org.apache.catalina.authenticator.DigestAuthenticator Java Examples

The following examples show how to use org.apache.catalina.authenticator.DigestAuthenticator. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ServingLayer.java    From oryx with Apache License 2.0 4 votes vote down vote up
private void makeContext(Tomcat tomcat, Path noSuchBaseDir) throws IOException {
  Path contextPath = noSuchBaseDir.resolve("context");
  Files.createDirectories(contextPath);

  context = tomcat.addContext(contextPathURIBase, contextPath.toAbsolutePath().toString());

  context.setWebappVersion("3.1");
  context.setName("Oryx");

  context.addWelcomeFile("index.html");
  addErrorPages(context);

  // OryxApplication only needs one config value, so just pass it
  context.addParameter(OryxApplication.class.getName() + ".packages", appResourcesPackages);
  // ModelManagerListener will need whole config
  String serializedConfig = ConfigUtils.serialize(config);
  context.addParameter(ConfigUtils.class.getName() + ".serialized", serializedConfig);

  Wrapper wrapper =
      Tomcat.addServlet(context, "Jersey", "org.glassfish.jersey.servlet.ServletContainer");
  wrapper.addInitParameter("javax.ws.rs.Application", OryxApplication.class.getName());
  //wrapper.addInitParameter(OryxApplication.class.getName() + ".packages", appResourcesPackage);
  wrapper.addMapping("/*");
  wrapper.setLoadOnStartup(1);
  wrapper.setMultipartConfigElement(new MultipartConfigElement(""));

  if (!doNotInitTopics) { // Only for tests
    context.addApplicationListener(ModelManagerListener.class.getName());
  }

  // Better way to configure JASPIC?
  AuthConfigFactory.setFactory(new AuthConfigFactoryImpl());

  boolean needHTTPS = keystoreFile != null;
  boolean needAuthentication = userName != null;

  if (needHTTPS || needAuthentication) {

    SecurityCollection securityCollection = new SecurityCollection();
    securityCollection.addPattern("/*");
    SecurityConstraint securityConstraint = new SecurityConstraint();
    securityConstraint.addCollection(securityCollection);

    if (needHTTPS) {
      securityConstraint.setUserConstraint("CONFIDENTIAL");
    }

    if (needAuthentication) {

      LoginConfig loginConfig = new LoginConfig();
      loginConfig.setAuthMethod("DIGEST");
      loginConfig.setRealmName(InMemoryRealm.NAME);
      context.setLoginConfig(loginConfig);

      securityConstraint.addAuthRole(InMemoryRealm.AUTH_ROLE);

      context.addSecurityRole(InMemoryRealm.AUTH_ROLE);
      DigestAuthenticator authenticator = new DigestAuthenticator();
      authenticator.setNonceValidity(10 * 1000L); // Shorten from 5 minutes to 10 seconds
      authenticator.setNonceCacheSize(20000); // Increase from 1000 to 20000
      context.getPipeline().addValve(authenticator);
    }

    context.addConstraint(securityConstraint);
  }

  context.setCookies(false);
}
 
Example #2
Source File: TomcatWsRegistry.java    From tomee with Apache License 2.0 4 votes vote down vote up
private static Context createNewContext(final ClassLoader classLoader, String authMethod, String transportGuarantee, final String realmName, final String name) {
    String path = name;
    if (path == null) {
        path = "/";
    }
    if (!path.startsWith("/")) {
        path = "/" + path;
    }

    final StandardContext context = new IgnoredStandardContext();
    context.setPath(path);
    context.setDocBase("");
    context.setParentClassLoader(classLoader);
    context.setDelegate(true);
    context.setName(name);
    ((TomcatWebAppBuilder) SystemInstance.get().getComponent(WebAppBuilder.class)).initJ2EEInfo(context);

    // Configure security
    if (authMethod != null) {
        authMethod = authMethod.toUpperCase();
    }
    if (transportGuarantee != null) {
        transportGuarantee = transportGuarantee.toUpperCase();
    }
    if (authMethod == null || "NONE".equals(authMethod)) { //NOPMD
        // ignore none for now as the  NonLoginAuthenticator seems to be completely hosed
    } else if ("BASIC".equals(authMethod) || "DIGEST".equals(authMethod) || "CLIENT-CERT".equals(authMethod)) {

        //Setup a login configuration
        final LoginConfig loginConfig = new LoginConfig();
        loginConfig.setAuthMethod(authMethod);
        loginConfig.setRealmName(realmName);
        context.setLoginConfig(loginConfig);

        //Setup a default Security Constraint
        final String securityRole = SystemInstance.get().getProperty(TOMEE_JAXWS_SECURITY_ROLE_PREFIX + name, "default");
        for (final String role : securityRole.split(",")) {
            final SecurityCollection collection = new SecurityCollection();
            collection.addMethod("GET");
            collection.addMethod("POST");
            collection.addPattern("/*");
            collection.setName(role);

            final SecurityConstraint sc = new SecurityConstraint();
            sc.addAuthRole("*");
            sc.addCollection(collection);
            sc.setAuthConstraint(true);
            sc.setUserConstraint(transportGuarantee);

            context.addConstraint(sc);
            context.addSecurityRole(role);
        }

        //Set the proper authenticator
        if ("BASIC".equals(authMethod)) {
            context.addValve(new BasicAuthenticator());
        } else if ("DIGEST".equals(authMethod)) {
            context.addValve(new DigestAuthenticator());
        } else if ("CLIENT-CERT".equals(authMethod)) {
            context.addValve(new SSLAuthenticator());
        } else if ("NONE".equals(authMethod)) {
            context.addValve(new NonLoginAuthenticator());
        }

        context.getPipeline().addValve(new OpenEJBValve());

    } else {
        throw new IllegalArgumentException("Invalid authMethod: " + authMethod);
    }

    return context;
}
 
Example #3
Source File: TomcatHessianRegistry.java    From tomee with Apache License 2.0 4 votes vote down vote up
private static Context createNewContext(final ClassLoader classLoader, final String rAuthMethod, final String rTransportGuarantee, final String realmName, final String name) {
    String path = name;
    if (path == null) {
        path = "/";
    }
    if (!path.startsWith("/")) {
        path = "/" + path;
    }

    final StandardContext context = new IgnoredStandardContext();
    context.setPath(path);
    context.setDocBase("");
    context.setParentClassLoader(classLoader);
    context.setDelegate(true);
    context.setName(name);
    TomcatWebAppBuilder.class.cast(SystemInstance.get().getComponent(WebAppBuilder.class)).initJ2EEInfo(context);

    // Configure security
    String authMethod = rAuthMethod;
    if (authMethod != null) {
        authMethod = authMethod.toUpperCase();
    }
    String transportGuarantee = rTransportGuarantee;
    if (transportGuarantee != null) {
        transportGuarantee = transportGuarantee.toUpperCase();
    }
    if (authMethod != null & !"NONE".equals(authMethod)) {
        if ("BASIC".equals(authMethod) || "DIGEST".equals(authMethod) || "CLIENT-CERT".equals(authMethod)) {

            //Setup a login configuration
            final LoginConfig loginConfig = new LoginConfig();
            loginConfig.setAuthMethod(authMethod);
            loginConfig.setRealmName(realmName);
            context.setLoginConfig(loginConfig);

            //Setup a default Security Constraint
            final String securityRole = SystemInstance.get().getProperty(TOMEE_HESSIAN_SECURITY_ROLE_PREFIX + name, "default");
            for (final String role : securityRole.split(",")) {
                final SecurityCollection collection = new SecurityCollection();
                collection.addMethod("GET");
                collection.addMethod("POST");
                collection.addPattern("/*");
                collection.setName(role);

                final SecurityConstraint sc = new SecurityConstraint();
                sc.addAuthRole("*");
                sc.addCollection(collection);
                sc.setAuthConstraint(true);
                sc.setUserConstraint(transportGuarantee);

                context.addConstraint(sc);
                context.addSecurityRole(role);
            }
        }

        //Set the proper authenticator
        switch (authMethod) {
            case "BASIC":
                context.addValve(new BasicAuthenticator());
                break;
            case "DIGEST":
                context.addValve(new DigestAuthenticator());
                break;
            case "CLIENT-CERT":
                context.addValve(new SSLAuthenticator());
                break;
            case "NONE":
                context.addValve(new NonLoginAuthenticator());
                break;
        }

        context.getPipeline().addValve(new OpenEJBValve());
    } else {
        throw new IllegalArgumentException("Invalid authMethod: " + authMethod);
    }

    return context;
}
 
Example #4
Source File: Runner.java    From myrrix-recommender with Apache License 2.0 4 votes vote down vote up
private Context makeContext(Tomcat tomcat, File noSuchBaseDir, int port) throws IOException {

    File contextPath = new File(noSuchBaseDir, "context");
    if (!contextPath.mkdirs()) {
      throw new IOException("Could not create " + contextPath);
    }

    String contextPathURIBase = config.getContextPath();
    Context context = 
        tomcat.addContext(contextPathURIBase == null ? "" : contextPathURIBase, contextPath.getAbsolutePath());
    context.addApplicationListener(new ApplicationListener(InitListener.class.getName(), false));
    context.setWebappVersion("3.0");
    context.addWelcomeFile("index.jspx");
    addErrorPages(context);

    ServletContext servletContext = context.getServletContext();
    servletContext.setAttribute(InitListener.INSTANCE_ID_KEY, config.getInstanceID());
    servletContext.setAttribute(InitListener.BUCKET_KEY, config.getBucket());
    servletContext.setAttribute(InitListener.RESCORER_PROVIDER_CLASS_KEY, config.getRescorerProviderClassName());
    servletContext.setAttribute(InitListener.CLIENT_THREAD_CLASS_KEY, config.getClientThreadClassName());    
    servletContext.setAttribute(InitListener.LOCAL_INPUT_DIR_KEY, config.getLocalInputDir());
    servletContext.setAttribute(InitListener.PORT_KEY, port);
    servletContext.setAttribute(InitListener.READ_ONLY_KEY, config.isReadOnly());
    servletContext.setAttribute(InitListener.ALL_PARTITIONS_SPEC_KEY, config.getAllPartitionsSpecification());
    servletContext.setAttribute(InitListener.PARTITION_KEY, config.getPartition());

    boolean needHTTPS = config.getKeystoreFile() != null;
    boolean needAuthentication = config.getUserName() != null;

    if (needHTTPS || needAuthentication) {

      SecurityCollection securityCollection = new SecurityCollection("Protected Resources");
      if (config.isConsoleOnlyPassword()) {
        securityCollection.addPattern("/index.jspx");
      } else {
        securityCollection.addPattern("/*");
      }
      SecurityConstraint securityConstraint = new SecurityConstraint();
      securityConstraint.addCollection(securityCollection);

      if (needHTTPS) {
        securityConstraint.setUserConstraint("CONFIDENTIAL");
      }

      if (needAuthentication) {

        LoginConfig loginConfig = new LoginConfig();
        loginConfig.setAuthMethod("DIGEST");
        loginConfig.setRealmName(InMemoryRealm.NAME);
        context.setLoginConfig(loginConfig);

        securityConstraint.addAuthRole(InMemoryRealm.AUTH_ROLE);

        context.addSecurityRole(InMemoryRealm.AUTH_ROLE);
        DigestAuthenticator authenticator = new DigestAuthenticator();
        authenticator.setNonceValidity(10 * 1000L); // Shorten from 5 minutes to 10 seconds
        authenticator.setNonceCacheSize(20000); // Increase from 1000 to 20000
        context.getPipeline().addValve(authenticator);
      }

      context.addConstraint(securityConstraint);
    }

    context.setCookies(false);

    return context;
  }