Re: Review Request 34566: Adding H2 management console.

[Aurora ReviewBot]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review86718
---

Ship it!


Master (ed4415c) is green with this patch.
  ./build-support/jenkins/build.sh

I will refresh this build result if you post a review containing "@ReviewBot 
retry"

- Aurora ReviewBot


On June 4, 2015, 8:56 p.m., Maxim Khutornenko wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> ---
> 
> (Updated June 4, 2015, 8:56 p.m.)
> 
> 
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
> 
> 
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
> 
> 
> Repository: aurora
> 
> 
> Description
> ---
> 
> Adding support for connecting to H2 DB via management console: 
> http://www.h2database.com/html/quickstart.html
> 
> The H2 console servlet is put behind Shiro. Users are expected to have 
> `h2_management_console` permission or be a member of admin role to access the 
> console.
> 
> Vagrant example JDBC URL: jdbc:h2:mem:aurora
> 
> 
> Diffs
> -
> 
>   src/main/java/org/apache/aurora/scheduler/http/H2ConsoleModule.java 
> PRE-CREATION 
>   src/main/java/org/apache/aurora/scheduler/http/JettyServerModule.java 
> 16515f6ce4518e0d7eec27dfcde6fe036ee05d1d 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java
>  079ff5d2c30cc94bf4aef97cd4d791d480ebeab9 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroIniParser.java
>  0163ba1a6df647a644948a42f772bd838c2146ef 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilter.java
>  28e6b98b39a073251bfae483575edd9635ae783a 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilter.java
>  PRE-CREATION 
>   src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java 
> PRE-CREATION 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java
>  6743d06be828247b1c3a232aea145b0a0c492eca 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptorTest.java
>  33783c88b7c6c1a7343f3271523a7db39c73e4a1 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilterTest.java
>  e335a439a6ccc301cf7c93e138c90660fbfdc6d0 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilterTest.java
>  PRE-CREATION 
>   src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 
> 6e9e3b2a8d731e51d0d55d0a5075b6d2d51a02ac 
> 
> Diff: https://reviews.apache.org/r/34566/diff/
> 
> 
> Testing
> ---
> 
> ./gradlew -Pq build
> ./src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 
> Connecting to H2 in Vagrant.
> 
> 
> Thanks,
> 
> Maxim Khutornenko
> 
>

Re: Review Request 34566: Adding H2 management console.

[Maxim Khutornenko]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/
---

(Updated June 4, 2015, 8:56 p.m.)


Review request for Aurora, Joshua Cohen and Kevin Sweeney.


Changes
---

comment typo


Bugs: AURORA-1287
https://issues.apache.org/jira/browse/AURORA-1287


Repository: aurora


Description
---

Adding support for connecting to H2 DB via management console: 
http://www.h2database.com/html/quickstart.html

The H2 console servlet is put behind Shiro. Users are expected to have 
`h2_management_console` permission or be a member of admin role to access the 
console.

Vagrant example JDBC URL: jdbc:h2:mem:aurora


Diffs (updated)
-

  src/main/java/org/apache/aurora/scheduler/http/H2ConsoleModule.java 
PRE-CREATION 
  src/main/java/org/apache/aurora/scheduler/http/JettyServerModule.java 
16515f6ce4518e0d7eec27dfcde6fe036ee05d1d 
  
src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java
 079ff5d2c30cc94bf4aef97cd4d791d480ebeab9 
  
src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroIniParser.java 
0163ba1a6df647a644948a42f772bd838c2146ef 
  
src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilter.java
 28e6b98b39a073251bfae483575edd9635ae783a 
  
src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilter.java
 PRE-CREATION 
  src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java 
PRE-CREATION 
  
src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java 
6743d06be828247b1c3a232aea145b0a0c492eca 
  
src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptorTest.java
 33783c88b7c6c1a7343f3271523a7db39c73e4a1 
  
src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilterTest.java
 e335a439a6ccc301cf7c93e138c90660fbfdc6d0 
  
src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilterTest.java
 PRE-CREATION 
  src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 
6e9e3b2a8d731e51d0d55d0a5075b6d2d51a02ac 

Diff: https://reviews.apache.org/r/34566/diff/


Testing
---

./gradlew -Pq build
./src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 
Connecting to H2 in Vagrant.


Thanks,

Maxim Khutornenko

Re: Review Request 34566: Adding H2 management console.

[Maxim Khutornenko]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/
---

(Updated June 4, 2015, 8:49 p.m.)


Review request for Aurora, Joshua Cohen and Kevin Sweeney.


Changes
---

Kevin's comments.


Bugs: AURORA-1287
https://issues.apache.org/jira/browse/AURORA-1287


Repository: aurora


Description
---

Adding support for connecting to H2 DB via management console: 
http://www.h2database.com/html/quickstart.html

The H2 console servlet is put behind Shiro. Users are expected to have 
`h2_management_console` permission or be a member of admin role to access the 
console.

Vagrant example JDBC URL: jdbc:h2:mem:aurora


Diffs (updated)
-

  src/main/java/org/apache/aurora/scheduler/http/H2ConsoleModule.java 
PRE-CREATION 
  src/main/java/org/apache/aurora/scheduler/http/JettyServerModule.java 
16515f6ce4518e0d7eec27dfcde6fe036ee05d1d 
  
src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java
 079ff5d2c30cc94bf4aef97cd4d791d480ebeab9 
  
src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroIniParser.java 
0163ba1a6df647a644948a42f772bd838c2146ef 
  
src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilter.java
 28e6b98b39a073251bfae483575edd9635ae783a 
  
src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilter.java
 PRE-CREATION 
  src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java 
PRE-CREATION 
  
src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java 
6743d06be828247b1c3a232aea145b0a0c492eca 
  
src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptorTest.java
 33783c88b7c6c1a7343f3271523a7db39c73e4a1 
  
src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilterTest.java
 e335a439a6ccc301cf7c93e138c90660fbfdc6d0 
  
src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilterTest.java
 PRE-CREATION 
  src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 
6e9e3b2a8d731e51d0d55d0a5075b6d2d51a02ac 

Diff: https://reviews.apache.org/r/34566/diff/


Testing
---

./gradlew -Pq build
./src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 
Connecting to H2 in Vagrant.


Thanks,

Maxim Khutornenko

Re: Review Request 34566: Adding H2 management console.

[Maxim Khutornenko]

> On June 4, 2015, 8:12 p.m., Kevin Sweeney wrote:
> > src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java, line 
> > 37
> > 
> >
> > Use a MediaType constant here.

Done.


> On June 4, 2015, 8:12 p.m., Kevin Sweeney wrote:
> > src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java,
> >  line 128
> > 
> >
> > Either static import the above API_PATH or qualify H2_PATH, but please 
> > use a consistent style.

Done.


- Maxim


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review86710
---


On June 4, 2015, 7:31 p.m., Maxim Khutornenko wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> ---
> 
> (Updated June 4, 2015, 7:31 p.m.)
> 
> 
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
> 
> 
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
> 
> 
> Repository: aurora
> 
> 
> Description
> ---
> 
> Adding support for connecting to H2 DB via management console: 
> http://www.h2database.com/html/quickstart.html
> 
> The H2 console servlet is put behind Shiro. Users are expected to have 
> `h2_management_console` permission or be a member of admin role to access the 
> console.
> 
> Vagrant example JDBC URL: jdbc:h2:mem:aurora
> 
> 
> Diffs
> -
> 
>   src/main/java/org/apache/aurora/scheduler/http/H2ConsoleModule.java 
> PRE-CREATION 
>   src/main/java/org/apache/aurora/scheduler/http/JettyServerModule.java 
> 16515f6ce4518e0d7eec27dfcde6fe036ee05d1d 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java
>  079ff5d2c30cc94bf4aef97cd4d791d480ebeab9 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroIniParser.java
>  0163ba1a6df647a644948a42f772bd838c2146ef 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilter.java
>  28e6b98b39a073251bfae483575edd9635ae783a 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilter.java
>  PRE-CREATION 
>   src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java 
> PRE-CREATION 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java
>  6743d06be828247b1c3a232aea145b0a0c492eca 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptorTest.java
>  33783c88b7c6c1a7343f3271523a7db39c73e4a1 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilterTest.java
>  e335a439a6ccc301cf7c93e138c90660fbfdc6d0 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilterTest.java
>  PRE-CREATION 
>   src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 
> 6e9e3b2a8d731e51d0d55d0a5075b6d2d51a02ac 
> 
> Diff: https://reviews.apache.org/r/34566/diff/
> 
> 
> Testing
> ---
> 
> ./gradlew -Pq build
> ./src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 
> Connecting to H2 in Vagrant.
> 
> 
> Thanks,
> 
> Maxim Khutornenko
> 
>

Re: Review Request 34566: Adding H2 management console.

[Joshua Cohen]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review86711
---

Ship it!


Ship It!

- Joshua Cohen


On June 4, 2015, 7:31 p.m., Maxim Khutornenko wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> ---
> 
> (Updated June 4, 2015, 7:31 p.m.)
> 
> 
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
> 
> 
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
> 
> 
> Repository: aurora
> 
> 
> Description
> ---
> 
> Adding support for connecting to H2 DB via management console: 
> http://www.h2database.com/html/quickstart.html
> 
> The H2 console servlet is put behind Shiro. Users are expected to have 
> `h2_management_console` permission or be a member of admin role to access the 
> console.
> 
> Vagrant example JDBC URL: jdbc:h2:mem:aurora
> 
> 
> Diffs
> -
> 
>   src/main/java/org/apache/aurora/scheduler/http/H2ConsoleModule.java 
> PRE-CREATION 
>   src/main/java/org/apache/aurora/scheduler/http/JettyServerModule.java 
> 16515f6ce4518e0d7eec27dfcde6fe036ee05d1d 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java
>  079ff5d2c30cc94bf4aef97cd4d791d480ebeab9 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroIniParser.java
>  0163ba1a6df647a644948a42f772bd838c2146ef 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilter.java
>  28e6b98b39a073251bfae483575edd9635ae783a 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilter.java
>  PRE-CREATION 
>   src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java 
> PRE-CREATION 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java
>  6743d06be828247b1c3a232aea145b0a0c492eca 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptorTest.java
>  33783c88b7c6c1a7343f3271523a7db39c73e4a1 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilterTest.java
>  e335a439a6ccc301cf7c93e138c90660fbfdc6d0 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilterTest.java
>  PRE-CREATION 
>   src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 
> 6e9e3b2a8d731e51d0d55d0a5075b6d2d51a02ac 
> 
> Diff: https://reviews.apache.org/r/34566/diff/
> 
> 
> Testing
> ---
> 
> ./gradlew -Pq build
> ./src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 
> Connecting to H2 in Vagrant.
> 
> 
> Thanks,
> 
> Maxim Khutornenko
> 
>

Re: Review Request 34566: Adding H2 management console.

[Kevin Sweeney]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review86710
---

Ship it!


Looks good, only style nits


src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java


Either static import the above API_PATH or qualify H2_PATH, but please use 
a consistent style.



src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java


Use a MediaType constant here.


- Kevin Sweeney


On June 4, 2015, 12:31 p.m., Maxim Khutornenko wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> ---
> 
> (Updated June 4, 2015, 12:31 p.m.)
> 
> 
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
> 
> 
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
> 
> 
> Repository: aurora
> 
> 
> Description
> ---
> 
> Adding support for connecting to H2 DB via management console: 
> http://www.h2database.com/html/quickstart.html
> 
> The H2 console servlet is put behind Shiro. Users are expected to have 
> `h2_management_console` permission or be a member of admin role to access the 
> console.
> 
> Vagrant example JDBC URL: jdbc:h2:mem:aurora
> 
> 
> Diffs
> -
> 
>   src/main/java/org/apache/aurora/scheduler/http/H2ConsoleModule.java 
> PRE-CREATION 
>   src/main/java/org/apache/aurora/scheduler/http/JettyServerModule.java 
> 16515f6ce4518e0d7eec27dfcde6fe036ee05d1d 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java
>  079ff5d2c30cc94bf4aef97cd4d791d480ebeab9 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroIniParser.java
>  0163ba1a6df647a644948a42f772bd838c2146ef 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilter.java
>  28e6b98b39a073251bfae483575edd9635ae783a 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilter.java
>  PRE-CREATION 
>   src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java 
> PRE-CREATION 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java
>  6743d06be828247b1c3a232aea145b0a0c492eca 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptorTest.java
>  33783c88b7c6c1a7343f3271523a7db39c73e4a1 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilterTest.java
>  e335a439a6ccc301cf7c93e138c90660fbfdc6d0 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilterTest.java
>  PRE-CREATION 
>   src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 
> 6e9e3b2a8d731e51d0d55d0a5075b6d2d51a02ac 
> 
> Diff: https://reviews.apache.org/r/34566/diff/
> 
> 
> Testing
> ---
> 
> ./gradlew -Pq build
> ./src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 
> Connecting to H2 in Vagrant.
> 
> 
> Thanks,
> 
> Maxim Khutornenko
> 
>

Re: Review Request 34566: Adding H2 management console.

[Aurora ReviewBot]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review86706
---

Ship it!


Master (ed4415c) is green with this patch.
  ./build-support/jenkins/build.sh

I will refresh this build result if you post a review containing "@ReviewBot 
retry"

- Aurora ReviewBot


On June 4, 2015, 7:31 p.m., Maxim Khutornenko wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> ---
> 
> (Updated June 4, 2015, 7:31 p.m.)
> 
> 
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
> 
> 
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
> 
> 
> Repository: aurora
> 
> 
> Description
> ---
> 
> Adding support for connecting to H2 DB via management console: 
> http://www.h2database.com/html/quickstart.html
> 
> The H2 console servlet is put behind Shiro. Users are expected to have 
> `h2_management_console` permission or be a member of admin role to access the 
> console.
> 
> Vagrant example JDBC URL: jdbc:h2:mem:aurora
> 
> 
> Diffs
> -
> 
>   src/main/java/org/apache/aurora/scheduler/http/H2ConsoleModule.java 
> PRE-CREATION 
>   src/main/java/org/apache/aurora/scheduler/http/JettyServerModule.java 
> 16515f6ce4518e0d7eec27dfcde6fe036ee05d1d 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java
>  079ff5d2c30cc94bf4aef97cd4d791d480ebeab9 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroIniParser.java
>  0163ba1a6df647a644948a42f772bd838c2146ef 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilter.java
>  28e6b98b39a073251bfae483575edd9635ae783a 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilter.java
>  PRE-CREATION 
>   src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java 
> PRE-CREATION 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java
>  6743d06be828247b1c3a232aea145b0a0c492eca 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptorTest.java
>  33783c88b7c6c1a7343f3271523a7db39c73e4a1 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilterTest.java
>  e335a439a6ccc301cf7c93e138c90660fbfdc6d0 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilterTest.java
>  PRE-CREATION 
>   src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 
> 6e9e3b2a8d731e51d0d55d0a5075b6d2d51a02ac 
> 
> Diff: https://reviews.apache.org/r/34566/diff/
> 
> 
> Testing
> ---
> 
> ./gradlew -Pq build
> ./src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 
> Connecting to H2 in Vagrant.
> 
> 
> Thanks,
> 
> Maxim Khutornenko
> 
>

Re: Review Request 34566: Adding H2 management console.

[Maxim Khutornenko]

> On June 4, 2015, 4:36 p.m., Joshua Cohen wrote:
> > src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java,
> >  lines 136-141
> > 
> >
> > Do you foresee us exposing other authorized servlets in this manner? If 
> > so, how does this scale in those cases? Might it make sense to extract 
> > something that can act on a set of servlet/auth configuration rather than 
> > explicitly listing each servlet for each switch case?
> > 
> > A TODO acknowledging that we'd want to address if/when we add more is 
> > probably fine for now.

I am hesitant to refactor without seeing more use cases first. The registration 
order is important here and having all filters close by really helps. Punting 
for now as any attempt to refactor will add verbosity and reduce readability.


> On June 4, 2015, 4:36 p.m., Joshua Cohen wrote:
> > src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java, line 
> > 36
> > 
> >
> > Use constant for this?
> > 
> > assertEquals(ClientResponse.Status.OK.getStatusCode(), 
> > response.getStatus())

Done.


> On June 4, 2015, 4:36 p.m., Joshua Cohen wrote:
> > src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java,
> >  line 303
> > 
> >
> > Same here and below.

Done.


- Maxim


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review86634
---


On June 3, 2015, 10:08 p.m., Maxim Khutornenko wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> ---
> 
> (Updated June 3, 2015, 10:08 p.m.)
> 
> 
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
> 
> 
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
> 
> 
> Repository: aurora
> 
> 
> Description
> ---
> 
> Adding support for connecting to H2 DB via management console: 
> http://www.h2database.com/html/quickstart.html
> 
> The H2 console servlet is put behind Shiro. Users are expected to have 
> `h2_management_console` permission or be a member of admin role to access the 
> console.
> 
> Vagrant example JDBC URL: jdbc:h2:mem:aurora
> 
> 
> Diffs
> -
> 
>   src/main/java/org/apache/aurora/scheduler/http/H2ConsoleModule.java 
> PRE-CREATION 
>   src/main/java/org/apache/aurora/scheduler/http/JettyServerModule.java 
> 16515f6ce4518e0d7eec27dfcde6fe036ee05d1d 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java
>  079ff5d2c30cc94bf4aef97cd4d791d480ebeab9 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroIniParser.java
>  0163ba1a6df647a644948a42f772bd838c2146ef 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilter.java
>  28e6b98b39a073251bfae483575edd9635ae783a 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilter.java
>  PRE-CREATION 
>   src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java 
> PRE-CREATION 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java
>  6743d06be828247b1c3a232aea145b0a0c492eca 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptorTest.java
>  33783c88b7c6c1a7343f3271523a7db39c73e4a1 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilterTest.java
>  e335a439a6ccc301cf7c93e138c90660fbfdc6d0 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilterTest.java
>  PRE-CREATION 
>   src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 
> 6e9e3b2a8d731e51d0d55d0a5075b6d2d51a02ac 
> 
> Diff: https://reviews.apache.org/r/34566/diff/
> 
> 
> Testing
> ---
> 
> ./gradlew -Pq build
> ./src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 
> Connecting to H2 in Vagrant.
> 
> 
> Thanks,
> 
> Maxim Khutornenko
> 
>

Re: Review Request 34566: Adding H2 management console.

[Maxim Khutornenko]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/
---

(Updated June 4, 2015, 7:31 p.m.)


Review request for Aurora, Joshua Cohen and Kevin Sweeney.


Changes
---

Joshua's comments.


Bugs: AURORA-1287
https://issues.apache.org/jira/browse/AURORA-1287


Repository: aurora


Description
---

Adding support for connecting to H2 DB via management console: 
http://www.h2database.com/html/quickstart.html

The H2 console servlet is put behind Shiro. Users are expected to have 
`h2_management_console` permission or be a member of admin role to access the 
console.

Vagrant example JDBC URL: jdbc:h2:mem:aurora


Diffs (updated)
-

  src/main/java/org/apache/aurora/scheduler/http/H2ConsoleModule.java 
PRE-CREATION 
  src/main/java/org/apache/aurora/scheduler/http/JettyServerModule.java 
16515f6ce4518e0d7eec27dfcde6fe036ee05d1d 
  
src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java
 079ff5d2c30cc94bf4aef97cd4d791d480ebeab9 
  
src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroIniParser.java 
0163ba1a6df647a644948a42f772bd838c2146ef 
  
src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilter.java
 28e6b98b39a073251bfae483575edd9635ae783a 
  
src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilter.java
 PRE-CREATION 
  src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java 
PRE-CREATION 
  
src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java 
6743d06be828247b1c3a232aea145b0a0c492eca 
  
src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptorTest.java
 33783c88b7c6c1a7343f3271523a7db39c73e4a1 
  
src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilterTest.java
 e335a439a6ccc301cf7c93e138c90660fbfdc6d0 
  
src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilterTest.java
 PRE-CREATION 
  src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 
6e9e3b2a8d731e51d0d55d0a5075b6d2d51a02ac 

Diff: https://reviews.apache.org/r/34566/diff/


Testing
---

./gradlew -Pq build
./src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 
Connecting to H2 in Vagrant.


Thanks,

Maxim Khutornenko

Re: Review Request 34566: Adding H2 management console.

[Joshua Cohen]

> On June 4, 2015, 4:36 p.m., Joshua Cohen wrote:
> > src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilter.java,
> >  lines 78-80
> > 
> >
> > Why don't need this anymore?

Er, ignore this, I meant to delete after I read through the rest of the diff ;).


- Joshua


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review86634
---


On June 3, 2015, 10:08 p.m., Maxim Khutornenko wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> ---
> 
> (Updated June 3, 2015, 10:08 p.m.)
> 
> 
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
> 
> 
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
> 
> 
> Repository: aurora
> 
> 
> Description
> ---
> 
> Adding support for connecting to H2 DB via management console: 
> http://www.h2database.com/html/quickstart.html
> 
> The H2 console servlet is put behind Shiro. Users are expected to have 
> `h2_management_console` permission or be a member of admin role to access the 
> console.
> 
> Vagrant example JDBC URL: jdbc:h2:mem:aurora
> 
> 
> Diffs
> -
> 
>   src/main/java/org/apache/aurora/scheduler/http/H2ConsoleModule.java 
> PRE-CREATION 
>   src/main/java/org/apache/aurora/scheduler/http/JettyServerModule.java 
> 16515f6ce4518e0d7eec27dfcde6fe036ee05d1d 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java
>  079ff5d2c30cc94bf4aef97cd4d791d480ebeab9 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroIniParser.java
>  0163ba1a6df647a644948a42f772bd838c2146ef 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilter.java
>  28e6b98b39a073251bfae483575edd9635ae783a 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilter.java
>  PRE-CREATION 
>   src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java 
> PRE-CREATION 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java
>  6743d06be828247b1c3a232aea145b0a0c492eca 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptorTest.java
>  33783c88b7c6c1a7343f3271523a7db39c73e4a1 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilterTest.java
>  e335a439a6ccc301cf7c93e138c90660fbfdc6d0 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilterTest.java
>  PRE-CREATION 
>   src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 
> 6e9e3b2a8d731e51d0d55d0a5075b6d2d51a02ac 
> 
> Diff: https://reviews.apache.org/r/34566/diff/
> 
> 
> Testing
> ---
> 
> ./gradlew -Pq build
> ./src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 
> Connecting to H2 in Vagrant.
> 
> 
> Thanks,
> 
> Maxim Khutornenko
> 
>

Re: Review Request 34566: Adding H2 management console.

[Joshua Cohen]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review86634
---



src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java


Do you foresee us exposing other authorized servlets in this manner? If so, 
how does this scale in those cases? Might it make sense to extract something 
that can act on a set of servlet/auth configuration rather than explicitly 
listing each servlet for each switch case?

A TODO acknowledging that we'd want to address if/when we add more is 
probably fine for now.



src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilter.java


Why don't need this anymore?



src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java


Use constant for this?

assertEquals(ClientResponse.Status.OK.getStatusCode(), 
response.getStatus())



src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java


Same here and below.


- Joshua Cohen


On June 3, 2015, 10:08 p.m., Maxim Khutornenko wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> ---
> 
> (Updated June 3, 2015, 10:08 p.m.)
> 
> 
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
> 
> 
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
> 
> 
> Repository: aurora
> 
> 
> Description
> ---
> 
> Adding support for connecting to H2 DB via management console: 
> http://www.h2database.com/html/quickstart.html
> 
> The H2 console servlet is put behind Shiro. Users are expected to have 
> `h2_management_console` permission or be a member of admin role to access the 
> console.
> 
> Vagrant example JDBC URL: jdbc:h2:mem:aurora
> 
> 
> Diffs
> -
> 
>   src/main/java/org/apache/aurora/scheduler/http/H2ConsoleModule.java 
> PRE-CREATION 
>   src/main/java/org/apache/aurora/scheduler/http/JettyServerModule.java 
> 16515f6ce4518e0d7eec27dfcde6fe036ee05d1d 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java
>  079ff5d2c30cc94bf4aef97cd4d791d480ebeab9 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroIniParser.java
>  0163ba1a6df647a644948a42f772bd838c2146ef 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilter.java
>  28e6b98b39a073251bfae483575edd9635ae783a 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilter.java
>  PRE-CREATION 
>   src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java 
> PRE-CREATION 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java
>  6743d06be828247b1c3a232aea145b0a0c492eca 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptorTest.java
>  33783c88b7c6c1a7343f3271523a7db39c73e4a1 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilterTest.java
>  e335a439a6ccc301cf7c93e138c90660fbfdc6d0 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilterTest.java
>  PRE-CREATION 
>   src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 
> 6e9e3b2a8d731e51d0d55d0a5075b6d2d51a02ac 
> 
> Diff: https://reviews.apache.org/r/34566/diff/
> 
> 
> Testing
> ---
> 
> ./gradlew -Pq build
> ./src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 
> Connecting to H2 in Vagrant.
> 
> 
> Thanks,
> 
> Maxim Khutornenko
> 
>

Re: Review Request 34566: Adding H2 management console.

[Aurora ReviewBot]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review86495
---

Ship it!


Master (ed4415c) is green with this patch.
  ./build-support/jenkins/build.sh

I will refresh this build result if you post a review containing "@ReviewBot 
retry"

- Aurora ReviewBot


On June 3, 2015, 10:08 p.m., Maxim Khutornenko wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> ---
> 
> (Updated June 3, 2015, 10:08 p.m.)
> 
> 
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
> 
> 
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
> 
> 
> Repository: aurora
> 
> 
> Description
> ---
> 
> Adding support for connecting to H2 DB via management console: 
> http://www.h2database.com/html/quickstart.html
> 
> The H2 console servlet is put behind Shiro. Users are expected to have 
> `h2_management_console` permission or be a member of admin role to access the 
> console.
> 
> Vagrant example JDBC URL: jdbc:h2:mem:aurora
> 
> 
> Diffs
> -
> 
>   src/main/java/org/apache/aurora/scheduler/http/H2ConsoleModule.java 
> PRE-CREATION 
>   src/main/java/org/apache/aurora/scheduler/http/JettyServerModule.java 
> 16515f6ce4518e0d7eec27dfcde6fe036ee05d1d 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java
>  079ff5d2c30cc94bf4aef97cd4d791d480ebeab9 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroIniParser.java
>  0163ba1a6df647a644948a42f772bd838c2146ef 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilter.java
>  28e6b98b39a073251bfae483575edd9635ae783a 
>   
> src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilter.java
>  PRE-CREATION 
>   src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java 
> PRE-CREATION 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java
>  6743d06be828247b1c3a232aea145b0a0c492eca 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptorTest.java
>  33783c88b7c6c1a7343f3271523a7db39c73e4a1 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilterTest.java
>  e335a439a6ccc301cf7c93e138c90660fbfdc6d0 
>   
> src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilterTest.java
>  PRE-CREATION 
>   src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 
> 6e9e3b2a8d731e51d0d55d0a5075b6d2d51a02ac 
> 
> Diff: https://reviews.apache.org/r/34566/diff/
> 
> 
> Testing
> ---
> 
> ./gradlew -Pq build
> ./src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 
> Connecting to H2 in Vagrant.
> 
> 
> Thanks,
> 
> Maxim Khutornenko
> 
>

Re: Review Request 34566: Adding H2 management console.

[Maxim Khutornenko]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/
---

(Updated June 3, 2015, 10:08 p.m.)


Review request for Aurora, Joshua Cohen and Kevin Sweeney.


Changes
---

Implementing H2 console via servlet behind Shiro.


Bugs: AURORA-1287
https://issues.apache.org/jira/browse/AURORA-1287


Repository: aurora


Description (updated)
---

Adding support for connecting to H2 DB via management console: 
http://www.h2database.com/html/quickstart.html

The H2 console servlet is put behind Shiro. Users are expected to have 
`h2_management_console` permission or be a member of admin role to access the 
console.

Vagrant example JDBC URL: jdbc:h2:mem:aurora


Diffs (updated)
-

  src/main/java/org/apache/aurora/scheduler/http/H2ConsoleModule.java 
PRE-CREATION 
  src/main/java/org/apache/aurora/scheduler/http/JettyServerModule.java 
16515f6ce4518e0d7eec27dfcde6fe036ee05d1d 
  
src/main/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityModule.java
 079ff5d2c30cc94bf4aef97cd4d791d480ebeab9 
  
src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroIniParser.java 
0163ba1a6df647a644948a42f772bd838c2146ef 
  
src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilter.java
 28e6b98b39a073251bfae483575edd9635ae783a 
  
src/main/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilter.java
 PRE-CREATION 
  src/test/java/org/apache/aurora/scheduler/http/H2ConsoleModuleIT.java 
PRE-CREATION 
  
src/test/java/org/apache/aurora/scheduler/http/api/security/ApiSecurityIT.java 
6743d06be828247b1c3a232aea145b0a0c492eca 
  
src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroAuthorizingParamInterceptorTest.java
 33783c88b7c6c1a7343f3271523a7db39c73e4a1 
  
src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosAuthenticationFilterTest.java
 e335a439a6ccc301cf7c93e138c90660fbfdc6d0 
  
src/test/java/org/apache/aurora/scheduler/http/api/security/ShiroKerberosPermissiveAuthenticationFilterTest.java
 PRE-CREATION 
  src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 
6e9e3b2a8d731e51d0d55d0a5075b6d2d51a02ac 

Diff: https://reviews.apache.org/r/34566/diff/


Testing (updated)
---

./gradlew -Pq build
./src/test/sh/org/apache/aurora/e2e/test_kerberos_end_to_end.sh 
Connecting to H2 in Vagrant.


Thanks,

Maxim Khutornenko

Re: Review Request 34566: Adding H2 management console.

[Maxim Khutornenko]

> On May 21, 2015, 11:34 p.m., Kevin Sweeney wrote:
> > Have you investigated using the [Console 
> > Servlet](http://www.h2database.com/html/tutorial.html) directly? Then we 
> > can use the Shiro filter directly and avoid adding another mechanism to 
> > configure security as well as avoid adding another listening port.
> 
> Maxim Khutornenko wrote:
> That's what I run locally to connect to H2 TCP server. Embedding H2 
> console directly into the scheduler would not help as it does not support any 
> other security mechanisms besides basic auth (AFAICT). Theoretically, we 
> could put TCP server behind Shiro but then we would face the same problem of 
> client not supporting kerberos.
> 
> Kevin Sweeney wrote:
> I might be missing something here. You're connecting to a management 
> console via a browser, right? The console servlet doesn't need to know 
> anything about the filters in front of it, so if your browser supports 
> whatever auth mechanism the filter requires you're in business.
> 
> If you've got the servlet setup somewhere with
> 
> ```java
> serve("/h2console/*").with(H2Console.class);
> ```
> 
> somewhere you can add something like
> 
> ```java
> install(ShiroWebModule.guiceFilter("/h2console/*");
> addFilterChain("/h2console/**",
>   ShiroWebModule.NO_SESSION_CREATION,
>   ShiroWebModule.AUTHC_BASIC,
>   config(ShiroWebModule.PERMS, "h2:console"));
> ```
> 
> to `ApiSecurityModule` and users can login with their existing 
> credentials, and configure ACLs around `h2:console` in the same way as they 
> configure all other ACLs. Why introduce another way to do it?
> 
> Maxim Khutornenko wrote:
> The servlet is hosted within the browser but it still connects to the TCP 
> server that we have to expose for it to connect to. So, the way it works now 
> (referring to the boxes in http://www.h2database.com/html/tutorial.html):
> a. Web Browser: loads a servlet UI, which has "Connect" button to connect 
> to the TCP server;
> b. H2 console server: that's the TCP server endpoint (in DBModule) that 
> proxies requests from the servlet to the H2;
> c. H2: our in-memory DB
> 
> I guess we could potentially embed (a) into scheduler (subject to 
> verificaiont) and hide it behind Shiro. However, it would still have to 
> connect to a TCP endpoint (b), so we would also need to add Shiro there as 
> well. The problem (as I see it) is how to relay credentials from (a) to (b) 
> as servlet opens its own connection to talk to (b) where kerberos headers 
> will not be available.
> 
> > Why introduce another way to do it?
> 
> No reason at all. I hate dealing with DB credentials, just don't see a 
> way to make it work without hacking into the servlet itself.
> 
> Maxim Khutornenko wrote:
> AFAICT, there are only two ways to connect to the H2 DB: AUTO_SERVER and 
> TCP server. I explored the AUTO_SERVER earlier but unfortunately it does not 
> work for in-memory DBs 
> (http://h2database.com/html/features.html#auto_mixed_mode):
> > Multiple processes can access the same database without having to start 
> the server manually. To do that, append ;AUTO_SERVER=TRUE to the database 
> URL. You can use the same database URL independent of whether the database is 
> already open or not. This feature doesn't work with in-memory databases.
> 
> So, all we left with is a H2 dedicated server instance.
> 
> Maxim Khutornenko wrote:
> Actually, looking at their sources it appears that WebServlet creates its 
> own WebServer instance, which in turn may serve the WebApp. This is 
> promising. Will give it a try and report back.

Thanks for the nudge. The servlet works just fine in embedded mode against 
in-memory DB (contrary to what I read elsewhere). I had some concerns about the 
servlet creating its own instance of WebServer (as that would easily bypass our 
security model) but turned out it's being used to serve content within the 
servlet web context. Even though a new http port is assigned, it's not being 
backed up by the native socket and not accepting connections. Now to figure out 
how to wire in Shiro filters...


- Maxim


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review84823
---


On May 21, 2015, 9:15 p.m., Maxim Khutornenko wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> ---
> 
> (Updated May 21, 2015, 9:15 p.m.)
> 
> 
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
> 
> 
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
> 
> 
> Repository: aurora
> 
> 
> Description
> ---
> 
> A

Re: Review Request 34566: Adding H2 management console.

[Maxim Khutornenko]

> On May 21, 2015, 11:34 p.m., Kevin Sweeney wrote:
> > Have you investigated using the [Console 
> > Servlet](http://www.h2database.com/html/tutorial.html) directly? Then we 
> > can use the Shiro filter directly and avoid adding another mechanism to 
> > configure security as well as avoid adding another listening port.
> 
> Maxim Khutornenko wrote:
> That's what I run locally to connect to H2 TCP server. Embedding H2 
> console directly into the scheduler would not help as it does not support any 
> other security mechanisms besides basic auth (AFAICT). Theoretically, we 
> could put TCP server behind Shiro but then we would face the same problem of 
> client not supporting kerberos.
> 
> Kevin Sweeney wrote:
> I might be missing something here. You're connecting to a management 
> console via a browser, right? The console servlet doesn't need to know 
> anything about the filters in front of it, so if your browser supports 
> whatever auth mechanism the filter requires you're in business.
> 
> If you've got the servlet setup somewhere with
> 
> ```java
> serve("/h2console/*").with(H2Console.class);
> ```
> 
> somewhere you can add something like
> 
> ```java
> install(ShiroWebModule.guiceFilter("/h2console/*");
> addFilterChain("/h2console/**",
>   ShiroWebModule.NO_SESSION_CREATION,
>   ShiroWebModule.AUTHC_BASIC,
>   config(ShiroWebModule.PERMS, "h2:console"));
> ```
> 
> to `ApiSecurityModule` and users can login with their existing 
> credentials, and configure ACLs around `h2:console` in the same way as they 
> configure all other ACLs. Why introduce another way to do it?
> 
> Maxim Khutornenko wrote:
> The servlet is hosted within the browser but it still connects to the TCP 
> server that we have to expose for it to connect to. So, the way it works now 
> (referring to the boxes in http://www.h2database.com/html/tutorial.html):
> a. Web Browser: loads a servlet UI, which has "Connect" button to connect 
> to the TCP server;
> b. H2 console server: that's the TCP server endpoint (in DBModule) that 
> proxies requests from the servlet to the H2;
> c. H2: our in-memory DB
> 
> I guess we could potentially embed (a) into scheduler (subject to 
> verificaiont) and hide it behind Shiro. However, it would still have to 
> connect to a TCP endpoint (b), so we would also need to add Shiro there as 
> well. The problem (as I see it) is how to relay credentials from (a) to (b) 
> as servlet opens its own connection to talk to (b) where kerberos headers 
> will not be available.
> 
> > Why introduce another way to do it?
> 
> No reason at all. I hate dealing with DB credentials, just don't see a 
> way to make it work without hacking into the servlet itself.
> 
> Maxim Khutornenko wrote:
> AFAICT, there are only two ways to connect to the H2 DB: AUTO_SERVER and 
> TCP server. I explored the AUTO_SERVER earlier but unfortunately it does not 
> work for in-memory DBs 
> (http://h2database.com/html/features.html#auto_mixed_mode):
> > Multiple processes can access the same database without having to start 
> the server manually. To do that, append ;AUTO_SERVER=TRUE to the database 
> URL. You can use the same database URL independent of whether the database is 
> already open or not. This feature doesn't work with in-memory databases.
> 
> So, all we left with is a H2 dedicated server instance.

Actually, looking at their sources it appears that WebServlet creates its own 
WebServer instance, which in turn may serve the WebApp. This is promising. Will 
give it a try and report back.


- Maxim


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review84823
---


On May 21, 2015, 9:15 p.m., Maxim Khutornenko wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> ---
> 
> (Updated May 21, 2015, 9:15 p.m.)
> 
> 
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
> 
> 
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
> 
> 
> Repository: aurora
> 
> 
> Description
> ---
> 
> Adding support for connecting to H2 DB via management console: 
> http://www.h2database.com/html/quickstart.html
> 
> The DB turns on basic authentication when a "-db_authentication_file" is 
> provided (similar to "-framework_authentication_file"). The TCP server is 
> then started to proxy H2 management console requests.
> 
> Vagrant example URL: jdbc:h2:tcp://192.168.33.7:9092/mem:aurora
> 
> 
> Diffs
> -
> 
>   config/legacy_untested_classes.txt f50b812459bd6b59d1a03e6814caa2daae133fe9 
>   examples/vagrant/provision-dev-cluster.sh 

Re: Review Request 34566: Adding H2 management console.

[Maxim Khutornenko]

> On May 21, 2015, 11:34 p.m., Kevin Sweeney wrote:
> > Have you investigated using the [Console 
> > Servlet](http://www.h2database.com/html/tutorial.html) directly? Then we 
> > can use the Shiro filter directly and avoid adding another mechanism to 
> > configure security as well as avoid adding another listening port.
> 
> Maxim Khutornenko wrote:
> That's what I run locally to connect to H2 TCP server. Embedding H2 
> console directly into the scheduler would not help as it does not support any 
> other security mechanisms besides basic auth (AFAICT). Theoretically, we 
> could put TCP server behind Shiro but then we would face the same problem of 
> client not supporting kerberos.
> 
> Kevin Sweeney wrote:
> I might be missing something here. You're connecting to a management 
> console via a browser, right? The console servlet doesn't need to know 
> anything about the filters in front of it, so if your browser supports 
> whatever auth mechanism the filter requires you're in business.
> 
> If you've got the servlet setup somewhere with
> 
> ```java
> serve("/h2console/*").with(H2Console.class);
> ```
> 
> somewhere you can add something like
> 
> ```java
> install(ShiroWebModule.guiceFilter("/h2console/*");
> addFilterChain("/h2console/**",
>   ShiroWebModule.NO_SESSION_CREATION,
>   ShiroWebModule.AUTHC_BASIC,
>   config(ShiroWebModule.PERMS, "h2:console"));
> ```
> 
> to `ApiSecurityModule` and users can login with their existing 
> credentials, and configure ACLs around `h2:console` in the same way as they 
> configure all other ACLs. Why introduce another way to do it?
> 
> Maxim Khutornenko wrote:
> The servlet is hosted within the browser but it still connects to the TCP 
> server that we have to expose for it to connect to. So, the way it works now 
> (referring to the boxes in http://www.h2database.com/html/tutorial.html):
> a. Web Browser: loads a servlet UI, which has "Connect" button to connect 
> to the TCP server;
> b. H2 console server: that's the TCP server endpoint (in DBModule) that 
> proxies requests from the servlet to the H2;
> c. H2: our in-memory DB
> 
> I guess we could potentially embed (a) into scheduler (subject to 
> verificaiont) and hide it behind Shiro. However, it would still have to 
> connect to a TCP endpoint (b), so we would also need to add Shiro there as 
> well. The problem (as I see it) is how to relay credentials from (a) to (b) 
> as servlet opens its own connection to talk to (b) where kerberos headers 
> will not be available.
> 
> > Why introduce another way to do it?
> 
> No reason at all. I hate dealing with DB credentials, just don't see a 
> way to make it work without hacking into the servlet itself.

AFAICT, there are only two ways to connect to the H2 DB: AUTO_SERVER and TCP 
server. I explored the AUTO_SERVER earlier but unfortunately it does not work 
for in-memory DBs (http://h2database.com/html/features.html#auto_mixed_mode):
> Multiple processes can access the same database without having to start the 
> server manually. To do that, append ;AUTO_SERVER=TRUE to the database URL. 
> You can use the same database URL independent of whether the database is 
> already open or not. This feature doesn't work with in-memory databases.

So, all we left with is a H2 dedicated server instance.


- Maxim


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review84823
---


On May 21, 2015, 9:15 p.m., Maxim Khutornenko wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> ---
> 
> (Updated May 21, 2015, 9:15 p.m.)
> 
> 
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
> 
> 
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
> 
> 
> Repository: aurora
> 
> 
> Description
> ---
> 
> Adding support for connecting to H2 DB via management console: 
> http://www.h2database.com/html/quickstart.html
> 
> The DB turns on basic authentication when a "-db_authentication_file" is 
> provided (similar to "-framework_authentication_file"). The TCP server is 
> then started to proxy H2 management console requests.
> 
> Vagrant example URL: jdbc:h2:tcp://192.168.33.7:9092/mem:aurora
> 
> 
> Diffs
> -
> 
>   config/legacy_untested_classes.txt f50b812459bd6b59d1a03e6814caa2daae133fe9 
>   examples/vagrant/provision-dev-cluster.sh 
> 853ccac35f2befa31716a9ed686df650cd913c90 
>   examples/vagrant/upstart/aurora-scheduler-kerberos.conf 
> 414539b1917b5d33c577f1539575934c7f7c8167 
>   examples/vagrant/upstart/aurora-scheduler.conf 
> f4b867cbbcdbcc792518c2f90807834e47dce253 
>   sr

Re: Review Request 34566: Adding H2 management console.

[Maxim Khutornenko]

> On May 21, 2015, 11:34 p.m., Kevin Sweeney wrote:
> > Have you investigated using the [Console 
> > Servlet](http://www.h2database.com/html/tutorial.html) directly? Then we 
> > can use the Shiro filter directly and avoid adding another mechanism to 
> > configure security as well as avoid adding another listening port.
> 
> Maxim Khutornenko wrote:
> That's what I run locally to connect to H2 TCP server. Embedding H2 
> console directly into the scheduler would not help as it does not support any 
> other security mechanisms besides basic auth (AFAICT). Theoretically, we 
> could put TCP server behind Shiro but then we would face the same problem of 
> client not supporting kerberos.
> 
> Kevin Sweeney wrote:
> I might be missing something here. You're connecting to a management 
> console via a browser, right? The console servlet doesn't need to know 
> anything about the filters in front of it, so if your browser supports 
> whatever auth mechanism the filter requires you're in business.
> 
> If you've got the servlet setup somewhere with
> 
> ```java
> serve("/h2console/*").with(H2Console.class);
> ```
> 
> somewhere you can add something like
> 
> ```java
> install(ShiroWebModule.guiceFilter("/h2console/*");
> addFilterChain("/h2console/**",
>   ShiroWebModule.NO_SESSION_CREATION,
>   ShiroWebModule.AUTHC_BASIC,
>   config(ShiroWebModule.PERMS, "h2:console"));
> ```
> 
> to `ApiSecurityModule` and users can login with their existing 
> credentials, and configure ACLs around `h2:console` in the same way as they 
> configure all other ACLs. Why introduce another way to do it?

The servlet is hosted within the browser but it still connects to the TCP 
server that we have to expose for it to connect to. So, the way it works now 
(referring to the boxes in http://www.h2database.com/html/tutorial.html):
a. Web Browser: loads a servlet UI, which has "Connect" button to connect to 
the TCP server;
b. H2 console server: that's the TCP server endpoint (in DBModule) that proxies 
requests from the servlet to the H2;
c. H2: our in-memory DB

I guess we could potentially embed (a) into scheduler (subject to verificaiont) 
and hide it behind Shiro. However, it would still have to connect to a TCP 
endpoint (b), so we would also need to add Shiro there as well. The problem (as 
I see it) is how to relay credentials from (a) to (b) as servlet opens its own 
connection to talk to (b) where kerberos headers will not be available.

> Why introduce another way to do it?

No reason at all. I hate dealing with DB credentials, just don't see a way to 
make it work without hacking into the servlet itself.


- Maxim


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review84823
---


On May 21, 2015, 9:15 p.m., Maxim Khutornenko wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> ---
> 
> (Updated May 21, 2015, 9:15 p.m.)
> 
> 
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
> 
> 
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
> 
> 
> Repository: aurora
> 
> 
> Description
> ---
> 
> Adding support for connecting to H2 DB via management console: 
> http://www.h2database.com/html/quickstart.html
> 
> The DB turns on basic authentication when a "-db_authentication_file" is 
> provided (similar to "-framework_authentication_file"). The TCP server is 
> then started to proxy H2 management console requests.
> 
> Vagrant example URL: jdbc:h2:tcp://192.168.33.7:9092/mem:aurora
> 
> 
> Diffs
> -
> 
>   config/legacy_untested_classes.txt f50b812459bd6b59d1a03e6814caa2daae133fe9 
>   examples/vagrant/provision-dev-cluster.sh 
> 853ccac35f2befa31716a9ed686df650cd913c90 
>   examples/vagrant/upstart/aurora-scheduler-kerberos.conf 
> 414539b1917b5d33c577f1539575934c7f7c8167 
>   examples/vagrant/upstart/aurora-scheduler.conf 
> f4b867cbbcdbcc792518c2f90807834e47dce253 
>   src/main/java/org/apache/aurora/SecurityUtils.java PRE-CREATION 
>   
> src/main/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModule.java
>  54608c8f819b65186ea0d000fc01b9538d5cb4ee 
>   src/main/java/org/apache/aurora/scheduler/storage/db/DbModule.java 
> 436d3841b9361df4db98a2217e61abb95e6e6bab 
>   
> src/test/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModuleTest.java
>  9e176882246b48ac87bf35c77ac8c449a0a53352 
> 
> Diff: https://reviews.apache.org/r/34566/diff/
> 
> 
> Testing
> ---
> 
> ./gradlew -Pq build
> Connecting to H2 in Vagrant.
> 
> 
> Thanks,
> 
> Maxim Khutornenko
> 
>

Re: Review Request 34566: Adding H2 management console.

[Kevin Sweeney]

> On May 21, 2015, 4:34 p.m., Kevin Sweeney wrote:
> > Have you investigated using the [Console 
> > Servlet](http://www.h2database.com/html/tutorial.html) directly? Then we 
> > can use the Shiro filter directly and avoid adding another mechanism to 
> > configure security as well as avoid adding another listening port.
> 
> Maxim Khutornenko wrote:
> That's what I run locally to connect to H2 TCP server. Embedding H2 
> console directly into the scheduler would not help as it does not support any 
> other security mechanisms besides basic auth (AFAICT). Theoretically, we 
> could put TCP server behind Shiro but then we would face the same problem of 
> client not supporting kerberos.

I might be missing something here. You're connecting to a management console 
via a browser, right? The console servlet doesn't need to know anything about 
the filters in front of it, so if your browser supports whatever auth mechanism 
the filter requires you're in business.

If you've got the servlet setup somewhere with

```java
serve("/h2console/*").with(H2Console.class);
```

somewhere you can add something like

```java
install(ShiroWebModule.guiceFilter("/h2console/*");
addFilterChain("/h2console/**",
  ShiroWebModule.NO_SESSION_CREATION,
  ShiroWebModule.AUTHC_BASIC,
  config(ShiroWebModule.PERMS, "h2:console"));
```

to `ApiSecurityModule` and users can login with their existing credentials, and 
configure ACLs around `h2:console` in the same way as they configure all other 
ACLs. Why introduce another way to do it?


- Kevin


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review84823
---


On May 21, 2015, 2:15 p.m., Maxim Khutornenko wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> ---
> 
> (Updated May 21, 2015, 2:15 p.m.)
> 
> 
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
> 
> 
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
> 
> 
> Repository: aurora
> 
> 
> Description
> ---
> 
> Adding support for connecting to H2 DB via management console: 
> http://www.h2database.com/html/quickstart.html
> 
> The DB turns on basic authentication when a "-db_authentication_file" is 
> provided (similar to "-framework_authentication_file"). The TCP server is 
> then started to proxy H2 management console requests.
> 
> Vagrant example URL: jdbc:h2:tcp://192.168.33.7:9092/mem:aurora
> 
> 
> Diffs
> -
> 
>   config/legacy_untested_classes.txt f50b812459bd6b59d1a03e6814caa2daae133fe9 
>   examples/vagrant/provision-dev-cluster.sh 
> 853ccac35f2befa31716a9ed686df650cd913c90 
>   examples/vagrant/upstart/aurora-scheduler-kerberos.conf 
> 414539b1917b5d33c577f1539575934c7f7c8167 
>   examples/vagrant/upstart/aurora-scheduler.conf 
> f4b867cbbcdbcc792518c2f90807834e47dce253 
>   src/main/java/org/apache/aurora/SecurityUtils.java PRE-CREATION 
>   
> src/main/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModule.java
>  54608c8f819b65186ea0d000fc01b9538d5cb4ee 
>   src/main/java/org/apache/aurora/scheduler/storage/db/DbModule.java 
> 436d3841b9361df4db98a2217e61abb95e6e6bab 
>   
> src/test/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModuleTest.java
>  9e176882246b48ac87bf35c77ac8c449a0a53352 
> 
> Diff: https://reviews.apache.org/r/34566/diff/
> 
> 
> Testing
> ---
> 
> ./gradlew -Pq build
> Connecting to H2 in Vagrant.
> 
> 
> Thanks,
> 
> Maxim Khutornenko
> 
>

Re: Review Request 34566: Adding H2 management console.

[Maxim Khutornenko]

> On May 21, 2015, 11:34 p.m., Kevin Sweeney wrote:
> > Have you investigated using the [Console 
> > Servlet](http://www.h2database.com/html/tutorial.html) directly? Then we 
> > can use the Shiro filter directly and avoid adding another mechanism to 
> > configure security as well as avoid adding another listening port.

That's what I run locally to connect to H2 TCP server. Embedding H2 console 
directly into the scheduler would not help as it does not support any other 
security mechanisms besides basic auth (AFAICT). Theoretically, we could put 
TCP server behind Shiro but then we would face the same problem of client not 
supporting kerberos.


- Maxim


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review84823
---


On May 21, 2015, 9:15 p.m., Maxim Khutornenko wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> ---
> 
> (Updated May 21, 2015, 9:15 p.m.)
> 
> 
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
> 
> 
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
> 
> 
> Repository: aurora
> 
> 
> Description
> ---
> 
> Adding support for connecting to H2 DB via management console: 
> http://www.h2database.com/html/quickstart.html
> 
> The DB turns on basic authentication when a "-db_authentication_file" is 
> provided (similar to "-framework_authentication_file"). The TCP server is 
> then started to proxy H2 management console requests.
> 
> Vagrant example URL: jdbc:h2:tcp://192.168.33.7:9092/mem:aurora
> 
> 
> Diffs
> -
> 
>   config/legacy_untested_classes.txt f50b812459bd6b59d1a03e6814caa2daae133fe9 
>   examples/vagrant/provision-dev-cluster.sh 
> 853ccac35f2befa31716a9ed686df650cd913c90 
>   examples/vagrant/upstart/aurora-scheduler-kerberos.conf 
> 414539b1917b5d33c577f1539575934c7f7c8167 
>   examples/vagrant/upstart/aurora-scheduler.conf 
> f4b867cbbcdbcc792518c2f90807834e47dce253 
>   src/main/java/org/apache/aurora/SecurityUtils.java PRE-CREATION 
>   
> src/main/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModule.java
>  54608c8f819b65186ea0d000fc01b9538d5cb4ee 
>   src/main/java/org/apache/aurora/scheduler/storage/db/DbModule.java 
> 436d3841b9361df4db98a2217e61abb95e6e6bab 
>   
> src/test/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModuleTest.java
>  9e176882246b48ac87bf35c77ac8c449a0a53352 
> 
> Diff: https://reviews.apache.org/r/34566/diff/
> 
> 
> Testing
> ---
> 
> ./gradlew -Pq build
> Connecting to H2 in Vagrant.
> 
> 
> Thanks,
> 
> Maxim Khutornenko
> 
>

Re: Review Request 34566: Adding H2 management console.

[Joshua Cohen]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review84821
---


Might be worth adding tests for the conditional startup of the admin server (if 
it's feasible to do so?).

If not, would it be worth adding an e2e test that we can connect to it?


src/main/java/org/apache/aurora/scheduler/storage/db/DbModule.java


nit: s/TCP/database TCP

I might go one step further and say "database admin TCP server"


- Joshua Cohen


On May 21, 2015, 9:15 p.m., Maxim Khutornenko wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> ---
> 
> (Updated May 21, 2015, 9:15 p.m.)
> 
> 
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
> 
> 
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
> 
> 
> Repository: aurora
> 
> 
> Description
> ---
> 
> Adding support for connecting to H2 DB via management console: 
> http://www.h2database.com/html/quickstart.html
> 
> The DB turns on basic authentication when a "-db_authentication_file" is 
> provided (similar to "-framework_authentication_file"). The TCP server is 
> then started to proxy H2 management console requests.
> 
> Vagrant example URL: jdbc:h2:tcp://192.168.33.7:9092/mem:aurora
> 
> 
> Diffs
> -
> 
>   config/legacy_untested_classes.txt f50b812459bd6b59d1a03e6814caa2daae133fe9 
>   examples/vagrant/provision-dev-cluster.sh 
> 853ccac35f2befa31716a9ed686df650cd913c90 
>   examples/vagrant/upstart/aurora-scheduler-kerberos.conf 
> 414539b1917b5d33c577f1539575934c7f7c8167 
>   examples/vagrant/upstart/aurora-scheduler.conf 
> f4b867cbbcdbcc792518c2f90807834e47dce253 
>   src/main/java/org/apache/aurora/SecurityUtils.java PRE-CREATION 
>   
> src/main/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModule.java
>  54608c8f819b65186ea0d000fc01b9538d5cb4ee 
>   src/main/java/org/apache/aurora/scheduler/storage/db/DbModule.java 
> 436d3841b9361df4db98a2217e61abb95e6e6bab 
>   
> src/test/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModuleTest.java
>  9e176882246b48ac87bf35c77ac8c449a0a53352 
> 
> Diff: https://reviews.apache.org/r/34566/diff/
> 
> 
> Testing
> ---
> 
> ./gradlew -Pq build
> Connecting to H2 in Vagrant.
> 
> 
> Thanks,
> 
> Maxim Khutornenko
> 
>

Re: Review Request 34566: Adding H2 management console.

[Kevin Sweeney]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review84823
---


Have you investigated using the [Console 
Servlet](http://www.h2database.com/html/tutorial.html) directly? Then we can 
use the Shiro filter directly and avoid adding another mechanism to configure 
security as well as avoid adding another listening port.

- Kevin Sweeney


On May 21, 2015, 2:15 p.m., Maxim Khutornenko wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> ---
> 
> (Updated May 21, 2015, 2:15 p.m.)
> 
> 
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
> 
> 
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
> 
> 
> Repository: aurora
> 
> 
> Description
> ---
> 
> Adding support for connecting to H2 DB via management console: 
> http://www.h2database.com/html/quickstart.html
> 
> The DB turns on basic authentication when a "-db_authentication_file" is 
> provided (similar to "-framework_authentication_file"). The TCP server is 
> then started to proxy H2 management console requests.
> 
> Vagrant example URL: jdbc:h2:tcp://192.168.33.7:9092/mem:aurora
> 
> 
> Diffs
> -
> 
>   config/legacy_untested_classes.txt f50b812459bd6b59d1a03e6814caa2daae133fe9 
>   examples/vagrant/provision-dev-cluster.sh 
> 853ccac35f2befa31716a9ed686df650cd913c90 
>   examples/vagrant/upstart/aurora-scheduler-kerberos.conf 
> 414539b1917b5d33c577f1539575934c7f7c8167 
>   examples/vagrant/upstart/aurora-scheduler.conf 
> f4b867cbbcdbcc792518c2f90807834e47dce253 
>   src/main/java/org/apache/aurora/SecurityUtils.java PRE-CREATION 
>   
> src/main/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModule.java
>  54608c8f819b65186ea0d000fc01b9538d5cb4ee 
>   src/main/java/org/apache/aurora/scheduler/storage/db/DbModule.java 
> 436d3841b9361df4db98a2217e61abb95e6e6bab 
>   
> src/test/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModuleTest.java
>  9e176882246b48ac87bf35c77ac8c449a0a53352 
> 
> Diff: https://reviews.apache.org/r/34566/diff/
> 
> 
> Testing
> ---
> 
> ./gradlew -Pq build
> Connecting to H2 in Vagrant.
> 
> 
> Thanks,
> 
> Maxim Khutornenko
> 
>

Re: Review Request 34566: Adding H2 management console.

[Aurora ReviewBot]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34566/#review84794
---

Ship it!


Master (998993d) is green with this patch.
  ./build-support/jenkins/build.sh

I will refresh this build result if you post a review containing "@ReviewBot 
retry"

- Aurora ReviewBot


On May 21, 2015, 9:15 p.m., Maxim Khutornenko wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34566/
> ---
> 
> (Updated May 21, 2015, 9:15 p.m.)
> 
> 
> Review request for Aurora, Joshua Cohen and Kevin Sweeney.
> 
> 
> Bugs: AURORA-1287
> https://issues.apache.org/jira/browse/AURORA-1287
> 
> 
> Repository: aurora
> 
> 
> Description
> ---
> 
> Adding support for connecting to H2 DB via management console: 
> http://www.h2database.com/html/quickstart.html
> 
> The DB turns on basic authentication when a "-db_authentication_file" is 
> provided (similar to "-framework_authentication_file"). The TCP server is 
> then started to proxy H2 management console requests.
> 
> Vagrant example URL: jdbc:h2:tcp://192.168.33.7:9092/mem:aurora
> 
> 
> Diffs
> -
> 
>   config/legacy_untested_classes.txt f50b812459bd6b59d1a03e6814caa2daae133fe9 
>   examples/vagrant/provision-dev-cluster.sh 
> 853ccac35f2befa31716a9ed686df650cd913c90 
>   examples/vagrant/upstart/aurora-scheduler-kerberos.conf 
> 414539b1917b5d33c577f1539575934c7f7c8167 
>   examples/vagrant/upstart/aurora-scheduler.conf 
> f4b867cbbcdbcc792518c2f90807834e47dce253 
>   src/main/java/org/apache/aurora/SecurityUtils.java PRE-CREATION 
>   
> src/main/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModule.java
>  54608c8f819b65186ea0d000fc01b9538d5cb4ee 
>   src/main/java/org/apache/aurora/scheduler/storage/db/DbModule.java 
> 436d3841b9361df4db98a2217e61abb95e6e6bab 
>   
> src/test/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModuleTest.java
>  9e176882246b48ac87bf35c77ac8c449a0a53352 
> 
> Diff: https://reviews.apache.org/r/34566/diff/
> 
> 
> Testing
> ---
> 
> ./gradlew -Pq build
> Connecting to H2 in Vagrant.
> 
> 
> Thanks,
> 
> Maxim Khutornenko
> 
>