java-microprofile: document quick start security removal

appsody · Apr 9, 2020 · 9b379a8 · 9b379a8
1 parent 0de11bb
commit 9b379a8
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 5 deletions.
diff --git a/incubator/java-microprofile/README.md b/incubator/java-microprofile/README.md
@@ -44,6 +44,13 @@ OpenAPI endpoints:
 - http://localhost:9080/openapi (the RESTful APIs of the inventory service)
 - http://localhost:9080/openapi/ui (Swagger UI of the deployed APIs)
 
+### Config dropin: **quick-start-security.xml**
+
+The metrics endpoint is secured with a userid and password enabled through the config dropin included in the default template at path:
+**src/main/liberty/config/configDropins/defaults/quick-start-security.xml**.
+
+In order to lock down the production image built via `appsody build` this file is deleted during the Docker build of your application production image.  (The same file would be deleted if you happened to create your own file at this location as well).
+
 ## Getting Started
 
 1. Create a new folder in your local directory and initialize it using the Appsody CLI, e.g.:
@@ -74,6 +81,8 @@ OpenAPI endpoints:
     - Swagger UI endpoint: http://localhost:9080/openapi/ui
     - Javametrics Dashboard endpoint: http://localhost:9080/javametrics-dash/ (development-time only)
 
+
+
 ## License
 
 This stack is licensed under the [Apache 2.0](./image/LICENSE) license
diff --git a/incubator/java-microprofile/image/project/Dockerfile b/incubator/java-microprofile/image/project/Dockerfile
@@ -23,9 +23,7 @@ RUN cd /project/user-app && mvn -B liberty:install-server
 # Remove quick-start-security.xml since it is only needed during local development.
 COPY ./user-app/src /project/user-app/src
 RUN cd /project/user-app && \
-    echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
-    echo "quick-start-security is not secure for production environments. It is being removed"
-    echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+    echo "QUICK START SECURITY IS NOT SECURE FOR PRODUCTION ENVIRONMENTS. IT IS BEING REMOVED" \
     rm -f src/main/liberty/config/configDropins/defaults/quick-start-security.xml && \
     mvn package -DskipTests
 

diff --git a/incubator/java-microprofile/stack.yaml b/incubator/java-microprofile/stack.yaml
@@ -1,5 +1,5 @@
 name: Eclipse MicroProfile®
-version: 0.2.24
+version: 0.2.25
 description: Eclipse MicroProfile on Open Liberty & OpenJ9 using Maven
 license: Apache-2.0
 language: java
@@ -17,4 +17,4 @@ default-template: default
 requirements:
     appsody-version: ">= 0.5.0"
 templating-data:
-    libertyversion: '19.0.0.12'
+    libertyversion: '19.0.0.12'
diff --git a/incubator/java-openliberty/image/project/Dockerfile b/incubator/java-openliberty/image/project/Dockerfile
@@ -45,6 +45,7 @@ COPY --chown=java_user:java_group ./user-app /project/user-app
 #  also liberty:create copies config from src->target
 #  also remove quick-start-security.xml since it's convenient for local dev mode but should not be in the production image.
 RUN cd /project/user-app && \
+    echo "QUICK START SECURITY IS NOT SECURE FOR PRODUCTION ENVIRONMENTS. IT IS BEING REMOVED" \
     rm -f src/main/liberty/config/configDropins/defaults/quick-start-security.xml && \
     mvn -Pappsody-build -B liberty:create package