Fix #757, disable authentication by default in servlet containers but…

… enable it by default when no initial context is available (like in karaf)
hawtio · Nov 20, 2013 · b12921e · b12921e
1 parent 785f1a0
commit b12921e
Show file tree

Hide file tree

Showing 7 changed files with 200 additions and 70 deletions.
diff --git a/hawtio-web/src/main/java/io/hawt/HawtioContextListener.java b/hawtio-web/src/main/java/io/hawt/HawtioContextListener.java
@@ -3,6 +3,7 @@
 import io.hawt.jmx.JmxTreeWatcher;
 import io.hawt.jmx.PluginRegistry;
 import io.hawt.jmx.UploadManager;
+import io.hawt.system.ConfigManager;
 
 import javax.servlet.ServletContextEvent;
 import javax.servlet.ServletContextListener;
@@ -15,34 +16,26 @@ public class HawtioContextListener implements ServletContextListener {
     private JmxTreeWatcher treeWatcher = new JmxTreeWatcher();
     private PluginRegistry registry = new PluginRegistry();
     private UploadManager uploadManager = new UploadManager();
+    private ConfigManager configManager = new ConfigManager();
 
     public void contextInitialized(ServletContextEvent servletContextEvent) {
-
-        String realm = System.getProperty("hawtio.realm", "karaf");
-        String role = System.getProperty("hawtio.role", "admin");
-        //String rolePrincipalClasses = System.getProperty("hawtio.rolePrincipalClasses", "org.apache.karaf.jaas.boot.principal.RolePrincipal,org.apache.karaf.jaas.modules.RolePrincipal");
-        String rolePrincipalClasses = System.getProperty("hawtio.rolePrincipalClasses", "");
-        Boolean authEnabled = Boolean.valueOf(System.getProperty("hawtio.authenticationEnabled", "true"));
-
-        servletContextEvent.getServletContext().setAttribute("realm", realm);
-        servletContextEvent.getServletContext().setAttribute("role", role);
-        servletContextEvent.getServletContext().setAttribute("rolePrincipalClasses", rolePrincipalClasses);
-        servletContextEvent.getServletContext().setAttribute("authEnabled", authEnabled);
-
         try {
+            configManager.init();
             treeWatcher.init();
             registry.init();
-            uploadManager.init();
+            uploadManager.init(configManager);
         } catch (Exception e) {
             throw createServletException(e);
         }
+        servletContextEvent.getServletContext().setAttribute("ConfigManager", configManager);
     }
 
     public void contextDestroyed(ServletContextEvent servletContextEvent) {
         try {
             treeWatcher.destroy();
             registry.destroy();
             uploadManager.destroy();
+            configManager.destroy();
         } catch (Exception e) {
             throw createServletException(e);
         }

diff --git a/hawtio-web/src/main/java/io/hawt/jmx/UploadManager.java b/hawtio-web/src/main/java/io/hawt/jmx/UploadManager.java
@@ -1,13 +1,17 @@
 package io.hawt.jmx;
 
+import io.hawt.system.ConfigManager;
 import io.hawt.util.Strings;
-import io.hawt.web.UploadServlet;
+import org.apache.commons.fileupload.disk.DiskFileItemFactory;
+import org.apache.commons.fileupload.servlet.FileCleanerCleanup;
+import org.apache.commons.io.FileCleaningTracker;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import javax.management.InstanceAlreadyExistsException;
 import javax.management.MBeanServer;
 import javax.management.ObjectName;
+import javax.servlet.ServletContext;
 import java.io.File;
 import java.lang.management.ManagementFactory;
 import java.util.ArrayList;
@@ -19,12 +23,26 @@
 public class UploadManager implements UploadManagerMBean {
 
     private static final transient Logger LOG = LoggerFactory.getLogger(UploadManager.class);
+    public static String UPLOAD_DIRECTORY = "";
 
     private ObjectName objectName;
     private MBeanServer mBeanServer;
 
+    public static DiskFileItemFactory newDiskFileItemFactory(ServletContext context, File repository) {
+        FileCleaningTracker fileCleaningTracker = FileCleanerCleanup.getFileCleaningTracker(context);
+        DiskFileItemFactory factory = new DiskFileItemFactory(DiskFileItemFactory.DEFAULT_SIZE_THRESHOLD, repository);
+        factory.setFileCleaningTracker(fileCleaningTracker);
+        return factory;
+    }
+
+
+    public void init(ConfigManager config) throws Exception {
+
+        UploadManager.UPLOAD_DIRECTORY = config.get("uploadDirectory", System.getProperty("java.io.tmpdir") + File.separator + "uploads");
+
+        LOG.info("Using file upload directory: {}", UploadManager.UPLOAD_DIRECTORY);
+
 
-    public void init() throws Exception {
         if (objectName == null) {
             objectName = getObjectName();
         }
@@ -58,7 +76,11 @@ protected ObjectName getObjectName() throws Exception {
 
     @Override
     public String getUploadDirectory() {
-        return UploadServlet.UPLOAD_DIRECTORY;
+        return UPLOAD_DIRECTORY;
+    }
+
+    public void setUploadDirectory(String directory) {
+        this.UPLOAD_DIRECTORY = directory;
     }
 
     @Override
@@ -81,9 +103,9 @@ public List<FileDTO> list(String parent) {
     private String getTargetDirectory(String parent) {
         parent = Strings.sanitizeDirectory(parent);
         if (Strings.isNotBlank(parent)) {
-            return  UploadServlet.UPLOAD_DIRECTORY + File.separator + parent;
+            return  UPLOAD_DIRECTORY + File.separator + parent;
         }
-        return UploadServlet.UPLOAD_DIRECTORY;
+        return UPLOAD_DIRECTORY;
     }
 
     @Override

diff --git a/hawtio-web/src/main/java/io/hawt/system/ConfigManager.java b/hawtio-web/src/main/java/io/hawt/system/ConfigManager.java
@@ -0,0 +1,67 @@
+package io.hawt.system;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.naming.Context;
+import javax.naming.InitialContext;
+import javax.naming.NamingException;
+
+/**
+ * @author Stan Lewis
+ */
+public class ConfigManager {
+    private static final transient Logger LOG = LoggerFactory.getLogger(ConfigManager.class);
+
+    private Context envContext = null;
+
+    public ConfigManager() {
+
+    }
+
+    public void init() {
+        try {
+            envContext = (Context) new InitialContext().lookup("java:/comp/env");
+            LOG.info("Configuration will be discovered via JNDI");
+        } catch (NamingException e) {
+            LOG.debug("Failed to look up environment context: ", e);
+            LOG.info("Configuration will be discovered via system properties");
+        }
+    }
+
+    public void destroy() {
+        if (envContext != null) {
+            try {
+                envContext.close();
+            } catch (NamingException e) {
+                // ignore...
+            }
+            envContext = null;
+        }
+    }
+
+    public String get(String name, String defaultValue) {
+        String answer = null;
+        if (envContext != null) {
+            try {
+                answer = (String) envContext.lookup("hawtio/" + name);
+            } catch (Exception e) {
+                // ignore...
+            }
+        } else {
+            if (defaultValue == null) {
+                answer = System.getProperty("hawtio." + name);
+            } else {
+                answer = System.getProperty("hawtio." + name, defaultValue.toString());
+            }
+        }
+        if (answer == null) {
+            answer = defaultValue;
+        }
+        LOG.debug("Property {} is set to value {}", name, answer);
+        return answer;
+    }
+
+
+
+}
diff --git a/hawtio-web/src/main/java/io/hawt/web/AuthenticationFilter.java b/hawtio-web/src/main/java/io/hawt/web/AuthenticationFilter.java
@@ -1,18 +1,14 @@
 package io.hawt.web;
 
 import io.hawt.system.Authenticator;
+import io.hawt.system.ConfigManager;
 import io.hawt.system.Helpers;
 import io.hawt.system.PrivilegedCallback;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import javax.security.auth.Subject;
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import javax.servlet.*;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
@@ -36,13 +32,12 @@ public class AuthenticationFilter implements Filter {
     @Override
     public void init(FilterConfig filterConfig) throws ServletException {
 
-        realm = (String) filterConfig.getServletContext().getAttribute("realm");
-        role = (String) filterConfig.getServletContext().getAttribute("role");
-        rolePrincipalClasses = (String) filterConfig.getServletContext().getAttribute("rolePrincipalClasses");
-        Object authEnabledValue = filterConfig.getServletContext().getAttribute("authEnabled");
-        if (authEnabledValue instanceof Boolean) {
-            enabled = (Boolean) authEnabledValue;
-        }
+        ConfigManager config = (ConfigManager) filterConfig.getServletContext().getAttribute("ConfigManager");
+
+        realm = config.get("realm", "karaf");
+        role = config.get("role", "admin");
+        rolePrincipalClasses = config.get("rolePrincipalClasses", "");
+        enabled = Boolean.parseBoolean(config.get("authenticationEnabled", "true"));
 
         if (enabled) {
             LOG.info("Starting hawtio authentication filter, JAAS realm: \"" + realm + "\" authorized role: \"" + role + "\"" + " role principal classes: \"" + rolePrincipalClasses + "\"");

diff --git a/hawtio-web/src/main/java/io/hawt/web/BrandingServlet.java b/hawtio-web/src/main/java/io/hawt/web/BrandingServlet.java
@@ -1,5 +1,6 @@
 package io.hawt.web;
 
+import io.hawt.system.ConfigManager;
 import org.jolokia.converter.Converters;
 import org.jolokia.converter.json.JsonConvertOptions;
 import org.slf4j.Logger;
@@ -13,11 +14,7 @@
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.io.PrintWriter;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
+import java.util.*;
 
 /**
  * @author Stan Lewis
@@ -28,26 +25,39 @@ public class BrandingServlet extends HttpServlet {
 
     List<String> propertiesToCheck = new ArrayList<String>();
     List<String> wantedStrings = new ArrayList<String>();
-    boolean forceBranding;
+    boolean forceBranding = false;
     boolean useBranding = true;
     String profile;
     Converters converters = new Converters();
     JsonConvertOptions options = JsonConvertOptions.DEFAULT;
 
 
     @Override
-    public void init(ServletConfig config) throws ServletException {
+    public void init(ServletConfig servletConfig) throws ServletException {
 
-        propertiesToCheck.add("karaf.version");
+        ConfigManager config = (ConfigManager) servletConfig.getServletContext().getAttribute("ConfigManager");
 
-        wantedStrings.add("redhat");
-        wantedStrings.add("fuse");
+        String propertiesToCheckString = config.get("propertiesToCheck", "karaf.version");
+        String wantedStringsString = config.get("wantedStrings", "redhat,fuse");
+        forceBranding = Boolean.parseBoolean(config.get("forceBranding", "false"));
+        useBranding = Boolean.parseBoolean(config.get("useBranding", "true"));
 
-        forceBranding = Boolean.parseBoolean(System.getProperty("hawtio.forceBranding", "false"));
-        useBranding = Boolean.parseBoolean(System.getProperty("hawtio.useBranding", "true"));
+        if (propertiesToCheckString != null) {
+            for (String str : propertiesToCheckString.split(",")) {
+                propertiesToCheck.add(str.trim());
+            }
+        }
+
+        if (wantedStringsString != null) {
+            for (String str : wantedStringsString.split(",")) {
+                wantedStrings.add(str.trim());
+            }
+        }
+
+        // we'll look for this as a system property for now...
         profile = System.getProperty("profile");
 
-        super.init(config);
+        super.init(servletConfig);
     }
 
 

diff --git a/hawtio-web/src/main/java/io/hawt/web/UploadServlet.java b/hawtio-web/src/main/java/io/hawt/web/UploadServlet.java
@@ -1,13 +1,12 @@
 package io.hawt.web;
 
+import io.hawt.jmx.UploadManager;
 import io.hawt.util.Strings;
 import org.apache.commons.fileupload.FileItem;
 import org.apache.commons.fileupload.FileUploadException;
 import org.apache.commons.fileupload.ProgressListener;
 import org.apache.commons.fileupload.disk.DiskFileItemFactory;
-import org.apache.commons.fileupload.servlet.FileCleanerCleanup;
 import org.apache.commons.fileupload.servlet.ServletFileUpload;
-import org.apache.commons.io.FileCleaningTracker;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -29,20 +28,6 @@ public class UploadServlet extends HttpServlet {
 
     private static final transient Logger LOG = LoggerFactory.getLogger(UploadServlet.class);
 
-    // TODO - make more configurable
-    public static String UPLOAD_DIRECTORY = System.getProperty("java.io.tmpdir") + File.separator + "uploads";
-
-    static {
-        LOG.info("Using file upload directory: {}", UPLOAD_DIRECTORY);
-    }
-
-    private static DiskFileItemFactory newDiskFileItemFactory(ServletContext context, File repository) {
-        FileCleaningTracker fileCleaningTracker = FileCleanerCleanup.getFileCleaningTracker(context);
-        DiskFileItemFactory factory = new DiskFileItemFactory(DiskFileItemFactory.DEFAULT_SIZE_THRESHOLD, repository);
-        factory.setFileCleaningTracker(fileCleaningTracker);
-        return factory;
-    }
-
     @Override
     protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
 
@@ -52,14 +37,14 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)
         boolean isMultipart = ServletFileUpload.isMultipartContent(request);
         if (isMultipart) {
             ServletContext context = this.getServletConfig().getServletContext();
-            File uploadDir = new File(UPLOAD_DIRECTORY);
+            File uploadDir = new File(UploadManager.UPLOAD_DIRECTORY);
             if (!uploadDir.exists()) {
                 LOG.info("Creating directory {}" + uploadDir);
                 if (!uploadDir.mkdirs()) {
                     LOG.warn("Failed to create upload directory at {}", uploadDir);
                 }
             }
-            DiskFileItemFactory factory = newDiskFileItemFactory(context, uploadDir);
+            DiskFileItemFactory factory = UploadManager.newDiskFileItemFactory(context, uploadDir);
             ServletFileUpload upload = new ServletFileUpload(factory);
 
             String targetDirectory = null;
@@ -107,7 +92,7 @@ public void update(long pBytesRead, long pContentLength, int pItems) {
                             continue;
                         }
 
-                        File target = new File(UPLOAD_DIRECTORY + File.separator + fileName);
+                        File target = new File(UploadManager.UPLOAD_DIRECTORY + File.separator + fileName);
 
                         try {
                             item.write(target);
@@ -146,4 +131,5 @@ public void update(long pBytesRead, long pContentLength, int pItems) {
             super.doPost(request, response);
         }
     }
+
 }