Mercurial > hg > release > thermostat-0.9

changeset 1088:3a0db0e80562

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add JAAS authentication to webservice command as well. Reviewed-by: ebaron Review-thread: http://icedtea.classpath.org/pipermail/thermostat/2013-May/006567.html
author Severin Gehwolf <sgehwolf@redhat.com>
date Mon, 13 May 2013 14:22:03 +0200
parents 105617e21576
children 6458910333b7
files distribution/config/commands/webservice.properties distribution/config/osgi-export.properties distribution/pom.xml web/cmd/pom.xml web/cmd/src/main/java/com/redhat/thermostat/web/cmd/WebServiceLauncher.java web/cmd/src/test/java/com/redhat/thermostat/web/cmd/WebServiceLauncherTest.java web/war/pom.xml
diffstat 7 files changed, 39 insertions(+), 37 deletions(-) [+]
line wrap: on
line diff
--- a/distribution/config/commands/webservice.properties	Fri May 03 19:14:14 2013 +0200
+++ b/distribution/config/commands/webservice.properties	Mon May 13 14:22:03 2013 +0200
@@ -21,7 +21,9 @@
           jetty-util.jar, \
           jetty-webapp.jar, \
           jetty-xml.jar, \
-          javax-servlet.jar, \
+          jetty-plus.jar, \
+          jetty-jndi.jar, \
+          javax-servlet.jar
           
 
 description = starts and stops the thermostat web service
--- a/distribution/config/osgi-export.properties	Fri May 03 19:14:14 2013 +0200
+++ b/distribution/config/osgi-export.properties	Mon May 13 14:22:03 2013 +0200
@@ -61,3 +61,10 @@
 sun.jvmstat.monitor
 sun.jvmstat.monitor.event
 
+# webservice command depends on jetty-jndi, which requires
+# javax.transaction and javax.mail. We don't use jndi stuff,
+# so we add those "fake" exports here.
+# javax.transaction is provided by the JVM, javax.mail is not
+# available.
+javax.transaction="1.1"
+javax.mail="1.4"
--- a/distribution/pom.xml	Fri May 03 19:14:14 2013 +0200
+++ b/distribution/pom.xml	Mon May 13 14:22:03 2013 +0200
@@ -264,6 +264,10 @@
                          resource="${project.build.directory}/libs/gson-2.2.2.jar" />
                 <symlink link="${project.build.directory}/libs/jetty-continuation.jar"
                          resource="${project.build.directory}/libs/jetty-continuation-8.1.5.v20120716.jar" />
+                <symlink link="${project.build.directory}/libs/jetty-plus.jar"
+                         resource="${project.build.directory}/libs/jetty-plus-8.1.5.v20120716.jar" />
+                <symlink link="${project.build.directory}/libs/jetty-jndi.jar"
+                         resource="${project.build.directory}/libs/jetty-jndi-8.1.5.v20120716.jar" />
                 <symlink link="${project.build.directory}/libs/jetty-http.jar"
                          resource="${project.build.directory}/libs/jetty-http-8.1.5.v20120716.jar" />
                 <symlink link="${project.build.directory}/libs/jetty-io.jar"
--- a/web/cmd/pom.xml	Fri May 03 19:14:14 2013 +0200
+++ b/web/cmd/pom.xml	Mon May 13 14:22:03 2013 +0200
@@ -73,6 +73,11 @@
       <artifactId>jetty-webapp</artifactId>
       <version>${jetty.version}</version>
     </dependency>
+    <dependency>
+      <groupId>org.eclipse.jetty</groupId>
+      <artifactId>jetty-plus</artifactId>
+      <version>${jetty.version}</version>
+    </dependency>
 
     <dependency>
       <groupId>com.redhat.thermostat</groupId>
--- a/web/cmd/src/main/java/com/redhat/thermostat/web/cmd/WebServiceLauncher.java	Fri May 03 19:14:14 2013 +0200
+++ b/web/cmd/src/main/java/com/redhat/thermostat/web/cmd/WebServiceLauncher.java	Mon May 13 14:22:03 2013 +0200
@@ -37,27 +37,26 @@
 
 package com.redhat.thermostat.web.cmd;
 
-import java.io.IOException;
 import java.util.List;
 
+import org.eclipse.jetty.plus.jaas.JAASLoginService;
 import org.eclipse.jetty.security.ConstraintMapping;
 import org.eclipse.jetty.security.ConstraintSecurityHandler;
-import org.eclipse.jetty.security.DefaultUserIdentity;
-import org.eclipse.jetty.security.MappedLoginService;
 import org.eclipse.jetty.server.Connector;
 import org.eclipse.jetty.server.Server;
-import org.eclipse.jetty.server.UserIdentity;
 import org.eclipse.jetty.server.nio.SelectChannelConnector;
 import org.eclipse.jetty.servlet.ServletHolder;
 import org.eclipse.jetty.util.security.Constraint;
-import org.eclipse.jetty.util.security.Password;
 import org.eclipse.jetty.webapp.WebAppContext;
 
 import com.redhat.thermostat.common.config.InvalidConfigurationException;
 import com.redhat.thermostat.common.utils.HostPortPair;
 import com.redhat.thermostat.storage.mongodb.MongoStorageProvider;
 import com.redhat.thermostat.web.server.WebStorageEndPoint;
+import com.redhat.thermostat.web.server.auth.RolePrincipal;
 import com.redhat.thermostat.web.server.auth.Roles;
+import com.redhat.thermostat.web.server.auth.UserPrincipal;
+import com.redhat.thermostat.web.server.auth.WrappedRolePrincipal;
 
 class WebServiceLauncher {
 
@@ -118,38 +117,16 @@
         constraintMap.setConstraint(constraint);
         
         secHandler.setRealmName("Thermostat Realm");
-        secHandler.setAuthMethod("BASIC");
         secHandler.addConstraintMapping(constraintMap);
-        // inform security handler about all roles
-        for (String role : Roles.ALL_ROLES) {
-            secHandler.addRole(role);
-        }
-        secHandler.setLoginService(new MappedLoginService() {
-            
-            @Override
-            protected void loadUsers() throws IOException {
-                // Register a thermostat agent user
-                putUser("thermostat-agent", new Password("agent-tester"), Roles.AGENT_ROLES);
-                // Same for a client
-                putUser("thermostat-client", new Password("client-tester"), Roles.CLIENT_ROLES);
-                // A realm access test user
-                putUser("thermostat-realm-user", new Password("realm-tester"), new String[] { Roles.ACCESS_REALM });
-            }
-
-            @Override
-            protected UserIdentity loadUser(String username) {
-                if (username.equals("thermostat-agent")) {
-                    return new DefaultUserIdentity(null, null, Roles.AGENT_ROLES);
-                } else if (username.equals("thermostat-client")) {
-                    return new DefaultUserIdentity(null, null, Roles.CLIENT_ROLES);
-                } else if (username.equals("thermostat-realm-user")) {
-                    return new DefaultUserIdentity(null, null, new String[] { Roles.ACCESS_REALM } );
-                } else {
-                    // return empty identity
-                    return new DefaultUserIdentity(null, null, new String[0]);
-                }
-            }
+        JAASLoginService loginS = new JAASLoginService();
+        loginS.setLoginModuleName("ThermostatJAASLogin");
+        loginS.setName("Thermostat Realm");
+        loginS.setRoleClassNames(new String[] {
+        WrappedRolePrincipal.class.getName(),
+              RolePrincipal.class.getName(),
+              UserPrincipal.class.getName()
         });
+        secHandler.setLoginService(loginS);
         ctx.setSecurityHandler(secHandler);
     }
 
--- a/web/cmd/src/test/java/com/redhat/thermostat/web/cmd/WebServiceLauncherTest.java	Fri May 03 19:14:14 2013 +0200
+++ b/web/cmd/src/test/java/com/redhat/thermostat/web/cmd/WebServiceLauncherTest.java	Mon May 13 14:22:03 2013 +0200
@@ -40,7 +40,6 @@
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.doNothing;
-import static org.mockito.Mockito.when;
 
 import java.util.ArrayList;
 import java.util.List;
--- a/web/war/pom.xml	Fri May 03 19:14:14 2013 +0200
+++ b/web/war/pom.xml	Mon May 13 14:22:03 2013 +0200
@@ -95,6 +95,14 @@
           <groupId>org.eclipse.jetty</groupId>
           <artifactId>jetty-xml</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.eclipse.jetty</groupId>
+          <artifactId>jetty-plus</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.eclipse.jetty</groupId>
+          <artifactId>jetty-jndi</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
   </dependencies>