require login to webconsole for webapps
authorAlex Heneveld <alex.heneveld@cloudsoftcorp.com>
Fri, 14 Dec 2018 12:40:22 +0000 (12:40 +0000)
committerAlex Heneveld <alex.heneveld@cloudsoftcorp.com>
Fri, 14 Dec 2018 15:32:27 +0000 (15:32 +0000)
the REST API has always been secured but we now secure these static assets also;
this gives a better experience on login, and it will be even more important when
we introduce oauth-based logins where the redirect page (served by the LoginModule
defined in the REST API module, connected to the LoginService defined in the jetty bundle,
both in brooklyn-server) should be served in response to the request for index.html,
not just on the REST calls

ui-modules/app-inspector/src/main/webapp/WEB-INF/web.xml
ui-modules/blueprint-composer/src/main/webapp/WEB-INF/web.xml
ui-modules/blueprint-importer/src/main/webapp/WEB-INF/web.xml
ui-modules/catalog/src/main/webapp/WEB-INF/web.xml
ui-modules/groovy-console/src/main/webapp/WEB-INF/web.xml
ui-modules/home/src/main/webapp/WEB-INF/web.xml
ui-modules/location-manager/src/main/webapp/WEB-INF/web.xml
ui-modules/logout/src/main/webapp/WEB-INF/web.xml
ui-modules/rest-api-docs/src/main/webapp/WEB-INF/web.xml

index 9e99c5f..fc87588 100644 (file)
     </filter-mapping>
     <!--FILTERS :: END-->
 
+    <login-config>
+        <auth-method>BASIC</auth-method>
+        <realm-name>webconsole</realm-name>
+    </login-config>
+
+    <security-constraint>
+      <web-resource-collection>
+        <web-resource-name>webconsole-static-assets</web-resource-name>
+        <url-pattern>/*</url-pattern>
+      </web-resource-collection>
+      <auth-constraint>
+        <role-name>**</role-name>
+      </auth-constraint>
+    </security-constraint>
+    <security-role>
+      <role-name>**</role-name>
+    </security-role>
 
 </web-app>
index c8d59e9..8bfecc7 100644 (file)
     </filter-mapping>
     <!--FILTERS :: END-->
 
+    <login-config>
+        <auth-method>BASIC</auth-method>
+        <realm-name>webconsole</realm-name>
+    </login-config>
+    
+    <security-constraint>
+      <web-resource-collection>
+        <web-resource-name>webconsole-static-assets</web-resource-name>
+        <url-pattern>/*</url-pattern>
+      </web-resource-collection>
+      <auth-constraint>
+        <role-name>**</role-name>
+      </auth-constraint>
+    </security-constraint>
+    <security-role>
+      <role-name>**</role-name>
+    </security-role>
 
 </web-app>
index 7316240..2e8b2ea 100644 (file)
     </filter-mapping>
     <!--FILTERS :: END-->
 
+    <login-config>
+        <auth-method>BASIC</auth-method>
+        <realm-name>webconsole</realm-name>
+    </login-config>
+
+    <security-constraint>
+      <web-resource-collection>
+        <web-resource-name>webconsole-static-assets</web-resource-name>
+        <url-pattern>/*</url-pattern>
+      </web-resource-collection>
+      <auth-constraint>
+        <role-name>**</role-name>
+      </auth-constraint>
+    </security-constraint>
+    <security-role>
+      <role-name>**</role-name>
+    </security-role>
 
 </web-app>
index 2ff2d15..efee85b 100644 (file)
     </filter-mapping>
     <!--FILTERS :: END-->
 
+    <login-config>
+        <auth-method>BASIC</auth-method>
+        <realm-name>webconsole</realm-name>
+    </login-config>
+
+    <security-constraint>
+      <web-resource-collection>
+        <web-resource-name>webconsole-static-assets</web-resource-name>
+        <url-pattern>/*</url-pattern>
+      </web-resource-collection>
+      <auth-constraint>
+        <role-name>**</role-name>
+      </auth-constraint>
+    </security-constraint>
+    <security-role>
+      <role-name>**</role-name>
+    </security-role>
 
 </web-app>
index edfc151..addd7a8 100644 (file)
     </filter-mapping>
     <!--FILTERS :: END-->
 
+    <login-config>
+        <auth-method>BASIC</auth-method>
+        <realm-name>webconsole</realm-name>
+    </login-config>
+
+    <security-constraint>
+      <web-resource-collection>
+        <web-resource-name>webconsole-static-assets</web-resource-name>
+        <url-pattern>/*</url-pattern>
+      </web-resource-collection>
+      <auth-constraint>
+        <role-name>**</role-name>
+      </auth-constraint>
+    </security-constraint>
+    <security-role>
+      <role-name>**</role-name>
+    </security-role>
 
 </web-app>
index 4fa41b8..9be0439 100644 (file)
         <url-pattern>/*</url-pattern>
     </filter-mapping>
     <!--FILTERS :: END-->
+    
+    <login-config>
+        <auth-method>BASIC</auth-method>
+        <realm-name>webconsole</realm-name>
+    </login-config>
+    
+    <security-constraint>
+      <web-resource-collection>
+        <web-resource-name>webconsole-static-assets</web-resource-name>
+        <url-pattern>/*</url-pattern>
+      </web-resource-collection>
+      <auth-constraint>
+        <role-name>**</role-name>
+      </auth-constraint>
+    </security-constraint>
+    <security-role>
+      <role-name>**</role-name>
+    </security-role>
+  
 </web-app>
index 6b6683a..2bb7445 100644 (file)
     </filter-mapping>
     <!--FILTERS :: END-->
 
+    <login-config>
+        <auth-method>BASIC</auth-method>
+        <realm-name>webconsole</realm-name>
+    </login-config>
+
+    <security-constraint>
+      <web-resource-collection>
+        <web-resource-name>webconsole-static-assets</web-resource-name>
+        <url-pattern>/*</url-pattern>
+      </web-resource-collection>
+      <auth-constraint>
+        <role-name>**</role-name>
+      </auth-constraint>
+    </security-constraint>
+    <security-role>
+      <role-name>**</role-name>
+    </security-role>
 
 </web-app>
index 19970f8..81d8082 100644 (file)
     <welcome-file-list>
         <welcome-file>index.html</welcome-file>
     </welcome-file-list>
+
+    <security-constraint>
+      <web-resource-collection>
+        <web-resource-name>webconsole-static-assets</web-resource-name>
+        <url-pattern>/*</url-pattern>
+      </web-resource-collection>
+      <auth-constraint>
+        <role-name>**</role-name>
+      </auth-constraint>
+    </security-constraint>
+    <security-role>
+      <role-name>**</role-name>
+    </security-role>
+
 </web-app>
index dd7dd9b..c6f9bd5 100644 (file)
     </filter-mapping>
     <!--FILTERS :: END-->
 
+    <login-config>
+        <auth-method>BASIC</auth-method>
+        <realm-name>webconsole</realm-name>
+    </login-config>
+
+    <security-constraint>
+      <web-resource-collection>
+        <web-resource-name>webconsole-static-assets</web-resource-name>
+        <url-pattern>/*</url-pattern>
+      </web-resource-collection>
+      <auth-constraint>
+        <role-name>**</role-name>
+      </auth-constraint>
+    </security-constraint>
+    <security-role>
+      <role-name>**</role-name>
+    </security-role>
 
 </web-app>