[
https://issues.apache.org/jira/browse/BROOKLYN-51?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14126883#comment-14126883
]
ASF GitHub Bot commented on BROOKLYN-51:
----------------------------------------
Github user sjcorbett commented on a diff in the pull request:
https://github.com/apache/incubator-brooklyn/pull/154#discussion_r17294137
--- Diff:
usage/launcher/src/main/java/brooklyn/launcher/BrooklynLauncher.java ---
@@ -595,16 +597,18 @@ private void handleSubsystemStartupError(boolean
ignoreSuchErrors, String system
}
protected void startWebApps() {
- if (BrooklynWebConfig.hasNoSecurityOptions(brooklynProperties)) {
- if (bindAddress==null) {
- LOG.info("Starting brooklyn web-console on loopback
interface because no security config is set");
- bindAddress = Networking.LOOPBACK;
- }
- if (skipSecurityFilter==null) {
- LOG.debug("Starting brooklyn web-console without security
because we are loopback and no security is set");
- skipSecurityFilter = true;
- }
+ // No security options in properties and no command line options
overriding.
+ if (Boolean.TRUE.equals(skipSecurityFilter) && bindAddress ==
null) {
+ LOG.info("Starting Brooklyn web-console on loopback because
security is explicitly disabled and no bind address was given");
+ bindAddress = Networking.LOOPBACK;
+ } else if
(BrooklynWebConfig.hasNoSecurityOptions(brooklynProperties) && bindAddress ==
null) {
+ LOG.info("Starting Brooklyn web-console with passwordless
access on localhost and protected access from other interfaces");
+ bindAddress = Networking.ANY_NIC;
+ brooklynProperties.put(
+ BrooklynWebConfig.SECURITY_PROVIDER_CLASSNAME,
+
BrooklynUserWithRandomPasswordSecurityProvider.class.getName());
--- End diff --
Yes. Reloading properties after modifying
`brooklyn.webconsole.security.provider` will not cause the new provider to be
used because `DelegatingSecurityProvider` caches its delegate. It would be
fairly straightforward to incorporate this - `DelegatingSecurityProvider` can
just check that the classname of its delegate matches the value from the
management context's property, and reload if there is a difference.
> Remote access without configuring a username and password
> ---------------------------------------------------------
>
> Key: BROOKLYN-51
> URL: https://issues.apache.org/jira/browse/BROOKLYN-51
> Project: Brooklyn
> Issue Type: Sub-task
> Affects Versions: 0.7.0-M1
> Reporter: Richard Downer
> Assignee: Sam Corbett
> Fix For: 0.7.0
>
>
> By default, if Brooklyn is not configured with a username+password in
> brooklyn.properties, Brooklyn will *only* bind to the localhost interface,
> refusing connections from the network.
> To ease first time users starting Brooklyn on a server, change Brooklyn to:
> 1. Always bind on all interfaces;
> 2. If no username and password is configured, generate one randomly and print
> the details to the console
> 3. Additionally, if no username and password is configured, continue to allow
> passwordless logins on the localhost interface.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
