From 64bb70d2946841428e882d681aaa3cf8b8b31045 Mon Sep 17 00:00:00 2001 From: Svetoslav Neykov Date: Tue, 5 Apr 2016 17:38:34 +0300 Subject: [PATCH] Don't bind to 127.0.0.1 only when using AnyoneSecurityProvider Keeps backwards compatibility - using AnyoneSecurityProvider wouldn't force brooklyn server to bind to loopback only, but then changed to being treated same as noSecurityProvider. Revert to initial behaviour. --- .../brooklyn/launcher/BrooklynLauncher.java | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynLauncher.java b/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynLauncher.java index 62fd7ee9fc..be35e60983 100644 --- a/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynLauncher.java +++ b/launcher/src/main/java/org/apache/brooklyn/launcher/BrooklynLauncher.java @@ -266,17 +266,13 @@ protected void startWebApps() { ManagementContext managementContext = getManagementContext(); BrooklynProperties brooklynProperties = (BrooklynProperties) managementContext.getConfig(); + String securityProvider = managementContext.getConfig().getConfig(BrooklynWebConfig.SECURITY_PROVIDER_CLASSNAME); + // The security provider will let anyone in, but still require a password to be entered. + // Skip password request dialog if we know the provider will let users through. + boolean anyoneSecurityProvider = AnyoneSecurityProvider.class.getName().equals(securityProvider); + // No security options in properties and no command line options overriding. - Boolean skipSecurity = skipSecurityFilter; - if (skipSecurity == null) { - String securityProvider = managementContext.getConfig().getConfig(BrooklynWebConfig.SECURITY_PROVIDER_CLASSNAME); - // The security provider will let anyone in, but still require a password to be entered. - // Skip password request dialog if we know the provider will let users through. - if (AnyoneSecurityProvider.class.getName().equals(securityProvider)) { - skipSecurity = true; - } - } - if (Boolean.TRUE.equals(skipSecurity) && bindAddress==null) { + if (Boolean.TRUE.equals(skipSecurityFilter) && bindAddress==null) { LOG.info("Starting Brooklyn web-console on loopback because security is explicitly disabled and no bind address specified"); bindAddress = Networking.LOOPBACK; } else if (BrooklynWebConfig.hasNoSecurityOptions(managementContext.getConfig())) { @@ -310,7 +306,7 @@ protected void startWebApps() { if (useHttps!=null) webServer.setHttpsEnabled(useHttps); webServer.setShutdownHandler(shutdownHandler); webServer.putAttributes(brooklynProperties); - webServer.skipSecurity(Boolean.TRUE.equals(skipSecurity)); + webServer.skipSecurity(Boolean.TRUE.equals(skipSecurityFilter) || anyoneSecurityProvider); for (WebAppContextProvider webapp : webApps) { webServer.addWar(webapp); }