2 * Copyright (c) 2016 Cisco and/or its affiliates.
4 * Licensed under the Apache License, Version 2.0 (the "License")
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 package io.fd.honeycomb.infra.distro.restconf
19 import com.google.inject.Inject
20 import groovy.transform.ToString
21 import groovy.util.logging.Slf4j
22 import io.fd.honeycomb.infra.distro.ProviderTrait
23 import io.fd.honeycomb.infra.distro.cfgattrs.HoneycombConfiguration
24 import org.eclipse.jetty.security.ConstraintMapping
25 import org.eclipse.jetty.security.ConstraintSecurityHandler
26 import org.eclipse.jetty.security.HashLoginService
27 import org.eclipse.jetty.security.authentication.BasicAuthenticator
28 import org.eclipse.jetty.server.Server
29 import org.eclipse.jetty.util.security.Constraint
30 import org.eclipse.jetty.util.security.Password
31 import org.eclipse.jetty.util.thread.QueuedThreadPool
32 import org.eclipse.jetty.webapp.WebAppContext
36 class JettyServerProvider extends ProviderTrait<Server> {
38 public static final String REALM = "HCRealm"
41 HoneycombConfiguration cfg
44 def server = new Server(new QueuedThreadPool(cfg.restPoolMaxSize.get(), cfg.restPoolMinSize.get()))
46 // Load Realm for basic auth
47 def service = new HashLoginService(REALM)
48 // Reusing the name as role
49 // TODO make this more configurable
50 service.putUser(cfg.username, new Password(cfg.password), cfg.username)
51 server.addBean(service)
53 final URL resource = getClass().getResource("/")
54 WebAppContext webapp = new WebAppContext(resource.getPath(), cfg.restconfRootPath.get())
56 ConstraintSecurityHandler security = getBaseAuth(service, webapp)
57 server.setHandler(security)
62 private ConstraintSecurityHandler getBaseAuth(HashLoginService service, WebAppContext webapp) {
63 ConstraintSecurityHandler security = new ConstraintSecurityHandler()
65 Constraint constraint = new Constraint()
66 constraint.setName("auth")
67 constraint.setAuthenticate(true)
68 constraint.setRoles(cfg.username)
70 ConstraintMapping mapping = new ConstraintMapping()
71 mapping.setPathSpec("/*")
72 mapping.setConstraint(constraint)
74 security.setConstraintMappings(Collections.singletonList(mapping))
75 security.setAuthenticator(new BasicAuthenticator())
76 security.setLoginService(service)
78 security.setHandler(webapp)