diff --git a/agents/exec/installer/src/main/resources/installers/1.0.0/org.eclipse.che.exec.json b/agents/exec/installer/src/main/resources/installers/1.0.0/org.eclipse.che.exec.json index fa71a8925d6..2f6acaf1087 100644 --- a/agents/exec/installer/src/main/resources/installers/1.0.0/org.eclipse.che.exec.json +++ b/agents/exec/installer/src/main/resources/installers/1.0.0/org.eclipse.che.exec.json @@ -11,7 +11,8 @@ "protocol": "http", "path" : "/process", "attributes": { - "secure": "true" + "secure": "true", + "unsecuredPaths": "/liveness" } }, "exec-agent/ws": { @@ -19,7 +20,8 @@ "protocol": "ws", "path": "/connect", "attributes": { - "secure": "true" + "secure": "true", + "unsecuredPaths": "/liveness" } } } diff --git a/agents/exec/installer/src/main/resources/installers/1.0.1/org.eclipse.che.exec.json b/agents/exec/installer/src/main/resources/installers/1.0.1/org.eclipse.che.exec.json index e08d9f35ea9..78973645cd8 100644 --- a/agents/exec/installer/src/main/resources/installers/1.0.1/org.eclipse.che.exec.json +++ b/agents/exec/installer/src/main/resources/installers/1.0.1/org.eclipse.che.exec.json @@ -11,7 +11,8 @@ "protocol": "http", "path" : "/process", "attributes": { - "secure": "true" + "secure": "true", + "unsecuredPaths": "/liveness" } }, "exec-agent/ws": { @@ -19,7 +20,8 @@ "protocol": "ws", "path": "/connect", "attributes": { - "secure": "true" + "secure": "true", + "unsecuredPaths": "/liveness" } } } diff --git a/agents/terminal/src/main/resources/installers/1.0.0/org.eclipse.che.terminal.json b/agents/terminal/src/main/resources/installers/1.0.0/org.eclipse.che.terminal.json index 58fdadfd519..788a6108583 100644 --- a/agents/terminal/src/main/resources/installers/1.0.0/org.eclipse.che.terminal.json +++ b/agents/terminal/src/main/resources/installers/1.0.0/org.eclipse.che.terminal.json @@ -11,7 +11,8 @@ "protocol": "ws", "path" : "/pty", "attributes": { - "secure": "true" + "secure": "true", + "unsecuredPaths": "/liveness" } } } diff --git a/agents/terminal/src/main/resources/installers/1.0.1/org.eclipse.che.terminal.json b/agents/terminal/src/main/resources/installers/1.0.1/org.eclipse.che.terminal.json index cfd12111fc9..360b4338079 100644 --- a/agents/terminal/src/main/resources/installers/1.0.1/org.eclipse.che.terminal.json +++ b/agents/terminal/src/main/resources/installers/1.0.1/org.eclipse.che.terminal.json @@ -11,7 +11,8 @@ "protocol": "ws", "path" : "/pty", "attributes": { - "secure": "true" + "secure": "true", + "unsecuredPaths": "/liveness" } } } diff --git a/core/che-core-api-model/src/main/java/org/eclipse/che/api/core/model/workspace/config/ServerConfig.java b/core/che-core-api-model/src/main/java/org/eclipse/che/api/core/model/workspace/config/ServerConfig.java index a53b4a4191e..2693dda7889 100644 --- a/core/che-core-api-model/src/main/java/org/eclipse/che/api/core/model/workspace/config/ServerConfig.java +++ b/core/che-core-api-model/src/main/java/org/eclipse/che/api/core/model/workspace/config/ServerConfig.java @@ -36,6 +36,13 @@ public interface ServerConfig { */ String SECURE_SERVER_ATTRIBUTE = "secure"; + /** + * {@link ServerConfig} and {@link Server} attribute name which can contain an comma-separated + * list of URI-s which are considered as non-secure on the given server and can be accessible with + * unauthenticated requests. + */ + String UNSECURED_PATHS_ATTRIBUTE = "unsecuredPaths"; + /** * Port used by server. * diff --git a/ide/che-core-ide-app/src/main/java/org/eclipse/che/ide/statepersistance/AppStateSyncWriter.java b/ide/che-core-ide-app/src/main/java/org/eclipse/che/ide/statepersistance/AppStateSyncWriter.java index 7233312ff7b..6f0cef41863 100644 --- a/ide/che-core-ide-app/src/main/java/org/eclipse/che/ide/statepersistance/AppStateSyncWriter.java +++ b/ide/che-core-ide-app/src/main/java/org/eclipse/che/ide/statepersistance/AppStateSyncWriter.java @@ -52,7 +52,7 @@ private native void sendSyncRequest(String url, String machineToken, String json var request = new XMLHttpRequest(); request.open("POST", url, false); request.setRequestHeader("Content-Type", "application/json"); - request.setRequestHeader("Authorization", machineToken); + request.setRequestHeader("Authorization", "Bearer " + machineToken); request.send(json); } catch (e) { console.error(e); diff --git a/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/JwtProxyConfigBuilder.java b/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/JwtProxyConfigBuilder.java index d580bd88de3..43a571d8672 100644 --- a/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/JwtProxyConfigBuilder.java +++ b/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/JwtProxyConfigBuilder.java @@ -10,11 +10,13 @@ */ package org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy; +import static java.lang.String.format; import static org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.JwtProxyProvisioner.JWT_PROXY_CONFIG_FOLDER; import static org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.JwtProxyProvisioner.JWT_PROXY_PUBLIC_KEY_FILE; import java.util.ArrayList; import java.util.List; +import java.util.Set; /** * Helps to build JWTProxy config with several verifier proxies. @@ -29,8 +31,8 @@ public JwtProxyConfigBuilder(String workspaceId) { this.workspaceId = workspaceId; } - public void addVerifierProxy(Integer listenPort, String upstream) { - verifierProxies.add(new VerifierProxy(listenPort, upstream)); + public void addVerifierProxy(Integer listenPort, String upstream, Set excludes) { + verifierProxies.add(new VerifierProxy(listenPort, upstream, excludes)); } public String build() { @@ -39,18 +41,18 @@ public String build() { configBuilder.append("jwtproxy:\n" + " verifier_proxies:\n"); for (VerifierProxy verifierProxy : verifierProxies) { configBuilder.append( - String.format( + format( " - listen_addr: :%s\n" // :4471 + " verifier:\n" + " upstream: %s/\n" // http://localhost:4401 - + " audience: http://%s\n" + + " audience: %s\n" + " max_skew: 1m\n" - + " max_ttl: 3h\n" + + " max_ttl: 8800h\n" + " key_server:\n" + " type: preshared\n" + " options:\n" + " issuer: wsmaster\n" - + " key_id: mykey\n" + + " key_id: %s\n" + " public_key_path: " + JWT_PROXY_CONFIG_FOLDER + "/" @@ -64,8 +66,14 @@ public String build() { + " type: void\n", verifierProxy.listenPort, verifierProxy.upstream, + workspaceId, workspaceId)); + if (!verifierProxy.excludes.isEmpty()) { + configBuilder.append(" excludes:\n"); + verifierProxy.excludes.forEach(s -> configBuilder.append(format(" - %s\n", s))); + } } + configBuilder.append(" signer_proxy:\n" + " enabled: false\n"); return configBuilder.toString(); } @@ -73,10 +81,12 @@ public String build() { private class VerifierProxy { private Integer listenPort; private String upstream; + private Set excludes; - VerifierProxy(Integer listenPort, String upstream) { + VerifierProxy(Integer listenPort, String upstream, Set excludes) { this.listenPort = listenPort; this.upstream = upstream; + this.excludes = excludes; } } } diff --git a/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/JwtProxyProvisioner.java b/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/JwtProxyProvisioner.java index 3a4f5e9b7d0..681e422ad5f 100644 --- a/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/JwtProxyProvisioner.java +++ b/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/JwtProxyProvisioner.java @@ -12,6 +12,7 @@ import static java.util.Collections.emptyList; import static java.util.Collections.emptyMap; +import static org.eclipse.che.api.core.model.workspace.config.ServerConfig.UNSECURED_PATHS_ATTRIBUTE; import static org.eclipse.che.commons.lang.NameGenerator.generate; import static org.eclipse.che.workspace.infrastructure.kubernetes.Constants.CHE_ORIGINAL_NAME_LABEL; import static org.eclipse.che.workspace.infrastructure.kubernetes.server.KubernetesServerExposer.SERVER_PREFIX; @@ -30,9 +31,13 @@ import io.fabric8.kubernetes.api.model.VolumeBuilder; import io.fabric8.kubernetes.api.model.VolumeMount; import java.security.KeyPair; +import java.util.Collections; import java.util.HashMap; +import java.util.HashSet; import java.util.Map; +import java.util.Set; import org.eclipse.che.api.core.model.workspace.config.MachineConfig; +import org.eclipse.che.api.core.model.workspace.config.ServerConfig; import org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity; import org.eclipse.che.api.workspace.server.spi.InfrastructureException; import org.eclipse.che.api.workspace.server.spi.InternalInfrastructureException; @@ -105,6 +110,7 @@ public JwtProxyProvisioner(RuntimeIdentity identity, SignatureKeyManager signatu * @param backendServiceName service name that will be exposed * @param backendServicePort service port that will be exposed * @param protocol protocol that will be used for exposed port + * @param secureServers secure servers to expose * @return JWTProxy service port that expose the specified one * @throws InfrastructureException if any exception occurs during port exposing */ @@ -112,14 +118,23 @@ public ServicePort expose( KubernetesEnvironment k8sEnv, String backendServiceName, int backendServicePort, - String protocol) + String protocol, + Map secureServers) throws InfrastructureException { ensureJwtProxyInjected(k8sEnv); int listenPort = availablePort++; + Set excludes = new HashSet<>(); + for (ServerConfig config : secureServers.values()) { + if (config.getAttributes().containsKey(UNSECURED_PATHS_ATTRIBUTE)) { + Collections.addAll( + excludes, config.getAttributes().get(UNSECURED_PATHS_ATTRIBUTE).split(",")); + } + } + proxyConfigBuilder.addVerifierProxy( - listenPort, "http://" + backendServiceName + ":" + backendServicePort); + listenPort, "http://" + backendServiceName + ":" + backendServicePort, excludes); k8sEnv .getConfigMaps() .get(getConfigMapName()) diff --git a/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/JwtProxySecureServerExposer.java b/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/JwtProxySecureServerExposer.java index 3c7aa75d798..60226eb2e2c 100644 --- a/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/JwtProxySecureServerExposer.java +++ b/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/JwtProxySecureServerExposer.java @@ -73,7 +73,8 @@ public void expose( k8sEnv, serviceName, servicePort.getTargetPort().getIntVal(), - servicePort.getProtocol()); + servicePort.getProtocol(), + secureServers); exposerStrategy.expose( k8sEnv, machineName, proxyProvisioner.getServiceName(), exposedServicePort, secureServers); diff --git a/infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/JwtProxyConfigBuilderTest.java b/infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/JwtProxyConfigBuilderTest.java index 0334798a41f..766b084a82e 100644 --- a/infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/JwtProxyConfigBuilderTest.java +++ b/infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/JwtProxyConfigBuilderTest.java @@ -12,6 +12,8 @@ import static org.testng.Assert.assertEquals; +import java.util.HashSet; +import java.util.Set; import org.testng.annotations.BeforeMethod; import org.testng.annotations.Test; import org.testng.reporters.Files; @@ -33,8 +35,11 @@ public void setUp() { @Test public void shouldBuildJwtProxyConfigInYamlFormat() throws Exception { // given - jwtProxyConfigBuilder.addVerifierProxy(8080, "http://tomcat:8080"); - jwtProxyConfigBuilder.addVerifierProxy(4101, "ws://terminal:4101"); + Set excludes = new HashSet<>(); + jwtProxyConfigBuilder.addVerifierProxy(8080, "http://tomcat:8080", new HashSet<>(excludes)); + excludes.add("/api/liveness"); + excludes.add("/other/exclude"); + jwtProxyConfigBuilder.addVerifierProxy(4101, "ws://terminal:4101", new HashSet<>(excludes)); // when String jwtProxyConfigYaml = jwtProxyConfigBuilder.build(); diff --git a/infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/JwtProxyProvisionerTest.java b/infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/JwtProxyProvisionerTest.java index 405caa4edc5..395367a1930 100644 --- a/infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/JwtProxyProvisionerTest.java +++ b/infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/JwtProxyProvisionerTest.java @@ -27,6 +27,7 @@ import java.security.KeyPair; import java.security.PublicKey; import java.util.Base64; +import java.util.Collections; import java.util.regex.Pattern; import org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity; import org.eclipse.che.api.workspace.server.model.impl.RuntimeIdentityImpl; @@ -91,7 +92,7 @@ public void shouldReturnGeneratedJwtProxyConfigMapName() { @Test public void shouldProvisionJwtProxyRelatedObjectsIntoKubernetesEnvironment() throws Exception { // when - jwtProxyProvisioner.expose(k8sEnv, "terminal", 4401, "TCP"); + jwtProxyProvisioner.expose(k8sEnv, "terminal", 4401, "TCP", Collections.EMPTY_MAP); // then InternalMachineConfig jwtProxyMachine = diff --git a/infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/JwtProxySecureServerExposerTest.java b/infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/JwtProxySecureServerExposerTest.java index ba19af057a9..7971e3cd39d 100644 --- a/infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/JwtProxySecureServerExposerTest.java +++ b/infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/JwtProxySecureServerExposerTest.java @@ -12,6 +12,7 @@ import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.anyInt; +import static org.mockito.ArgumentMatchers.anyMap; import static org.mockito.ArgumentMatchers.anyString; import static org.mockito.Mockito.doReturn; import static org.mockito.Mockito.verify; @@ -71,7 +72,7 @@ public void shouldExposeSecureServersWithNewJwtProxyServicePort() throws Excepti ServicePort jwtProxyServicePort = new ServicePort(); doReturn(jwtProxyServicePort) .when(jwtProxyProvisioner) - .expose(any(), anyString(), anyInt(), anyString()); + .expose(any(), anyString(), anyInt(), anyString(), anyMap()); when(jwtProxyProvisioner.getServiceName()).thenReturn(JWT_PROXY_SERVICE_NAME); @@ -80,7 +81,7 @@ public void shouldExposeSecureServersWithNewJwtProxyServicePort() throws Excepti k8sEnv, MACHINE_NAME, MACHINE_SERVICE_NAME, machineServicePort, servers); // then - verify(jwtProxyProvisioner).expose(k8sEnv, MACHINE_SERVICE_NAME, 8080, "TCP"); + verify(jwtProxyProvisioner).expose(k8sEnv, MACHINE_SERVICE_NAME, 8080, "TCP", servers); verify(externalServerExposer) .expose(k8sEnv, MACHINE_NAME, JWT_PROXY_SERVICE_NAME, jwtProxyServicePort, servers); } diff --git a/infrastructures/kubernetes/src/test/resources/jwtproxy-confg.yaml b/infrastructures/kubernetes/src/test/resources/jwtproxy-confg.yaml index a6f83c5c240..2b4dd963b1a 100644 --- a/infrastructures/kubernetes/src/test/resources/jwtproxy-confg.yaml +++ b/infrastructures/kubernetes/src/test/resources/jwtproxy-confg.yaml @@ -3,14 +3,14 @@ jwtproxy: - listen_addr: :8080 verifier: upstream: http://tomcat:8080/ - audience: http://workspace123 + audience: workspace123 max_skew: 1m - max_ttl: 3h + max_ttl: 8800h key_server: type: preshared options: issuer: wsmaster - key_id: mykey + key_id: workspace123 public_key_path: /config/mykey.pub claims_verifiers: - type: static @@ -21,14 +21,14 @@ jwtproxy: - listen_addr: :4101 verifier: upstream: ws://terminal:4101/ - audience: http://workspace123 + audience: workspace123 max_skew: 1m - max_ttl: 3h + max_ttl: 8800h key_server: type: preshared options: issuer: wsmaster - key_id: mykey + key_id: workspace123 public_key_path: /config/mykey.pub claims_verifiers: - type: static @@ -36,5 +36,8 @@ jwtproxy: iss: wsmaster nonce_storage: type: void + excludes: + - /api/liveness + - /other/exclude signer_proxy: enabled: false diff --git a/multiuser/machine-auth/che-multiuser-machine-authentication/src/main/java/org/eclipse/che/multiuser/machine/authentication/server/MachineTokenRegistry.java b/multiuser/machine-auth/che-multiuser-machine-authentication/src/main/java/org/eclipse/che/multiuser/machine/authentication/server/MachineTokenRegistry.java index 1db3b690de2..95ca0ffcd0f 100644 --- a/multiuser/machine-auth/che-multiuser-machine-authentication/src/main/java/org/eclipse/che/multiuser/machine/authentication/server/MachineTokenRegistry.java +++ b/multiuser/machine-auth/che-multiuser-machine-authentication/src/main/java/org/eclipse/che/multiuser/machine/authentication/server/MachineTokenRegistry.java @@ -10,8 +10,9 @@ */ package org.eclipse.che.multiuser.machine.authentication.server; -import static io.jsonwebtoken.SignatureAlgorithm.RS512; +import static io.jsonwebtoken.SignatureAlgorithm.RS256; import static java.lang.String.format; +import static java.time.temporal.ChronoUnit.DAYS; import static org.eclipse.che.multiuser.machine.authentication.shared.Constants.MACHINE_TOKEN_KIND; import com.google.common.collect.HashBasedTable; @@ -19,6 +20,7 @@ import io.jsonwebtoken.Claims; import io.jsonwebtoken.Jwts; import java.security.PrivateKey; +import java.time.Instant; import java.util.HashMap; import java.util.Map; import java.util.UUID; @@ -92,14 +94,21 @@ private String createToken(String userId, String workspaceId) final User user = userManager.getById(userId); final Map header = new HashMap<>(2); header.put("kind", MACHINE_TOKEN_KIND); - final Map claims = new HashMap<>(4); + header.put("kid", workspaceId); + final Map claims = new HashMap<>(); // to ensure that each token is unique claims.put(Claims.ID, UUID.randomUUID().toString()); claims.put(Constants.USER_ID_CLAIM, userId); claims.put(Constants.USER_NAME_CLAIM, user.getName()); claims.put(Constants.WORKSPACE_ID_CLAIM, workspaceId); + // jwtproxy required claims + claims.put(Claims.ISSUER, "wsmaster"); + claims.put(Claims.AUDIENCE, workspaceId); + claims.put(Claims.EXPIRATION, Instant.now().plus(365, DAYS).getEpochSecond()); + claims.put(Claims.NOT_BEFORE, -1); // always + claims.put(Claims.ISSUED_AT, Instant.now().getEpochSecond()); final String token = - Jwts.builder().setClaims(claims).setHeader(header).signWith(RS512, privateKey).compact(); + Jwts.builder().setClaims(claims).setHeader(header).signWith(RS256, privateKey).compact(); tokens.put(workspaceId, userId, token); return token; } diff --git a/selenium/che-selenium-core/src/main/java/org/eclipse/che/selenium/core/client/TestProjectServiceClient.java b/selenium/che-selenium-core/src/main/java/org/eclipse/che/selenium/core/client/TestProjectServiceClient.java index 97d93e4999b..3a7a99107cb 100644 --- a/selenium/che-selenium-core/src/main/java/org/eclipse/che/selenium/core/client/TestProjectServiceClient.java +++ b/selenium/che-selenium-core/src/main/java/org/eclipse/che/selenium/core/client/TestProjectServiceClient.java @@ -38,6 +38,8 @@ */ @Singleton public class TestProjectServiceClient { + + private static final String BEARER_TOKEN_PREFIX = "Bearer "; private final TestMachineServiceClient machineServiceClient; private final HttpJsonRequestFactory requestFactory; private final TestWorkspaceAgentApiEndpointUrlProvider workspaceAgentApiEndpointUrlProvider; @@ -64,7 +66,8 @@ public void setProjectType(String workspaceId, String template, String projectNa requestFactory .fromUrl(workspaceAgentApiEndpointUrlProvider.get(workspaceId) + "project/" + projectName) .usePutMethod() - .setAuthorizationHeader(machineServiceClient.getMachineApiToken(workspaceId)) + .setAuthorizationHeader( + BEARER_TOKEN_PREFIX + machineServiceClient.getMachineApiToken(workspaceId)) .setBody(project) .request(); } @@ -73,7 +76,8 @@ public void setProjectType(String workspaceId, String template, String projectNa public void deleteResource(String workspaceId, String path) throws Exception { requestFactory .fromUrl(workspaceAgentApiEndpointUrlProvider.get(workspaceId) + "project/" + path) - .setAuthorizationHeader(machineServiceClient.getMachineApiToken(workspaceId)) + .setAuthorizationHeader( + BEARER_TOKEN_PREFIX + machineServiceClient.getMachineApiToken(workspaceId)) .useDeleteMethod() .request(); } @@ -82,7 +86,8 @@ public void createFolder(String workspaceId, String folder) throws Exception { String url = workspaceAgentApiEndpointUrlProvider.get(workspaceId) + "project/folder/" + folder; requestFactory .fromUrl(url) - .setAuthorizationHeader(machineServiceClient.getMachineApiToken(workspaceId)) + .setAuthorizationHeader( + BEARER_TOKEN_PREFIX + machineServiceClient.getMachineApiToken(workspaceId)) .usePostMethod() .request(); } @@ -100,7 +105,8 @@ public void importZipProject( httpConnection.setRequestMethod("POST"); httpConnection.setRequestProperty("Content-Type", "application/zip"); httpConnection.addRequestProperty( - "Authorization", machineServiceClient.getMachineApiToken(workspaceId)); + "Authorization", + BEARER_TOKEN_PREFIX + machineServiceClient.getMachineApiToken(workspaceId)); httpConnection.setDoOutput(true); try (OutputStream outputStream = httpConnection.getOutputStream()) { @@ -156,7 +162,8 @@ public void createFileInProject( httpConnection.setRequestMethod("POST"); httpConnection.setRequestProperty("Content-Type", "text/plain"); httpConnection.addRequestProperty( - "Authorization", machineServiceClient.getMachineApiToken(workspaceId)); + "Authorization", + BEARER_TOKEN_PREFIX + machineServiceClient.getMachineApiToken(workspaceId)); httpConnection.setDoOutput(true); try (OutputStream output = httpConnection.getOutputStream()) { output.write(content.getBytes("UTF-8")); @@ -178,7 +185,8 @@ public ProjectConfigDto getFirstProject(String workspaceId) throws Exception { String apiUrl = workspaceAgentApiEndpointUrlProvider.get(workspaceId) + "project"; return requestFactory .fromUrl(apiUrl) - .setAuthorizationHeader(machineServiceClient.getMachineApiToken(workspaceId)) + .setAuthorizationHeader( + BEARER_TOKEN_PREFIX + machineServiceClient.getMachineApiToken(workspaceId)) .request() .asList(ProjectConfigDto.class) .get(0); @@ -195,7 +203,8 @@ public void updateFile(String workspaceId, String pathToFile, String content) th httpConnection.setRequestMethod("PUT"); httpConnection.setRequestProperty("Content-Type", "text/plain"); httpConnection.addRequestProperty( - "Authorization", machineServiceClient.getMachineApiToken(workspaceId)); + "Authorization", + BEARER_TOKEN_PREFIX + machineServiceClient.getMachineApiToken(workspaceId)); httpConnection.setDoOutput(true); try (OutputStream output = httpConnection.getOutputStream()) { diff --git a/wsagent/agent/src/main/resources/installers/1.0.0/org.eclipse.che.ws-agent.json b/wsagent/agent/src/main/resources/installers/1.0.0/org.eclipse.che.ws-agent.json index 2df0eecf510..a497b410a89 100644 --- a/wsagent/agent/src/main/resources/installers/1.0.0/org.eclipse.che.ws-agent.json +++ b/wsagent/agent/src/main/resources/installers/1.0.0/org.eclipse.che.ws-agent.json @@ -14,7 +14,8 @@ "protocol": "http", "path" : "/api", "attributes": { - "secure": "true" + "secure": "true", + "unsecuredPaths": "/api/liveness" } }, "wsagent/ws": { @@ -22,7 +23,8 @@ "protocol": "ws", "path" : "/wsagent", "attributes": { - "secure": "true" + "secure": "true", + "unsecuredPaths": "/api/liveness" } } } diff --git a/wsagent/agent/src/main/resources/installers/1.0.1/org.eclipse.che.ws-agent.json b/wsagent/agent/src/main/resources/installers/1.0.1/org.eclipse.che.ws-agent.json index 5b5d33f0a86..509ffda07d5 100644 --- a/wsagent/agent/src/main/resources/installers/1.0.1/org.eclipse.che.ws-agent.json +++ b/wsagent/agent/src/main/resources/installers/1.0.1/org.eclipse.che.ws-agent.json @@ -14,7 +14,8 @@ "protocol": "http", "path" : "/api", "attributes": { - "secure": "true" + "secure": "true", + "unsecuredPaths": "/api/liveness" } }, "wsagent/ws": { @@ -22,7 +23,8 @@ "protocol": "ws", "path" : "/wsagent", "attributes": { - "secure": "true" + "secure": "true", + "unsecuredPaths": "/api/liveness" } }, "wsagent-debug": { diff --git a/wsagent/agent/src/main/resources/installers/1.0.2/org.eclipse.che.ws-agent.json b/wsagent/agent/src/main/resources/installers/1.0.2/org.eclipse.che.ws-agent.json index b48e5cd0c07..8064dfd6707 100644 --- a/wsagent/agent/src/main/resources/installers/1.0.2/org.eclipse.che.ws-agent.json +++ b/wsagent/agent/src/main/resources/installers/1.0.2/org.eclipse.che.ws-agent.json @@ -14,7 +14,8 @@ "protocol": "http", "path" : "/api", "attributes": { - "secure": "true" + "secure": "true", + "unsecuredPaths": "/api/liveness" } }, "wsagent/ws": { @@ -22,7 +23,8 @@ "protocol": "ws", "path" : "/wsagent", "attributes": { - "secure": "true" + "secure": "true", + "unsecuredPaths": "/api/liveness" } }, "wsagent-debug": { diff --git a/wsagent/agent/src/main/resources/installers/1.0.3/org.eclipse.che.ws-agent.json b/wsagent/agent/src/main/resources/installers/1.0.3/org.eclipse.che.ws-agent.json index f4cac844b90..fc0567292e0 100644 --- a/wsagent/agent/src/main/resources/installers/1.0.3/org.eclipse.che.ws-agent.json +++ b/wsagent/agent/src/main/resources/installers/1.0.3/org.eclipse.che.ws-agent.json @@ -11,7 +11,8 @@ "protocol": "http", "path" : "/api", "attributes": { - "secure": "true" + "secure": "true", + "unsecuredPaths": "/api/liveness" } }, "wsagent/ws": { @@ -19,7 +20,8 @@ "protocol": "ws", "path" : "/wsagent", "attributes": { - "secure": "true" + "secure": "true", + "unsecuredPaths": "/api/liveness" } }, "wsagent-debug": {