KYLO-266 Cannot login when Kylo UI is on HTTPS

Teradata · Feb 22, 2017 · 1d455d0 · 1d455d0
1 parent 3562120
commit 1d455d0
Show file tree

Hide file tree

Showing 7 changed files with 56 additions and 29 deletions.
diff --git a/commons/commons-rest-client/src/main/java/com/thinkbiganalytics/rest/JerseyRestClient.java b/commons/commons-rest-client/src/main/java/com/thinkbiganalytics/rest/JerseyRestClient.java
@@ -336,6 +336,8 @@ public <T> T get(String path, Map<String, Object> params, Class<T> clazz) {
         } catch (Exception e) {
             if (e instanceof NotAcceptableException) {
                 obj = handleNotAcceptableGetRequestJsonException(target, clazz);
+            } else {
+                log.error("Failed to process request " + path, e);
             }
 
         }
@@ -365,8 +367,9 @@ public <T> T getFromPathString(String path, Class<T> clazz) {
         } catch (Exception e) {
             if (e instanceof NotAcceptableException) {
                 obj = handleNotAcceptableGetRequestJsonException(target, clazz);
+            } else {
+                log.error("Failed to process request " + path, e);
             }
-
         }
         return obj;
     }

diff --git a/...rity-auth-kylo-rest/src/main/java/com/thinkbiganalytics/auth/rest/KyloRestAuthConfig.java b/...rity-auth-kylo-rest/src/main/java/com/thinkbiganalytics/auth/rest/KyloRestAuthConfig.java
@@ -25,11 +25,13 @@
 import com.thinkbiganalytics.auth.jaas.config.JaasAuthConfig;
 
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
 
 import javax.annotation.Nonnull;
+import javax.inject.Inject;
 
 /**
  * Spring configuration for the Kylo REST API Login Module.
@@ -41,8 +43,14 @@ public class KyloRestAuthConfig {
     @Value("${security.auth.kylo.login.ui:required}")
     private String uiLoginFlag;
 
-    @Value("${security.auth.kylo.login.url:http://localhost:8400/proxy}")
-    private String loginUrl;
+    @Bean(name = "loginRestClientConfig")
+    @ConfigurationProperties(prefix = "loginRestClientConfig")
+    public LoginJerseyClientConfig loginRestClientConfig() {
+        return new LoginJerseyClientConfig();
+    }
+
+    @Inject
+    private LoginJerseyClientConfig loginRestClientConfig;
 
     @Value("${security.auth.kylo.login.username:#{null}}")
     private String loginUser;
@@ -65,12 +73,12 @@ public LoginConfiguration servicesRestLoginConfiguration(@Nonnull final LoginCon
                 .loginModule(JaasAuthConfig.JAAS_UI)
                     .moduleClass(KyloRestLoginModule.class)
                     .controlFlag(this.uiLoginFlag)
-                    .option(KyloRestLoginModule.LOGIN_URL, loginUrl)
+                    .option(KyloRestLoginModule.REST_CLIENT_CONFIG, loginRestClientConfig)
                     .add()
                 .loginModule(JaasAuthConfig.JAAS_UI_TOKEN)
                     .moduleClass(KyloRestLoginModule.class)
                     .controlFlag(this.uiLoginFlag)
-                    .option(KyloRestLoginModule.LOGIN_URL, loginUrl)
+                    .option(KyloRestLoginModule.REST_CLIENT_CONFIG, loginRestClientConfig)
                     .option(KyloRestLoginModule.LOGIN_USER, loginUser)
                     .option(KyloRestLoginModule.LOGIN_PASSWORD, loginPassword)
                     .add()

diff --git a/...ity-auth-kylo-rest/src/main/java/com/thinkbiganalytics/auth/rest/KyloRestLoginModule.java b/...ity-auth-kylo-rest/src/main/java/com/thinkbiganalytics/auth/rest/KyloRestLoginModule.java
@@ -49,19 +49,21 @@
  */
 public class KyloRestLoginModule extends AbstractLoginModule implements LoginModule {
 
+    private static final Logger log = LoggerFactory.getLogger(KyloRestLoginModule.class);
     /**
      * Option for the URL of the REST API endpoint
      */
-    public static final String LOGIN_URL = "loginUrl";
+    static final String LOGIN_USER = "loginUser";
     /**
      * Option for the URL of the REST API endpoint
      */
-    public static final String LOGIN_USER = "loginUser";
+    static final String LOGIN_PASSWORD = "loginPassword";
+
     /**
-     * Option for the URL of the REST API endpoint
+     * Option for REST client configuration
      */
-    public static final String LOGIN_PASSWORD = "loginPassword";
-    private static final Logger log = LoggerFactory.getLogger(KyloRestLoginModule.class);
+    static final String REST_CLIENT_CONFIG = "restClientConfig";
+
     /**
      * REST API client configuration
      */
@@ -82,8 +84,7 @@ public void initialize(@Nonnull final Subject subject, @Nonnull final CallbackHa
         super.initialize(subject, callbackHandler, sharedState, options);
 
         try {
-            final URI uri = URI.create(options.get(LOGIN_URL).toString());
-            config = new LoginJerseyClientConfig(uri);
+            config = (LoginJerseyClientConfig) options.get(REST_CLIENT_CONFIG);
             loginUser = (String) getOption(LOGIN_USER).orElse(null);
             loginPassword = loginUser == null ? null : (String) getOption(LOGIN_PASSWORD)
                 .orElseThrow(() -> new IllegalArgumentException("A REST login password is required if a login username was provided"));
@@ -145,7 +146,7 @@ protected boolean doLogin() throws Exception {
         return true;
     }
 
-    protected UserPrincipal retrieveUser(String user, final LoginJerseyClientConfig userConfig) {
+    private UserPrincipal retrieveUser(String user, final LoginJerseyClientConfig userConfig) {
         String endpoint = loginUser == null ? "/v1/about/me" : "/v1/security/users/" + user;
         return getClient(userConfig).get(endpoint, null, UserPrincipal.class);
     }

diff --git a/...auth-kylo-rest/src/main/java/com/thinkbiganalytics/auth/rest/LoginJerseyClientConfig.java b/...auth-kylo-rest/src/main/java/com/thinkbiganalytics/auth/rest/LoginJerseyClientConfig.java
@@ -22,8 +22,6 @@
 
 import com.thinkbiganalytics.rest.JerseyClientConfig;
 
-import java.net.URI;
-
 import javax.annotation.Nonnull;
 
 /**
@@ -36,33 +34,38 @@ public class LoginJerseyClientConfig extends JerseyClientConfig {
      */
     private String path;
 
+    /**
+     * Default constructor, does nothing
+     */
+    LoginJerseyClientConfig() {
+    }
+
     /**
      * Constructs a {@code LoginJerseyClientConfig} by copying another.
      *
      * @param other the configuration to copy
      */
-    public LoginJerseyClientConfig(@Nonnull final LoginJerseyClientConfig other) {
-        path = other.path;
-
+    LoginJerseyClientConfig(@Nonnull final LoginJerseyClientConfig other) {
+        setHttps(other.isHttps());
         setHost(other.getHost());
         setPort(other.getPort());
+        setPath(other.path);
+        setKeystorePath(other.getKeystorePath());
+        setKeystorePassword(other.getKeystorePassword());
+        setKeystoreType(other.getKeystoreType());
+        setKeystoreOnClasspath(other.isKeystoreOnClasspath());
     }
 
     /**
-     * Constructs a {@code LoginJerseyClientConfig} from the specified URI.
-     *
-     * @param uri the URI to the REST API
+     * Sets base path
      */
-    public LoginJerseyClientConfig(@Nonnull final URI uri) {
-        path = uri.getPath();
-
-        setHost(uri.getHost());
-        setPort(uri.getPort());
+    public void setPath(String path) {
+        this.path = path;
     }
 
     @Override
     public String getUrl() {
         final String url = super.getUrl();
-        return (path != null) ? url + path : url;
+        return path != null ? url + path : url;
     }
 }
diff --git a/...auth-kylo-rest/src/test/java/com/thinkbiganalytics/auth/rest/KyloRestLoginModuleTest.java b/...auth-kylo-rest/src/test/java/com/thinkbiganalytics/auth/rest/KyloRestLoginModuleTest.java
@@ -32,6 +32,8 @@
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.Comparator;
+import java.util.HashMap;
+import java.util.Map;
 
 import javax.annotation.Nonnull;
 import javax.security.auth.Subject;
@@ -76,7 +78,9 @@ JerseyRestClient getClient(@Nonnull LoginJerseyClientConfig config) {
         // Test login
         final Subject subject = new Subject();
 
-        module.initialize(subject, callbackHandler, Collections.emptyMap(), Collections.singletonMap(KyloRestLoginModule.LOGIN_URL, "http://localhost:8400/proxy"));
+        Map<String, Object> options = new HashMap<>();
+        options.put(KyloRestLoginModule.REST_CLIENT_CONFIG, new LoginJerseyClientConfig());
+        module.initialize(subject, callbackHandler, Collections.emptyMap(), options);
         Assert.assertTrue(module.login());
         Assert.assertTrue(module.commit());
 

diff --git a/ui/ui-app/src/main/resources/.gitignore b/ui/ui-app/src/main/resources/.gitignore
@@ -1,2 +1,2 @@
-application-*.properties
+application-dev*.properties
 
diff --git a/ui/ui-app/src/main/resources/application.properties b/ui/ui-app/src/main/resources/application.properties
@@ -73,6 +73,7 @@ spring.profiles.active=native,auth-kylo,auth-file
 # Server port
 #
 server.port=8400
+server.ssl.enabled=false
 
 zuul.prefix=/proxy
 zuul.routes.api.path=/**
@@ -96,3 +97,10 @@ security.rememberme.alwaysRemember=true
 #security.rememberme.parameter=remember-me
 #security.rememberme.tokenValiditySeconds=1209600
 #security.rememberme.useSecureCookie=
+
+loginRestClientConfig.https=${server.ssl.enabled}
+loginRestClientConfig.host=localhost
+loginRestClientConfig.port=${server.port}
+loginRestClientConfig.path=${zuul.prefix}
+loginRestClientConfig.keystorePath=${server.ssl.key-store}
+loginRestClientConfig.keystorePassword=${server.ssl.key-store-password}