2 * Copyright (c) 2016 Cisco and/or its affiliates.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 package io.fd.honeycomb.northbound.restconf;
19 import com.google.inject.Inject;
20 import io.fd.honeycomb.binding.init.ProviderTrait;
21 import io.fd.honeycomb.northbound.CredentialsConfiguration;
23 import java.util.Collections;
24 import org.eclipse.jetty.security.ConstraintMapping;
25 import org.eclipse.jetty.security.ConstraintSecurityHandler;
26 import org.eclipse.jetty.security.HashLoginService;
27 import org.eclipse.jetty.security.authentication.BasicAuthenticator;
28 import org.eclipse.jetty.server.Server;
29 import org.eclipse.jetty.server.handler.gzip.GzipHandler;
30 import org.eclipse.jetty.util.security.Constraint;
31 import org.eclipse.jetty.util.security.Password;
32 import org.eclipse.jetty.util.thread.QueuedThreadPool;
33 import org.eclipse.jetty.webapp.WebAppContext;
35 final class JettyServerProvider extends ProviderTrait<Server> {
37 private static final String REALM = "HCRealm";
38 // Mime types to be compressed when requested
39 private static final String[] GZIP_MIME_TYPES = {"application/xml",
41 "application/yang.data+xml",
43 "application/yang.data+json"};
46 private RestconfConfiguration cfg;
49 private CredentialsConfiguration credentialsCfg;
52 protected Server create() {
53 Server server = new Server(new QueuedThreadPool(cfg.restPoolMaxSize.get(), cfg.restPoolMinSize.get()));
55 // Load Realm for basic auth
56 HashLoginService service = new HashLoginService(REALM);
57 // Reusing the name as role
58 service.putUser(credentialsCfg.username, new Password(credentialsCfg.password),
59 new String[]{credentialsCfg.username});
60 server.addBean(service);
62 final URL resource = getClass().getResource("/");
63 WebAppContext webapp = new WebAppContext(resource.getPath(), cfg.restconfRootPath.get());
65 server.setHandler(getGzip(service, webapp));
69 private GzipHandler getGzip(final HashLoginService service, final WebAppContext webapp) {
70 final GzipHandler gzipHandler = new GzipHandler();
71 gzipHandler.setIncludedMimeTypes(GZIP_MIME_TYPES);
72 gzipHandler.setHandler(getBaseAuth(service, webapp));
76 private ConstraintSecurityHandler getBaseAuth(HashLoginService service, WebAppContext webapp) {
77 Constraint constraint = new Constraint();
78 constraint.setName("auth");
79 constraint.setAuthenticate(true);
80 constraint.setRoles(new String[]{credentialsCfg.username});
82 ConstraintMapping mapping = new ConstraintMapping();
83 mapping.setPathSpec("/*");
84 mapping.setConstraint(constraint);
86 ConstraintSecurityHandler security = new ConstraintSecurityHandler();
87 security.setConstraintMappings(Collections.singletonList(mapping));
88 security.setAuthenticator(new BasicAuthenticator());
89 security.setLoginService(service);
91 security.setHandler(webapp);