From 98611564363c676ca686314904a1d85461ae5887 Mon Sep 17 00:00:00 2001 From: Colin Alworth Date: Fri, 9 Jun 2023 09:55:54 -0500 Subject: [PATCH 1/2] Enable PSK by default, correct link to IDE Also generates a random key when an empty key is provided --- .../authentication/psk/PskAuthenticationHandler.java | 5 +++-- docker-compose-common.yml | 2 +- props/configs/src/main/resources/dh-defaults.prop | 2 +- server/build.gradle | 2 +- server/jetty-app/build.gradle | 1 - 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/authentication/example-providers/psk/src/main/java/io/deephaven/authentication/psk/PskAuthenticationHandler.java b/authentication/example-providers/psk/src/main/java/io/deephaven/authentication/psk/PskAuthenticationHandler.java index e0283bffdb3..0ba625dd411 100644 --- a/authentication/example-providers/psk/src/main/java/io/deephaven/authentication/psk/PskAuthenticationHandler.java +++ b/authentication/example-providers/psk/src/main/java/io/deephaven/authentication/psk/PskAuthenticationHandler.java @@ -28,7 +28,8 @@ public class PskAuthenticationHandler implements AuthenticationRequestHandler { String pskFromConfig = Configuration.getInstance().getStringWithDefault("authentication.psk", null); // If this feature is enabled by not value give, generate a 64bit number and encode as // base-36 (lower case and numbers). - PSK = Objects.requireNonNullElseGet(pskFromConfig, () -> Long.toString(Math.abs(new Random().nextLong()), 36)); + PSK = Optional.ofNullable(pskFromConfig).map(String::trim).filter(s -> !s.isEmpty()) + .orElseGet(() -> Long.toString(Math.abs(new Random().nextLong()), 36)); // limit to ascii for better log and url support if (!StandardCharsets.US_ASCII.newEncoder().canEncode(PSK)) { @@ -69,7 +70,7 @@ public void initialize(String targetUrl) { logger.warn().append("================================================================================").endl(); logger.warn().append("Superuser access through pre-shared key is enabled - use ").append(PSK) .append(" to connect").endl(); - logger.warn().append("Connect automatically to Web UI with ").append(targetUrl).append("/jsapi?psk=") + logger.warn().append("Connect automatically to Web UI with ").append(targetUrl).append("/?psk=") .append(PSK) .endl(); logger.warn().append("================================================================================").endl(); diff --git a/docker-compose-common.yml b/docker-compose-common.yml index e48a35a3d9a..efce34f0e23 100644 --- a/docker-compose-common.yml +++ b/docker-compose-common.yml @@ -14,7 +14,7 @@ services: # with max memory. # # To turn on debug logging, add: -Dlogback.configurationFile=logback-debug.xml - - START_OPTS=-Xmx4g -Ddeephaven.console.type=${DEEPHAVEN_CONSOLE_TYPE} -Ddeephaven.application.dir=${DEEPHAVEN_APPLICATION_DIR} + - START_OPTS=-Xmx4g -Ddeephaven.console.type=${DEEPHAVEN_CONSOLE_TYPE} -Ddeephaven.application.dir=${DEEPHAVEN_APPLICATION_DIR} -Dauthentication.psk=${PSK} # # For remote debugging switch the line above for the one below (and also change the ports below) # - START_OPTS=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005 -Xmx4g -Ddeephaven.console.type=${DEEPHAVEN_CONSOLE_TYPE} -Ddeephaven.application.dir=${DEEPHAVEN_APPLICATION_DIR} diff --git a/props/configs/src/main/resources/dh-defaults.prop b/props/configs/src/main/resources/dh-defaults.prop index 232c7694a98..c6b580bcc13 100644 --- a/props/configs/src/main/resources/dh-defaults.prop +++ b/props/configs/src/main/resources/dh-defaults.prop @@ -48,7 +48,7 @@ deephaven.console.type=python http.session.durationMs=300000 # Default to allowing anonymous access, but don't yet warn users that it is unsafe by default -AuthHandlers=io.deephaven.auth.AnonymousAuthenticationHandler +AuthHandlers=io.deephaven.authentication.psk.PskAuthenticationHandler authentication.anonymous.warn=true # List of configuration properties to provide to unauthenticated clients, so that they can decide how best to prove their diff --git a/server/build.gradle b/server/build.gradle index 2d6d596c111..fb2faf2d22b 100644 --- a/server/build.gradle +++ b/server/build.gradle @@ -108,7 +108,7 @@ dependencies { Classpaths.inheritImmutables(project, true) - + runtimeOnly dependencies.project(path: ':authentication:example-providers:psk', configuration:'shadow') } TestTools.addEngineOutOfBandTest(project) diff --git a/server/jetty-app/build.gradle b/server/jetty-app/build.gradle index 59ccfdc9106..f795f21a6df 100644 --- a/server/jetty-app/build.gradle +++ b/server/jetty-app/build.gradle @@ -93,7 +93,6 @@ if (hasProperty('quiet')) { if (hasProperty('psk')) { authHandlers += ['io.deephaven.authentication.psk.PskAuthenticationHandler'] - dependencies.implementation(dependencies.project(path: ':authentication:example-providers:psk', configuration:'shadow')) if (project.getProperty('psk')) { // if there is a non-empty value assigned, use that for the key extraJvmArgs += ["-Dauthentication.psk=${getProperty('psk')}"] From eb49fedf023790eae3d9d69f651c8d6d095ed759 Mon Sep 17 00:00:00 2001 From: Devin Smith Date: Mon, 12 Jun 2023 07:24:18 -0700 Subject: [PATCH 2/2] Update java client for PSK --- .../io/deephaven/client/examples/AuthenticationOptions.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java-client/example-utilities/src/main/java/io/deephaven/client/examples/AuthenticationOptions.java b/java-client/example-utilities/src/main/java/io/deephaven/client/examples/AuthenticationOptions.java index 0fd92cf3ed3..d7a95a34183 100644 --- a/java-client/example-utilities/src/main/java/io/deephaven/client/examples/AuthenticationOptions.java +++ b/java-client/example-utilities/src/main/java/io/deephaven/client/examples/AuthenticationOptions.java @@ -19,7 +19,7 @@ public String toAuthenticationTypeAndValue() { return "io.deephaven.authentication.mtls.MTlsAuthenticationHandler"; } if (psk != null) { - return "psk " + psk; + return "io.deephaven.authentication.psk.PskAuthenticationHandler " + psk; } if (explicit != null) { return explicit;