BrooklynUserWithRandomPasswordSecurityProvider.java example

Explorer
incubator-brooklyn-master
/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.apache.brooklyn.rest.security.provider;

import javax.servlet.http.HttpSession;

import org.apache.brooklyn.api.mgmt.ManagementContext;
import org.apache.brooklyn.rest.filter.BrooklynPropertiesSecurityFilter;
import org.apache.brooklyn.util.javalang.JavaClassNames;
import org.apache.brooklyn.util.net.Networking;
import org.apache.brooklyn.util.text.Identifiers;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class BrooklynUserWithRandomPasswordSecurityProvider extends AbstractSecurityProvider implements SecurityProvider {

    public static final Logger LOG = LoggerFactory.getLogger(BrooklynUserWithRandomPasswordSecurityProvider.class);
    private static final String USER = "brooklyn";
    private final String password;

    public BrooklynUserWithRandomPasswordSecurityProvider() {
        this.password = Identifiers.makeRandomId(10);
        LOG.info("Allowing access to web console from localhost or with {}:{}", USER, password);
    }

    public BrooklynUserWithRandomPasswordSecurityProvider(ManagementContext mgmt) {
        this();
    }

    @Override
    public boolean authenticate(HttpSession session, String user, String password) {
        if ((USER.equals(user) && this.password.equals(password)) || isRemoteAddressLocalhost(session)) {
            return allow(session, user);
        } else {
            return false;
        }
    }

    private boolean isRemoteAddressLocalhost(HttpSession session) {
        Object remoteAddress = session.getAttribute(BrooklynPropertiesSecurityFilter.REMOTE_ADDRESS_SESSION_ATTRIBUTE);
        if (!(remoteAddress instanceof String)) return false;
        if (Networking.isLocalhost((String)remoteAddress)) {
            if (LOG.isTraceEnabled()) {
                LOG.trace(this+": granting passwordless access to "+session+" originating from "+remoteAddress);
            }
            return true;
        } else {
            LOG.debug(this+": password required for "+session+" originating from "+remoteAddress);
            return false;
        }
    }
    
    @Override
    public String toString() {
        return JavaClassNames.cleanSimpleClassName(this);
    }
}