/** checks the supplied candidate user and password against the * expect password (or SHA-256 + SALT thereof) defined as brooklyn properties. */ public static boolean checkExplicitUserPassword(ManagementContext mgmt, String user, String password) { BrooklynProperties properties = (BrooklynProperties) mgmt.getConfig(); String expectedPassword = properties.getConfig(BrooklynWebConfig.PASSWORD_FOR_USER(user)); String salt = properties.getConfig(BrooklynWebConfig.SALT_FOR_USER(user)); String expectedSha256 = properties.getConfig(BrooklynWebConfig.SHA256_FOR_USER(user)); return checkPassword(password, expectedPassword, expectedSha256, salt); } /**
if (delegate != null && BrooklynWebConfig.hasNoSecurityOptions(mgmt.getConfig())) { log.debug("{} refusing to change from {}: No security provider set in reloaded properties.", this, delegate);
@Test(groups="Integration") public void testStartsWebServerWithCredentials() throws Exception { launcher = newLauncherForTests(true) .webconsolePort("10000+") .brooklynProperties(BrooklynWebConfig.USERS, "myname") .brooklynProperties(BrooklynWebConfig.PASSWORD_FOR_USER("myname"), "mypassword") .start(); String uri = launcher.getServerDetails().getWebServerUrl(); HttpToolResponse response = HttpTool.execAndConsume(HttpTool.httpClientBuilder().build(), new HttpGet(uri)); assertEquals(response.getResponseCode(), 401); HttpToolResponse response2 = HttpTool.execAndConsume( HttpTool.httpClientBuilder() .uri(uri) .credentials(new UsernamePasswordCredentials("myname", "mypassword")) .build(), new HttpGet(uri)); assertEquals(response2.getResponseCode(), 200); }
private static Server startServer(ManagementContext mgmt, ContextHandler context, String summary, boolean disableHighAvailability) { // TODO this repeats code in BrooklynLauncher / WebServer. should merge the two paths. boolean secure = mgmt != null && !BrooklynWebConfig.hasNoSecurityOptions(mgmt.getConfig()); if (secure) { log.debug("Detected security configured, launching server on all network interfaces"); } else { log.debug("Detected no security configured, launching server on loopback (localhost) network interface only"); if (mgmt!=null) { log.debug("Detected no security configured, running on loopback; disabling authentication"); ((BrooklynProperties)mgmt.getConfig()).put(BrooklynWebConfig.SECURITY_PROVIDER_CLASSNAME, AnyoneSecurityProvider.class.getName()); } } if (mgmt != null && disableHighAvailability) mgmt.getHighAvailabilityManager().disabled(); InetSocketAddress bindLocation = new InetSocketAddress( secure ? Networking.ANY_NIC : Networking.LOOPBACK, Networking.nextAvailablePort(FAVOURITE_PORT)); return startServer(mgmt, context, summary, bindLocation); }