Add web ui auth capability to the Docker image

thelastpickle · Mar 22, 2018 · 469475a · 469475a
1 parent a0e63bb
commit 469475a
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 0 deletions.
diff --git a/src/server/src/main/docker/Dockerfile b/src/server/src/main/docker/Dockerfile
@@ -48,29 +48,40 @@ ENV REAPER_SEGMENT_COUNT=200 \
     REAPER_METRICS_ENABLED=false \
     REAPER_METRICS_FREQUENCY="1 minute" \
     REAPER_METRICS_REPORTERS="[]" \
+    REAPER_ENABLE_WEBUI_AUTH=false \
+    REAPER_WEBUI_USER="reaper" \
+    REAPER_WEBUI_PASSWORD="CassandraReaper" \
+    REAPER_SHIRO_INI="/etc/shiro.ini" \
     JAVA_OPTS=""
 
 ADD cassandra-reaper.yml /etc/cassandra-reaper.yml
+ADD shiro.ini /etc/shiro.ini
 ADD entrypoint.sh /usr/local/bin/entrypoint.sh
 ADD configure-persistence.sh /usr/local/bin/configure-persistence.sh
 ADD configure-metrics.sh /usr/local/bin/configure-metrics.sh
+ADD configure-webui-authentication.sh /usr/local/bin/configure-webui-authentication.sh
 
 RUN addgroup -S reaper && \
     adduser -S reaper reaper && \
     apk add --no-cache 'su-exec>=0.2' && \
     mkdir -p /var/lib/cassandra-reaper && \
+    mkdir -p /etc/cassandra-reaper/shiro && \
     chown reaper:reaper \
         /etc/cassandra-reaper.yml \
+        /etc/shiro.ini \
         /var/lib/cassandra-reaper \
         /usr/local/bin/entrypoint.sh \
         /usr/local/bin/configure-persistence.sh \
+        /usr/local/bin/configure-webui-authentication.sh \
         /usr/local/bin/configure-metrics.sh && \
     chmod u+x \
         /usr/local/bin/entrypoint.sh \
         /usr/local/bin/configure-persistence.sh \
+        /usr/local/bin/configure-webui-authentication.sh \
         /usr/local/bin/configure-metrics.sh
 
 VOLUME /var/lib/cassandra-reaper
+VOLUME /etc/cassandra-reaper/shiro
 
 ADD ${SHADED_JAR} /usr/local/lib/cassandra-reaper.jar
 

diff --git a/src/server/src/main/docker/configure-webui-authentication.sh b/src/server/src/main/docker/configure-webui-authentication.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+if [ "true" = "${REAPER_ENABLE_WEBUI_AUTH}" ]; then
+cat <<EOT >> /etc/cassandra-reaper.yml
+accessControl:
+  sessionTimeout: PT10M
+  shiro:
+    iniConfigs: ["file:${REAPER_SHIRO_INI}"]
+EOT
+fi
+
+if [ "true" = "${REAPER_ENABLE_WEBUI_AUTH}" ]; then
+cat <<EOT2 >> /etc/shiro.ini
+${REAPER_WEBUI_USER} = ${REAPER_WEBUI_PASSWORD}
+EOT2
+fi
diff --git a/src/server/src/main/docker/entrypoint.sh b/src/server/src/main/docker/entrypoint.sh
@@ -7,6 +7,7 @@ if [ "$1" = 'cassandra-reaper' ]; then
     touch /etc/cassandra-reaper.yml
 
     su-exec reaper /usr/local/bin/configure-persistence.sh
+    su-exec reaper /usr/local/bin/configure-webui-authentication.sh
     su-exec reaper /usr/local/bin/configure-metrics.sh
     exec su-exec reaper java \
                     ${JAVA_OPTS} \

diff --git a/src/server/src/main/docker/shiro.ini b/src/server/src/main/docker/shiro.ini
@@ -0,0 +1,16 @@
+[main]
+authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
+authc.loginUrl = /webui/login.html
+
+[urls]
+# Allow anonynous access to login page (and dependencies), but no other pages
+/webui/ = authc
+/webui = authc
+/webui/login.html = anon
+/webui/*.html* = authc
+/webui/*.js* = anon
+/ping = anon
+/login = anon
+/** = anon
+
+[users]