Integration") public void testGroovy() throws Exception { String script = "1 + 1"; - HttpToolResponse rootRepsonse = httpPost("myRoot", "/v1/script/groovy", script.getBytes()); + String path = "/v1/script/groovy"; + HttpToolResponse rootRepsonse = httpPost("myRoot", path, script.getBytes()); assertHealthyStatusCode(rootRepsonse); - Map groovyOutput = new Gson().fromJson(rootRepsonse.getContentAsString(), Map.class); + Map<?, ?> groovyOutput = new Gson().fromJson(rootRepsonse.getContentAsString(), Map.class); assertEquals(groovyOutput.get("result"), "2"); - assertForbiddenPost("myUser", "/v1/script/groovy", script.getBytes()); - assertForbiddenPost("myReadonly", "/v1/script/groovy", script.getBytes()); - assertForbiddenPost("myMinimal", "/v1/script/groovy", script.getBytes()); - assertForbiddenPost("unrecognisedUser", "/v1/script/groovy", script.getBytes()); + assert401(path); + assertForbiddenPost("myUser", path, script.getBytes()); + assertForbiddenPost("myReadonly", path, script.getBytes()); + assertForbiddenPost("myMinimal", path, script.getBytes()); + assertForbiddenPost("unrecognisedUser", path, script.getBytes()); } @Override http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/cd07d816/rest/rest-server/src/test/java/org/apache/brooklyn/rest/entitlement/SensorApiEntitlementsTest.java ---------------------------------------------------------------------- diff --git a/rest/rest-server/src/test/java/org/apache/brooklyn/rest/entitlement/SensorApiEntitlementsTest.java b/rest/rest-server/src/test/java/org/apache/brooklyn/rest/entitlement/SensorApiEntitlementsTest.java index 931b7ae..3a60a86 100644 --- a/rest/rest-server/src/test/java/org/apache/brooklyn/rest/entitlement/SensorApiEntitlementsTest.java +++ b/rest/rest-server/src/test/java/org/apache/brooklyn/rest/entitlement/SensorApiEntitlementsTest.java @@ -52,6 +52,7 @@ public class SensorApiEntitlementsTest extends AbstractRestApiEntitlementsTest { String path = "/v1/applications/"+app.getId()+"/entities/"+entity.getId()+"/sensors/"+sensorName; String val = "\"myval\""; + assert401(path); assertEquals(httpGet("myRoot", path), val); assertEquals(httpGet("myUser", path), val); assertEquals(httpGet("myReadonly", path), val); @@ -73,6 +74,7 @@ public class SensorApiEntitlementsTest extends AbstractRestApiEntitlementsTest { String sensorName = TestEntity.NAME.getName(); String regex = ".*"+sensorName+".*myval.*"; + assert401(path); Asserts.assertStringMatchesRegex(httpGet("myRoot", path), regex); Asserts.assertStringMatchesRegex(httpGet("myUser", path), regex); Asserts.assertStringMatchesRegex(httpGet("myReadonly", path), regex); http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/cd07d816/rest/rest-server/src/test/java/org/apache/brooklyn/rest/entitlement/ServerApiEntitlementsTest.java ---------------------------------------------------------------------- diff --git a/rest/rest-server/src/test/java/org/apache/brooklyn/rest/entitlement/ServerApiEntitlementsTest.java b/rest/rest-server/src/test/java/org/apache/brooklyn/rest/entitlement/ServerApiEntitlementsTest.java index ca53976..fd01654 100644 --- a/rest/rest-server/src/test/java/org/apache/brooklyn/rest/entitlement/ServerApiEntitlementsTest.java +++ b/rest/rest-server/src/test/java/org/apache/brooklyn/rest/entitlement/ServerApiEntitlementsTest.java @@ -27,6 +27,7 @@ public class ServerApiEntitlementsTest extends AbstractRestApiEntitlementsTest { @Test(groups = "Integration") public void testGetHealthy() throws Exception { String path = "/v1/server/up"; + assert401(path); assertPermitted("myRoot", path); assertPermitted("myUser", path); assertForbidden("myReadonly", path); @@ -37,6 +38,7 @@ public class ServerApiEntitlementsTest extends AbstractRestApiEntitlementsTest { @Test(groups = "Integration") public void testReloadProperties() throws Exception { String resource = "/v1/server/properties/reload"; + assert401(resource); assertPermittedPost("myRoot", resource, null); assertForbiddenPost("myUser", resource, null); assertForbiddenPost("myReadonly", resource, null); @@ -48,6 +50,7 @@ public class ServerApiEntitlementsTest extends AbstractRestApiEntitlementsTest { public void testGetConfig() throws Exception { // Property set in test setup. String path = "/v1/server/config/" + Entitlements.GLOBAL_ENTITLEMENT_MANAGER.getName(); + assert401(path); assertPermitted("myRoot", path); assertForbidden("myUser", path); assertForbidden("myReadonly", path); http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/cd07d816/rest/rest-server/src/test/java/org/apache/brooklyn/rest/resources/ServerResourceIntegrationTest.java ---------------------------------------------------------------------- diff --git a/rest/rest-server/src/test/java/org/apache/brooklyn/rest/resources/ServerResourceIntegrationTest.java b/rest/rest-server/src/test/java/org/apache/brooklyn/rest/resources/ServerResourceIntegrationTest.java index 604d1eb..2436b91 100644 --- a/rest/rest-server/src/test/java/org/apache/brooklyn/rest/resources/ServerResourceIntegrationTest.java +++ b/rest/rest-server/src/test/java/org/apache/brooklyn/rest/resources/ServerResourceIntegrationTest.java @@ -87,7 +87,7 @@ public class ServerResourceIntegrationTest extends BrooklynRestApiLauncherTestFi uri, args, args); HttpAsserts.assertHealthyStatusCode(response.getResponseCode()); - // Has no gone back to credentials from brooklynProperties; TestSecurityProvider credentials no longer work + // Has now gone back to credentials from brooklynProperties; TestSecurityProvider credentials no longer work response = HttpTool.httpPost(httpClientBuilder().uri(baseUri).credentials(defaultCredential).build(), uri, args, args); HttpAsserts.assertHealthyStatusCode(response.getResponseCode());