// TODO Should we really trustAll for https? Make configurable?
private HttpClient createHttpClient(HttpPollIdentifier pollIdentifier) {
URI uri = pollIdentifier.uriProvider.get();
HttpClientBuilder builder = HttpTool.httpClientBuilder().trustAll().laxRedirect(true);
if (uri != null) builder.uri(uri);
if (uri != null) builder.credential(pollIdentifier.credentials);
if (pollIdentifier.connectionTimeout != null) {
builder.connectionTimeout(pollIdentifier.connectionTimeout);
}
if (pollIdentifier.socketTimeout != null) {
builder.socketTimeout(pollIdentifier.socketTimeout);
}
return builder.build();
}
private String getServerUser(Server server) throws Exception {
HttpClient client =
httpClientBuilder()
.uri(getBaseUri(server))
.credentials(TestSecurityProvider.CREDENTIAL)
.build();
HttpToolResponse response =
HttpTool.httpGet(
client,
URI.create(getBaseUri(server) + "/v1/server/user"),
ImmutableMap.<String, String>of());
HttpTestUtils.assertHealthyStatusCode(response.getResponseCode());
return response.getContentAsString();
}
/**
* [sam] Other tests rely on brooklyn.properties not containing security properties so .. I think
* the best way to test this is to set a security provider, then reload properties and check no
* authentication is required.
*
* <p>[aled] Changing this test so doesn't rely on brooklyn.properties having no security provider
* (that can lead to failures locally when running just this test). Asserts
*/
@Test(groups = "Integration")
public void testSecurityProviderUpdatesWhenPropertiesReloaded() {
BrooklynProperties brooklynProperties = BrooklynProperties.Factory.newEmpty();
brooklynProperties.put("brooklyn.webconsole.security.users", "admin");
brooklynProperties.put("brooklyn.webconsole.security.user.admin.password", "mypassword");
UsernamePasswordCredentials defaultCredential =
new UsernamePasswordCredentials("admin", "mypassword");
ManagementContext mgmt = new LocalManagementContext(brooklynProperties);
try {
Server server =
useServerForTest(
BrooklynRestApiLauncher.launcher()
.managementContext(mgmt)
.withoutJsgui()
.securityProvider(TestSecurityProvider.class)
.start());
String baseUri = getBaseUri(server);
HttpToolResponse response;
final URI uri = URI.create(getBaseUri() + "/v1/server/properties/reload");
final Map<String, String> args = Collections.emptyMap();
// Unauthorised when no credentials, and when default credentials.
response = HttpTool.httpPost(httpClientBuilder().uri(baseUri).build(), uri, args, args);
assertEquals(response.getResponseCode(), HttpStatus.SC_UNAUTHORIZED);
response =
HttpTool.httpPost(
httpClientBuilder().uri(baseUri).credentials(defaultCredential).build(),
uri,
args,
args);
assertEquals(response.getResponseCode(), HttpStatus.SC_UNAUTHORIZED);
// Accepts TestSecurityProvider credentials, and we reload.
response =
HttpTool.httpPost(
httpClientBuilder().uri(baseUri).credentials(TestSecurityProvider.CREDENTIAL).build(),
uri,
args,
args);
HttpTestUtils.assertHealthyStatusCode(response.getResponseCode());
// Has no gone back to credentials from brooklynProperties; TestSecurityProvider credentials
// no longer work
response =
HttpTool.httpPost(
httpClientBuilder().uri(baseUri).credentials(defaultCredential).build(),
uri,
args,
args);
HttpTestUtils.assertHealthyStatusCode(response.getResponseCode());
response =
HttpTool.httpPost(
httpClientBuilder().uri(baseUri).credentials(TestSecurityProvider.CREDENTIAL).build(),
uri,
args,
args);
assertEquals(response.getResponseCode(), HttpStatus.SC_UNAUTHORIZED);
} finally {
((ManagementContextInternal) mgmt).terminate();
}
}