Enable PSK by default, correct link to IDE (#3963)

Also generates a random key when an empty key is provided.
deephaven · Jun 21, 2023 · 14e7e28 · 14e7e28
1 parent 44e22b1
commit 14e7e28
Show file tree

Hide file tree

Showing 8 changed files with 11 additions and 11 deletions.
diff --git a/...providers/psk/src/main/java/io/deephaven/authentication/psk/PskAuthenticationHandler.java b/...providers/psk/src/main/java/io/deephaven/authentication/psk/PskAuthenticationHandler.java
@@ -26,9 +26,10 @@ public class PskAuthenticationHandler implements AuthenticationRequestHandler {
     private static final String PSK;
     static {
         String pskFromConfig = Configuration.getInstance().getStringWithDefault("authentication.psk", null);
-        // If this feature is enabled by not value give, generate a 64bit number and encode as
+        // If this feature is enabled but no value is given, generate a 64-bit number and encode as
         // base-36 (lower case and numbers).
-        PSK = Objects.requireNonNullElseGet(pskFromConfig, () -> Long.toString(Math.abs(new Random().nextLong()), 36));
+        PSK = Optional.ofNullable(pskFromConfig).map(String::trim).filter(s -> !s.isEmpty())
+                .orElseGet(() -> Long.toString(Math.abs(new Random().nextLong()), 36));
 
         // limit to ascii for better log and url support
         if (!StandardCharsets.US_ASCII.newEncoder().canEncode(PSK)) {
@@ -69,7 +70,7 @@ public void initialize(String targetUrl) {
         logger.warn().append("================================================================================").endl();
         logger.warn().append("Superuser access through pre-shared key is enabled - use ").append(PSK)
                 .append(" to connect").endl();
-        logger.warn().append("Connect automatically to Web UI with ").append(targetUrl).append("/jsapi?psk=")
+        logger.warn().append("Connect automatically to Web UI with ").append(targetUrl).append("/?psk=")
                 .append(PSK)
                 .endl();
         logger.warn().append("================================================================================").endl();

diff --git a/cpp-client/build.gradle b/cpp-client/build.gradle
@@ -51,7 +51,7 @@ project.tasks.getByName('quick').dependsOn project.tasks.getByName('license')
 String randomSuffix = UUID.randomUUID().toString();
 deephavenDocker {
     envVars.set([
-            'START_OPTS':'-Xmx512m'
+            'START_OPTS':'-Xmx512m -DAuthHandlers=io.deephaven.auth.AnonymousAuthenticationHandler'
     ])
     containerName.set "dh-server-for-cpp-${randomSuffix}"
     networkName.set "cpp-test-network-${randomSuffix}"

diff --git a/docker-compose-common.yml b/docker-compose-common.yml
@@ -14,7 +14,7 @@ services:
       # with max memory.
       #
       # To turn on debug logging, add: -Dlogback.configurationFile=logback-debug.xml
-      - START_OPTS=-Xmx4g -Ddeephaven.console.type=${DEEPHAVEN_CONSOLE_TYPE} -Ddeephaven.application.dir=${DEEPHAVEN_APPLICATION_DIR}
+      - START_OPTS=-Xmx4g -Ddeephaven.console.type=${DEEPHAVEN_CONSOLE_TYPE} -Ddeephaven.application.dir=${DEEPHAVEN_APPLICATION_DIR} -Dauthentication.psk=${DEEPHAVEN_PSK}
       #
       # For remote debugging switch the line above for the one below (and also change the ports below)
       # - START_OPTS=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005 -Xmx4g -Ddeephaven.console.type=${DEEPHAVEN_CONSOLE_TYPE} -Ddeephaven.application.dir=${DEEPHAVEN_APPLICATION_DIR}

diff --git a/go/build.gradle b/go/build.gradle
@@ -45,7 +45,7 @@ tasks.register('updateProtobuf', Sync) {
 String randomSuffix = UUID.randomUUID().toString();
 deephavenDocker {
     envVars.set([
-            'START_OPTS':'-Xmx512m'
+            'START_OPTS':'-Xmx512m -DAuthHandlers=io.deephaven.auth.AnonymousAuthenticationHandler'
     ])
     containerName.set "dh-server-for-go-${randomSuffix}"
     networkName.set "go-test-network-${randomSuffix}"

diff --git a/props/configs/src/main/resources/dh-defaults.prop b/props/configs/src/main/resources/dh-defaults.prop
@@ -47,8 +47,8 @@ deephaven.console.type=python
 # Default session duration is 5 minutes
 http.session.durationMs=300000
 
-# Default to allowing anonymous access, but don't yet warn users that it is unsafe by default
-AuthHandlers=io.deephaven.auth.AnonymousAuthenticationHandler
+# Default to requiring a single password to access the server
+AuthHandlers=io.deephaven.authentication.psk.PskAuthenticationHandler
 authentication.anonymous.warn=true
 
 # List of configuration properties to provide to unauthenticated clients, so that they can decide how best to prove their

diff --git a/py/client/build.gradle b/py/client/build.gradle
@@ -75,7 +75,7 @@ tasks.register('updateProtobuf', Sync) {
 String randomSuffix = UUID.randomUUID().toString();
 deephavenDocker {
     envVars.set([
-        'START_OPTS':'-Xmx512m'
+        'START_OPTS':'-Xmx512m -DAuthHandlers=io.deephaven.auth.AnonymousAuthenticationHandler'
     ])
     containerName.set "pydeephaven-test-container-${randomSuffix}"
     networkName.set "pydeephaven-network-${randomSuffix}"

diff --git a/server/build.gradle b/server/build.gradle
@@ -108,7 +108,7 @@ dependencies {
 
     Classpaths.inheritImmutables(project, true)
 
-
+    runtimeOnly project(':authentication:example-providers:psk')
 }
 
 TestTools.addEngineOutOfBandTest(project)

diff --git a/server/jetty-app/build.gradle b/server/jetty-app/build.gradle
@@ -93,7 +93,6 @@ if (hasProperty('quiet')) {
 
 if (hasProperty('psk')) {
     authHandlers += ['io.deephaven.authentication.psk.PskAuthenticationHandler']
-    dependencies.implementation(dependencies.project(path: ':authentication:example-providers:psk', configuration:'shadow'))
     if (project.getProperty('psk')) {
         // if there is a non-empty value assigned, use that for the key
         extraJvmArgs += ["-Dauthentication.psk=${getProperty('psk')}"]