Mercurial > hg > release > thermostat-1.0
changeset 1088:3a0db0e80562
Add JAAS authentication to webservice command as well.
Reviewed-by: ebaron
Review-thread: http://icedtea.classpath.org/pipermail/thermostat/2013-May/006567.html
author | Severin Gehwolf <sgehwolf@redhat.com> |
---|---|
date | Mon, 13 May 2013 14:22:03 +0200 |
parents | 105617e21576 |
children | 6458910333b7 |
files | distribution/config/commands/webservice.properties distribution/config/osgi-export.properties distribution/pom.xml web/cmd/pom.xml web/cmd/src/main/java/com/redhat/thermostat/web/cmd/WebServiceLauncher.java web/cmd/src/test/java/com/redhat/thermostat/web/cmd/WebServiceLauncherTest.java web/war/pom.xml |
diffstat | 7 files changed, 39 insertions(+), 37 deletions(-) [+] |
line wrap: on
line diff
--- a/distribution/config/commands/webservice.properties Fri May 03 19:14:14 2013 +0200 +++ b/distribution/config/commands/webservice.properties Mon May 13 14:22:03 2013 +0200 @@ -21,7 +21,9 @@ jetty-util.jar, \ jetty-webapp.jar, \ jetty-xml.jar, \ - javax-servlet.jar, \ + jetty-plus.jar, \ + jetty-jndi.jar, \ + javax-servlet.jar description = starts and stops the thermostat web service
--- a/distribution/config/osgi-export.properties Fri May 03 19:14:14 2013 +0200 +++ b/distribution/config/osgi-export.properties Mon May 13 14:22:03 2013 +0200 @@ -61,3 +61,10 @@ sun.jvmstat.monitor sun.jvmstat.monitor.event +# webservice command depends on jetty-jndi, which requires +# javax.transaction and javax.mail. We don't use jndi stuff, +# so we add those "fake" exports here. +# javax.transaction is provided by the JVM, javax.mail is not +# available. +javax.transaction="1.1" +javax.mail="1.4"
--- a/distribution/pom.xml Fri May 03 19:14:14 2013 +0200 +++ b/distribution/pom.xml Mon May 13 14:22:03 2013 +0200 @@ -264,6 +264,10 @@ resource="${project.build.directory}/libs/gson-2.2.2.jar" /> <symlink link="${project.build.directory}/libs/jetty-continuation.jar" resource="${project.build.directory}/libs/jetty-continuation-8.1.5.v20120716.jar" /> + <symlink link="${project.build.directory}/libs/jetty-plus.jar" + resource="${project.build.directory}/libs/jetty-plus-8.1.5.v20120716.jar" /> + <symlink link="${project.build.directory}/libs/jetty-jndi.jar" + resource="${project.build.directory}/libs/jetty-jndi-8.1.5.v20120716.jar" /> <symlink link="${project.build.directory}/libs/jetty-http.jar" resource="${project.build.directory}/libs/jetty-http-8.1.5.v20120716.jar" /> <symlink link="${project.build.directory}/libs/jetty-io.jar"
--- a/web/cmd/pom.xml Fri May 03 19:14:14 2013 +0200 +++ b/web/cmd/pom.xml Mon May 13 14:22:03 2013 +0200 @@ -73,6 +73,11 @@ <artifactId>jetty-webapp</artifactId> <version>${jetty.version}</version> </dependency> + <dependency> + <groupId>org.eclipse.jetty</groupId> + <artifactId>jetty-plus</artifactId> + <version>${jetty.version}</version> + </dependency> <dependency> <groupId>com.redhat.thermostat</groupId>
--- a/web/cmd/src/main/java/com/redhat/thermostat/web/cmd/WebServiceLauncher.java Fri May 03 19:14:14 2013 +0200 +++ b/web/cmd/src/main/java/com/redhat/thermostat/web/cmd/WebServiceLauncher.java Mon May 13 14:22:03 2013 +0200 @@ -37,27 +37,26 @@ package com.redhat.thermostat.web.cmd; -import java.io.IOException; import java.util.List; +import org.eclipse.jetty.plus.jaas.JAASLoginService; import org.eclipse.jetty.security.ConstraintMapping; import org.eclipse.jetty.security.ConstraintSecurityHandler; -import org.eclipse.jetty.security.DefaultUserIdentity; -import org.eclipse.jetty.security.MappedLoginService; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.Server; -import org.eclipse.jetty.server.UserIdentity; import org.eclipse.jetty.server.nio.SelectChannelConnector; import org.eclipse.jetty.servlet.ServletHolder; import org.eclipse.jetty.util.security.Constraint; -import org.eclipse.jetty.util.security.Password; import org.eclipse.jetty.webapp.WebAppContext; import com.redhat.thermostat.common.config.InvalidConfigurationException; import com.redhat.thermostat.common.utils.HostPortPair; import com.redhat.thermostat.storage.mongodb.MongoStorageProvider; import com.redhat.thermostat.web.server.WebStorageEndPoint; +import com.redhat.thermostat.web.server.auth.RolePrincipal; import com.redhat.thermostat.web.server.auth.Roles; +import com.redhat.thermostat.web.server.auth.UserPrincipal; +import com.redhat.thermostat.web.server.auth.WrappedRolePrincipal; class WebServiceLauncher { @@ -118,38 +117,16 @@ constraintMap.setConstraint(constraint); secHandler.setRealmName("Thermostat Realm"); - secHandler.setAuthMethod("BASIC"); secHandler.addConstraintMapping(constraintMap); - // inform security handler about all roles - for (String role : Roles.ALL_ROLES) { - secHandler.addRole(role); - } - secHandler.setLoginService(new MappedLoginService() { - - @Override - protected void loadUsers() throws IOException { - // Register a thermostat agent user - putUser("thermostat-agent", new Password("agent-tester"), Roles.AGENT_ROLES); - // Same for a client - putUser("thermostat-client", new Password("client-tester"), Roles.CLIENT_ROLES); - // A realm access test user - putUser("thermostat-realm-user", new Password("realm-tester"), new String[] { Roles.ACCESS_REALM }); - } - - @Override - protected UserIdentity loadUser(String username) { - if (username.equals("thermostat-agent")) { - return new DefaultUserIdentity(null, null, Roles.AGENT_ROLES); - } else if (username.equals("thermostat-client")) { - return new DefaultUserIdentity(null, null, Roles.CLIENT_ROLES); - } else if (username.equals("thermostat-realm-user")) { - return new DefaultUserIdentity(null, null, new String[] { Roles.ACCESS_REALM } ); - } else { - // return empty identity - return new DefaultUserIdentity(null, null, new String[0]); - } - } + JAASLoginService loginS = new JAASLoginService(); + loginS.setLoginModuleName("ThermostatJAASLogin"); + loginS.setName("Thermostat Realm"); + loginS.setRoleClassNames(new String[] { + WrappedRolePrincipal.class.getName(), + RolePrincipal.class.getName(), + UserPrincipal.class.getName() }); + secHandler.setLoginService(loginS); ctx.setSecurityHandler(secHandler); }
--- a/web/cmd/src/test/java/com/redhat/thermostat/web/cmd/WebServiceLauncherTest.java Fri May 03 19:14:14 2013 +0200 +++ b/web/cmd/src/test/java/com/redhat/thermostat/web/cmd/WebServiceLauncherTest.java Mon May 13 14:22:03 2013 +0200 @@ -40,7 +40,6 @@ import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.doNothing; -import static org.mockito.Mockito.when; import java.util.ArrayList; import java.util.List;
--- a/web/war/pom.xml Fri May 03 19:14:14 2013 +0200 +++ b/web/war/pom.xml Mon May 13 14:22:03 2013 +0200 @@ -95,6 +95,14 @@ <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-xml</artifactId> </exclusion> + <exclusion> + <groupId>org.eclipse.jetty</groupId> + <artifactId>jetty-plus</artifactId> + </exclusion> + <exclusion> + <groupId>org.eclipse.jetty</groupId> + <artifactId>jetty-jndi</artifactId> + </exclusion> </exclusions> </dependency> </dependencies>