From 0862147c2b48024a439b40e708245e30a2793e2d Mon Sep 17 00:00:00 2001 From: Colin Alworth Date: Fri, 9 Jun 2023 09:55:54 -0500 Subject: [PATCH 1/6] Enable PSK by default, correct link to IDE Also generates a random key when an empty key is provided --- .../authentication/psk/PskAuthenticationHandler.java | 5 +++-- docker-compose-common.yml | 2 +- props/configs/src/main/resources/dh-defaults.prop | 2 +- server/build.gradle | 2 +- server/jetty-app/build.gradle | 1 - 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/authentication/example-providers/psk/src/main/java/io/deephaven/authentication/psk/PskAuthenticationHandler.java b/authentication/example-providers/psk/src/main/java/io/deephaven/authentication/psk/PskAuthenticationHandler.java index e0283bffdb3..0ba625dd411 100644 --- a/authentication/example-providers/psk/src/main/java/io/deephaven/authentication/psk/PskAuthenticationHandler.java +++ b/authentication/example-providers/psk/src/main/java/io/deephaven/authentication/psk/PskAuthenticationHandler.java @@ -28,7 +28,8 @@ public class PskAuthenticationHandler implements AuthenticationRequestHandler { String pskFromConfig = Configuration.getInstance().getStringWithDefault("authentication.psk", null); // If this feature is enabled by not value give, generate a 64bit number and encode as // base-36 (lower case and numbers). - PSK = Objects.requireNonNullElseGet(pskFromConfig, () -> Long.toString(Math.abs(new Random().nextLong()), 36)); + PSK = Optional.ofNullable(pskFromConfig).map(String::trim).filter(s -> !s.isEmpty()) + .orElseGet(() -> Long.toString(Math.abs(new Random().nextLong()), 36)); // limit to ascii for better log and url support if (!StandardCharsets.US_ASCII.newEncoder().canEncode(PSK)) { @@ -69,7 +70,7 @@ public void initialize(String targetUrl) { logger.warn().append("================================================================================").endl(); logger.warn().append("Superuser access through pre-shared key is enabled - use ").append(PSK) .append(" to connect").endl(); - logger.warn().append("Connect automatically to Web UI with ").append(targetUrl).append("/jsapi?psk=") + logger.warn().append("Connect automatically to Web UI with ").append(targetUrl).append("/?psk=") .append(PSK) .endl(); logger.warn().append("================================================================================").endl(); diff --git a/docker-compose-common.yml b/docker-compose-common.yml index e48a35a3d9a..efce34f0e23 100644 --- a/docker-compose-common.yml +++ b/docker-compose-common.yml @@ -14,7 +14,7 @@ services: # with max memory. # # To turn on debug logging, add: -Dlogback.configurationFile=logback-debug.xml - - START_OPTS=-Xmx4g -Ddeephaven.console.type=${DEEPHAVEN_CONSOLE_TYPE} -Ddeephaven.application.dir=${DEEPHAVEN_APPLICATION_DIR} + - START_OPTS=-Xmx4g -Ddeephaven.console.type=${DEEPHAVEN_CONSOLE_TYPE} -Ddeephaven.application.dir=${DEEPHAVEN_APPLICATION_DIR} -Dauthentication.psk=${PSK} # # For remote debugging switch the line above for the one below (and also change the ports below) # - START_OPTS=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005 -Xmx4g -Ddeephaven.console.type=${DEEPHAVEN_CONSOLE_TYPE} -Ddeephaven.application.dir=${DEEPHAVEN_APPLICATION_DIR} diff --git a/props/configs/src/main/resources/dh-defaults.prop b/props/configs/src/main/resources/dh-defaults.prop index 232c7694a98..c6b580bcc13 100644 --- a/props/configs/src/main/resources/dh-defaults.prop +++ b/props/configs/src/main/resources/dh-defaults.prop @@ -48,7 +48,7 @@ deephaven.console.type=python http.session.durationMs=300000 # Default to allowing anonymous access, but don't yet warn users that it is unsafe by default -AuthHandlers=io.deephaven.auth.AnonymousAuthenticationHandler +AuthHandlers=io.deephaven.authentication.psk.PskAuthenticationHandler authentication.anonymous.warn=true # List of configuration properties to provide to unauthenticated clients, so that they can decide how best to prove their diff --git a/server/build.gradle b/server/build.gradle index 2d6d596c111..fb2faf2d22b 100644 --- a/server/build.gradle +++ b/server/build.gradle @@ -108,7 +108,7 @@ dependencies { Classpaths.inheritImmutables(project, true) - + runtimeOnly dependencies.project(path: ':authentication:example-providers:psk', configuration:'shadow') } TestTools.addEngineOutOfBandTest(project) diff --git a/server/jetty-app/build.gradle b/server/jetty-app/build.gradle index 59ccfdc9106..f795f21a6df 100644 --- a/server/jetty-app/build.gradle +++ b/server/jetty-app/build.gradle @@ -93,7 +93,6 @@ if (hasProperty('quiet')) { if (hasProperty('psk')) { authHandlers += ['io.deephaven.authentication.psk.PskAuthenticationHandler'] - dependencies.implementation(dependencies.project(path: ':authentication:example-providers:psk', configuration:'shadow')) if (project.getProperty('psk')) { // if there is a non-empty value assigned, use that for the key extraJvmArgs += ["-Dauthentication.psk=${getProperty('psk')}"] From 5287c74805c72f853029391b84ebde4fc3cf920c Mon Sep 17 00:00:00 2001 From: Colin Alworth Date: Thu, 15 Jun 2023 14:09:52 -0500 Subject: [PATCH 2/6] Review feedback --- .../deephaven/authentication/psk/PskAuthenticationHandler.java | 2 +- props/configs/src/main/resources/dh-defaults.prop | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/authentication/example-providers/psk/src/main/java/io/deephaven/authentication/psk/PskAuthenticationHandler.java b/authentication/example-providers/psk/src/main/java/io/deephaven/authentication/psk/PskAuthenticationHandler.java index 0ba625dd411..71a3f1381b4 100644 --- a/authentication/example-providers/psk/src/main/java/io/deephaven/authentication/psk/PskAuthenticationHandler.java +++ b/authentication/example-providers/psk/src/main/java/io/deephaven/authentication/psk/PskAuthenticationHandler.java @@ -26,7 +26,7 @@ public class PskAuthenticationHandler implements AuthenticationRequestHandler { private static final String PSK; static { String pskFromConfig = Configuration.getInstance().getStringWithDefault("authentication.psk", null); - // If this feature is enabled by not value give, generate a 64bit number and encode as + // If this feature is enabled by no value given, generate a 64-bit number and encode as // base-36 (lower case and numbers). PSK = Optional.ofNullable(pskFromConfig).map(String::trim).filter(s -> !s.isEmpty()) .orElseGet(() -> Long.toString(Math.abs(new Random().nextLong()), 36)); diff --git a/props/configs/src/main/resources/dh-defaults.prop b/props/configs/src/main/resources/dh-defaults.prop index c6b580bcc13..535a6d9a6f0 100644 --- a/props/configs/src/main/resources/dh-defaults.prop +++ b/props/configs/src/main/resources/dh-defaults.prop @@ -47,7 +47,7 @@ deephaven.console.type=python # Default session duration is 5 minutes http.session.durationMs=300000 -# Default to allowing anonymous access, but don't yet warn users that it is unsafe by default +# Default to requiring a single password to access the server AuthHandlers=io.deephaven.authentication.psk.PskAuthenticationHandler authentication.anonymous.warn=true From 3785c8485e17694ce28fa745d606baffab6503a1 Mon Sep 17 00:00:00 2001 From: Colin Alworth Date: Thu, 15 Jun 2023 14:41:38 -0500 Subject: [PATCH 3/6] Fix shadow dependency --- server/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/build.gradle b/server/build.gradle index fb2faf2d22b..37557e354bc 100644 --- a/server/build.gradle +++ b/server/build.gradle @@ -108,7 +108,7 @@ dependencies { Classpaths.inheritImmutables(project, true) - runtimeOnly dependencies.project(path: ':authentication:example-providers:psk', configuration:'shadow') + runtimeOnly project(':authentication:example-providers:psk') } TestTools.addEngineOutOfBandTest(project) From f55c171c0e3c6abd0890951d549055f72dfb7e7b Mon Sep 17 00:00:00 2001 From: Colin Alworth Date: Thu, 15 Jun 2023 16:42:57 -0500 Subject: [PATCH 4/6] Force anon auth for client integration tests --- cpp-client/build.gradle | 2 +- go/build.gradle | 2 +- py/client/build.gradle | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cpp-client/build.gradle b/cpp-client/build.gradle index 4a8c08264d7..d1ee54b4ee8 100644 --- a/cpp-client/build.gradle +++ b/cpp-client/build.gradle @@ -51,7 +51,7 @@ project.tasks.getByName('quick').dependsOn project.tasks.getByName('license') String randomSuffix = UUID.randomUUID().toString(); deephavenDocker { envVars.set([ - 'START_OPTS':'-Xmx512m' + 'START_OPTS':'-Xmx512m -DAuthHandlers=io.deephaven.auth.AnonymousAuthenticationHandler' ]) containerName.set "dh-server-for-cpp-${randomSuffix}" networkName.set "cpp-test-network-${randomSuffix}" diff --git a/go/build.gradle b/go/build.gradle index 6a3ca89552f..3d039ad909d 100644 --- a/go/build.gradle +++ b/go/build.gradle @@ -45,7 +45,7 @@ tasks.register('updateProtobuf', Sync) { String randomSuffix = UUID.randomUUID().toString(); deephavenDocker { envVars.set([ - 'START_OPTS':'-Xmx512m' + 'START_OPTS':'-Xmx512m -DAuthHandlers=io.deephaven.auth.AnonymousAuthenticationHandler' ]) containerName.set "dh-server-for-go-${randomSuffix}" networkName.set "go-test-network-${randomSuffix}" diff --git a/py/client/build.gradle b/py/client/build.gradle index fec7fb1fbf7..7c2ec933f85 100644 --- a/py/client/build.gradle +++ b/py/client/build.gradle @@ -75,7 +75,7 @@ tasks.register('updateProtobuf', Sync) { String randomSuffix = UUID.randomUUID().toString(); deephavenDocker { envVars.set([ - 'START_OPTS':'-Xmx512m' + 'START_OPTS':'-Xmx512m -DAuthHandlers=io.deephaven.auth.AnonymousAuthenticationHandler' ]) containerName.set "pydeephaven-test-container-${randomSuffix}" networkName.set "pydeephaven-network-${randomSuffix}" From aa59a2e1f72ba6d1e33353b9cafb9b8389db5907 Mon Sep 17 00:00:00 2001 From: Colin Alworth Date: Tue, 20 Jun 2023 13:57:59 -0500 Subject: [PATCH 5/6] comment typos --- .../deephaven/authentication/psk/PskAuthenticationHandler.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/authentication/example-providers/psk/src/main/java/io/deephaven/authentication/psk/PskAuthenticationHandler.java b/authentication/example-providers/psk/src/main/java/io/deephaven/authentication/psk/PskAuthenticationHandler.java index 71a3f1381b4..cb8b46ba3f9 100644 --- a/authentication/example-providers/psk/src/main/java/io/deephaven/authentication/psk/PskAuthenticationHandler.java +++ b/authentication/example-providers/psk/src/main/java/io/deephaven/authentication/psk/PskAuthenticationHandler.java @@ -26,7 +26,7 @@ public class PskAuthenticationHandler implements AuthenticationRequestHandler { private static final String PSK; static { String pskFromConfig = Configuration.getInstance().getStringWithDefault("authentication.psk", null); - // If this feature is enabled by no value given, generate a 64-bit number and encode as + // If this feature is enabled but no value is given, generate a 64-bit number and encode as // base-36 (lower case and numbers). PSK = Optional.ofNullable(pskFromConfig).map(String::trim).filter(s -> !s.isEmpty()) .orElseGet(() -> Long.toString(Math.abs(new Random().nextLong()), 36)); From 104c9fe5dc675b29a89819054d7ca4d26df86b41 Mon Sep 17 00:00:00 2001 From: Colin Alworth Date: Tue, 20 Jun 2023 14:00:54 -0500 Subject: [PATCH 6/6] Unambiguous env var --- docker-compose-common.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose-common.yml b/docker-compose-common.yml index efce34f0e23..fc19684bd75 100644 --- a/docker-compose-common.yml +++ b/docker-compose-common.yml @@ -14,7 +14,7 @@ services: # with max memory. # # To turn on debug logging, add: -Dlogback.configurationFile=logback-debug.xml - - START_OPTS=-Xmx4g -Ddeephaven.console.type=${DEEPHAVEN_CONSOLE_TYPE} -Ddeephaven.application.dir=${DEEPHAVEN_APPLICATION_DIR} -Dauthentication.psk=${PSK} + - START_OPTS=-Xmx4g -Ddeephaven.console.type=${DEEPHAVEN_CONSOLE_TYPE} -Ddeephaven.application.dir=${DEEPHAVEN_APPLICATION_DIR} -Dauthentication.psk=${DEEPHAVEN_PSK} # # For remote debugging switch the line above for the one below (and also change the ports below) # - START_OPTS=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005 -Xmx4g -Ddeephaven.console.type=${DEEPHAVEN_CONSOLE_TYPE} -Ddeephaven.application.dir=${DEEPHAVEN_APPLICATION_DIR}