src/main/java/org/apache/sling/hc/support/impl/DefaultLoginsHealthCheck.java - sling-org-apache-sling-hc-support - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements. See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership. The SF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License. You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied. See the License for the
  * specific language governing permissions and limitations under the License.
  */
 package org.apache.sling.hc.support.impl;

 import java.util.Arrays;
 import java.util.List;

 import javax.jcr.Credentials;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 import javax.jcr.SimpleCredentials;

 import org.apache.felix.hc.api.FormattingResultLog;
 import org.apache.felix.hc.api.HealthCheck;
 import org.apache.felix.hc.api.Result;
 import org.apache.sling.jcr.api.SlingRepository;
 import org.osgi.service.component.annotations.Activate;
 import org.osgi.service.component.annotations.Component;
 import org.osgi.service.component.annotations.ConfigurationPolicy;
 import org.osgi.service.component.annotations.Reference;
 import org.osgi.service.metatype.annotations.AttributeDefinition;
 import org.osgi.service.metatype.annotations.Designate;
 import org.osgi.service.metatype.annotations.ObjectClassDefinition;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 /** {@link HealthCheck} that runs an arbitrary script. */
 @Component(service = HealthCheck.class, name = "org.apache.sling.hc.support.DefaultLoginsHealthCheck", configurationPolicy = ConfigurationPolicy.REQUIRE)
 @Designate(ocd = DefaultLoginsHealthCheck.Config.class, factory = true)
 public class DefaultLoginsHealthCheck implements HealthCheck {

     private static final Logger LOG = LoggerFactory.getLogger(DefaultLoginsHealthCheck.class);

     public static final String HC_LABEL = "Health Check: Default Logins";

     @ObjectClassDefinition(name = HC_LABEL, description = "Expects default logins to fail, used to verify that they are disabled on production systems")
     @interface Config {

         @AttributeDefinition(name = "Name", description = "Name of this health check.")
         String hc_name() default "Default Logins Check";

         @AttributeDefinition(name = "Tags", description = "List of tags for this health check, used to select subsets of health checks for execution e.g. by a composite health check.")
         String[] hc_tags() default {};

         @AttributeDefinition(name = "Default Logins", description = "Which credentials to check. Each one is in the format"
                 + " \"user:password\" like \"admin:admin\" for example. Do *not* put any confidential passwords here, the goal "
                 + "is just to check that the default/demo logins, which passwords are known anyway, are disabled.")
         String[] logins() default "logins";

         @AttributeDefinition
         String webconsole_configurationFactory_nameHint() default "Default Logins Check: {logins}";
     }

     private List<String> logins;

     @Reference
     private SlingRepository repository;

     @Activate
     protected void activate(Config config) {
         this.logins = Arrays.asList(config.logins());
         LOG.info("Activated, logins={}", logins);
     }

     @Override
     public Result execute() {
         FormattingResultLog resultLog = new FormattingResultLog();
         int checked = 0;
         int failures = 0;

         for (String login : logins) {
             final String[] parts = login.split(":");
             if (parts.length != 2) {
                 resultLog.warn("Expected login in the form username:password, got [{}]", login);
                 continue;
             }
             checked++;
             final String username = parts[0].trim();
             final String password = parts[1].trim();
             final Credentials creds = new SimpleCredentials(username, password.toCharArray());
             Session s = null;
             try {
                 s = repository.login(creds);
                 if (s != null) {
                     failures++;
                     resultLog.warn("Login as [{}] succeeded, was expecting it to fail", username);
                 } else {
                     resultLog.debug("Login as [{}] didn't throw an Exception but returned null Session", username);
                 }
             } catch (RepositoryException re) {
                 resultLog.debug("Login as [{}] failed, as expected", username);
             } finally {
                 if (s != null) {
                     s.logout();
                 }
             }
         }

         if (checked == 0) {
             resultLog.warn("Did not check any logins, configured logins={}", logins);
         } else if (failures != 0) {
             resultLog.warn("Checked {} logins, {} failures", checked, failures);
         } else {
             resultLog.debug("Checked {} logins, all successful", checked, failures);
         }

         return new Result(resultLog);
     }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The SF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations under the License.
	*/
	package org.apache.sling.hc.support.impl;

	import java.util.Arrays;
	import java.util.List;

	import javax.jcr.Credentials;
	import javax.jcr.RepositoryException;
	import javax.jcr.Session;
	import javax.jcr.SimpleCredentials;

	import org.apache.felix.hc.api.FormattingResultLog;
	import org.apache.felix.hc.api.HealthCheck;
	import org.apache.felix.hc.api.Result;
	import org.apache.sling.jcr.api.SlingRepository;
	import org.osgi.service.component.annotations.Activate;
	import org.osgi.service.component.annotations.Component;
	import org.osgi.service.component.annotations.ConfigurationPolicy;
	import org.osgi.service.component.annotations.Reference;
	import org.osgi.service.metatype.annotations.AttributeDefinition;
	import org.osgi.service.metatype.annotations.Designate;
	import org.osgi.service.metatype.annotations.ObjectClassDefinition;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;

	/** {@link HealthCheck} that runs an arbitrary script. */
	@Component(service = HealthCheck.class, name = "org.apache.sling.hc.support.DefaultLoginsHealthCheck", configurationPolicy = ConfigurationPolicy.REQUIRE)
	@Designate(ocd = DefaultLoginsHealthCheck.Config.class, factory = true)
	public class DefaultLoginsHealthCheck implements HealthCheck {

	private static final Logger LOG = LoggerFactory.getLogger(DefaultLoginsHealthCheck.class);

	public static final String HC_LABEL = "Health Check: Default Logins";

	@ObjectClassDefinition(name = HC_LABEL, description = "Expects default logins to fail, used to verify that they are disabled on production systems")
	@interface Config {

	@AttributeDefinition(name = "Name", description = "Name of this health check.")
	String hc_name() default "Default Logins Check";

	@AttributeDefinition(name = "Tags", description = "List of tags for this health check, used to select subsets of health checks for execution e.g. by a composite health check.")
	String[] hc_tags() default {};

	@AttributeDefinition(name = "Default Logins", description = "Which credentials to check. Each one is in the format"
	+ " \"user:password\" like \"admin:admin\" for example. Do not put any confidential passwords here, the goal "
	+ "is just to check that the default/demo logins, which passwords are known anyway, are disabled.")
	String[] logins() default "logins";

	@AttributeDefinition
	String webconsole_configurationFactory_nameHint() default "Default Logins Check: {logins}";
	}

	private List<String> logins;

	@Reference
	private SlingRepository repository;

	@Activate
	protected void activate(Config config) {
	this.logins = Arrays.asList(config.logins());
	LOG.info("Activated, logins={}", logins);
	}

	@Override
	public Result execute() {
	FormattingResultLog resultLog = new FormattingResultLog();
	int checked = 0;
	int failures = 0;

	for (String login : logins) {
	final String[] parts = login.split(":");
	if (parts.length != 2) {
	resultLog.warn("Expected login in the form username:password, got [{}]", login);
	continue;
	}
	checked++;
	final String username = parts[0].trim();
	final String password = parts[1].trim();
	final Credentials creds = new SimpleCredentials(username, password.toCharArray());
	Session s = null;
	try {
	s = repository.login(creds);
	if (s != null) {
	failures++;
	resultLog.warn("Login as [{}] succeeded, was expecting it to fail", username);
	} else {
	resultLog.debug("Login as [{}] didn't throw an Exception but returned null Session", username);
	}
	} catch (RepositoryException re) {
	resultLog.debug("Login as [{}] failed, as expected", username);
	} finally {
	if (s != null) {
	s.logout();
	}
	}
	}

	if (checked == 0) {
	resultLog.warn("Did not check any logins, configured logins={}", logins);
	} else if (failures != 0) {
	resultLog.warn("Checked {} logins, {} failures", checked, failures);
	} else {
	resultLog.debug("Checked {} logins, all successful", checked, failures);
	}

	return new Result(resultLog);
	}

	}