Repository: incubator-brooklyn Updated Branches: refs/heads/master 7ca278166 -> 5bb7cc693
for ExplicitUser provider, create sooner and use config key to expose the provider(s) Project: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/commit/a57dbe4a Tree: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/tree/a57dbe4a Diff: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/diff/a57dbe4a Branch: refs/heads/master Commit: a57dbe4aa73f8b5bac8f7d295fad70444d5b45f8 Parents: 3c08a7e Author: Alex Heneveld <[email protected]> Authored: Fri Sep 4 12:21:44 2015 +0100 Committer: Alex Heneveld <[email protected]> Committed: Fri Sep 4 12:21:44 2015 +0100 ---------------------------------------------------------------------- .../org/apache/brooklyn/launcher/BrooklynLauncher.java | 6 ++++-- .../java/org/apache/brooklyn/rest/BrooklynWebConfig.java | 3 +++ .../BrooklynUserWithRandomPasswordSecurityProvider.java | 10 ++++++++-- .../security/provider/DelegatingSecurityProvider.java | 10 ++++++++++ 4 files changed, 25 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/a57dbe4a/usage/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynLauncher.java ---------------------------------------------------------------------- diff --git a/usage/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynLauncher.java b/usage/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynLauncher.java index f9e8e8f..7425865 100644 --- a/usage/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynLauncher.java +++ b/usage/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynLauncher.java @@ -753,6 +753,8 @@ public class BrooklynLauncher { LOG.info("Starting Brooklyn web-console on loopback because security is explicitly disabled and no bind address specified"); bindAddress = Networking.LOOPBACK; } else if (BrooklynWebConfig.hasNoSecurityOptions(brooklynProperties)) { + LOG.info("No security provider options specified. Define a security provider or users to prevent a random password being created and logged."); + if (bindAddress==null) { LOG.info("Starting Brooklyn web-console with passwordless access on localhost and protected access from any other interfaces (no bind address specified)"); } else { @@ -765,8 +767,8 @@ public class BrooklynLauncher { } } brooklynProperties.put( - BrooklynWebConfig.SECURITY_PROVIDER_CLASSNAME, - BrooklynUserWithRandomPasswordSecurityProvider.class.getName()); + BrooklynWebConfig.SECURITY_PROVIDER_INSTANCE, + new BrooklynUserWithRandomPasswordSecurityProvider(managementContext)); } else { LOG.debug("Starting Brooklyn using security properties: "+brooklynProperties.submap(ConfigPredicates.startingWith(BrooklynWebConfig.BASE_NAME_SECURITY)).asMapWithStringKeys()); } http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/a57dbe4a/usage/rest-server/src/main/java/org/apache/brooklyn/rest/BrooklynWebConfig.java ---------------------------------------------------------------------- diff --git a/usage/rest-server/src/main/java/org/apache/brooklyn/rest/BrooklynWebConfig.java b/usage/rest-server/src/main/java/org/apache/brooklyn/rest/BrooklynWebConfig.java index 4fa13d0..c2aaebd 100644 --- a/usage/rest-server/src/main/java/org/apache/brooklyn/rest/BrooklynWebConfig.java +++ b/usage/rest-server/src/main/java/org/apache/brooklyn/rest/BrooklynWebConfig.java @@ -25,6 +25,7 @@ import org.apache.brooklyn.core.config.ConfigKeys; import org.apache.brooklyn.core.config.ConfigPredicates; import org.apache.brooklyn.rest.security.provider.DelegatingSecurityProvider; import org.apache.brooklyn.rest.security.provider.ExplicitUsersSecurityProvider; +import org.apache.brooklyn.rest.security.provider.SecurityProvider; public class BrooklynWebConfig { @@ -39,6 +40,8 @@ public class BrooklynWebConfig { public final static ConfigKey<String> SECURITY_PROVIDER_CLASSNAME = ConfigKeys.newStringConfigKey( BASE_NAME_SECURITY+".provider", "class name of a Brooklyn SecurityProvider", ExplicitUsersSecurityProvider.class.getCanonicalName()); + public final static ConfigKey<SecurityProvider> SECURITY_PROVIDER_INSTANCE = ConfigKeys.newConfigKey(SecurityProvider.class, + SECURITY_PROVIDER_CLASSNAME.getName()+".internal.instance", "instance of a pre-configured security provider"); /** * Explicitly set the users/passwords, e.g. in brooklyn.properties: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/a57dbe4a/usage/rest-server/src/main/java/org/apache/brooklyn/rest/security/provider/BrooklynUserWithRandomPasswordSecurityProvider.java ---------------------------------------------------------------------- diff --git a/usage/rest-server/src/main/java/org/apache/brooklyn/rest/security/provider/BrooklynUserWithRandomPasswordSecurityProvider.java b/usage/rest-server/src/main/java/org/apache/brooklyn/rest/security/provider/BrooklynUserWithRandomPasswordSecurityProvider.java index 3d13f7b..d5be027 100644 --- a/usage/rest-server/src/main/java/org/apache/brooklyn/rest/security/provider/BrooklynUserWithRandomPasswordSecurityProvider.java +++ b/usage/rest-server/src/main/java/org/apache/brooklyn/rest/security/provider/BrooklynUserWithRandomPasswordSecurityProvider.java @@ -20,12 +20,13 @@ package org.apache.brooklyn.rest.security.provider; import javax.servlet.http.HttpSession; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.apache.brooklyn.api.mgmt.ManagementContext; import org.apache.brooklyn.rest.filter.BrooklynPropertiesSecurityFilter; +import org.apache.brooklyn.util.javalang.JavaClassNames; import org.apache.brooklyn.util.net.Networking; import org.apache.brooklyn.util.text.Identifiers; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; public class BrooklynUserWithRandomPasswordSecurityProvider extends AbstractSecurityProvider implements SecurityProvider { @@ -64,4 +65,9 @@ public class BrooklynUserWithRandomPasswordSecurityProvider extends AbstractSecu return false; } } + + @Override + public String toString() { + return JavaClassNames.cleanSimpleClassName(this); + } } http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/a57dbe4a/usage/rest-server/src/main/java/org/apache/brooklyn/rest/security/provider/DelegatingSecurityProvider.java ---------------------------------------------------------------------- diff --git a/usage/rest-server/src/main/java/org/apache/brooklyn/rest/security/provider/DelegatingSecurityProvider.java b/usage/rest-server/src/main/java/org/apache/brooklyn/rest/security/provider/DelegatingSecurityProvider.java index 52baab4..8b2b9da 100644 --- a/usage/rest-server/src/main/java/org/apache/brooklyn/rest/security/provider/DelegatingSecurityProvider.java +++ b/usage/rest-server/src/main/java/org/apache/brooklyn/rest/security/provider/DelegatingSecurityProvider.java @@ -27,6 +27,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.apache.brooklyn.api.mgmt.ManagementContext; import org.apache.brooklyn.config.StringConfigMap; +import org.apache.brooklyn.core.internal.BrooklynProperties; import org.apache.brooklyn.rest.BrooklynWebConfig; import org.apache.brooklyn.util.text.Strings; @@ -67,6 +68,12 @@ public class DelegatingSecurityProvider implements SecurityProvider { private synchronized SecurityProvider loadDelegate() { StringConfigMap brooklynProperties = mgmt.getConfig(); + SecurityProvider presetDelegate = brooklynProperties.getConfig(BrooklynWebConfig.SECURITY_PROVIDER_INSTANCE); + if (presetDelegate!=null) { + log.info("REST using pre-set security provider " + presetDelegate); + return presetDelegate; + } + String className = brooklynProperties.getConfig(BrooklynWebConfig.SECURITY_PROVIDER_CLASSNAME); if (delegate != null && BrooklynWebConfig.hasNoSecurityOptions(mgmt.getConfig())) { @@ -107,6 +114,9 @@ public class DelegatingSecurityProvider implements SecurityProvider { log.warn("REST unable to instantiate security provider " + className + "; all logins are being disallowed", e); delegate = new BlackholeSecurityProvider(); } + + ((BrooklynProperties)mgmt.getConfig()).put(BrooklynWebConfig.SECURITY_PROVIDER_INSTANCE, delegate); + return delegate; }
