Don't bind to 127.0.0.1 only when using AnyoneSecurityProvider Keeps backwards compatibility - using AnyoneSecurityProvider wouldn't force brooklyn server to bind to loopback only, but then changed to being treated same as noSecurityProvider. Revert to initial behaviour.
Project: http://git-wip-us.apache.org/repos/asf/brooklyn-server/repo Commit: http://git-wip-us.apache.org/repos/asf/brooklyn-server/commit/64bb70d2 Tree: http://git-wip-us.apache.org/repos/asf/brooklyn-server/tree/64bb70d2 Diff: http://git-wip-us.apache.org/repos/asf/brooklyn-server/diff/64bb70d2 Branch: refs/heads/master Commit: 64bb70d2946841428e882d681aaa3cf8b8b31045 Parents: 9720743 Author: Svetoslav Neykov <[email protected]> Authored: Tue Apr 5 17:38:34 2016 +0300 Committer: Svetoslav Neykov <[email protected]> Committed: Fri Apr 8 10:03:26 2016 +0300 ---------------------------------------------------------------------- .../brooklyn/launcher/BrooklynLauncher.java | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/64bb70d2/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynLauncher.java ---------------------------------------------------------------------- diff --git a/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynLauncher.java b/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynLauncher.java index 62fd7ee..be35e60 100644 --- a/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynLauncher.java +++ b/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynLauncher.java @@ -266,17 +266,13 @@ public class BrooklynLauncher extends BasicLauncher<BrooklynLauncher> { ManagementContext managementContext = getManagementContext(); BrooklynProperties brooklynProperties = (BrooklynProperties) managementContext.getConfig(); + String securityProvider = managementContext.getConfig().getConfig(BrooklynWebConfig.SECURITY_PROVIDER_CLASSNAME); + // The security provider will let anyone in, but still require a password to be entered. + // Skip password request dialog if we know the provider will let users through. + boolean anyoneSecurityProvider = AnyoneSecurityProvider.class.getName().equals(securityProvider); + // No security options in properties and no command line options overriding. - Boolean skipSecurity = skipSecurityFilter; - if (skipSecurity == null) { - String securityProvider = managementContext.getConfig().getConfig(BrooklynWebConfig.SECURITY_PROVIDER_CLASSNAME); - // The security provider will let anyone in, but still require a password to be entered. - // Skip password request dialog if we know the provider will let users through. - if (AnyoneSecurityProvider.class.getName().equals(securityProvider)) { - skipSecurity = true; - } - } - if (Boolean.TRUE.equals(skipSecurity) && bindAddress==null) { + if (Boolean.TRUE.equals(skipSecurityFilter) && bindAddress==null) { LOG.info("Starting Brooklyn web-console on loopback because security is explicitly disabled and no bind address specified"); bindAddress = Networking.LOOPBACK; } else if (BrooklynWebConfig.hasNoSecurityOptions(managementContext.getConfig())) { @@ -310,7 +306,7 @@ public class BrooklynLauncher extends BasicLauncher<BrooklynLauncher> { if (useHttps!=null) webServer.setHttpsEnabled(useHttps); webServer.setShutdownHandler(shutdownHandler); webServer.putAttributes(brooklynProperties); - webServer.skipSecurity(Boolean.TRUE.equals(skipSecurity)); + webServer.skipSecurity(Boolean.TRUE.equals(skipSecurityFilter) || anyoneSecurityProvider); for (WebAppContextProvider webapp : webApps) { webServer.addWar(webapp); }
