Bump jolokia-war from 1.3.3 to 1.7.1 (#6907)

* Bump jolokia-war from 1.3.3 to 1.7.1 Bumps jolokia-war from 1.3.3 to 1.7.1. --- updated-dependencies: - dependency-name: org.jolokia:jolokia-war dependency-type: direct:production update-type: version-update:semver-minor ... * Adding HashLoginService to jolokia.xml * Fixing typo in FQCN for Jetty Password utility * Using logger to print warning, not ServletContext.log() as it causes an NPE. Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-03-29 21:04:35 -05:00 · 2022-03-29 21:04:35 -05:00 · 6b25c271b1
parent cfcd67ff7b
commit 6b25c271b1
17 changed files with 65 additions and 15 deletions
--- a/demos/demo-jetty-webapp/src/test/resources/test-realm.properties
+++ b/demos/demo-jetty-webapp/src/test/resources/test-realm.properties
@ -5,7 +5,7 @@
 #  <username>: <password>[,<rolename> ...]
 #
 # Passwords may be clear text, obfuscated or checksummed.  The class 
-# org.eclipse.util.Password should be used to generate obfuscated
+# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
 # passwords or password checksums
 #
 # If DIGEST Authentication is used, the password must be in a recoverable
--- a/demos/demo-spec/demo-spec-webapp/src/etc/realm.properties
+++ b/demos/demo-spec/demo-spec-webapp/src/etc/realm.properties
@ -5,7 +5,7 @@
 #  <username>: <password>[,<rolename> ...]
 #
 # Passwords may be clear text, obfuscated or checksummed.  The class 
-# org.eclipse.util.Password should be used to generate obfuscated
+# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
 # passwords or password checksums
 #
 # If DIGEST Authentication is used, the password must be in a recoverable
--- a/demos/embedded/src/main/resources/demo/demo-realm.properties
+++ b/demos/embedded/src/main/resources/demo/demo-realm.properties
@ -5,7 +5,7 @@
 #  <username>: <password>[,<rolename> ...]
 #
 # Passwords may be clear text, obfuscated or checksummed.  The class 
-# org.eclipse.util.Password should be used to generate obfuscated
+# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
 # passwords or password checksums
 #
 # If DIGEST Authentication is used, the password must be in a recoverable
--- a/jetty-deploy/src/test/resources/etc/realm.properties
+++ b/jetty-deploy/src/test/resources/etc/realm.properties
@ -5,7 +5,7 @@
 #  <username>: <password>[,<rolename> ...]
 #
 # Passwords may be clear text, obfuscated or checksummed.  The class 
-# org.eclipse.util.Password should be used to generate obfuscated
+# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
 # passwords or password checksums
 #
 # If DIGEST Authentication is used, the password must be in a recoverable
--- a/jetty-home/src/main/resources/modules/demo.d/demo-realm.properties
+++ b/jetty-home/src/main/resources/modules/demo.d/demo-realm.properties
@ -5,7 +5,7 @@
 #  <username>: <password>[,<rolename> ...]
 #
 # Passwords may be clear text, obfuscated or checksummed.  The class 
-# org.eclipse.util.Password should be used to generate obfuscated
+# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
 # passwords or password checksums
 #
 # If DIGEST Authentication is used, the password must be in a recoverable
--- a/jetty-home/src/main/resources/modules/jolokia.mod
+++ b/jetty-home/src/main/resources/modules/jolokia.mod
@ -17,6 +17,7 @@ etc/jolokia.xml
 [files]
 maven://org.jolokia/jolokia-war/${jolokia.version}/war|lib/jolokia/jolokia.war
 basehome:modules/jolokia/jolokia.xml|etc/jolokia.xml
+basehome:modules/jolokia/jolokia-realm.properties|etc/jolokia-realm.properties

 [ini]
 jolokia.version?=@jolokia.version@
--- a/jetty-home/src/main/resources/modules/jolokia/jolokia-realm.properties
+++ b/jetty-home/src/main/resources/modules/jolokia/jolokia-realm.properties
@ -0,0 +1,31 @@
+#
+# ========================================================================
+# Copyright (c) 1995-2022 Mort Bay Consulting Pty Ltd and others.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Eclipse Public License v. 2.0 which is available at
+# https://www.eclipse.org/legal/epl-2.0, or the Apache License, Version 2.0
+# which is available at https://www.apache.org/licenses/LICENSE-2.0.
+#
+# SPDX-License-Identifier: EPL-2.0 OR Apache-2.0
+# ========================================================================
+#
+
+#
+# This file defines users passwords and roles for a HashUserRealm
+#
+# The format is
+#  <username>: <password>[,<rolename> ...]
+#
+# Passwords may be clear text, obfuscated or checksummed.  The class
+# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
+# passwords or password checksums
+#
+# If DIGEST Authentication is used, the password must be in a recoverable
+# format, either plain text or OBF:.
+
+# - Example using MD5 for digest auth (The credential is a MD5 hash of username:realmname:password)
+# jolokia:MD5:164c88b302622e17050af52c89945d44,jolokia
+
+# - Example using plaintext
+# jolokia:jetty,jolokia
--- a/jetty-home/src/main/resources/modules/jolokia/jolokia.xml
+++ b/jetty-home/src/main/resources/modules/jolokia/jolokia.xml
@ -10,6 +10,24 @@
        <Set name="extractWAR">true</Set>
        <Set name="copyWebDir">false</Set>
        <Set name="defaultsDescriptor"><Property name="jetty.home" default="."/>/etc/webdefault.xml</Set>
+
+        <!-- comment out this section when you have security configured -->
+        <Call class="org.slf4j.LoggerFactory" name="getLogger">
+          <Arg>org.eclipse.jetty</Arg>
+          <Call name="warn">
+            <Arg>The jolokia webapp is deployed, but does not have users and security configured. (see ${jetty.base}/etc/jolokia.xml)</Arg>
+          </Call>
+        </Call>
+
+        <Get name="securityHandler">
+          <Set name="loginService">
+            <New class="org.eclipse.jetty.security.HashLoginService">
+              <Set name="name">Jolokia Realm</Set>
+              <!-- Edit the contents ot the etc/jolokia-realm.properties -->
+              <Set name="config"><Property name="jetty.base" default="."/>/etc/jolokia-realm.properties</Set>
+            </New>
+          </Set>
+        </Get>
      </New>
    </Arg>
  </Call>
--- a/jetty-osgi/test-jetty-osgi/src/test/config/etc/realm.properties
+++ b/jetty-osgi/test-jetty-osgi/src/test/config/etc/realm.properties
@ -5,7 +5,7 @@
 #  <username>: <password>[,<rolename> ...]
 #
 # Passwords may be clear text, obfuscated or checksummed.  The class 
-# org.eclipse.util.Password should be used to generate obfuscated
+# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
 # passwords or password checksums
 #
 # If DIGEST Authentication is used, the password must be in a recoverable
--- a/jetty-security/src/test/resources/realm.properties
+++ b/jetty-security/src/test/resources/realm.properties
@ -5,7 +5,7 @@
 #  <username>: <password>[,<rolename> ...]
 #
 # Passwords may be clear text, obfuscated or checksummed.  The class 
-# org.eclipse.util.Password should be used to generate obfuscated
+# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
 # passwords or password checksums
 #
 # If DIGEST Authentication is used, the password must be in a recoverable
--- a/jetty-util/src/main/java/org/eclipse/jetty/util/security/Password.java
+++ b/jetty-util/src/main/java/org/eclipse/jetty/util/security/Password.java
@ -29,7 +29,7 @@ import java.util.Locale;
 * </pre>
 *
 * Passwords that begin with OBF: are de obfuscated. Passwords can be obfuscated
- * by run org.eclipse.util.Password as a main class. Obfuscated password are
+ * by run {@link org.eclipse.jetty.util.security.Password} as a main class. Obfuscated password are
 * required if a system needs to recover the full password (eg. so that it may
 * be passed to another system). They are not secure, but prevent casual
 * observation.
--- a/pom.xml
+++ b/pom.xml
@ -95,7 +95,7 @@
    <jnr-ffi.version>2.2.11</jnr-ffi.version>
    <jnr-posix.version>3.1.15</jnr-posix.version>
    <jnr-unixsocket.version>0.38.17</jnr-unixsocket.version>
-    <jolokia.version>1.3.3</jolokia.version>
+    <jolokia.version>1.7.1</jolokia.version>
    <json-simple.version>1.1.1</json-simple.version>
    <json-smart.version>2.4.8</json-smart.version>
    <jsp.impl.version>9.0.52</jsp.impl.version>
--- a/tests/test-distribution/src/test/java/org/eclipse/jetty/tests/distribution/ThirdPartyModulesTests.java
+++ b/tests/test-distribution/src/test/java/org/eclipse/jetty/tests/distribution/ThirdPartyModulesTests.java
@ -138,8 +138,8 @@ public class ThirdPartyModulesTests extends AbstractJettyHomeTest

                startHttpClient();
                ContentResponse response = client.GET("http://localhost:" + httpPort + "/jolokia");
-                assertEquals(HttpStatus.OK_200, response.getStatus(), new ResponseDetails(response));
-                assertThat(response.getContentAsString(), containsString("\"agentType\":\"servlet\""));
+                // default is no users specified, so this will return a 401.
+                assertEquals(HttpStatus.UNAUTHORIZED_401, response.getStatus(), new ResponseDetails(response));
            }
        }
    }
--- a/tests/test-distribution/src/test/resources/realm.properties
+++ b/tests/test-distribution/src/test/resources/realm.properties
@ -5,7 +5,7 @@
 #  <username>: <password>[,<rolename> ...]
 #
 # Passwords may be clear text, obfuscated or checksummed.  The class 
-# org.eclipse.util.Password should be used to generate obfuscated
+# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
 # passwords or password checksums
 #
 # If DIGEST Authentication is used, the password must be in a recoverable
--- a/tests/test-integration/src/test/resources/realm.properties
+++ b/tests/test-integration/src/test/resources/realm.properties
@ -5,7 +5,7 @@
 #  <username>: <password>[,<rolename> ...]
 #
 # Passwords may be clear text, obfuscated or checksummed.  The class 
-# org.eclipse.util.Password should be used to generate obfuscated
+# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
 # passwords or password checksums
 #
 # If DIGEST Authentication is used, the password must be in a recoverable
--- a/tests/test-quickstart/src/test/resources/realm.properties
+++ b/tests/test-quickstart/src/test/resources/realm.properties
@ -5,7 +5,7 @@
 #  <username>: <password>[,<rolename> ...]
 #
 # Passwords may be clear text, obfuscated or checksummed.  The class 
-# org.eclipse.util.Password should be used to generate obfuscated
+# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
 # passwords or password checksums
 #
 # If DIGEST Authentication is used, the password must be in a recoverable
--- a/tests/test-sessions/test-mongodb-sessions/src/test/resources/realm.properties
+++ b/tests/test-sessions/test-mongodb-sessions/src/test/resources/realm.properties
@ -5,7 +5,7 @@
 #  <username>: <password>[,<rolename> ...]
 #
 # Passwords may be clear text, obfuscated or checksummed.  The class 
-# org.eclipse.util.Password should be used to generate obfuscated
+# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
 # passwords or password checksums
 #
 # If DIGEST Authentication is used, the password must be in a recoverable