Bump jolokia-war from 1.3.3 to 1.7.1 (#6907)
* Bump jolokia-war from 1.3.3 to 1.7.1 Bumps jolokia-war from 1.3.3 to 1.7.1. --- updated-dependencies: - dependency-name: org.jolokia:jolokia-war dependency-type: direct:production update-type: version-update:semver-minor ... * Adding HashLoginService to jolokia.xml * Fixing typo in FQCN for Jetty Password utility * Using logger to print warning, not ServletContext.log() as it causes an NPE. Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
This commit is contained in:
parent
cfcd67ff7b
commit
6b25c271b1
|
@ -5,7 +5,7 @@
|
||||||
# <username>: <password>[,<rolename> ...]
|
# <username>: <password>[,<rolename> ...]
|
||||||
#
|
#
|
||||||
# Passwords may be clear text, obfuscated or checksummed. The class
|
# Passwords may be clear text, obfuscated or checksummed. The class
|
||||||
# org.eclipse.util.Password should be used to generate obfuscated
|
# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
|
||||||
# passwords or password checksums
|
# passwords or password checksums
|
||||||
#
|
#
|
||||||
# If DIGEST Authentication is used, the password must be in a recoverable
|
# If DIGEST Authentication is used, the password must be in a recoverable
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# <username>: <password>[,<rolename> ...]
|
# <username>: <password>[,<rolename> ...]
|
||||||
#
|
#
|
||||||
# Passwords may be clear text, obfuscated or checksummed. The class
|
# Passwords may be clear text, obfuscated or checksummed. The class
|
||||||
# org.eclipse.util.Password should be used to generate obfuscated
|
# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
|
||||||
# passwords or password checksums
|
# passwords or password checksums
|
||||||
#
|
#
|
||||||
# If DIGEST Authentication is used, the password must be in a recoverable
|
# If DIGEST Authentication is used, the password must be in a recoverable
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# <username>: <password>[,<rolename> ...]
|
# <username>: <password>[,<rolename> ...]
|
||||||
#
|
#
|
||||||
# Passwords may be clear text, obfuscated or checksummed. The class
|
# Passwords may be clear text, obfuscated or checksummed. The class
|
||||||
# org.eclipse.util.Password should be used to generate obfuscated
|
# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
|
||||||
# passwords or password checksums
|
# passwords or password checksums
|
||||||
#
|
#
|
||||||
# If DIGEST Authentication is used, the password must be in a recoverable
|
# If DIGEST Authentication is used, the password must be in a recoverable
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# <username>: <password>[,<rolename> ...]
|
# <username>: <password>[,<rolename> ...]
|
||||||
#
|
#
|
||||||
# Passwords may be clear text, obfuscated or checksummed. The class
|
# Passwords may be clear text, obfuscated or checksummed. The class
|
||||||
# org.eclipse.util.Password should be used to generate obfuscated
|
# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
|
||||||
# passwords or password checksums
|
# passwords or password checksums
|
||||||
#
|
#
|
||||||
# If DIGEST Authentication is used, the password must be in a recoverable
|
# If DIGEST Authentication is used, the password must be in a recoverable
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# <username>: <password>[,<rolename> ...]
|
# <username>: <password>[,<rolename> ...]
|
||||||
#
|
#
|
||||||
# Passwords may be clear text, obfuscated or checksummed. The class
|
# Passwords may be clear text, obfuscated or checksummed. The class
|
||||||
# org.eclipse.util.Password should be used to generate obfuscated
|
# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
|
||||||
# passwords or password checksums
|
# passwords or password checksums
|
||||||
#
|
#
|
||||||
# If DIGEST Authentication is used, the password must be in a recoverable
|
# If DIGEST Authentication is used, the password must be in a recoverable
|
||||||
|
|
|
@ -17,6 +17,7 @@ etc/jolokia.xml
|
||||||
[files]
|
[files]
|
||||||
maven://org.jolokia/jolokia-war/${jolokia.version}/war|lib/jolokia/jolokia.war
|
maven://org.jolokia/jolokia-war/${jolokia.version}/war|lib/jolokia/jolokia.war
|
||||||
basehome:modules/jolokia/jolokia.xml|etc/jolokia.xml
|
basehome:modules/jolokia/jolokia.xml|etc/jolokia.xml
|
||||||
|
basehome:modules/jolokia/jolokia-realm.properties|etc/jolokia-realm.properties
|
||||||
|
|
||||||
[ini]
|
[ini]
|
||||||
jolokia.version?=@jolokia.version@
|
jolokia.version?=@jolokia.version@
|
||||||
|
|
|
@ -0,0 +1,31 @@
|
||||||
|
#
|
||||||
|
# ========================================================================
|
||||||
|
# Copyright (c) 1995-2022 Mort Bay Consulting Pty Ltd and others.
|
||||||
|
#
|
||||||
|
# This program and the accompanying materials are made available under the
|
||||||
|
# terms of the Eclipse Public License v. 2.0 which is available at
|
||||||
|
# https://www.eclipse.org/legal/epl-2.0, or the Apache License, Version 2.0
|
||||||
|
# which is available at https://www.apache.org/licenses/LICENSE-2.0.
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: EPL-2.0 OR Apache-2.0
|
||||||
|
# ========================================================================
|
||||||
|
#
|
||||||
|
|
||||||
|
#
|
||||||
|
# This file defines users passwords and roles for a HashUserRealm
|
||||||
|
#
|
||||||
|
# The format is
|
||||||
|
# <username>: <password>[,<rolename> ...]
|
||||||
|
#
|
||||||
|
# Passwords may be clear text, obfuscated or checksummed. The class
|
||||||
|
# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
|
||||||
|
# passwords or password checksums
|
||||||
|
#
|
||||||
|
# If DIGEST Authentication is used, the password must be in a recoverable
|
||||||
|
# format, either plain text or OBF:.
|
||||||
|
|
||||||
|
# - Example using MD5 for digest auth (The credential is a MD5 hash of username:realmname:password)
|
||||||
|
# jolokia:MD5:164c88b302622e17050af52c89945d44,jolokia
|
||||||
|
|
||||||
|
# - Example using plaintext
|
||||||
|
# jolokia:jetty,jolokia
|
|
@ -10,6 +10,24 @@
|
||||||
<Set name="extractWAR">true</Set>
|
<Set name="extractWAR">true</Set>
|
||||||
<Set name="copyWebDir">false</Set>
|
<Set name="copyWebDir">false</Set>
|
||||||
<Set name="defaultsDescriptor"><Property name="jetty.home" default="."/>/etc/webdefault.xml</Set>
|
<Set name="defaultsDescriptor"><Property name="jetty.home" default="."/>/etc/webdefault.xml</Set>
|
||||||
|
|
||||||
|
<!-- comment out this section when you have security configured -->
|
||||||
|
<Call class="org.slf4j.LoggerFactory" name="getLogger">
|
||||||
|
<Arg>org.eclipse.jetty</Arg>
|
||||||
|
<Call name="warn">
|
||||||
|
<Arg>The jolokia webapp is deployed, but does not have users and security configured. (see ${jetty.base}/etc/jolokia.xml)</Arg>
|
||||||
|
</Call>
|
||||||
|
</Call>
|
||||||
|
|
||||||
|
<Get name="securityHandler">
|
||||||
|
<Set name="loginService">
|
||||||
|
<New class="org.eclipse.jetty.security.HashLoginService">
|
||||||
|
<Set name="name">Jolokia Realm</Set>
|
||||||
|
<!-- Edit the contents ot the etc/jolokia-realm.properties -->
|
||||||
|
<Set name="config"><Property name="jetty.base" default="."/>/etc/jolokia-realm.properties</Set>
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
</Get>
|
||||||
</New>
|
</New>
|
||||||
</Arg>
|
</Arg>
|
||||||
</Call>
|
</Call>
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# <username>: <password>[,<rolename> ...]
|
# <username>: <password>[,<rolename> ...]
|
||||||
#
|
#
|
||||||
# Passwords may be clear text, obfuscated or checksummed. The class
|
# Passwords may be clear text, obfuscated or checksummed. The class
|
||||||
# org.eclipse.util.Password should be used to generate obfuscated
|
# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
|
||||||
# passwords or password checksums
|
# passwords or password checksums
|
||||||
#
|
#
|
||||||
# If DIGEST Authentication is used, the password must be in a recoverable
|
# If DIGEST Authentication is used, the password must be in a recoverable
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# <username>: <password>[,<rolename> ...]
|
# <username>: <password>[,<rolename> ...]
|
||||||
#
|
#
|
||||||
# Passwords may be clear text, obfuscated or checksummed. The class
|
# Passwords may be clear text, obfuscated or checksummed. The class
|
||||||
# org.eclipse.util.Password should be used to generate obfuscated
|
# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
|
||||||
# passwords or password checksums
|
# passwords or password checksums
|
||||||
#
|
#
|
||||||
# If DIGEST Authentication is used, the password must be in a recoverable
|
# If DIGEST Authentication is used, the password must be in a recoverable
|
||||||
|
|
|
@ -29,7 +29,7 @@ import java.util.Locale;
|
||||||
* </pre>
|
* </pre>
|
||||||
*
|
*
|
||||||
* Passwords that begin with OBF: are de obfuscated. Passwords can be obfuscated
|
* Passwords that begin with OBF: are de obfuscated. Passwords can be obfuscated
|
||||||
* by run org.eclipse.util.Password as a main class. Obfuscated password are
|
* by run {@link org.eclipse.jetty.util.security.Password} as a main class. Obfuscated password are
|
||||||
* required if a system needs to recover the full password (eg. so that it may
|
* required if a system needs to recover the full password (eg. so that it may
|
||||||
* be passed to another system). They are not secure, but prevent casual
|
* be passed to another system). They are not secure, but prevent casual
|
||||||
* observation.
|
* observation.
|
||||||
|
|
2
pom.xml
2
pom.xml
|
@ -95,7 +95,7 @@
|
||||||
<jnr-ffi.version>2.2.11</jnr-ffi.version>
|
<jnr-ffi.version>2.2.11</jnr-ffi.version>
|
||||||
<jnr-posix.version>3.1.15</jnr-posix.version>
|
<jnr-posix.version>3.1.15</jnr-posix.version>
|
||||||
<jnr-unixsocket.version>0.38.17</jnr-unixsocket.version>
|
<jnr-unixsocket.version>0.38.17</jnr-unixsocket.version>
|
||||||
<jolokia.version>1.3.3</jolokia.version>
|
<jolokia.version>1.7.1</jolokia.version>
|
||||||
<json-simple.version>1.1.1</json-simple.version>
|
<json-simple.version>1.1.1</json-simple.version>
|
||||||
<json-smart.version>2.4.8</json-smart.version>
|
<json-smart.version>2.4.8</json-smart.version>
|
||||||
<jsp.impl.version>9.0.52</jsp.impl.version>
|
<jsp.impl.version>9.0.52</jsp.impl.version>
|
||||||
|
|
|
@ -138,8 +138,8 @@ public class ThirdPartyModulesTests extends AbstractJettyHomeTest
|
||||||
|
|
||||||
startHttpClient();
|
startHttpClient();
|
||||||
ContentResponse response = client.GET("http://localhost:" + httpPort + "/jolokia");
|
ContentResponse response = client.GET("http://localhost:" + httpPort + "/jolokia");
|
||||||
assertEquals(HttpStatus.OK_200, response.getStatus(), new ResponseDetails(response));
|
// default is no users specified, so this will return a 401.
|
||||||
assertThat(response.getContentAsString(), containsString("\"agentType\":\"servlet\""));
|
assertEquals(HttpStatus.UNAUTHORIZED_401, response.getStatus(), new ResponseDetails(response));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# <username>: <password>[,<rolename> ...]
|
# <username>: <password>[,<rolename> ...]
|
||||||
#
|
#
|
||||||
# Passwords may be clear text, obfuscated or checksummed. The class
|
# Passwords may be clear text, obfuscated or checksummed. The class
|
||||||
# org.eclipse.util.Password should be used to generate obfuscated
|
# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
|
||||||
# passwords or password checksums
|
# passwords or password checksums
|
||||||
#
|
#
|
||||||
# If DIGEST Authentication is used, the password must be in a recoverable
|
# If DIGEST Authentication is used, the password must be in a recoverable
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# <username>: <password>[,<rolename> ...]
|
# <username>: <password>[,<rolename> ...]
|
||||||
#
|
#
|
||||||
# Passwords may be clear text, obfuscated or checksummed. The class
|
# Passwords may be clear text, obfuscated or checksummed. The class
|
||||||
# org.eclipse.util.Password should be used to generate obfuscated
|
# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
|
||||||
# passwords or password checksums
|
# passwords or password checksums
|
||||||
#
|
#
|
||||||
# If DIGEST Authentication is used, the password must be in a recoverable
|
# If DIGEST Authentication is used, the password must be in a recoverable
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# <username>: <password>[,<rolename> ...]
|
# <username>: <password>[,<rolename> ...]
|
||||||
#
|
#
|
||||||
# Passwords may be clear text, obfuscated or checksummed. The class
|
# Passwords may be clear text, obfuscated or checksummed. The class
|
||||||
# org.eclipse.util.Password should be used to generate obfuscated
|
# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
|
||||||
# passwords or password checksums
|
# passwords or password checksums
|
||||||
#
|
#
|
||||||
# If DIGEST Authentication is used, the password must be in a recoverable
|
# If DIGEST Authentication is used, the password must be in a recoverable
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# <username>: <password>[,<rolename> ...]
|
# <username>: <password>[,<rolename> ...]
|
||||||
#
|
#
|
||||||
# Passwords may be clear text, obfuscated or checksummed. The class
|
# Passwords may be clear text, obfuscated or checksummed. The class
|
||||||
# org.eclipse.util.Password should be used to generate obfuscated
|
# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
|
||||||
# passwords or password checksums
|
# passwords or password checksums
|
||||||
#
|
#
|
||||||
# If DIGEST Authentication is used, the password must be in a recoverable
|
# If DIGEST Authentication is used, the password must be in a recoverable
|
||||||
|
|
Loading…
Reference in New Issue