Java Code Examples for org.eclipse.jetty.security.ConstraintSecurityHandler#setAuthenticator()
The following examples show how to use
org.eclipse.jetty.security.ConstraintSecurityHandler#setAuthenticator() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: Application.java From cloud-security-xsuaa-integration with Apache License 2.0 | 6 votes |
|
private static Server createJettyServer() {
WebAppContext context = new WebAppContext();
ConstraintSecurityHandler security = new ConstraintSecurityHandler();
security.setAuthenticator(new JettyTokenAuthenticator(new XsuaaTokenAuthenticator()));
context.setSecurityHandler(security);
context.setConfigurations(new Configuration[] {
new AnnotationConfiguration(), new WebXmlConfiguration(),
new WebInfConfiguration(), new PlusConfiguration(), new MetaInfConfiguration(),
new FragmentConfiguration(), new EnvConfiguration() });
context.setContextPath("/");
context.setResourceBase("src/main/java/webapp");
// needed so that annotations from this project are also scanned
context.setParentLoaderPriority(true);
URL classes = HelloJavaServlet.class
.getProtectionDomain()
.getCodeSource()
.getLocation();
context.getMetaData()
.setWebInfClassesDirs(
Arrays.asList(Resource.newResource(classes)));
Server server = new Server(8080);
server.setHandler(context);
return server;
}
Example 2
| Source File: JettySecurity.java From camelinaction2 with Apache License 2.0 | 6 votes |
|
@Produces
@Named("securityHandler")
public static ConstraintSecurityHandler createSecurityHandler() {
Constraint constraint = new Constraint("BASIC", "customer");
constraint.setAuthenticate(true);
ConstraintMapping mapping = new ConstraintMapping();
mapping.setConstraint(constraint);
mapping.setPathSpec("/*");
ConstraintSecurityHandler handler = new ConstraintSecurityHandler();
handler.addConstraintMapping(mapping);
handler.setAuthenticator(new BasicAuthenticator());
handler.setLoginService(new HashLoginService("RiderAutoParts", "src/main/resources/users.properties"));
return handler;
}
Example 3
| Source File: CustomInitTest.java From rest-utils with Apache License 2.0 | 6 votes |
|
@Override
public void accept(final ServletContextHandler context) {
final List<String> roles = config.getList(RestConfig.AUTHENTICATION_ROLES_CONFIG);
final Constraint constraint = new Constraint();
constraint.setAuthenticate(true);
constraint.setRoles(roles.toArray(new String[0]));
final ConstraintMapping constraintMapping = new ConstraintMapping();
constraintMapping.setConstraint(constraint);
constraintMapping.setMethod("*");
constraintMapping.setPathSpec("/*");
final ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
securityHandler.addConstraintMapping(constraintMapping);
securityHandler.setAuthenticator(new BasicAuthenticator());
securityHandler.setLoginService(new TestLoginService());
securityHandler.setRealmName("TestRealm");
context.setSecurityHandler(securityHandler);
}
Example 4
| Source File: HttpProtocolServer.java From gitflow-incremental-builder with MIT License | 6 votes |
|
private void addBasicAuth(Server server) {
ConstraintSecurityHandler security = new ConstraintSecurityHandler();
security.setAuthenticator(new BasicAuthenticator());
Constraint constraint = new Constraint();
constraint.setAuthenticate(true);
constraint.setRoles(ROLES);
ConstraintMapping mapping = new ConstraintMapping();
mapping.setPathSpec("/*");
mapping.setConstraint(constraint);
security.setConstraintMappings(Collections.singletonList(mapping));
HashLoginService loginService = new HashLoginService();
loginService.setUserStore(buildUserStore());
server.addBean(loginService);
security.setLoginService(loginService);
security.setHandler(server.getHandler());
server.setHandler(security);
}
Example 5
| Source File: HttpServer.java From calcite-avatica with Apache License 2.0 | 6 votes |
|
protected ConstraintSecurityHandler configureCommonAuthentication(String constraintName,
String[] allowedRoles, Authenticator authenticator, String realm,
LoginService loginService) {
Constraint constraint = new Constraint();
constraint.setName(constraintName);
constraint.setRoles(allowedRoles);
// This is telling Jetty to not allow unauthenticated requests through (very important!)
constraint.setAuthenticate(true);
ConstraintMapping cm = new ConstraintMapping();
cm.setConstraint(constraint);
cm.setPathSpec("/*");
ConstraintSecurityHandler sh = new ConstraintSecurityHandler();
sh.setAuthenticator(authenticator);
sh.setLoginService(loginService);
sh.setConstraintMappings(new ConstraintMapping[]{cm});
sh.setRealmName(realm);
return sh;
}
Example 6
| Source File: InMemoryIdentityManager.java From crnk-framework with Apache License 2.0 | 6 votes |
|
public InMemoryIdentityManager() {
loginService = new HashLoginService();
loginService.setName(realm);
securityHandler = new ConstraintSecurityHandler();
securityHandler.setAuthenticator(new BasicAuthenticator());
securityHandler.setRealmName(realm);
securityHandler.setLoginService(loginService);
Constraint constraint = new Constraint();
constraint.setName(Constraint.__BASIC_AUTH);
// constraint.setRoles(new String[] { "getRole", "postRole", "allRole" });
constraint.setRoles(new String[]{Constraint.ANY_AUTH, "getRole", "postRole", "allRole"});
constraint.setAuthenticate(true);
ConstraintMapping cm = new ConstraintMapping();
cm.setConstraint(constraint);
cm.setPathSpec("/*");
securityHandler.addConstraintMapping(cm);
}
Example 7
| Source File: ManagerApiMicroService.java From apiman with Apache License 2.0 | 6 votes |
|
/**
* Creates a basic auth security handler.
* @throws Exception
*/
protected SecurityHandler createSecurityHandler() throws Exception {
HashLoginService l = new HashLoginService();
// UserStore is now separate store entity and must be added to HashLoginService
UserStore userStore = new UserStore();
l.setUserStore(userStore);
for (User user : Users.getUsers()) {
userStore.addUser(user.getId(), Credential.getCredential(user.getPassword()), user.getRolesAsArray());
}
l.setName("apimanrealm");
ConstraintSecurityHandler csh = new ConstraintSecurityHandler();
csh.setAuthenticator(new BasicAuthenticator());
csh.setRealmName("apimanrealm");
csh.setLoginService(l);
return csh;
}
Example 8
| Source File: Application.java From rest-utils with Apache License 2.0 | 5 votes |
|
protected ConstraintSecurityHandler createSecurityHandler() {
final String realm = config.getString(RestConfig.AUTHENTICATION_REALM_CONFIG);
final ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
securityHandler.addConstraintMapping(createGlobalAuthConstraint());
securityHandler.setAuthenticator(createAuthenticator());
securityHandler.setLoginService(createLoginService());
securityHandler.setIdentityService(createIdentityService());
securityHandler.setRealmName(realm);
AuthUtil.createUnsecuredConstraints(config)
.forEach(securityHandler::addConstraintMapping);
return securityHandler;
}
Example 9
| Source File: EmissaryServer.java From emissary with Apache License 2.0 | 5 votes |
|
private ConstraintSecurityHandler buildSecurityHandler() {
ConstraintSecurityHandler handler = new ConstraintSecurityHandler();
Constraint constraint = new Constraint();
constraint.setName("auth");
constraint.setAuthenticate(true);
constraint.setRoles(new String[] {"everyone", "emissary", "admin", "support", "manager"});
ConstraintMapping mapping = new ConstraintMapping();
mapping.setPathSpec("/*");
mapping.setConstraint(constraint);
handler.setConstraintMappings(Collections.singletonList(mapping));
handler.setAuthenticator(new DigestAuthenticator());
return handler;
}
Example 10
| Source File: DigestAuthSupplierJettyTest.java From cxf with Apache License 2.0 | 5 votes |
|
@Override
protected void run() {
server = new Server(PORT);
HashLoginService loginService = new HashLoginService();
loginService.setName("My Realm");
UserStore userStore = new UserStore();
String[] roles = new String[] {"user"};
userStore.addUser(USER, Credential.getCredential(PWD), roles);
loginService.setUserStore(userStore);
Constraint constraint = new Constraint();
constraint.setName(Constraint.__DIGEST_AUTH);
constraint.setRoles(roles);
constraint.setAuthenticate(true);
ConstraintMapping cm = new ConstraintMapping();
cm.setConstraint(constraint);
cm.setPathSpec("/*");
ConstraintSecurityHandler csh = new ConstraintSecurityHandler();
csh.setAuthenticator(new DigestAuthenticator());
csh.addConstraintMapping(cm);
csh.setLoginService(loginService);
ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS);
context.setSecurityHandler(csh);
context.setContextPath("/");
server.setHandler(context);
context.addServlet(new ServletHolder(new TestServlet()), "/*");
try {
server.start();
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Example 11
| Source File: JettySecurity.java From camelinaction2 with Apache License 2.0 | 5 votes |
|
public static ConstraintSecurityHandler createSecurityHandler() {
Constraint constraint = new Constraint("BASIC", "customer");
constraint.setAuthenticate(true);
ConstraintMapping mapping = new ConstraintMapping();
mapping.setConstraint(constraint);
mapping.setPathSpec("/*");
ConstraintSecurityHandler handler = new ConstraintSecurityHandler();
handler.addConstraintMapping(mapping);
handler.setAuthenticator(new BasicAuthenticator());
handler.setLoginService(new HashLoginService("RiderAutoParts", "etc/rest-users.properties"));
return handler;
}
Example 12
| Source File: JettySecurity.java From camelinaction2 with Apache License 2.0 | 5 votes |
|
public static ConstraintSecurityHandler createSecurityHandler() {
Constraint constraint = new Constraint("BASIC", "customer");
constraint.setAuthenticate(true);
ConstraintMapping mapping = new ConstraintMapping();
mapping.setConstraint(constraint);
mapping.setPathSpec("/*");
ConstraintSecurityHandler handler = new ConstraintSecurityHandler();
handler.addConstraintMapping(mapping);
handler.setAuthenticator(new BasicAuthenticator());
handler.setLoginService(new HashLoginService("RiderAutoParts", "src/main/resources/users.properties"));
return handler;
}
Example 13
| Source File: AppEngineAuthentication.java From appengine-java-vm-runtime with Apache License 2.0 | 5 votes |
|
/**
* Inject custom {@link LoginService} and {@link Authenticator}
* implementations into the specified {@link ConstraintSecurityHandler}.
*/
public static void configureSecurityHandler(
ConstraintSecurityHandler handler, VmRuntimeTrustedAddressChecker checker) {
LoginService loginService = new AppEngineLoginService();
LoginAuthenticator authenticator = new AppEngineAuthenticator(checker);
DefaultIdentityService identityService = new DefaultIdentityService();
// Set allowed roles.
handler.setRoles(new HashSet<String>(Arrays.asList(new String[] {USER_ROLE, ADMIN_ROLE})));
handler.setLoginService(loginService);
handler.setAuthenticator(authenticator);
handler.setIdentityService(identityService);
authenticator.setConfiguration(handler);
}
Example 14
| Source File: HttpReceiverServerPush.java From datacollector with Apache License 2.0 | 5 votes |
|
public static SecurityHandler getBasicAuthHandler(HttpSourceConfigs httpCourceConf) {
List<CredentialValueUserPassBean> basicAuthUsers = httpCourceConf.getBasicAuthUsers();
HashLoginService loginService = new HashLoginService();
UserStore userStore = new UserStore();
boolean empty = true;
for (CredentialValueUserPassBean userPassBean : basicAuthUsers) {
String username = userPassBean.getUsername();
String password = userPassBean.get();
if(StringUtils.isNotEmpty(username) && StringUtils.isNotEmpty(password)) {
userStore.addUser(username, new Password(password), new String[]{"sdc"});
empty = false;
}
}
if(empty) {
return null;
}
loginService.setUserStore(userStore);
Constraint constraint = new Constraint(Constraint.__BASIC_AUTH,"sdc");
constraint.setAuthenticate(true);
ConstraintMapping mapping = new ConstraintMapping();
mapping.setConstraint(constraint);
mapping.setPathSpec("/*");
ConstraintSecurityHandler handler = new ConstraintSecurityHandler();
handler.setAuthenticator(new BasicAuthenticator());
handler.addConstraintMapping(mapping);
handler.setLoginService(loginService);
return handler;
}
Example 15
| Source File: WebServerTask.java From datacollector with Apache License 2.0 | 5 votes |
|
private ConstraintSecurityHandler configureDigestBasic(Configuration conf, Server server, String mode) {
LoginService loginService = getLoginService(conf, mode);
server.addBean(loginService);
ConstraintSecurityHandler security = new ConstraintSecurityHandler();
switch (mode) {
case "digest":
security.setAuthenticator(injectActivationCheck(new ProxyAuthenticator(
new DigestAuthenticator(),
runtimeInfo,
conf
)));
break;
case "basic":
security.setAuthenticator(injectActivationCheck(new ProxyAuthenticator(
new BasicAuthenticator(),
runtimeInfo,
conf
)));
break;
default:
// no action
break;
}
security.setLoginService(loginService);
return security;
}
Example 16
| Source File: WebServerTask.java From datacollector with Apache License 2.0 | 5 votes |
|
private ConstraintSecurityHandler configureForm(Configuration conf, Server server, String mode) {
ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
LoginService loginService = getLoginService(conf, mode);
server.addBean(loginService);
securityHandler.setLoginService(loginService);
FormAuthenticator authenticator = new FormAuthenticator("/login.html", "/login.html?error=true", true);
securityHandler.setAuthenticator(injectActivationCheck(new ProxyAuthenticator(authenticator, runtimeInfo, conf)));
return securityHandler;
}
Example 17
| Source File: JettyHttpServer.java From everrest with Eclipse Public License 2.0 | 4 votes |
|
public void start() throws Exception {
RequestLogHandler handler = new RequestLogHandler();
if (context == null) {
context = new ServletContextHandler(handler, "/", ServletContextHandler.SESSIONS);
}
context.setEventListeners(new EventListener[]{new EverrestInitializedListener()});
ServletHolder servletHolder = new ServletHolder(new EverrestServlet());
context.addServlet(servletHolder, UNSECURE_PATH_SPEC);
context.addServlet(servletHolder, SECURE_PATH_SPEC);
//set up security
Constraint constraint = new Constraint();
constraint.setName(Constraint.__BASIC_AUTH);
constraint.setRoles(new String[]{"cloud-admin", "users", "user", "temp_user"});
constraint.setAuthenticate(true);
ConstraintMapping constraintMapping = new ConstraintMapping();
constraintMapping.setConstraint(constraint);
constraintMapping.setPathSpec(SECURE_PATH_SPEC);
ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
securityHandler.addConstraintMapping(constraintMapping);
HashLoginService loginService = new HashLoginService();
UserStore userStore = new UserStore();
userStore.addUser(ADMIN_USER_NAME, new Password(ADMIN_USER_PASSWORD),
new String[]{"cloud-admin",
"users",
"user",
"temp_user",
"developer",
"admin",
"workspace/developer",
"workspace/admin",
"account/owner",
"account/member",
"system/admin",
"system/manager"
});
userStore.addUser(MANAGER_USER_NAME, new Password(MANAGER_USER_PASSWORD), new String[]{"cloud-admin",
"user",
"temp_user",
"users"});
loginService.setUserStore(userStore);
securityHandler.setLoginService(loginService);
securityHandler.setAuthenticator(new BasicAuthenticator());
context.setSecurityHandler(securityHandler);
server.setHandler(handler);
server.start();
ResourceBinder binder =
(ResourceBinder)context.getServletContext().getAttribute(ResourceBinder.class.getName());
DependencySupplier dependencies =
(DependencySupplier)context.getServletContext().getAttribute(DependencySupplier.class.getName());
GroovyResourcePublisher groovyPublisher = new GroovyResourcePublisher(binder, dependencies);
context.getServletContext().setAttribute(GroovyResourcePublisher.class.getName(), groovyPublisher);
}
Example 18
| Source File: TestWebServicesFetcher.java From datacollector with Apache License 2.0 | 4 votes |
|
protected void runServer(int port, boolean serverSsl, boolean clientSsl, String httpAuth, Callable<Void> test)
throws Exception {
Server server = createServer(port, serverSsl, clientSsl);
ServletContextHandler contextHandler = new ServletContextHandler();
if (!httpAuth.equals("none")) {
File realmFile = new File(getConfDir(), httpAuth + ".properties");
LoginService loginService = new HashLoginService(httpAuth, realmFile.getAbsolutePath());
server.addBean(loginService);
ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
switch (httpAuth) {
case "basic":
securityHandler.setAuthenticator(new BasicAuthenticator());
break;
case "digest":
securityHandler.setAuthenticator(new DigestAuthenticator());
break;
}
securityHandler.setLoginService(loginService);
Constraint constraint = new Constraint();
constraint.setName("auth");
constraint.setAuthenticate(true);
constraint.setRoles(new String[]{"user"});
ConstraintMapping mapping = new ConstraintMapping();
mapping.setPathSpec("/*");
mapping.setConstraint(constraint);
securityHandler.addConstraintMapping(mapping);
contextHandler.setSecurityHandler(securityHandler);
}
MockCyberArkServlet servlet = new MockCyberArkServlet();
contextHandler.addServlet(new ServletHolder(servlet), "/AIMWebService/api/Accounts");
contextHandler.setContextPath("/");
server.setHandler(contextHandler);
try {
server.start();
test.call();
} finally {
server.stop();
}
}
Example 19
| Source File: HttpReceiverServerPush.java From datacollector with Apache License 2.0 | 4 votes |
|
public static SecurityHandler getSpnegoAuthHandler(HttpSourceConfigs httpCourceConf, Stage.Context context) throws StageException {
String domainRealm = httpCourceConf.getSpnegoConfigBean().getKerberosRealm();
String principal = httpCourceConf.getSpnegoConfigBean().getSpnegoPrincipal();
String keytab = httpCourceConf.getSpnegoConfigBean().getSpnegoKeytabFilePath();
File f = new File(context.getResourcesDirectory()+"/spnego.conf");
try {
PrintWriter pw = new PrintWriter(f);
pw.println(String.format(JGSS_INITITATE ,principal,keytab) +"\n"+ String.format(JGSS_ACCEPT,principal,keytab));
pw.close();
} catch (IOException e) {
throw new StageException(Errors.HTTP_36, e);
}
System.setProperty(JAVAX_SECURITY_AUTH_USE_SUBJECT_CREDS_ONLY, "false");
System.setProperty(JAVA_SECURITY_AUTH_LOGIN_CONFIG, context.getResourcesDirectory()+"/spnego.conf");
Constraint constraint = new Constraint();
constraint.setName(Constraint.__SPNEGO_AUTH);
constraint.setRoles(new String[]{domainRealm});
constraint.setAuthenticate(true);
ConstraintMapping cm = new ConstraintMapping();
cm.setConstraint(constraint);
cm.setPathSpec("/*");
SpnegoLoginService loginService = new SpnegoLoginService(){
@Override
protected void doStart() throws Exception {
// Override the parent implementation to set the targetName without having
// an extra .properties file.
final Field targetNameField = SpnegoLoginService.class.getDeclaredField(TARGET_NAME_FIELD_NAME);
targetNameField.setAccessible(true);
targetNameField.set(this, principal);
}
};
loginService.setName(domainRealm);
ConstraintSecurityHandler csh = new ConstraintSecurityHandler();
csh.setAuthenticator(new SpnegoAuthenticator());
csh.setLoginService(loginService);
csh.setConstraintMappings(new ConstraintMapping[]{cm});
csh.setRealmName(domainRealm);
return csh;
}
Example 20
| Source File: WebServerTask.java From datacollector with Apache License 2.0 | 4 votes |
|
@SuppressWarnings("unchecked")
private ConstraintSecurityHandler configureSSO(
final Configuration appConf, ServletContextHandler appHandler, final String appContext
) {
final String componentId = getComponentId(appConf);
final String appToken = getAppAuthToken(appConf);
Utils.checkArgument(appToken != null && !appToken.trim().isEmpty(),
Utils.format("{} cannot be NULL or empty", RemoteSSOService.SECURITY_SERVICE_APP_AUTH_TOKEN_CONFIG));
LOG.debug("Initializing DPM componentId '{}'", componentId);
ConstraintSecurityHandler security = new ConstraintSecurityHandler();
final SSOService ssoService;
RemoteSSOService remoteSsoService = createRemoteSSOService(appConf);
remoteSsoService.setComponentId(componentId);
remoteSsoService.setApplicationAuthToken(appToken);
LOG.info("DPM component ID '{}' application authentication token '{}'", componentId, SSOUtils.tokenForLog
(appToken));
if (isDisconnectedSSOModeEnabled()) {
LOG.info("Support for DPM disconnected mode is enabled");
DisconnectedSSOManager disconnectedSSOManager =
new DisconnectedSSOManager(getRuntimeInfo().getDataDir(), appConf);
disconnectedSSOManager.setEnabled(true);
disconnectedSSOManager.registerResources(appHandler);
DisconnectedSSOService disconnectedSSOService = disconnectedSSOManager.getSsoService();
ssoService = new FailoverSSOService(remoteSsoService, disconnectedSSOService);
} else {
LOG.debug("Support for DPM disconnected mode is disabled");
ssoService = remoteSsoService;
}
addToPostStart(() -> {
LOG.debug("Validating application token for DPM component ID '{}'", componentId);
ssoService.register(getRegistrationAttributes());
runtimeInfo.setRemoteRegistrationStatus(true);
});
SSOService proxySsoService = new ProxySSOService(ssoService);
// registering ssoService with runtime, to enable cache flushing
((List)getRuntimeInfo().getAttribute(SSO_SERVICES_ATTR)).add(proxySsoService);
appHandler.getServletContext().setAttribute(SSOService.SSO_SERVICE_KEY, proxySsoService);
security.setAuthenticator(injectActivationCheck(new SSOAuthenticator(
appContext,
proxySsoService,
appConf,
runtimeInfo.getProductName()
)));
return security;
}
