Mercurial > hg > thermostat-ng > web-gateway

--- a/server/src/main/java/com/redhat/thermostat/gateway/server/services/WebArchiveCoreService.java	Fri Sep 01 17:39:20 2017 +0200
+++ b/server/src/main/java/com/redhat/thermostat/gateway/server/services/WebArchiveCoreService.java	Thu Aug 31 15:34:39 2017 +0200
@@ -56,7 +56,9 @@
 import org.eclipse.jetty.websocket.jsr356.server.deploy.WebSocketServerContainerInitializer;
 import org.keycloak.adapters.jetty.KeycloakJettyAuthenticator;

+import com.redhat.thermostat.gateway.common.core.auth.RealmAuthorizer;
 import com.redhat.thermostat.gateway.common.core.config.Configuration;
+import com.redhat.thermostat.gateway.common.core.config.GlobalConfiguration;
 import com.redhat.thermostat.gateway.common.core.config.IllegalConfigurationException;
 import com.redhat.thermostat.gateway.common.core.config.ServiceConfiguration;
 import com.redhat.thermostat.gateway.common.core.servlet.GlobalConstants;
@@ -91,7 +93,7 @@

         webAppContext.setAttribute(GlobalConstants.SERVICE_CONFIG_KEY, serviceConfig);
         webAppContext.addSystemClass(Configuration.class.getName());
-        webAppContext.addSystemClass("com.redhat.thermostat.gateway.common.core.auth.RealmAuthorizer");
+        webAppContext.addSystemClass(RealmAuthorizer.class.getName());


         initializeWebSockets(server, webAppContext);
@@ -121,7 +123,10 @@
         cons.setName(realmName);
         cons.setRoles(new String[] { AUTH_ACCESS_ROLE });
         cons.setAuthenticate(true);
-        cons.setDataConstraint(Constraint.DC_CONFIDENTIAL);
+        boolean isTLS = Boolean.parseBoolean((String)serviceConfig.asMap().get(GlobalConfiguration.ConfigurationKey.WITH_TLS.name()));
+        if (isTLS) {
+            cons.setDataConstraint(Constraint.DC_CONFIDENTIAL);
+        }
         ConstraintMapping mapping = new ConstraintMapping();
         mapping.setConstraint(cons);
         mapping.setMethodOmissions(new String[] {});
--- a/server/src/test/java/com/redhat/thermostat/gateway/server/services/WebArchiveCoreServiceTest.java	Fri Sep 01 17:39:20 2017 +0200
+++ b/server/src/test/java/com/redhat/thermostat/gateway/server/services/WebArchiveCoreServiceTest.java	Thu Aug 31 15:34:39 2017 +0200
@@ -46,6 +46,7 @@
 import java.util.HashMap;
 import java.util.Map;

+import org.eclipse.jetty.security.ConstraintMapping;
 import org.eclipse.jetty.security.ConstraintSecurityHandler;
 import org.eclipse.jetty.security.LoginService;
 import org.eclipse.jetty.security.SecurityHandler;
@@ -53,11 +54,13 @@
 import org.eclipse.jetty.server.UserIdentity;
 import org.eclipse.jetty.servlet.FilterHolder;
 import org.eclipse.jetty.servlet.ServletContextHandler;
+import org.eclipse.jetty.util.security.Constraint;
 import org.eclipse.jetty.webapp.WebAppContext;
 import org.junit.Test;
 import org.keycloak.adapters.jetty.KeycloakJettyAuthenticator;

 import com.redhat.thermostat.gateway.common.core.config.Configuration;
+import com.redhat.thermostat.gateway.common.core.config.GlobalConfiguration;
 import com.redhat.thermostat.gateway.common.core.config.IllegalConfigurationException;
 import com.redhat.thermostat.gateway.common.core.config.ServiceConfiguration;
 import com.redhat.thermostat.gateway.common.core.servlet.GlobalConstants;
@@ -66,6 +69,7 @@

 public class WebArchiveCoreServiceTest {

+    private static final int UNSET_DATA_CONSTRAINT = -1;
     private final String contextPath = "/test";
     private final String warPath = "/test.war";
     private final String keycloakJson = "{\n" +
@@ -206,4 +210,34 @@

         assertEquals(webAppContext.getServer(), server);
     }
+
+    @Test
+    public void testConfidentialWithTLS() {
+        doDataConstraintTest(true, Constraint.DC_CONFIDENTIAL);
+    }
+
+    @Test
+    public void testPlainDataWithoutTLS() {
+        doDataConstraintTest(false, UNSET_DATA_CONSTRAINT);
+    }
+
+    private void doDataConstraintTest(boolean withTLS, int expectedDataConstraint) {
+        Map<String, Object> configurationMap = new HashMap<>();
+        configurationMap.put(ServiceConfiguration.ConfigurationKey.SECURITY_BASIC.name(), "true");
+        configurationMap.put(GlobalConfiguration.ConfigurationKey.WITH_TLS.name(), Boolean.valueOf(withTLS).toString());
+        Configuration configuration = mock(Configuration.class);
+        when(configuration.asMap()).thenReturn(configurationMap);
+
+        WebArchiveCoreService service = new WebArchiveCoreService(contextPath, warPath, configuration);
+
+        Server server = mock(Server.class);
+        ServletContextHandler servletContextHandler = service.createServletContextHandler(server);
+
+        assertTrue(servletContextHandler instanceof WebAppContext);
+        WebAppContext webAppContext = (WebAppContext) servletContextHandler;
+        ConstraintSecurityHandler secHandler = (ConstraintSecurityHandler)webAppContext.getSecurityHandler();
+        ConstraintMapping constraints = secHandler.getConstraintMappings().get(0);
+        Constraint cons = constraints.getConstraint();
+        assertEquals(expectedDataConstraint, cons.getDataConstraint());
+    }
 }