示例#1
0
 // TODO Should we really trustAll for https? Make configurable?
 private HttpClient createHttpClient(HttpPollIdentifier pollIdentifier) {
   URI uri = pollIdentifier.uriProvider.get();
   HttpClientBuilder builder = HttpTool.httpClientBuilder().trustAll().laxRedirect(true);
   if (uri != null) builder.uri(uri);
   if (uri != null) builder.credential(pollIdentifier.credentials);
   if (pollIdentifier.connectionTimeout != null) {
     builder.connectionTimeout(pollIdentifier.connectionTimeout);
   }
   if (pollIdentifier.socketTimeout != null) {
     builder.socketTimeout(pollIdentifier.socketTimeout);
   }
   return builder.build();
 }
  private String getServerUser(Server server) throws Exception {
    HttpClient client =
        httpClientBuilder()
            .uri(getBaseUri(server))
            .credentials(TestSecurityProvider.CREDENTIAL)
            .build();

    HttpToolResponse response =
        HttpTool.httpGet(
            client,
            URI.create(getBaseUri(server) + "/v1/server/user"),
            ImmutableMap.<String, String>of());
    HttpTestUtils.assertHealthyStatusCode(response.getResponseCode());
    return response.getContentAsString();
  }
  /**
   * [sam] Other tests rely on brooklyn.properties not containing security properties so .. I think
   * the best way to test this is to set a security provider, then reload properties and check no
   * authentication is required.
   *
   * <p>[aled] Changing this test so doesn't rely on brooklyn.properties having no security provider
   * (that can lead to failures locally when running just this test). Asserts
   */
  @Test(groups = "Integration")
  public void testSecurityProviderUpdatesWhenPropertiesReloaded() {
    BrooklynProperties brooklynProperties = BrooklynProperties.Factory.newEmpty();
    brooklynProperties.put("brooklyn.webconsole.security.users", "admin");
    brooklynProperties.put("brooklyn.webconsole.security.user.admin.password", "mypassword");
    UsernamePasswordCredentials defaultCredential =
        new UsernamePasswordCredentials("admin", "mypassword");

    ManagementContext mgmt = new LocalManagementContext(brooklynProperties);

    try {
      Server server =
          useServerForTest(
              BrooklynRestApiLauncher.launcher()
                  .managementContext(mgmt)
                  .withoutJsgui()
                  .securityProvider(TestSecurityProvider.class)
                  .start());
      String baseUri = getBaseUri(server);

      HttpToolResponse response;
      final URI uri = URI.create(getBaseUri() + "/v1/server/properties/reload");
      final Map<String, String> args = Collections.emptyMap();

      // Unauthorised when no credentials, and when default credentials.
      response = HttpTool.httpPost(httpClientBuilder().uri(baseUri).build(), uri, args, args);
      assertEquals(response.getResponseCode(), HttpStatus.SC_UNAUTHORIZED);

      response =
          HttpTool.httpPost(
              httpClientBuilder().uri(baseUri).credentials(defaultCredential).build(),
              uri,
              args,
              args);
      assertEquals(response.getResponseCode(), HttpStatus.SC_UNAUTHORIZED);

      // Accepts TestSecurityProvider credentials, and we reload.
      response =
          HttpTool.httpPost(
              httpClientBuilder().uri(baseUri).credentials(TestSecurityProvider.CREDENTIAL).build(),
              uri,
              args,
              args);
      HttpTestUtils.assertHealthyStatusCode(response.getResponseCode());

      // Has no gone back to credentials from brooklynProperties; TestSecurityProvider credentials
      // no longer work
      response =
          HttpTool.httpPost(
              httpClientBuilder().uri(baseUri).credentials(defaultCredential).build(),
              uri,
              args,
              args);
      HttpTestUtils.assertHealthyStatusCode(response.getResponseCode());

      response =
          HttpTool.httpPost(
              httpClientBuilder().uri(baseUri).credentials(TestSecurityProvider.CREDENTIAL).build(),
              uri,
              args,
              args);
      assertEquals(response.getResponseCode(), HttpStatus.SC_UNAUTHORIZED);

    } finally {
      ((ManagementContextInternal) mgmt).terminate();
    }
  }