Mercurial > hg > thermostat-ng > web-gateway

changeset 243:0a6be16cb261

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
[commands] Set up RealmAuthorizer based on config. Reviewed-by: neugens Review-thread: http://icedtea.classpath.org/pipermail/thermostat/2017-September/024817.html
author Severin Gehwolf <sgehwolf@redhat.com>
date Mon, 04 Sep 2017 09:09:12 +0200
parents 186646ba5e7b
children 42f6d962eb8f
files services/commands/src/main/java/com/redhat/thermostat/gateway/service/commands/channel/endpoints/RealmAuthorizerConfigurator.java services/commands/src/test/java/com/redhat/thermostat/gateway/service/commands/channel/endpoints/AuthBasicCoreServerTest.java
diffstat 2 files changed, 27 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/services/commands/src/main/java/com/redhat/thermostat/gateway/service/commands/channel/endpoints/RealmAuthorizerConfigurator.java	Mon Sep 04 08:46:20 2017 +0200
+++ b/services/commands/src/main/java/com/redhat/thermostat/gateway/service/commands/channel/endpoints/RealmAuthorizerConfigurator.java	Mon Sep 04 09:09:12 2017 +0200
@@ -36,6 +36,8 @@
 
 package com.redhat.thermostat.gateway.service.commands.channel.endpoints;
 
+import java.util.Map;
+
 import javax.websocket.HandshakeResponse;
 import javax.websocket.server.HandshakeRequest;
 import javax.websocket.server.ServerEndpointConfig;
@@ -45,22 +47,37 @@
 import com.redhat.thermostat.gateway.common.core.auth.basic.BasicRealmAuthorizer;
 import com.redhat.thermostat.gateway.common.core.auth.basic.BasicWebUser;
 import com.redhat.thermostat.gateway.common.core.config.Configuration;
+import com.redhat.thermostat.gateway.common.core.config.ServiceConfiguration;
 import com.redhat.thermostat.gateway.common.core.servlet.GlobalConstants;
 
 public class RealmAuthorizerConfigurator extends Configurator {
 
+    private static final RealmAuthorizer DENY_ALL_AUTHORIZER = new RealmAuthorizer() {};
+
     @Override
     public void modifyHandshake(ServerEndpointConfig config, HandshakeRequest request, HandshakeResponse response) {
         Configuration serviceConfig = (Configuration)config.getUserProperties().get(GlobalConstants.SERVICE_CONFIG_KEY);
 
-        // FIXME: Set up proper realm authorizer based on config
-        BasicWebUser user = (BasicWebUser)request.getUserPrincipal();
         RealmAuthorizer realmAuthorizer;
-        if (user == null) {
-            realmAuthorizer = new RealmAuthorizer() {}; // deny-all authorizer
+        if (isBasicAuthEnabled(serviceConfig)) {
+            BasicWebUser user = (BasicWebUser)request.getUserPrincipal();
+            if (user == null) {
+                realmAuthorizer = DENY_ALL_AUTHORIZER;
+            } else {
+                realmAuthorizer = new BasicRealmAuthorizer(user);
+            }
         } else {
-            realmAuthorizer = new BasicRealmAuthorizer(user);
+            realmAuthorizer = DENY_ALL_AUTHORIZER;
         }
         config.getUserProperties().put(RealmAuthorizer.class.getName(), realmAuthorizer);
     }
+
+    private boolean isBasicAuthEnabled(Configuration serviceConfig) {
+        return isSet(serviceConfig, ServiceConfiguration.ConfigurationKey.SECURITY_BASIC);
+    }
+
+    private boolean isSet(Configuration serviceConfig, ServiceConfiguration.ConfigurationKey configKey) {
+        Map<String, Object> map = serviceConfig.asMap();
+        return Boolean.parseBoolean((String)map.get(configKey.name()));
+    }
 }
--- a/services/commands/src/test/java/com/redhat/thermostat/gateway/service/commands/channel/endpoints/AuthBasicCoreServerTest.java	Mon Sep 04 08:46:20 2017 +0200
+++ b/services/commands/src/test/java/com/redhat/thermostat/gateway/service/commands/channel/endpoints/AuthBasicCoreServerTest.java	Mon Sep 04 09:09:12 2017 +0200
@@ -37,6 +37,7 @@
 package com.redhat.thermostat.gateway.service.commands.channel.endpoints;
 
 import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
 
 import java.util.Arrays;
 import java.util.Collections;
@@ -65,6 +66,7 @@
 
 import com.redhat.thermostat.gateway.common.core.config.Configuration;
 import com.redhat.thermostat.gateway.common.core.config.GlobalConfiguration;
+import com.redhat.thermostat.gateway.common.core.config.ServiceConfiguration;
 import com.redhat.thermostat.gateway.server.CoreServerBuilder;
 import com.redhat.thermostat.gateway.server.auth.basic.BasicLoginService;
 import com.redhat.thermostat.gateway.server.auth.basic.BasicUserStore;
@@ -196,12 +198,15 @@
         }
 
         private void addWebSocketsHandlers(Server server, ServletContextHandler contextHandler) {
+            Map<String, Object> serviceConfigMap = new HashMap<>();
+            serviceConfigMap.put(ServiceConfiguration.ConfigurationKey.SECURITY_BASIC.name(), Boolean.TRUE.toString());
             // Initialize javax.websocket layer
             try {
                 contextHandler.setServer(server);
                 ServerContainer container = WebSocketServerContainerInitializer.configureContext(contextHandler);
                 CommandChannelEndpointHandlerFactory configFactory = new CommandChannelEndpointHandlerFactory();
                 Configuration serviceConfig = mock(Configuration.class);
+                when(serviceConfig.asMap()).thenReturn(serviceConfigMap);
                 ServerEndpointConfig agentConf = configFactory.createEndpointConfig(CommandChannelAgentEndpointHandler.class,
                                                                                     "/v1" + CommandChannelAgentEndpointHandler.PATH,
                                                                                     serviceConfig);