Merge pull request #179 from lucasponce/JAAS-Support

Add BASIC JAAS security to .war artifacts

hawkular-alerts-actions-plugins/hawkular-alerts-actions-aerogear/src/main/webapp/WEB-INF/web.xml

@@ -21,4 +21,26 @@
          xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
          version="3.0">
 
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>REST endpoints</web-resource-name>
+      <url-pattern>/*</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+      <role-name>*</role-name>
+    </auth-constraint>
+  </security-constraint>
+
+  <login-config>
+    <auth-method>BASIC</auth-method>
+    <realm-name>ApplicationRealm</realm-name>
+  </login-config>
+
+  <security-role>
+    <role-name>read-write</role-name>
+  </security-role>
+  <security-role>
+    <role-name>read-only</role-name>
+  </security-role>
+
 </web-app>

hawkular-alerts-actions-plugins/hawkular-alerts-actions-email/src/main/webapp/WEB-INF/web.xml

@@ -21,4 +21,26 @@
       xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
       version="3.0">
 
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>REST endpoints</web-resource-name>
+      <url-pattern>/*</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+      <role-name>*</role-name>
+    </auth-constraint>
+  </security-constraint>
+
+  <login-config>
+    <auth-method>BASIC</auth-method>
+    <realm-name>ApplicationRealm</realm-name>
+  </login-config>
+
+  <security-role>
+    <role-name>read-write</role-name>
+  </security-role>
+  <security-role>
+    <role-name>read-only</role-name>
+  </security-role>
+
 </web-app>

hawkular-alerts-actions-plugins/hawkular-alerts-actions-file/src/main/webapp/WEB-INF/web.xml

@@ -21,4 +21,26 @@
       xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
       version="3.0">
 
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>REST endpoints</web-resource-name>
+      <url-pattern>/*</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+      <role-name>*</role-name>
+    </auth-constraint>
+  </security-constraint>
+
+  <login-config>
+    <auth-method>BASIC</auth-method>
+    <realm-name>ApplicationRealm</realm-name>
+  </login-config>
+
+  <security-role>
+    <role-name>read-write</role-name>
+  </security-role>
+  <security-role>
+    <role-name>read-only</role-name>
+  </security-role>
+
 </web-app>

hawkular-alerts-actions-plugins/hawkular-alerts-actions-irc/src/main/webapp/WEB-INF/web.xml

@@ -21,4 +21,26 @@
       xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
       version="3.0">
 
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>REST endpoints</web-resource-name>
+      <url-pattern>/*</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+      <role-name>*</role-name>
+    </auth-constraint>
+  </security-constraint>
+
+  <login-config>
+    <auth-method>BASIC</auth-method>
+    <realm-name>ApplicationRealm</realm-name>
+  </login-config>
+
+  <security-role>
+    <role-name>read-write</role-name>
+  </security-role>
+  <security-role>
+    <role-name>read-only</role-name>
+  </security-role>
+
 </web-app>

hawkular-alerts-actions-plugins/hawkular-alerts-actions-pagerduty/src/main/webapp/WEB-INF/web.xml

@@ -21,4 +21,26 @@
       xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
       version="3.0">
 
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>REST endpoints</web-resource-name>
+      <url-pattern>/*</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+      <role-name>*</role-name>
+    </auth-constraint>
+  </security-constraint>
+
+  <login-config>
+    <auth-method>BASIC</auth-method>
+    <realm-name>ApplicationRealm</realm-name>
+  </login-config>
+
+  <security-role>
+    <role-name>read-write</role-name>
+  </security-role>
+  <security-role>
+    <role-name>read-only</role-name>
+  </security-role>
+
 </web-app>

hawkular-alerts-actions-plugins/hawkular-alerts-actions-sms/src/main/webapp/WEB-INF/web.xml

@@ -21,4 +21,26 @@
       xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
       version="3.0">
 
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>REST endpoints</web-resource-name>
+      <url-pattern>/*</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+      <role-name>*</role-name>
+    </auth-constraint>
+  </security-constraint>
+
+  <login-config>
+    <auth-method>BASIC</auth-method>
+    <realm-name>ApplicationRealm</realm-name>
+  </login-config>
+
+  <security-role>
+    <role-name>read-write</role-name>
+  </security-role>
+  <security-role>
+    <role-name>read-only</role-name>
+  </security-role>
+
 </web-app>

hawkular-alerts-actions-plugins/hawkular-alerts-actions-snmp/src/main/webapp/WEB-INF/web.xml

@@ -21,4 +21,26 @@
       xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
       version="3.0">
 
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>REST endpoints</web-resource-name>
+      <url-pattern>/*</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+      <role-name>*</role-name>
+    </auth-constraint>
+  </security-constraint>
+
+  <login-config>
+    <auth-method>BASIC</auth-method>
+    <realm-name>ApplicationRealm</realm-name>
+  </login-config>
+
+  <security-role>
+    <role-name>read-write</role-name>
+  </security-role>
+  <security-role>
+    <role-name>read-only</role-name>
+  </security-role>
+
 </web-app>

hawkular-alerts-actions-plugins/hawkular-alerts-actions-webhook/src/main/webapp/WEB-INF/web.xml

@@ -21,4 +21,26 @@
       xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
       version="3.0">
 
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>REST endpoints</web-resource-name>
+      <url-pattern>/*</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+      <role-name>*</role-name>
+    </auth-constraint>
+  </security-constraint>
+
+  <login-config>
+    <auth-method>BASIC</auth-method>
+    <realm-name>ApplicationRealm</realm-name>
+  </login-config>
+
+  <security-role>
+    <role-name>read-write</role-name>
+  </security-role>
+  <security-role>
+    <role-name>read-only</role-name>
+  </security-role>
+
 </web-app>

hawkular-alerts-rest-tests/src/test/groovy/org/hawkular/alerts/rest/BusITest.groovy

@@ -114,12 +114,12 @@ class BusITest extends AbstractITestBase {
         Properties env = new Properties();
         env.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory")
         env.put(Context.PROVIDER_URL, "http-remoting://127.0.0.1:8080")
-        env.put(Context.SECURITY_PRINCIPAL, 'hawkular')
-        env.put(Context.SECURITY_CREDENTIALS, 'hawkular')
+        env.put(Context.SECURITY_PRINCIPAL, 'jdoe')
+        env.put(Context.SECURITY_CREDENTIALS, 'password')
 
         InitialContext namingContext = new InitialContext(env)
         ConnectionFactory connectionFactory = (ConnectionFactory) namingContext.lookup('jms/RemoteConnectionFactory')
-        JMSContext context = connectionFactory.createContext('hawkular', 'hawkular')
+        JMSContext context = connectionFactory.createContext('jdoe', 'password')
         Topic topic = (Topic) namingContext.lookup('java:/topic/HawkularAvailData')
         JMSProducer producer = context.createProducer()
 
@@ -227,12 +227,12 @@ class BusITest extends AbstractITestBase {
         Properties env = new Properties();
         env.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory")
         env.put(Context.PROVIDER_URL, "http-remoting://127.0.0.1:8080")
-        env.put(Context.SECURITY_PRINCIPAL, 'hawkular')
-        env.put(Context.SECURITY_CREDENTIALS, 'hawkular')
+        env.put(Context.SECURITY_PRINCIPAL, 'jdoe')
+        env.put(Context.SECURITY_CREDENTIALS, 'password')
 
         InitialContext namingContext = new InitialContext(env)
         ConnectionFactory connectionFactory = (ConnectionFactory) namingContext.lookup('jms/RemoteConnectionFactory')
-        JMSContext context = connectionFactory.createContext('hawkular', 'hawkular')
+        JMSContext context = connectionFactory.createContext('jdoe', 'password')
         Topic topic = (Topic) namingContext.lookup('java:/topic/HawkularMetricData')
         JMSProducer producer = context.createProducer()
 

hawkular-alerts-rest-tests/src/test/resources/application-roles.properties

@@ -38,4 +38,5 @@
 #
 #admin=PowerUser,BillingAdmin,
 #guest=guest
-hawkular=guest
+jdoe=read-write,read-only,guest
+jsmith=read-write,read-only

hawkular-alerts-rest-tests/src/test/resources/application-users.properties

@@ -39,4 +39,5 @@
 # The following illustrates how an admin user could be defined, this
 # is for illustration only and does not correspond to a usable password.
 #
-hawkular=2e1e5cc53887b6592e92423688b5ff7d
+jdoe=35c8096d943bf6555d0a39f35fd5c7e0
+jsmith=946d26a68d0cb5fb1b8ef5760b9326d5

hawkular-alerts-rest/src/main/webapp/WEB-INF/web.xml

@@ -21,4 +21,33 @@
       xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
       version="3.0">
 
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>Status endpoint</web-resource-name>
+      <url-pattern>/status</url-pattern>
+    </web-resource-collection>
+  </security-constraint>
+
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>REST endpoints</web-resource-name>
+      <url-pattern>/*</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+      <role-name>*</role-name>
+    </auth-constraint>
+  </security-constraint>
+
+  <login-config>
+    <auth-method>BASIC</auth-method>
+    <realm-name>ApplicationRealm</realm-name>
+  </login-config>
+
+  <security-role>
+    <role-name>read-write</role-name>
+  </security-role>
+  <security-role>
+    <role-name>read-only</role-name>
+  </security-role>
+
 </web-app>