Mercurial > hg > thermostat-ng > web-gateway
changeset 241:a6a11a21336a
Allow for plain http connections.
Reviewed-by: jkang
Review-thread: http://icedtea.classpath.org/pipermail/thermostat/2017-September/024813.html
author | Severin Gehwolf <sgehwolf@redhat.com> |
---|---|
date | Thu, 31 Aug 2017 15:34:39 +0200 |
parents | bf545cc8984a |
children | 186646ba5e7b |
files | server/src/main/java/com/redhat/thermostat/gateway/server/services/WebArchiveCoreService.java server/src/test/java/com/redhat/thermostat/gateway/server/services/WebArchiveCoreServiceTest.java |
diffstat | 2 files changed, 41 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/server/src/main/java/com/redhat/thermostat/gateway/server/services/WebArchiveCoreService.java Fri Sep 01 17:39:20 2017 +0200 +++ b/server/src/main/java/com/redhat/thermostat/gateway/server/services/WebArchiveCoreService.java Thu Aug 31 15:34:39 2017 +0200 @@ -56,7 +56,9 @@ import org.eclipse.jetty.websocket.jsr356.server.deploy.WebSocketServerContainerInitializer; import org.keycloak.adapters.jetty.KeycloakJettyAuthenticator; +import com.redhat.thermostat.gateway.common.core.auth.RealmAuthorizer; import com.redhat.thermostat.gateway.common.core.config.Configuration; +import com.redhat.thermostat.gateway.common.core.config.GlobalConfiguration; import com.redhat.thermostat.gateway.common.core.config.IllegalConfigurationException; import com.redhat.thermostat.gateway.common.core.config.ServiceConfiguration; import com.redhat.thermostat.gateway.common.core.servlet.GlobalConstants; @@ -91,7 +93,7 @@ webAppContext.setAttribute(GlobalConstants.SERVICE_CONFIG_KEY, serviceConfig); webAppContext.addSystemClass(Configuration.class.getName()); - webAppContext.addSystemClass("com.redhat.thermostat.gateway.common.core.auth.RealmAuthorizer"); + webAppContext.addSystemClass(RealmAuthorizer.class.getName()); initializeWebSockets(server, webAppContext); @@ -121,7 +123,10 @@ cons.setName(realmName); cons.setRoles(new String[] { AUTH_ACCESS_ROLE }); cons.setAuthenticate(true); - cons.setDataConstraint(Constraint.DC_CONFIDENTIAL); + boolean isTLS = Boolean.parseBoolean((String)serviceConfig.asMap().get(GlobalConfiguration.ConfigurationKey.WITH_TLS.name())); + if (isTLS) { + cons.setDataConstraint(Constraint.DC_CONFIDENTIAL); + } ConstraintMapping mapping = new ConstraintMapping(); mapping.setConstraint(cons); mapping.setMethodOmissions(new String[] {});
--- a/server/src/test/java/com/redhat/thermostat/gateway/server/services/WebArchiveCoreServiceTest.java Fri Sep 01 17:39:20 2017 +0200 +++ b/server/src/test/java/com/redhat/thermostat/gateway/server/services/WebArchiveCoreServiceTest.java Thu Aug 31 15:34:39 2017 +0200 @@ -46,6 +46,7 @@ import java.util.HashMap; import java.util.Map; +import org.eclipse.jetty.security.ConstraintMapping; import org.eclipse.jetty.security.ConstraintSecurityHandler; import org.eclipse.jetty.security.LoginService; import org.eclipse.jetty.security.SecurityHandler; @@ -53,11 +54,13 @@ import org.eclipse.jetty.server.UserIdentity; import org.eclipse.jetty.servlet.FilterHolder; import org.eclipse.jetty.servlet.ServletContextHandler; +import org.eclipse.jetty.util.security.Constraint; import org.eclipse.jetty.webapp.WebAppContext; import org.junit.Test; import org.keycloak.adapters.jetty.KeycloakJettyAuthenticator; import com.redhat.thermostat.gateway.common.core.config.Configuration; +import com.redhat.thermostat.gateway.common.core.config.GlobalConfiguration; import com.redhat.thermostat.gateway.common.core.config.IllegalConfigurationException; import com.redhat.thermostat.gateway.common.core.config.ServiceConfiguration; import com.redhat.thermostat.gateway.common.core.servlet.GlobalConstants; @@ -66,6 +69,7 @@ public class WebArchiveCoreServiceTest { + private static final int UNSET_DATA_CONSTRAINT = -1; private final String contextPath = "/test"; private final String warPath = "/test.war"; private final String keycloakJson = "{\n" + @@ -206,4 +210,34 @@ assertEquals(webAppContext.getServer(), server); } + + @Test + public void testConfidentialWithTLS() { + doDataConstraintTest(true, Constraint.DC_CONFIDENTIAL); + } + + @Test + public void testPlainDataWithoutTLS() { + doDataConstraintTest(false, UNSET_DATA_CONSTRAINT); + } + + private void doDataConstraintTest(boolean withTLS, int expectedDataConstraint) { + Map<String, Object> configurationMap = new HashMap<>(); + configurationMap.put(ServiceConfiguration.ConfigurationKey.SECURITY_BASIC.name(), "true"); + configurationMap.put(GlobalConfiguration.ConfigurationKey.WITH_TLS.name(), Boolean.valueOf(withTLS).toString()); + Configuration configuration = mock(Configuration.class); + when(configuration.asMap()).thenReturn(configurationMap); + + WebArchiveCoreService service = new WebArchiveCoreService(contextPath, warPath, configuration); + + Server server = mock(Server.class); + ServletContextHandler servletContextHandler = service.createServletContextHandler(server); + + assertTrue(servletContextHandler instanceof WebAppContext); + WebAppContext webAppContext = (WebAppContext) servletContextHandler; + ConstraintSecurityHandler secHandler = (ConstraintSecurityHandler)webAppContext.getSecurityHandler(); + ConstraintMapping constraints = secHandler.getConstraintMappings().get(0); + Constraint cons = constraints.getConstraint(); + assertEquals(expectedDataConstraint, cons.getDataConstraint()); + } }