@Test(groups = "Integration")
public void testGetUser() throws Exception {
Server server =
useServerForTest(
BrooklynRestApiLauncher.launcher()
.securityProvider(TestSecurityProvider.class)
.withoutJsgui()
.start());
assertEquals(getServerUser(server), TestSecurityProvider.USER);
}
@BeforeClass(groups = "Integration")
public void setUp() throws Exception {
WebAppContext context;
// running in source mode; need to use special classpath
context = new WebAppContext("src/test/webapp", "/");
context.setExtraClasspath("./target/test-rest-server/");
context.setAttribute(
BrooklynServiceAttributes.BROOKLYN_MANAGEMENT_CONTEXT, getManagementContext());
Server server =
BrooklynRestApiLauncher.launcher()
.managementContext(manager)
.customContext(context)
.start();
api = new BrooklynApi("http://localhost:" + server.getConnectors()[0].getPort() + "/");
}
/**
* [sam] Other tests rely on brooklyn.properties not containing security properties so .. I think
* the best way to test this is to set a security provider, then reload properties and check no
* authentication is required.
*
* <p>[aled] Changing this test so doesn't rely on brooklyn.properties having no security provider
* (that can lead to failures locally when running just this test). Asserts
*/
@Test(groups = "Integration")
public void testSecurityProviderUpdatesWhenPropertiesReloaded() {
BrooklynProperties brooklynProperties = BrooklynProperties.Factory.newEmpty();
brooklynProperties.put("brooklyn.webconsole.security.users", "admin");
brooklynProperties.put("brooklyn.webconsole.security.user.admin.password", "mypassword");
UsernamePasswordCredentials defaultCredential =
new UsernamePasswordCredentials("admin", "mypassword");
ManagementContext mgmt = new LocalManagementContext(brooklynProperties);
try {
Server server =
useServerForTest(
BrooklynRestApiLauncher.launcher()
.managementContext(mgmt)
.withoutJsgui()
.securityProvider(TestSecurityProvider.class)
.start());
String baseUri = getBaseUri(server);
HttpToolResponse response;
final URI uri = URI.create(getBaseUri() + "/v1/server/properties/reload");
final Map<String, String> args = Collections.emptyMap();
// Unauthorised when no credentials, and when default credentials.
response = HttpTool.httpPost(httpClientBuilder().uri(baseUri).build(), uri, args, args);
assertEquals(response.getResponseCode(), HttpStatus.SC_UNAUTHORIZED);
response =
HttpTool.httpPost(
httpClientBuilder().uri(baseUri).credentials(defaultCredential).build(),
uri,
args,
args);
assertEquals(response.getResponseCode(), HttpStatus.SC_UNAUTHORIZED);
// Accepts TestSecurityProvider credentials, and we reload.
response =
HttpTool.httpPost(
httpClientBuilder().uri(baseUri).credentials(TestSecurityProvider.CREDENTIAL).build(),
uri,
args,
args);
HttpTestUtils.assertHealthyStatusCode(response.getResponseCode());
// Has no gone back to credentials from brooklynProperties; TestSecurityProvider credentials
// no longer work
response =
HttpTool.httpPost(
httpClientBuilder().uri(baseUri).credentials(defaultCredential).build(),
uri,
args,
args);
HttpTestUtils.assertHealthyStatusCode(response.getResponseCode());
response =
HttpTool.httpPost(
httpClientBuilder().uri(baseUri).credentials(TestSecurityProvider.CREDENTIAL).build(),
uri,
args,
args);
assertEquals(response.getResponseCode(), HttpStatus.SC_UNAUTHORIZED);
} finally {
((ManagementContextInternal) mgmt).terminate();
}
}