diff options
Diffstat (limited to 'infra/northbound/restconf/src/main/java/io/fd/honeycomb/northbound/restconf/JettyServerProvider.java')
-rw-r--r-- | infra/northbound/restconf/src/main/java/io/fd/honeycomb/northbound/restconf/JettyServerProvider.java | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/infra/northbound/restconf/src/main/java/io/fd/honeycomb/northbound/restconf/JettyServerProvider.java b/infra/northbound/restconf/src/main/java/io/fd/honeycomb/northbound/restconf/JettyServerProvider.java new file mode 100644 index 000000000..a87459560 --- /dev/null +++ b/infra/northbound/restconf/src/main/java/io/fd/honeycomb/northbound/restconf/JettyServerProvider.java @@ -0,0 +1,94 @@ +/* + * Copyright (c) 2016 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.fd.honeycomb.northbound.restconf; + +import com.google.inject.Inject; +import io.fd.honeycomb.binding.init.ProviderTrait; +import io.fd.honeycomb.northbound.CredentialsConfiguration; +import java.net.URL; +import java.util.Collections; +import org.eclipse.jetty.security.ConstraintMapping; +import org.eclipse.jetty.security.ConstraintSecurityHandler; +import org.eclipse.jetty.security.HashLoginService; +import org.eclipse.jetty.security.authentication.BasicAuthenticator; +import org.eclipse.jetty.server.Server; +import org.eclipse.jetty.server.handler.gzip.GzipHandler; +import org.eclipse.jetty.util.security.Constraint; +import org.eclipse.jetty.util.security.Password; +import org.eclipse.jetty.util.thread.QueuedThreadPool; +import org.eclipse.jetty.webapp.WebAppContext; + +final class JettyServerProvider extends ProviderTrait<Server> { + + private static final String REALM = "HCRealm"; + // Mime types to be compressed when requested + private static final String[] GZIP_MIME_TYPES = {"application/xml", + "xml", + "application/yang.data+xml", + "application/json", + "application/yang.data+json"}; + + @Inject + private RestconfConfiguration cfg; + + @Inject + private CredentialsConfiguration credentialsCfg; + + @Override + protected Server create() { + Server server = new Server(new QueuedThreadPool(cfg.restPoolMaxSize.get(), cfg.restPoolMinSize.get())); + + // Load Realm for basic auth + HashLoginService service = new HashLoginService(REALM); + // Reusing the name as role + service.putUser(credentialsCfg.username, new Password(credentialsCfg.password), + new String[]{credentialsCfg.username}); + server.addBean(service); + + final URL resource = getClass().getResource("/"); + WebAppContext webapp = new WebAppContext(resource.getPath(), cfg.restconfRootPath.get()); + + server.setHandler(getGzip(service, webapp)); + return server; + } + + private GzipHandler getGzip(final HashLoginService service, final WebAppContext webapp) { + final GzipHandler gzipHandler = new GzipHandler(); + gzipHandler.setIncludedMimeTypes(GZIP_MIME_TYPES); + gzipHandler.setHandler(getBaseAuth(service, webapp)); + return gzipHandler; + } + + private ConstraintSecurityHandler getBaseAuth(HashLoginService service, WebAppContext webapp) { + Constraint constraint = new Constraint(); + constraint.setName("auth"); + constraint.setAuthenticate(true); + constraint.setRoles(new String[]{credentialsCfg.username}); + + ConstraintMapping mapping = new ConstraintMapping(); + mapping.setPathSpec("/*"); + mapping.setConstraint(constraint); + + ConstraintSecurityHandler security = new ConstraintSecurityHandler(); + security.setConstraintMappings(Collections.singletonList(mapping)); + security.setAuthenticator(new BasicAuthenticator()); + security.setLoginService(service); + + security.setHandler(webapp); + return security; + } +} |