From 3341ac467cc08ac95f937945c7502ac4a019d805 Mon Sep 17 00:00:00 2001 From: Maros Marsalek Date: Wed, 17 Aug 2016 15:38:01 +0200 Subject: Make Restconf thread pools configurable Change-Id: Ie03a1fde5181cfd8457e36d67afc2cc0c69c1e1d Signed-off-by: Maros Marsalek --- .../distro/restconf/JettyServerProvider.groovy | 81 ++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 infra/minimal-distribution/src/main/java/io/fd/honeycomb/infra/distro/restconf/JettyServerProvider.groovy (limited to 'infra/minimal-distribution/src/main/java/io/fd/honeycomb/infra/distro/restconf/JettyServerProvider.groovy') diff --git a/infra/minimal-distribution/src/main/java/io/fd/honeycomb/infra/distro/restconf/JettyServerProvider.groovy b/infra/minimal-distribution/src/main/java/io/fd/honeycomb/infra/distro/restconf/JettyServerProvider.groovy new file mode 100644 index 000000000..ff6c300ea --- /dev/null +++ b/infra/minimal-distribution/src/main/java/io/fd/honeycomb/infra/distro/restconf/JettyServerProvider.groovy @@ -0,0 +1,81 @@ +/* + * Copyright (c) 2016 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License") + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.fd.honeycomb.infra.distro.restconf + +import com.google.inject.Inject +import groovy.transform.ToString +import groovy.util.logging.Slf4j +import io.fd.honeycomb.infra.distro.ProviderTrait +import io.fd.honeycomb.infra.distro.cfgattrs.HoneycombConfiguration +import org.eclipse.jetty.security.ConstraintMapping +import org.eclipse.jetty.security.ConstraintSecurityHandler +import org.eclipse.jetty.security.HashLoginService +import org.eclipse.jetty.security.authentication.BasicAuthenticator +import org.eclipse.jetty.server.Server +import org.eclipse.jetty.util.security.Constraint +import org.eclipse.jetty.util.security.Password +import org.eclipse.jetty.util.thread.QueuedThreadPool +import org.eclipse.jetty.webapp.WebAppContext + +@Slf4j +@ToString +class JettyServerProvider extends ProviderTrait { + + public static final String REALM = "HCRealm" + + @Inject + HoneycombConfiguration cfg + + def create() { + def server = new Server(new QueuedThreadPool(cfg.restPoolMaxSize.get(), cfg.restPoolMinSize.get())) + + // Load Realm for basic auth + def service = new HashLoginService(REALM) + // Reusing the name as role + // TODO make this more configurable + service.putUser(cfg.username, new Password(cfg.password), cfg.username) + server.addBean(service) + + final URL resource = getClass().getResource("/") + WebAppContext webapp = new WebAppContext(resource.getPath(), cfg.restconfRootPath.get()) + + ConstraintSecurityHandler security = getBaseAuth(service, webapp) + server.setHandler(security) + + return server + } + + private ConstraintSecurityHandler getBaseAuth(HashLoginService service, WebAppContext webapp) { + ConstraintSecurityHandler security = new ConstraintSecurityHandler() + + Constraint constraint = new Constraint() + constraint.setName("auth") + constraint.setAuthenticate(true) + constraint.setRoles(cfg.username) + + ConstraintMapping mapping = new ConstraintMapping() + mapping.setPathSpec("/*") + mapping.setConstraint(constraint) + + security.setConstraintMappings(Collections.singletonList(mapping)) + security.setAuthenticator(new BasicAuthenticator()) + security.setLoginService(service) + + security.setHandler(webapp) + security + } +} -- cgit 1.2.3-korg