Bump jolokia-war from 1.3.3 to 1.7.1 (#6907)

* Bump jolokia-war from 1.3.3 to 1.7.1

Bumps jolokia-war from 1.3.3 to 1.7.1.

---
updated-dependencies:
- dependency-name: org.jolokia:jolokia-war
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

* Adding HashLoginService to jolokia.xml
* Fixing typo in FQCN for Jetty Password utility
* Using logger to print warning, not ServletContext.log() as it causes an NPE.

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
This commit is contained in:
dependabot[bot] 2022-03-29 21:04:35 -05:00 committed by GitHub
parent cfcd67ff7b
commit 6b25c271b1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 65 additions and 15 deletions

View File

@ -5,7 +5,7 @@
# <username>: <password>[,<rolename> ...] # <username>: <password>[,<rolename> ...]
# #
# Passwords may be clear text, obfuscated or checksummed. The class # Passwords may be clear text, obfuscated or checksummed. The class
# org.eclipse.util.Password should be used to generate obfuscated # org.eclipse.jetty.util.security.Password should be used to generate obfuscated
# passwords or password checksums # passwords or password checksums
# #
# If DIGEST Authentication is used, the password must be in a recoverable # If DIGEST Authentication is used, the password must be in a recoverable

View File

@ -5,7 +5,7 @@
# <username>: <password>[,<rolename> ...] # <username>: <password>[,<rolename> ...]
# #
# Passwords may be clear text, obfuscated or checksummed. The class # Passwords may be clear text, obfuscated or checksummed. The class
# org.eclipse.util.Password should be used to generate obfuscated # org.eclipse.jetty.util.security.Password should be used to generate obfuscated
# passwords or password checksums # passwords or password checksums
# #
# If DIGEST Authentication is used, the password must be in a recoverable # If DIGEST Authentication is used, the password must be in a recoverable

View File

@ -5,7 +5,7 @@
# <username>: <password>[,<rolename> ...] # <username>: <password>[,<rolename> ...]
# #
# Passwords may be clear text, obfuscated or checksummed. The class # Passwords may be clear text, obfuscated or checksummed. The class
# org.eclipse.util.Password should be used to generate obfuscated # org.eclipse.jetty.util.security.Password should be used to generate obfuscated
# passwords or password checksums # passwords or password checksums
# #
# If DIGEST Authentication is used, the password must be in a recoverable # If DIGEST Authentication is used, the password must be in a recoverable

View File

@ -5,7 +5,7 @@
# <username>: <password>[,<rolename> ...] # <username>: <password>[,<rolename> ...]
# #
# Passwords may be clear text, obfuscated or checksummed. The class # Passwords may be clear text, obfuscated or checksummed. The class
# org.eclipse.util.Password should be used to generate obfuscated # org.eclipse.jetty.util.security.Password should be used to generate obfuscated
# passwords or password checksums # passwords or password checksums
# #
# If DIGEST Authentication is used, the password must be in a recoverable # If DIGEST Authentication is used, the password must be in a recoverable

View File

@ -5,7 +5,7 @@
# <username>: <password>[,<rolename> ...] # <username>: <password>[,<rolename> ...]
# #
# Passwords may be clear text, obfuscated or checksummed. The class # Passwords may be clear text, obfuscated or checksummed. The class
# org.eclipse.util.Password should be used to generate obfuscated # org.eclipse.jetty.util.security.Password should be used to generate obfuscated
# passwords or password checksums # passwords or password checksums
# #
# If DIGEST Authentication is used, the password must be in a recoverable # If DIGEST Authentication is used, the password must be in a recoverable

View File

@ -17,6 +17,7 @@ etc/jolokia.xml
[files] [files]
maven://org.jolokia/jolokia-war/${jolokia.version}/war|lib/jolokia/jolokia.war maven://org.jolokia/jolokia-war/${jolokia.version}/war|lib/jolokia/jolokia.war
basehome:modules/jolokia/jolokia.xml|etc/jolokia.xml basehome:modules/jolokia/jolokia.xml|etc/jolokia.xml
basehome:modules/jolokia/jolokia-realm.properties|etc/jolokia-realm.properties
[ini] [ini]
jolokia.version?=@jolokia.version@ jolokia.version?=@jolokia.version@

View File

@ -0,0 +1,31 @@
#
# ========================================================================
# Copyright (c) 1995-2022 Mort Bay Consulting Pty Ltd and others.
#
# This program and the accompanying materials are made available under the
# terms of the Eclipse Public License v. 2.0 which is available at
# https://www.eclipse.org/legal/epl-2.0, or the Apache License, Version 2.0
# which is available at https://www.apache.org/licenses/LICENSE-2.0.
#
# SPDX-License-Identifier: EPL-2.0 OR Apache-2.0
# ========================================================================
#
#
# This file defines users passwords and roles for a HashUserRealm
#
# The format is
# <username>: <password>[,<rolename> ...]
#
# Passwords may be clear text, obfuscated or checksummed. The class
# org.eclipse.jetty.util.security.Password should be used to generate obfuscated
# passwords or password checksums
#
# If DIGEST Authentication is used, the password must be in a recoverable
# format, either plain text or OBF:.
# - Example using MD5 for digest auth (The credential is a MD5 hash of username:realmname:password)
# jolokia:MD5:164c88b302622e17050af52c89945d44,jolokia
# - Example using plaintext
# jolokia:jetty,jolokia

View File

@ -10,6 +10,24 @@
<Set name="extractWAR">true</Set> <Set name="extractWAR">true</Set>
<Set name="copyWebDir">false</Set> <Set name="copyWebDir">false</Set>
<Set name="defaultsDescriptor"><Property name="jetty.home" default="."/>/etc/webdefault.xml</Set> <Set name="defaultsDescriptor"><Property name="jetty.home" default="."/>/etc/webdefault.xml</Set>
<!-- comment out this section when you have security configured -->
<Call class="org.slf4j.LoggerFactory" name="getLogger">
<Arg>org.eclipse.jetty</Arg>
<Call name="warn">
<Arg>The jolokia webapp is deployed, but does not have users and security configured. (see ${jetty.base}/etc/jolokia.xml)</Arg>
</Call>
</Call>
<Get name="securityHandler">
<Set name="loginService">
<New class="org.eclipse.jetty.security.HashLoginService">
<Set name="name">Jolokia Realm</Set>
<!-- Edit the contents ot the etc/jolokia-realm.properties -->
<Set name="config"><Property name="jetty.base" default="."/>/etc/jolokia-realm.properties</Set>
</New>
</Set>
</Get>
</New> </New>
</Arg> </Arg>
</Call> </Call>

View File

@ -5,7 +5,7 @@
# <username>: <password>[,<rolename> ...] # <username>: <password>[,<rolename> ...]
# #
# Passwords may be clear text, obfuscated or checksummed. The class # Passwords may be clear text, obfuscated or checksummed. The class
# org.eclipse.util.Password should be used to generate obfuscated # org.eclipse.jetty.util.security.Password should be used to generate obfuscated
# passwords or password checksums # passwords or password checksums
# #
# If DIGEST Authentication is used, the password must be in a recoverable # If DIGEST Authentication is used, the password must be in a recoverable

View File

@ -5,7 +5,7 @@
# <username>: <password>[,<rolename> ...] # <username>: <password>[,<rolename> ...]
# #
# Passwords may be clear text, obfuscated or checksummed. The class # Passwords may be clear text, obfuscated or checksummed. The class
# org.eclipse.util.Password should be used to generate obfuscated # org.eclipse.jetty.util.security.Password should be used to generate obfuscated
# passwords or password checksums # passwords or password checksums
# #
# If DIGEST Authentication is used, the password must be in a recoverable # If DIGEST Authentication is used, the password must be in a recoverable

View File

@ -29,7 +29,7 @@ import java.util.Locale;
* </pre> * </pre>
* *
* Passwords that begin with OBF: are de obfuscated. Passwords can be obfuscated * Passwords that begin with OBF: are de obfuscated. Passwords can be obfuscated
* by run org.eclipse.util.Password as a main class. Obfuscated password are * by run {@link org.eclipse.jetty.util.security.Password} as a main class. Obfuscated password are
* required if a system needs to recover the full password (eg. so that it may * required if a system needs to recover the full password (eg. so that it may
* be passed to another system). They are not secure, but prevent casual * be passed to another system). They are not secure, but prevent casual
* observation. * observation.

View File

@ -95,7 +95,7 @@
<jnr-ffi.version>2.2.11</jnr-ffi.version> <jnr-ffi.version>2.2.11</jnr-ffi.version>
<jnr-posix.version>3.1.15</jnr-posix.version> <jnr-posix.version>3.1.15</jnr-posix.version>
<jnr-unixsocket.version>0.38.17</jnr-unixsocket.version> <jnr-unixsocket.version>0.38.17</jnr-unixsocket.version>
<jolokia.version>1.3.3</jolokia.version> <jolokia.version>1.7.1</jolokia.version>
<json-simple.version>1.1.1</json-simple.version> <json-simple.version>1.1.1</json-simple.version>
<json-smart.version>2.4.8</json-smart.version> <json-smart.version>2.4.8</json-smart.version>
<jsp.impl.version>9.0.52</jsp.impl.version> <jsp.impl.version>9.0.52</jsp.impl.version>

View File

@ -138,8 +138,8 @@ public class ThirdPartyModulesTests extends AbstractJettyHomeTest
startHttpClient(); startHttpClient();
ContentResponse response = client.GET("http://localhost:" + httpPort + "/jolokia"); ContentResponse response = client.GET("http://localhost:" + httpPort + "/jolokia");
assertEquals(HttpStatus.OK_200, response.getStatus(), new ResponseDetails(response)); // default is no users specified, so this will return a 401.
assertThat(response.getContentAsString(), containsString("\"agentType\":\"servlet\"")); assertEquals(HttpStatus.UNAUTHORIZED_401, response.getStatus(), new ResponseDetails(response));
} }
} }
} }

View File

@ -5,7 +5,7 @@
# <username>: <password>[,<rolename> ...] # <username>: <password>[,<rolename> ...]
# #
# Passwords may be clear text, obfuscated or checksummed. The class # Passwords may be clear text, obfuscated or checksummed. The class
# org.eclipse.util.Password should be used to generate obfuscated # org.eclipse.jetty.util.security.Password should be used to generate obfuscated
# passwords or password checksums # passwords or password checksums
# #
# If DIGEST Authentication is used, the password must be in a recoverable # If DIGEST Authentication is used, the password must be in a recoverable

View File

@ -5,7 +5,7 @@
# <username>: <password>[,<rolename> ...] # <username>: <password>[,<rolename> ...]
# #
# Passwords may be clear text, obfuscated or checksummed. The class # Passwords may be clear text, obfuscated or checksummed. The class
# org.eclipse.util.Password should be used to generate obfuscated # org.eclipse.jetty.util.security.Password should be used to generate obfuscated
# passwords or password checksums # passwords or password checksums
# #
# If DIGEST Authentication is used, the password must be in a recoverable # If DIGEST Authentication is used, the password must be in a recoverable

View File

@ -5,7 +5,7 @@
# <username>: <password>[,<rolename> ...] # <username>: <password>[,<rolename> ...]
# #
# Passwords may be clear text, obfuscated or checksummed. The class # Passwords may be clear text, obfuscated or checksummed. The class
# org.eclipse.util.Password should be used to generate obfuscated # org.eclipse.jetty.util.security.Password should be used to generate obfuscated
# passwords or password checksums # passwords or password checksums
# #
# If DIGEST Authentication is used, the password must be in a recoverable # If DIGEST Authentication is used, the password must be in a recoverable

View File

@ -5,7 +5,7 @@
# <username>: <password>[,<rolename> ...] # <username>: <password>[,<rolename> ...]
# #
# Passwords may be clear text, obfuscated or checksummed. The class # Passwords may be clear text, obfuscated or checksummed. The class
# org.eclipse.util.Password should be used to generate obfuscated # org.eclipse.jetty.util.security.Password should be used to generate obfuscated
# passwords or password checksums # passwords or password checksums
# #
# If DIGEST Authentication is used, the password must be in a recoverable # If DIGEST Authentication is used, the password must be in a recoverable