[GitHub] incubator-brooklyn pull request: BROOKLYN-51

Tue, 09 Sep 2014 04:16:16 -0700 

Github user sjcorbett commented on a diff in the pull request:

    https://github.com/apache/incubator-brooklyn/pull/154#discussion_r17294137
  
    --- Diff: 
usage/launcher/src/main/java/brooklyn/launcher/BrooklynLauncher.java ---
    @@ -595,16 +597,18 @@ private void handleSubsystemStartupError(boolean 
ignoreSuchErrors, String system
         }
     
         protected void startWebApps() {
    -        if (BrooklynWebConfig.hasNoSecurityOptions(brooklynProperties)) {
    -            if (bindAddress==null) {
    -                LOG.info("Starting brooklyn web-console on loopback 
interface because no security config is set");
    -                bindAddress = Networking.LOOPBACK;
    -            }
    -            if (skipSecurityFilter==null) {
    -                LOG.debug("Starting brooklyn web-console without security 
because we are loopback and no security is set");
    -                skipSecurityFilter = true;
    -            }
    +        // No security options in properties and no command line options 
overriding.
    +        if (Boolean.TRUE.equals(skipSecurityFilter) && bindAddress == 
null) {
    +            LOG.info("Starting Brooklyn web-console on loopback because 
security is explicitly disabled and no bind address was given");
    +            bindAddress = Networking.LOOPBACK;
    +        } else if 
(BrooklynWebConfig.hasNoSecurityOptions(brooklynProperties) && bindAddress == 
null) {
    +            LOG.info("Starting Brooklyn web-console with passwordless 
access on localhost and protected access from other interfaces");
    +            bindAddress = Networking.ANY_NIC;
    +            brooklynProperties.put(
    +                    BrooklynWebConfig.SECURITY_PROVIDER_CLASSNAME,
    +                    
BrooklynUserWithRandomPasswordSecurityProvider.class.getName());
    --- End diff --
    
    Yes. Reloading properties after modifying 
`brooklyn.webconsole.security.provider` will not cause the new provider to be 
used because `DelegatingSecurityProvider` caches its delegate. It would be 
fairly straightforward to incorporate this - `DelegatingSecurityProvider` can 
just check that the classname of its delegate matches the value from the 
management context's property, and reload if there is a difference.



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---

Reply via email to