# HG changeset patch # User Severin Gehwolf # Date 1368447723 -7200 # Node ID 3a0db0e8056282361bf51130eae539e1be6ff00d # Parent 105617e215765fba4a9c58ea9c7a73be222508e4 Add JAAS authentication to webservice command as well. Reviewed-by: ebaron Review-thread: http://icedtea.classpath.org/pipermail/thermostat/2013-May/006567.html diff -r 105617e21576 -r 3a0db0e80562 distribution/config/commands/webservice.properties --- a/distribution/config/commands/webservice.properties Fri May 03 19:14:14 2013 +0200 +++ b/distribution/config/commands/webservice.properties Mon May 13 14:22:03 2013 +0200 @@ -21,7 +21,9 @@ jetty-util.jar, \ jetty-webapp.jar, \ jetty-xml.jar, \ - javax-servlet.jar, \ + jetty-plus.jar, \ + jetty-jndi.jar, \ + javax-servlet.jar description = starts and stops the thermostat web service diff -r 105617e21576 -r 3a0db0e80562 distribution/config/osgi-export.properties --- a/distribution/config/osgi-export.properties Fri May 03 19:14:14 2013 +0200 +++ b/distribution/config/osgi-export.properties Mon May 13 14:22:03 2013 +0200 @@ -61,3 +61,10 @@ sun.jvmstat.monitor sun.jvmstat.monitor.event +# webservice command depends on jetty-jndi, which requires +# javax.transaction and javax.mail. We don't use jndi stuff, +# so we add those "fake" exports here. +# javax.transaction is provided by the JVM, javax.mail is not +# available. +javax.transaction="1.1" +javax.mail="1.4" diff -r 105617e21576 -r 3a0db0e80562 distribution/pom.xml --- a/distribution/pom.xml Fri May 03 19:14:14 2013 +0200 +++ b/distribution/pom.xml Mon May 13 14:22:03 2013 +0200 @@ -264,6 +264,10 @@ resource="${project.build.directory}/libs/gson-2.2.2.jar" /> + + jetty-webapp ${jetty.version} + + org.eclipse.jetty + jetty-plus + ${jetty.version} + com.redhat.thermostat diff -r 105617e21576 -r 3a0db0e80562 web/cmd/src/main/java/com/redhat/thermostat/web/cmd/WebServiceLauncher.java --- a/web/cmd/src/main/java/com/redhat/thermostat/web/cmd/WebServiceLauncher.java Fri May 03 19:14:14 2013 +0200 +++ b/web/cmd/src/main/java/com/redhat/thermostat/web/cmd/WebServiceLauncher.java Mon May 13 14:22:03 2013 +0200 @@ -37,27 +37,26 @@ package com.redhat.thermostat.web.cmd; -import java.io.IOException; import java.util.List; +import org.eclipse.jetty.plus.jaas.JAASLoginService; import org.eclipse.jetty.security.ConstraintMapping; import org.eclipse.jetty.security.ConstraintSecurityHandler; -import org.eclipse.jetty.security.DefaultUserIdentity; -import org.eclipse.jetty.security.MappedLoginService; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.Server; -import org.eclipse.jetty.server.UserIdentity; import org.eclipse.jetty.server.nio.SelectChannelConnector; import org.eclipse.jetty.servlet.ServletHolder; import org.eclipse.jetty.util.security.Constraint; -import org.eclipse.jetty.util.security.Password; import org.eclipse.jetty.webapp.WebAppContext; import com.redhat.thermostat.common.config.InvalidConfigurationException; import com.redhat.thermostat.common.utils.HostPortPair; import com.redhat.thermostat.storage.mongodb.MongoStorageProvider; import com.redhat.thermostat.web.server.WebStorageEndPoint; +import com.redhat.thermostat.web.server.auth.RolePrincipal; import com.redhat.thermostat.web.server.auth.Roles; +import com.redhat.thermostat.web.server.auth.UserPrincipal; +import com.redhat.thermostat.web.server.auth.WrappedRolePrincipal; class WebServiceLauncher { @@ -118,38 +117,16 @@ constraintMap.setConstraint(constraint); secHandler.setRealmName("Thermostat Realm"); - secHandler.setAuthMethod("BASIC"); secHandler.addConstraintMapping(constraintMap); - // inform security handler about all roles - for (String role : Roles.ALL_ROLES) { - secHandler.addRole(role); - } - secHandler.setLoginService(new MappedLoginService() { - - @Override - protected void loadUsers() throws IOException { - // Register a thermostat agent user - putUser("thermostat-agent", new Password("agent-tester"), Roles.AGENT_ROLES); - // Same for a client - putUser("thermostat-client", new Password("client-tester"), Roles.CLIENT_ROLES); - // A realm access test user - putUser("thermostat-realm-user", new Password("realm-tester"), new String[] { Roles.ACCESS_REALM }); - } - - @Override - protected UserIdentity loadUser(String username) { - if (username.equals("thermostat-agent")) { - return new DefaultUserIdentity(null, null, Roles.AGENT_ROLES); - } else if (username.equals("thermostat-client")) { - return new DefaultUserIdentity(null, null, Roles.CLIENT_ROLES); - } else if (username.equals("thermostat-realm-user")) { - return new DefaultUserIdentity(null, null, new String[] { Roles.ACCESS_REALM } ); - } else { - // return empty identity - return new DefaultUserIdentity(null, null, new String[0]); - } - } + JAASLoginService loginS = new JAASLoginService(); + loginS.setLoginModuleName("ThermostatJAASLogin"); + loginS.setName("Thermostat Realm"); + loginS.setRoleClassNames(new String[] { + WrappedRolePrincipal.class.getName(), + RolePrincipal.class.getName(), + UserPrincipal.class.getName() }); + secHandler.setLoginService(loginS); ctx.setSecurityHandler(secHandler); } diff -r 105617e21576 -r 3a0db0e80562 web/cmd/src/test/java/com/redhat/thermostat/web/cmd/WebServiceLauncherTest.java --- a/web/cmd/src/test/java/com/redhat/thermostat/web/cmd/WebServiceLauncherTest.java Fri May 03 19:14:14 2013 +0200 +++ b/web/cmd/src/test/java/com/redhat/thermostat/web/cmd/WebServiceLauncherTest.java Mon May 13 14:22:03 2013 +0200 @@ -40,7 +40,6 @@ import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.doNothing; -import static org.mockito.Mockito.when; import java.util.ArrayList; import java.util.List; diff -r 105617e21576 -r 3a0db0e80562 web/war/pom.xml --- a/web/war/pom.xml Fri May 03 19:14:14 2013 +0200 +++ b/web/war/pom.xml Mon May 13 14:22:03 2013 +0200 @@ -95,6 +95,14 @@ org.eclipse.jetty jetty-xml + + org.eclipse.jetty + jetty-plus + + + org.eclipse.jetty + jetty-jndi +