Skip to content

Commit

Permalink
[WFLY-1696]/[WFLY-490] Add a --no-local-auth option on starting the C…
Browse files Browse the repository at this point in the history 
…LI to switch off local authentication.

Also disable local authentication if a username is supplied on starting the CLI.
  • Loading branch information
@darranl @bstansberry
darranl authored and bstansberry committed Aug 16, 2013
1 parent 8f95170 commit f23502a
Show file tree
Hide file tree
Showing 9 changed files with 92 additions and 26 deletions.
3 changes: 3 additions & 0 deletions cli/src/main/java/org/jboss/as/cli/CommandContextFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,9 @@ public abstract CommandContext newCommandContext(String controllerProtocol, Stri
public abstract CommandContext newCommandContext(String controllerProtocol, String controllerHost, int controllerPort,
String username, char[] password, boolean initConsole, final int connectionTimeout) throws CliInitializationException;

public abstract CommandContext newCommandContext(String controllerProtocol, String controllerHost, int controllerPort,
String username, char[] password, boolean disableLocalAuth, boolean initConsole, final int connectionTimeout) throws CliInitializationException;

public abstract CommandContext newCommandContext(String controllerHost, int controllerPort,
String username, char[] password,
InputStream consoleInput, OutputStream consoleOutput) throws CliInitializationException;
Expand Down
8 changes: 6 additions & 2 deletions cli/src/main/java/org/jboss/as/cli/impl/CLIModelControllerClient.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Map;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.LinkedBlockingQueue;
import java.util.concurrent.ThreadFactory;
Expand Down Expand Up @@ -104,6 +105,7 @@ public void shutdown() {
private final Object lock = new Object();

private final CallbackHandler handler;
private final Map<String, String> saslOptions;
private final SSLContext sslContext;
private final ConnectionCloseHandler closeHandler;

Expand All @@ -113,7 +115,7 @@ public void shutdown() {
private boolean closed;

CLIModelControllerClient(final String protocol, CallbackHandler handler, String hostName, int connectionTimeout,
final ConnectionCloseHandler closeHandler, int port, SSLContext sslContext) throws IOException {
final ConnectionCloseHandler closeHandler, int port, Map<String, String> saslOptions, SSLContext sslContext) throws IOException {
this.handler = handler;
this.sslContext = sslContext;
this.closeHandler = closeHandler;
Expand All @@ -130,6 +132,8 @@ public void close() throws IOException {
}, executorService, this);

channelConfig = new ProtocolChannelClient.Configuration();
this.saslOptions = saslOptions;
channelConfig.setSaslOptions(saslOptions);
try {
channelConfig.setUri(new URI(protocol +"://" + formatPossibleIpv6Address(hostName) + ":" + port));
} catch (URISyntaxException e) {
Expand All @@ -153,7 +157,7 @@ protected Channel getOrCreateChannel() throws IOException {

final ProtocolChannelClient setup = ProtocolChannelClient.create(channelConfig);
final ChannelCloseHandler channelCloseHandler = new ChannelCloseHandler();
strategy = ManagementClientChannelStrategy.create(setup, channelAssociation, handler, null, sslContext,
strategy = ManagementClientChannelStrategy.create(setup, channelAssociation, handler, saslOptions, sslContext,
channelCloseHandler);
channelCloseHandler.setOriginalStrategy(strategy);
}
Expand Down
18 changes: 11 additions & 7 deletions cli/src/main/java/org/jboss/as/cli/impl/CliLauncher.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@ public static void main(String[] args) throws Exception {
boolean version = false;
String username = null;
char[] password = null;
boolean noLocalAuth = false;
int connectionTimeout = -1;

for(String arg : args) {
Expand Down Expand Up @@ -174,8 +175,11 @@ public static void main(String[] args) throws Exception {
commands = Collections.singletonList(value);
} else if (arg.startsWith("--user=")) {
username = arg.startsWith("--") ? arg.substring(7) : arg.substring(5);
noLocalAuth = true;
} else if (arg.startsWith("--password=")) {
password = (arg.startsWith("--") ? arg.substring(11) : arg.substring(9)).toCharArray();
} else if (arg.equals("--no-local-auth")) {
noLocalAuth = true;
} else if (arg.startsWith("--timeout=")) {
if (connectionTimeout > 0) {
argError = "Duplicate argument '--timeout'";
Expand Down Expand Up @@ -242,31 +246,31 @@ public static void main(String[] args) throws Exception {
}

if(version) {
cmdCtx = initCommandContext(defaultControllerProtocol, defaultControllerHost, defaultControllerPort, username, password, false, connect, connectionTimeout);
cmdCtx = initCommandContext(defaultControllerProtocol, defaultControllerHost, defaultControllerPort, username, password, noLocalAuth, false, connect, connectionTimeout);
VersionHandler.INSTANCE.handle(cmdCtx);
return;
}

if(file != null) {
cmdCtx = initCommandContext(defaultControllerProtocol, defaultControllerHost, defaultControllerPort, username, password, false, connect, connectionTimeout);
cmdCtx = initCommandContext(defaultControllerProtocol, defaultControllerHost, defaultControllerPort, username, password, noLocalAuth, false, connect, connectionTimeout);
processFile(file, cmdCtx);
return;
}

if(commands != null) {
cmdCtx = initCommandContext(defaultControllerProtocol, defaultControllerHost, defaultControllerPort, username, password, false, connect, connectionTimeout);
cmdCtx = initCommandContext(defaultControllerProtocol, defaultControllerHost, defaultControllerPort, username, password, noLocalAuth, false, connect, connectionTimeout);
processCommands(commands, cmdCtx);
return;
}

if (gui) {
cmdCtx = initCommandContext(defaultControllerProtocol, defaultControllerHost, defaultControllerPort, username, password, false, true, connectionTimeout);
cmdCtx = initCommandContext(defaultControllerProtocol, defaultControllerHost, defaultControllerPort, username, password, noLocalAuth, false, true, connectionTimeout);
processGui(cmdCtx);
return;
}

// Interactive mode
cmdCtx = initCommandContext(defaultControllerProtocol, defaultControllerHost, defaultControllerPort, username, password, true, connect, connectionTimeout);
cmdCtx = initCommandContext(defaultControllerProtocol, defaultControllerHost, defaultControllerPort, username, password, noLocalAuth, true, connect, connectionTimeout);
cmdCtx.interact();
} catch(Throwable t) {
t.printStackTrace();
Expand All @@ -282,8 +286,8 @@ public static void main(String[] args) throws Exception {
System.exit(exitCode);
}

private static CommandContext initCommandContext(String defaultProtocol, String defaultHost, int defaultPort, String username, char[] password, boolean initConsole, boolean connect, final int connectionTimeout) throws CliInitializationException {
final CommandContext cmdCtx = CommandContextFactory.getInstance().newCommandContext(defaultProtocol, defaultHost, defaultPort, username, password, initConsole, connectionTimeout);
private static CommandContext initCommandContext(String defaultProtocol, String defaultHost, int defaultPort, String username, char[] password, boolean disableLocalAuth, boolean initConsole, boolean connect, final int connectionTimeout) throws CliInitializationException {
final CommandContext cmdCtx = CommandContextFactory.getInstance().newCommandContext(defaultProtocol, defaultHost, defaultPort, username, password, disableLocalAuth, initConsole, connectionTimeout);
if(connect) {
try {
cmdCtx.connectController();
Expand Down
15 changes: 12 additions & 3 deletions cli/src/main/java/org/jboss/as/cli/impl/CommandContextFactoryImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ public CommandContext newCommandContext() throws CliInitializationException {
@Override
public CommandContext newCommandContext(String username, char[] password)
throws CliInitializationException {
final CommandContextImpl cmdCtx = new CommandContextImpl(username, password);
final CommandContextImpl cmdCtx = new CommandContextImpl(username, password, username != null);
addShutdownHook(cmdCtx);
return cmdCtx;
}
Expand All @@ -63,7 +63,7 @@ public CommandContext newCommandContext(String controllerProtocol, String contro
public CommandContext newCommandContext(String controllerProtocol, String controllerHost,
int controllerPort, String username, char[] password,
boolean initConsole, final int connectionTimeout) throws CliInitializationException {
final CommandContext ctx = new CommandContextImpl(controllerProtocol, controllerHost, controllerPort, username, password, initConsole, connectionTimeout);
final CommandContext ctx = new CommandContextImpl(controllerProtocol, controllerHost, controllerPort, username, password, false, initConsole, connectionTimeout);
addShutdownHook(ctx);
return ctx;
}
Expand All @@ -72,7 +72,16 @@ public CommandContext newCommandContext(String controllerProtocol, String contro
public CommandContext newCommandContext(String controllerHost, int controllerPort,
String username, char[] password,
InputStream consoleInput, OutputStream consoleOutput) throws CliInitializationException {
final CommandContext ctx = new CommandContextImpl(controllerHost, controllerPort, username, password, consoleInput, consoleOutput);
final CommandContext ctx = new CommandContextImpl(controllerHost, controllerPort, username, password, false, consoleInput, consoleOutput);
addShutdownHook(ctx);
return ctx;
}

@Override
public CommandContext newCommandContext(String controllerProtocol, String controllerHost, int controllerPort,
String username, char[] password, boolean disableLocalAuth, boolean initConsole, int connectionTimeout)
throws CliInitializationException {
final CommandContext ctx = new CommandContextImpl(controllerProtocol, controllerHost, controllerPort, username, password, disableLocalAuth, initConsole, connectionTimeout);
addShutdownHook(ctx);
return ctx;
}
Expand Down
21 changes: 14 additions & 7 deletions cli/src/main/java/org/jboss/as/cli/impl/CommandContextImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -186,9 +186,11 @@ class CommandContextImpl implements CommandContext, ModelControllerClientFactory
/** the port of the controller */
private int controllerPort = -1;
/** the command line specified username */
private String username;
private final String username;
/** the command line specified password */
private char[] password;
private final char[] password;
/** flag to disable the local authentication mechanism */
private final boolean disableLocalAuth;
/** the time to connect to a controller */
private final int connectionTimeout;
/** The SSLContext when managed by the CLI */
Expand Down Expand Up @@ -243,18 +245,21 @@ class CommandContextImpl implements CommandContext, ModelControllerClientFactory
resolveParameterValues = config.isResolveParameterValues();
this.connectionTimeout = config.getConnectionTimeout();
silent = config.isSilent();
username = null;
password = null;
disableLocalAuth = false;
initSSLContext();
}

CommandContextImpl(String username, char[] password) throws CliInitializationException {
this(null, null, -1, username, password, false, -1);
CommandContextImpl(String username, char[] password, boolean disableLocalAuth) throws CliInitializationException {
this(null, null, -1, username, password, disableLocalAuth, false, -1);
}

/**
* Default constructor used for both interactive and non-interactive mode.
*
*/
CommandContextImpl(String defaultControllerProtocol, String defaultControllerHost, int defaultControllerPort, String username, char[] password, boolean initConsole, final int connectionTimeout)
CommandContextImpl(String defaultControllerProtocol, String defaultControllerHost, int defaultControllerPort, String username, char[] password, boolean disableLocalAuth, boolean initConsole, final int connectionTimeout)
throws CliInitializationException {

config = CliConfigImpl.load(this);
Expand All @@ -263,6 +268,7 @@ class CommandContextImpl implements CommandContext, ModelControllerClientFactory

this.username = username;
this.password = password;
this.disableLocalAuth = disableLocalAuth;
this.connectionTimeout = connectionTimeout != -1 ? connectionTimeout : config.getConnectionTimeout();

if (defaultControllerHost != null) {
Expand Down Expand Up @@ -299,7 +305,7 @@ class CommandContextImpl implements CommandContext, ModelControllerClientFactory
}

CommandContextImpl(String defaultControllerHost, int defaultControllerPort,
String username, char[] password,
String username, char[] password, boolean disableLocalAuth,
InputStream consoleInput, OutputStream consoleOutput)
throws CliInitializationException {

Expand All @@ -309,6 +315,7 @@ class CommandContextImpl implements CommandContext, ModelControllerClientFactory

this.username = username;
this.password = password;
this.disableLocalAuth = disableLocalAuth;
this.connectionTimeout = config.getConnectionTimeout();

if (defaultControllerHost != null) {
Expand Down Expand Up @@ -802,7 +809,7 @@ public void connectController(String protocol, String host, int port) throws Com
log.debug("connecting to " + host + ':' + port + " as " + username);
}
ModelControllerClient tempClient = ModelControllerClientFactory.CUSTOM.
getClient(protocol, host, port, cbh, sslContext, connectionTimeout, this);
getClient(protocol, host, port, cbh, disableLocalAuth, sslContext, connectionTimeout, this);
retry = tryConnection(tempClient, host, port);
if(!retry) {
newClient = tempClient;
Expand Down
24 changes: 18 additions & 6 deletions cli/src/main/java/org/jboss/as/cli/impl/ModelControllerClientFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@
package org.jboss.as.cli.impl;

import java.io.IOException;
import java.util.Collections;
import java.util.Map;

import javax.net.ssl.SSLContext;
import javax.security.auth.callback.CallbackHandler;
Expand All @@ -34,28 +36,38 @@
*/
public interface ModelControllerClientFactory {

String SASL_DISALLOWED_MECHANISMS = "SASL_DISALLOWED_MECHANISMS";
String JBOSS_LOCAL_USER = "JBOSS-LOCAL-USER";

Map<String, String> DISABLED_LOCAL_AUTH = Collections.singletonMap(SASL_DISALLOWED_MECHANISMS, JBOSS_LOCAL_USER);
Map<String, String> ENABLED_LOCAL_AUTH = Collections.emptyMap();

interface ConnectionCloseHandler {
void handleClose();
}

ModelControllerClient getClient(String protocol, String hostName, int port, CallbackHandler handler,
SSLContext sslContext, int connectionTimeout, ConnectionCloseHandler closeHandler) throws IOException;
boolean disableLocalAuth, SSLContext sslContext, int connectionTimeout,
ConnectionCloseHandler closeHandler) throws IOException;

ModelControllerClientFactory DEFAULT = new ModelControllerClientFactory() {
@Override
public ModelControllerClient getClient(String protocol, String hostName, int port, CallbackHandler handler,
SSLContext sslContext, int connectionTimeout, ConnectionCloseHandler closeHandler) throws IOException {
return ModelControllerClient.Factory.create(protocol, hostName, port, handler, sslContext, connectionTimeout);
boolean disableLocalAuth, SSLContext sslContext, int connectionTimeout,
ConnectionCloseHandler closeHandler) throws IOException {
Map<String, String> saslOptions = disableLocalAuth ? DISABLED_LOCAL_AUTH : ENABLED_LOCAL_AUTH;
return ModelControllerClient.Factory.create(protocol, hostName, port, handler, sslContext, connectionTimeout, saslOptions);
}
};

ModelControllerClientFactory CUSTOM = new ModelControllerClientFactory() {

@Override
public ModelControllerClient getClient(String protocol, final String hostName, final int port,
final CallbackHandler handler, final SSLContext sslContext,
final CallbackHandler handler, boolean disableLocalAuth, final SSLContext sslContext,
final int connectionTimeout, final ConnectionCloseHandler closeHandler) throws IOException {

return new CLIModelControllerClient(protocol, handler, hostName, connectionTimeout, closeHandler, port, sslContext);
Map<String, String> saslOptions = disableLocalAuth ? DISABLED_LOCAL_AUTH : ENABLED_LOCAL_AUTH;
return new CLIModelControllerClient(protocol, handler, hostName, connectionTimeout, closeHandler, port, saslOptions, sslContext);
}};

}
9 changes: 8 additions & 1 deletion cli/src/main/resources/help/help.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ Usage:
[--commands=command_or_operation1,command_or_operation2...]
[--command=command_or_operation]
[--user=username --password=password]
[--no-local-auth]
[--timeout=timeout]

--help (-h) - prints (this) basic description of the command line utility.
Expand Down Expand Up @@ -51,13 +52,19 @@ Usage:
can be used to specify the user name as a command line
argument. If the argument isn't specified and the
authentication is required the user will be prompted to enter
the user name when the connect command is issued.
the user name when the connect command is issued. Local
authentication is automatically disabled if a user is specified.


--password - specifies the password for authentication while connecting to
the controller as a command line argument. If the argument
isn't specified and the authentication is required the user
will be prompted to enter the password when the connect
command is issued.

--no-local-auth - disable the local authentication mechanism which allows the CLI
to demonstrate that it is being executed locally to the server
being managed through an exchange of tokens using the filesystem.

--timeout - specifies home many milliseconds to wait for a given command
to return. The value provided must be a positive integer.
Expand Down
16 changes: 16 additions & 0 deletions controller-client/src/main/java/org/jboss/as/controller/client/ModelControllerClient.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -298,6 +298,22 @@ public static ModelControllerClient create(final String protocol, final String h
return create(ClientConfigurationImpl.create(protocol, hostName, port, handler, sslContext, connectionTimeout));
}

/**
* Create a client instance for a remote address and port and CallbackHandler.
*
* @param protocol The prototcol to use. If this is http-remoting or https-remoting http upgrade will be used rather than the native remote protocol
* @param hostName the remote host
* @param port the port
* @param handler CallbackHandler to obtain authentication information for the call.
* @param sslContext a pre-initialised SSLContext
* @param saslOptions Additional options to be passed to the SASL mechanism.
* @return A model controller client
* @throws UnknownHostException if the host cannot be found
*/
public static ModelControllerClient create(final String protocol, final String hostName, final int port, final CallbackHandler handler, final SSLContext sslContext, final int connectionTimeout, final Map<String, String> saslOptions) throws UnknownHostException {
return create(ClientConfigurationImpl.create(protocol, hostName, port, handler, sslContext, connectionTimeout));
}

/**
* Create a client instance for a remote address and port and CallbackHandler.
*
Expand Down

0 comments on commit f23502a

Please sign in to comment.