Mercurial > hg > thermostat-ng > web-gateway
changeset 243:0a6be16cb261
[commands] Set up RealmAuthorizer based on config.
Reviewed-by: neugens
Review-thread: http://icedtea.classpath.org/pipermail/thermostat/2017-September/024817.html
author | Severin Gehwolf <sgehwolf@redhat.com> |
---|---|
date | Mon, 04 Sep 2017 09:09:12 +0200 |
parents | 186646ba5e7b |
children | 42f6d962eb8f |
files | services/commands/src/main/java/com/redhat/thermostat/gateway/service/commands/channel/endpoints/RealmAuthorizerConfigurator.java services/commands/src/test/java/com/redhat/thermostat/gateway/service/commands/channel/endpoints/AuthBasicCoreServerTest.java |
diffstat | 2 files changed, 27 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/services/commands/src/main/java/com/redhat/thermostat/gateway/service/commands/channel/endpoints/RealmAuthorizerConfigurator.java Mon Sep 04 08:46:20 2017 +0200 +++ b/services/commands/src/main/java/com/redhat/thermostat/gateway/service/commands/channel/endpoints/RealmAuthorizerConfigurator.java Mon Sep 04 09:09:12 2017 +0200 @@ -36,6 +36,8 @@ package com.redhat.thermostat.gateway.service.commands.channel.endpoints; +import java.util.Map; + import javax.websocket.HandshakeResponse; import javax.websocket.server.HandshakeRequest; import javax.websocket.server.ServerEndpointConfig; @@ -45,22 +47,37 @@ import com.redhat.thermostat.gateway.common.core.auth.basic.BasicRealmAuthorizer; import com.redhat.thermostat.gateway.common.core.auth.basic.BasicWebUser; import com.redhat.thermostat.gateway.common.core.config.Configuration; +import com.redhat.thermostat.gateway.common.core.config.ServiceConfiguration; import com.redhat.thermostat.gateway.common.core.servlet.GlobalConstants; public class RealmAuthorizerConfigurator extends Configurator { + private static final RealmAuthorizer DENY_ALL_AUTHORIZER = new RealmAuthorizer() {}; + @Override public void modifyHandshake(ServerEndpointConfig config, HandshakeRequest request, HandshakeResponse response) { Configuration serviceConfig = (Configuration)config.getUserProperties().get(GlobalConstants.SERVICE_CONFIG_KEY); - // FIXME: Set up proper realm authorizer based on config - BasicWebUser user = (BasicWebUser)request.getUserPrincipal(); RealmAuthorizer realmAuthorizer; - if (user == null) { - realmAuthorizer = new RealmAuthorizer() {}; // deny-all authorizer + if (isBasicAuthEnabled(serviceConfig)) { + BasicWebUser user = (BasicWebUser)request.getUserPrincipal(); + if (user == null) { + realmAuthorizer = DENY_ALL_AUTHORIZER; + } else { + realmAuthorizer = new BasicRealmAuthorizer(user); + } } else { - realmAuthorizer = new BasicRealmAuthorizer(user); + realmAuthorizer = DENY_ALL_AUTHORIZER; } config.getUserProperties().put(RealmAuthorizer.class.getName(), realmAuthorizer); } + + private boolean isBasicAuthEnabled(Configuration serviceConfig) { + return isSet(serviceConfig, ServiceConfiguration.ConfigurationKey.SECURITY_BASIC); + } + + private boolean isSet(Configuration serviceConfig, ServiceConfiguration.ConfigurationKey configKey) { + Map<String, Object> map = serviceConfig.asMap(); + return Boolean.parseBoolean((String)map.get(configKey.name())); + } }
--- a/services/commands/src/test/java/com/redhat/thermostat/gateway/service/commands/channel/endpoints/AuthBasicCoreServerTest.java Mon Sep 04 08:46:20 2017 +0200 +++ b/services/commands/src/test/java/com/redhat/thermostat/gateway/service/commands/channel/endpoints/AuthBasicCoreServerTest.java Mon Sep 04 09:09:12 2017 +0200 @@ -37,6 +37,7 @@ package com.redhat.thermostat.gateway.service.commands.channel.endpoints; import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; import java.util.Arrays; import java.util.Collections; @@ -65,6 +66,7 @@ import com.redhat.thermostat.gateway.common.core.config.Configuration; import com.redhat.thermostat.gateway.common.core.config.GlobalConfiguration; +import com.redhat.thermostat.gateway.common.core.config.ServiceConfiguration; import com.redhat.thermostat.gateway.server.CoreServerBuilder; import com.redhat.thermostat.gateway.server.auth.basic.BasicLoginService; import com.redhat.thermostat.gateway.server.auth.basic.BasicUserStore; @@ -196,12 +198,15 @@ } private void addWebSocketsHandlers(Server server, ServletContextHandler contextHandler) { + Map<String, Object> serviceConfigMap = new HashMap<>(); + serviceConfigMap.put(ServiceConfiguration.ConfigurationKey.SECURITY_BASIC.name(), Boolean.TRUE.toString()); // Initialize javax.websocket layer try { contextHandler.setServer(server); ServerContainer container = WebSocketServerContainerInitializer.configureContext(contextHandler); CommandChannelEndpointHandlerFactory configFactory = new CommandChannelEndpointHandlerFactory(); Configuration serviceConfig = mock(Configuration.class); + when(serviceConfig.asMap()).thenReturn(serviceConfigMap); ServerEndpointConfig agentConf = configFactory.createEndpointConfig(CommandChannelAgentEndpointHandler.class, "/v1" + CommandChannelAgentEndpointHandler.PATH, serviceConfig);