Java Code Examples for org.eclipse.jetty.util.security.Constraint#setName()
The following examples show how to use
org.eclipse.jetty.util.security.Constraint#setName() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: GerritRestClientTest.java From gerrit-rest-java-client with Apache License 2.0 | 6 votes |
|
private static SecurityHandler basicAuth(String username, String password, String realm) {
HashLoginService loginService = new HashLoginService();
loginService.putUser(username, Credential.getCredential(password), new String[]{"user"});
loginService.setName(realm);
Constraint constraint = new Constraint();
constraint.setName(Constraint.__DIGEST_AUTH);
constraint.setRoles(new String[]{"user"});
constraint.setAuthenticate(true);
ConstraintMapping constraintMapping = new ConstraintMapping();
constraintMapping.setConstraint(constraint);
constraintMapping.setPathSpec("/*");
ConstraintSecurityHandler csh = new ConstraintSecurityHandler();
csh.setAuthenticator(new BasicAuthenticator());
csh.setRealmName("realm");
csh.addConstraintMapping(constraintMapping);
csh.setLoginService(loginService);
return csh;
}
Example 2
| Source File: InMemoryIdentityManager.java From crnk-framework with Apache License 2.0 | 6 votes |
|
public InMemoryIdentityManager() {
loginService = new HashLoginService();
loginService.setName(realm);
securityHandler = new ConstraintSecurityHandler();
securityHandler.setAuthenticator(new BasicAuthenticator());
securityHandler.setRealmName(realm);
securityHandler.setLoginService(loginService);
Constraint constraint = new Constraint();
constraint.setName(Constraint.__BASIC_AUTH);
// constraint.setRoles(new String[] { "getRole", "postRole", "allRole" });
constraint.setRoles(new String[]{Constraint.ANY_AUTH, "getRole", "postRole", "allRole"});
constraint.setAuthenticate(true);
ConstraintMapping cm = new ConstraintMapping();
cm.setConstraint(constraint);
cm.setPathSpec("/*");
securityHandler.addConstraintMapping(cm);
}
Example 3
| Source File: HttpServer.java From calcite-avatica with Apache License 2.0 | 6 votes |
|
protected ConstraintSecurityHandler configureCommonAuthentication(String constraintName,
String[] allowedRoles, Authenticator authenticator, String realm,
LoginService loginService) {
Constraint constraint = new Constraint();
constraint.setName(constraintName);
constraint.setRoles(allowedRoles);
// This is telling Jetty to not allow unauthenticated requests through (very important!)
constraint.setAuthenticate(true);
ConstraintMapping cm = new ConstraintMapping();
cm.setConstraint(constraint);
cm.setPathSpec("/*");
ConstraintSecurityHandler sh = new ConstraintSecurityHandler();
sh.setAuthenticator(authenticator);
sh.setLoginService(loginService);
sh.setConstraintMappings(new ConstraintMapping[]{cm});
sh.setRealmName(realm);
return sh;
}
Example 4
| Source File: ClientJettyStreamITest.java From hawkular-apm with Apache License 2.0 | 5 votes |
|
@BeforeClass
public static void initClass() {
server = new Server(8180);
LoginService loginService = new HashLoginService("MyRealm",
"src/test/resources/realm.properties");
server.addBean(loginService);
ConstraintSecurityHandler security = new ConstraintSecurityHandler();
server.setHandler(security);
Constraint constraint = new Constraint();
constraint.setName("auth");
constraint.setAuthenticate(true);
constraint.setRoles(new String[] { "user", "admin" });
ConstraintMapping mapping = new ConstraintMapping();
mapping.setPathSpec("/*");
mapping.setConstraint(constraint);
security.setConstraintMappings(Collections.singletonList(mapping));
security.setAuthenticator(new BasicAuthenticator());
security.setLoginService(loginService);
ServletContextHandler context = new ServletContextHandler();
context.setContextPath("/");
context.addServlet(EmbeddedServlet.class, "/hello");
security.setHandler(context);
try {
server.start();
} catch (Exception e) {
fail("Failed to start server: " + e);
}
}
Example 5
| Source File: DigestAuthSupplierJettyTest.java From cxf with Apache License 2.0 | 5 votes |
|
@Override
protected void run() {
server = new Server(PORT);
HashLoginService loginService = new HashLoginService();
loginService.setName("My Realm");
UserStore userStore = new UserStore();
String[] roles = new String[] {"user"};
userStore.addUser(USER, Credential.getCredential(PWD), roles);
loginService.setUserStore(userStore);
Constraint constraint = new Constraint();
constraint.setName(Constraint.__DIGEST_AUTH);
constraint.setRoles(roles);
constraint.setAuthenticate(true);
ConstraintMapping cm = new ConstraintMapping();
cm.setConstraint(constraint);
cm.setPathSpec("/*");
ConstraintSecurityHandler csh = new ConstraintSecurityHandler();
csh.setAuthenticator(new DigestAuthenticator());
csh.addConstraintMapping(cm);
csh.setLoginService(loginService);
ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS);
context.setSecurityHandler(csh);
context.setContextPath("/");
server.setHandler(context);
context.addServlet(new ServletHolder(new TestServlet()), "/*");
try {
server.start();
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Example 6
| Source File: AppEngineAuthenticationTest.java From appengine-java-vm-runtime with Apache License 2.0 | 5 votes |
|
private void addConstraint(
ConstraintSecurityHandler handler, String path, String name, String... roles) {
Constraint constraint = new Constraint();
constraint.setName(name);
constraint.setRoles(roles);
constraint.setAuthenticate(true);
ConstraintMapping mapping = new ConstraintMapping();
mapping.setMethod("GET");
mapping.setPathSpec(path);
mapping.setConstraint(constraint);
handler.addConstraintMapping(mapping);
}
Example 7
| Source File: HttpServer.java From sensorhub with Mozilla Public License 2.0 | 5 votes |
|
public void addServletSecurity(String pathSpec, String... roles)
{
if (securityHandler != null)
{
Constraint constraint = new Constraint();
constraint.setName(Constraint.__DIGEST_AUTH);
constraint.setRoles(roles);
constraint.setAuthenticate(true);
ConstraintMapping cm = new ConstraintMapping();
cm.setConstraint(constraint);
cm.setPathSpec(pathSpec);
securityHandler.addConstraintMapping(cm);
}
}
Example 8
| Source File: BaleenWebApi.java From baleen with Apache License 2.0 | 5 votes |
|
private Constraint getConstraintForPermission(WebPermission permission) {
Constraint constraint = new Constraint();
constraint.setName(permission.getName());
if (permission.hasRoles()) {
constraint.setRoles(permission.getRoles());
}
constraint.setAuthenticate(permission.isAuthenticated());
return constraint;
}
Example 9
| Source File: JavaxServletSyncServerITest.java From hawkular-apm with Apache License 2.0 | 5 votes |
|
@BeforeClass
public static void initClass() throws Exception {
server = new Server(8180);
LoginService loginService = new HashLoginService("MyRealm",
"src/test/resources/realm.properties");
server.addBean(loginService);
ConstraintSecurityHandler security = new ConstraintSecurityHandler();
server.setHandler(security);
Constraint constraint = new Constraint();
constraint.setName("auth");
constraint.setAuthenticate(true);
constraint.setRoles(new String[] { "user", "admin" });
ConstraintMapping mapping = new ConstraintMapping();
mapping.setPathSpec("/*");
mapping.setConstraint(constraint);
security.setConstraintMappings(Collections.singletonList(mapping));
security.setAuthenticator(new BasicAuthenticator());
security.setLoginService(loginService);
ServletContextHandler context = new ServletContextHandler();
context.setContextPath("/");
context.addServlet(EmbeddedServlet.class, "/hello");
security.setHandler(context);
server.start();
}
Example 10
| Source File: StandaloneAdminWeb.java From chipster with MIT License | 5 votes |
|
public static void main(String args[]) throws Exception {
org.eclipse.jetty.server.Server adminServer = new org.eclipse.jetty.server.Server();
ServerConnector connector = new ServerConnector(adminServer);
connector.setPort(8083);
adminServer.setConnectors(new Connector[]{ connector });
Constraint constraint = new Constraint();
constraint.setName(Constraint.__BASIC_AUTH);
constraint.setRoles(new String[] {"admin_role"});
constraint.setAuthenticate(true);
ConstraintMapping cm = new ConstraintMapping();
cm.setConstraint(constraint);
cm.setPathSpec("/*");
HashLoginService loginService = new HashLoginService("Please enter Chipster Admin username and password");
loginService.update("chipster",
new Password("chipster"),
new String[] {"admin_role"});
ConstraintSecurityHandler sh = new ConstraintSecurityHandler();
sh.setLoginService(loginService);
sh.addConstraintMapping(cm);
WebAppContext context = new WebAppContext();
File war = new File("../chipster/dist/admin-web.war");
//File war = new File("webapps/admin-web.war");
context.setWar(war.getAbsolutePath());
System.out.println(war.getAbsolutePath());
context.setContextPath("/");
context.setHandler(sh);
HandlerCollection handlers = new HandlerCollection();
handlers.setHandlers(new Handler[] {context, new DefaultHandler()});
adminServer.setHandler(handlers);
adminServer.start();
}
Example 11
| Source File: AuthenticationIntegrationTest.java From cruise-control with BSD 2-Clause "Simplified" License | 5 votes |
|
@Override
public List<ConstraintMapping> constraintMappings() {
ConstraintMapping mapping = new ConstraintMapping();
Constraint constraint = new Constraint();
constraint.setAuthenticate(true);
constraint.setName(Constraint.__BASIC_AUTH);
constraint.setRoles(new String[] { ADMIN_ROLE });
mapping.setConstraint(constraint);
mapping.setPathSpec(ANY_PATH);
return Collections.singletonList(mapping);
}
Example 12
| Source File: EmissaryServer.java From emissary with Apache License 2.0 | 5 votes |
|
private ConstraintSecurityHandler buildSecurityHandler() {
ConstraintSecurityHandler handler = new ConstraintSecurityHandler();
Constraint constraint = new Constraint();
constraint.setName("auth");
constraint.setAuthenticate(true);
constraint.setRoles(new String[] {"everyone", "emissary", "admin", "support", "manager"});
ConstraintMapping mapping = new ConstraintMapping();
mapping.setPathSpec("/*");
mapping.setConstraint(constraint);
handler.setConstraintMappings(Collections.singletonList(mapping));
handler.setAuthenticator(new DigestAuthenticator());
return handler;
}
Example 13
| Source File: WebServerTestCase.java From htmlunit with Apache License 2.0 | 5 votes |
|
/**
* Starts the web server delivering response from the provided connection.
* @param mockConnection the sources for responses
* @throws Exception if a problem occurs
*/
protected void startWebServer(final MockWebConnection mockConnection) throws Exception {
if (STATIC_SERVER_ == null) {
final Server server = buildServer(PORT);
final WebAppContext context = new WebAppContext();
context.setContextPath("/");
context.setResourceBase("./");
if (isBasicAuthentication()) {
final Constraint constraint = new Constraint();
constraint.setName(Constraint.__BASIC_AUTH);
constraint.setRoles(new String[]{"user"});
constraint.setAuthenticate(true);
final ConstraintMapping constraintMapping = new ConstraintMapping();
constraintMapping.setConstraint(constraint);
constraintMapping.setPathSpec("/*");
final ConstraintSecurityHandler handler = (ConstraintSecurityHandler) context.getSecurityHandler();
handler.setLoginService(new HashLoginService("MyRealm", "./src/test/resources/realm.properties"));
handler.setConstraintMappings(new ConstraintMapping[]{constraintMapping});
}
context.addServlet(MockWebConnectionServlet.class, "/*");
server.setHandler(context);
tryStart(PORT, server);
STATIC_SERVER_ = server;
}
MockWebConnectionServlet.setMockconnection(mockConnection);
}
Example 14
| Source File: Manager.java From chipster with MIT License | 4 votes |
|
private void startAdmin(Configuration configuration) throws IOException,
Exception {
org.eclipse.jetty.server.Server adminServer = new org.eclipse.jetty.server.Server();
ServerConnector connector = new ServerConnector(adminServer);
connector.setPort(configuration.getInt("manager", "admin-port"));
adminServer.setConnectors(new Connector[]{ connector });
Constraint constraint = new Constraint();
constraint.setName(Constraint.__BASIC_AUTH);
constraint.setRoles(new String[] {ADMIN_ROLE});
constraint.setAuthenticate(true);
ConstraintMapping cm = new ConstraintMapping();
cm.setConstraint(constraint);
cm.setPathSpec("/*");
HashLoginService loginService = new HashLoginService("Please enter Chipster Admin username and password");
loginService.update(configuration.getString("manager", "admin-username"),
new Password(configuration.getString("manager", "admin-password")),
new String[] {ADMIN_ROLE});
ConstraintSecurityHandler sh = new ConstraintSecurityHandler();
sh.setLoginService(loginService);
sh.addConstraintMapping(cm);
WebAppContext context = new WebAppContext();
context.setWar(new File(DirectoryLayout.getInstance().getWebappsDir(), "admin-web.war").getAbsolutePath());
context.setContextPath("/");
// context.setDescriptor(new ClassPathResource("WebContent/WEB-INF/web.xml").getURI().toString());
// context.setResourceBase(new ClassPathResource("WebContent").getURI().toString());
// context.setContextPath("/");
// context.setParentLoaderPriority(true);
context.setHandler(sh);
HandlerCollection handlers = new HandlerCollection();
handlers.setHandlers(new Handler[] {context, new DefaultHandler()});
adminServer.setHandler(handlers);
adminServer.start();
}
Example 15
| Source File: WebDriverTestCase.java From htmlunit with Apache License 2.0 | 4 votes |
|
/**
* Starts the web server delivering response from the provided connection.
* @param mockConnection the sources for responses
* @param serverCharset the {@link Charset} at the server side
* @throws Exception if a problem occurs
*/
protected void startWebServer(final MockWebConnection mockConnection, final Charset serverCharset)
throws Exception {
if (Boolean.FALSE.equals(LAST_TEST_UsesMockWebConnection_)) {
stopWebServers();
}
LAST_TEST_UsesMockWebConnection_ = Boolean.TRUE;
if (STATIC_SERVER_ == null) {
final Server server = buildServer(PORT);
final WebAppContext context = new WebAppContext();
context.setContextPath("/");
context.setResourceBase("./");
if (isBasicAuthentication()) {
final Constraint constraint = new Constraint();
constraint.setName(Constraint.__BASIC_AUTH);
constraint.setRoles(new String[]{"user"});
constraint.setAuthenticate(true);
final ConstraintMapping constraintMapping = new ConstraintMapping();
constraintMapping.setConstraint(constraint);
constraintMapping.setPathSpec("/*");
final ConstraintSecurityHandler handler = (ConstraintSecurityHandler) context.getSecurityHandler();
handler.setLoginService(new HashLoginService("MyRealm", "./src/test/resources/realm.properties"));
handler.setConstraintMappings(new ConstraintMapping[]{constraintMapping});
}
context.addServlet(MockWebConnectionServlet.class, "/*");
if (serverCharset != null) {
AsciiEncodingFilter.CHARSET_ = serverCharset;
context.addFilter(AsciiEncodingFilter.class, "/*",
EnumSet.of(DispatcherType.INCLUDE, DispatcherType.REQUEST));
}
server.setHandler(context);
WebServerTestCase.tryStart(PORT, server);
STATIC_SERVER_STARTER_ = ExceptionUtils.getStackTrace(new Throwable("StaticServerStarter"));
STATIC_SERVER_ = server;
}
MockWebConnectionServlet.MockConnection_ = mockConnection;
if (STATIC_SERVER2_ == null && needThreeConnections()) {
final Server server2 = buildServer(PORT2);
final WebAppContext context2 = new WebAppContext();
context2.setContextPath("/");
context2.setResourceBase("./");
context2.addServlet(MockWebConnectionServlet.class, "/*");
server2.setHandler(context2);
WebServerTestCase.tryStart(PORT2, server2);
STATIC_SERVER2_STARTER_ = ExceptionUtils.getStackTrace(new Throwable("StaticServer2Starter"));
STATIC_SERVER2_ = server2;
final Server server3 = buildServer(PORT3);
final WebAppContext context3 = new WebAppContext();
context3.setContextPath("/");
context3.setResourceBase("./");
context3.addServlet(MockWebConnectionServlet.class, "/*");
server3.setHandler(context3);
WebServerTestCase.tryStart(PORT3, server3);
STATIC_SERVER3_STARTER_ = ExceptionUtils.getStackTrace(new Throwable("StaticServer3Starter"));
STATIC_SERVER3_ = server3;
/*
* The mock connection servlet call sit under both servers, so long as tests
* keep the URLs distinct.
*/
}
}
Example 16
| Source File: JettyHttpServer.java From everrest with Eclipse Public License 2.0 | 4 votes |
|
public void start() throws Exception {
RequestLogHandler handler = new RequestLogHandler();
if (context == null) {
context = new ServletContextHandler(handler, "/", ServletContextHandler.SESSIONS);
}
context.setEventListeners(new EventListener[]{new EverrestInitializedListener()});
ServletHolder servletHolder = new ServletHolder(new EverrestServlet());
context.addServlet(servletHolder, UNSECURE_PATH_SPEC);
context.addServlet(servletHolder, SECURE_PATH_SPEC);
//set up security
Constraint constraint = new Constraint();
constraint.setName(Constraint.__BASIC_AUTH);
constraint.setRoles(new String[]{"cloud-admin", "users", "user", "temp_user"});
constraint.setAuthenticate(true);
ConstraintMapping constraintMapping = new ConstraintMapping();
constraintMapping.setConstraint(constraint);
constraintMapping.setPathSpec(SECURE_PATH_SPEC);
ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
securityHandler.addConstraintMapping(constraintMapping);
HashLoginService loginService = new HashLoginService();
UserStore userStore = new UserStore();
userStore.addUser(ADMIN_USER_NAME, new Password(ADMIN_USER_PASSWORD),
new String[]{"cloud-admin",
"users",
"user",
"temp_user",
"developer",
"admin",
"workspace/developer",
"workspace/admin",
"account/owner",
"account/member",
"system/admin",
"system/manager"
});
userStore.addUser(MANAGER_USER_NAME, new Password(MANAGER_USER_PASSWORD), new String[]{"cloud-admin",
"user",
"temp_user",
"users"});
loginService.setUserStore(userStore);
securityHandler.setLoginService(loginService);
securityHandler.setAuthenticator(new BasicAuthenticator());
context.setSecurityHandler(securityHandler);
server.setHandler(handler);
server.start();
ResourceBinder binder =
(ResourceBinder)context.getServletContext().getAttribute(ResourceBinder.class.getName());
DependencySupplier dependencies =
(DependencySupplier)context.getServletContext().getAttribute(DependencySupplier.class.getName());
GroovyResourcePublisher groovyPublisher = new GroovyResourcePublisher(binder, dependencies);
context.getServletContext().setAttribute(GroovyResourcePublisher.class.getName(), groovyPublisher);
}
Example 17
| Source File: JettyServer.java From selenium with Apache License 2.0 | 4 votes |
|
public JettyServer(BaseServerOptions options, HttpHandler handler) {
this.handler = Require.nonNull("Handler", handler);
int port = options.getPort() == 0 ? PortProber.findFreePort() : options.getPort();
String host = options.getHostname().orElseGet(() -> {
try {
return new NetworkUtils().getNonLoopbackAddressOfThisMachine();
} catch (WebDriverException ignored) {
return "localhost";
}
});
try {
this.url = new URL("http", host, port, "");
} catch (MalformedURLException e) {
throw new UncheckedIOException(e);
}
Log.setLog(new JavaUtilLog());
this.server = new org.eclipse.jetty.server.Server(
new QueuedThreadPool(options.getMaxServerThreads()));
this.servletContextHandler = new ServletContextHandler(ServletContextHandler.SECURITY);
ConstraintSecurityHandler
securityHandler =
(ConstraintSecurityHandler) servletContextHandler.getSecurityHandler();
Constraint disableTrace = new Constraint();
disableTrace.setName("Disable TRACE");
disableTrace.setAuthenticate(true);
ConstraintMapping disableTraceMapping = new ConstraintMapping();
disableTraceMapping.setConstraint(disableTrace);
disableTraceMapping.setMethod("TRACE");
disableTraceMapping.setPathSpec("/");
securityHandler.addConstraintMapping(disableTraceMapping);
Constraint enableOther = new Constraint();
enableOther.setName("Enable everything but TRACE");
ConstraintMapping enableOtherMapping = new ConstraintMapping();
enableOtherMapping.setConstraint(enableOther);
enableOtherMapping.setMethodOmissions(new String[]{"TRACE"});
enableOtherMapping.setPathSpec("/");
securityHandler.addConstraintMapping(enableOtherMapping);
// Allow CORS: Whether the Selenium server should allow web browser connections from any host
if (options.getAllowCORS()) {
FilterHolder
filterHolder = servletContextHandler.addFilter(CrossOriginFilter.class, "/*", EnumSet
.of(DispatcherType.REQUEST));
filterHolder.setInitParameter("allowedMethods", "GET,POST,PUT,DELETE,HEAD");
// Warning user
LOG.warning("You have enabled CORS requests from any host. "
+ "Be careful not to visit sites which could maliciously "
+ "try to start Selenium sessions on your machine");
}
server.setHandler(servletContextHandler);
HttpConfiguration httpConfig = new HttpConfiguration();
httpConfig.setSecureScheme("https");
ServerConnector http = new ServerConnector(server, new HttpConnectionFactory(httpConfig));
options.getHostname().ifPresent(http::setHost);
http.setPort(getUrl().getPort());
http.setIdleTimeout(500000);
server.setConnectors(new Connector[]{http});
}
Example 18
| Source File: WebServerTask.java From datacollector with Apache License 2.0 | 4 votes |
|
private List<ConstraintMapping> createConstraintMappings() {
// everything under /* public
Constraint noAuthConstraint = new Constraint();
noAuthConstraint.setName("auth");
noAuthConstraint.setAuthenticate(false);
noAuthConstraint.setRoles(new String[]{"user"});
ConstraintMapping noAuthMapping = new ConstraintMapping();
noAuthMapping.setPathSpec("/*");
noAuthMapping.setConstraint(noAuthConstraint);
// everything under /public-rest/* public
Constraint publicRestConstraint = new Constraint();
publicRestConstraint.setName("auth");
publicRestConstraint.setAuthenticate(false);
publicRestConstraint.setRoles(new String[] { "user"});
ConstraintMapping publicRestMapping = new ConstraintMapping();
publicRestMapping.setPathSpec("/public-rest/*");
publicRestMapping.setConstraint(publicRestConstraint);
// everything under /rest/* restricted
Constraint restConstraint = new Constraint();
restConstraint.setName("auth");
restConstraint.setAuthenticate(true);
restConstraint.setRoles(new String[] { "user"});
ConstraintMapping restMapping = new ConstraintMapping();
restMapping.setPathSpec("/rest/*");
restMapping.setConstraint(restConstraint);
// /logout is restricted
Constraint logoutConstraint = new Constraint();
logoutConstraint.setName("auth");
logoutConstraint.setAuthenticate(true);
logoutConstraint.setRoles(new String[] { "user"});
ConstraintMapping logoutMapping = new ConstraintMapping();
logoutMapping.setPathSpec("/logout");
logoutMapping.setConstraint(logoutConstraint);
// index page is restricted to trigger login correctly when using form authentication
Constraint indexConstraint = new Constraint();
indexConstraint.setName("auth");
indexConstraint.setAuthenticate(true);
indexConstraint.setRoles(new String[] { "user"});
ConstraintMapping indexMapping = new ConstraintMapping();
indexMapping.setPathSpec("");
indexMapping.setConstraint(indexConstraint);
// docs is restricted
ConstraintMapping docMapping = new ConstraintMapping();
docMapping.setPathSpec("/docs/*");
docMapping.setConstraint(indexConstraint);
// Disable TRACE method
Constraint disableTraceConstraint = new Constraint();
disableTraceConstraint.setName("Disable TRACE");
disableTraceConstraint.setAuthenticate(true);
ConstraintMapping disableTraceMapping = new ConstraintMapping();
disableTraceMapping.setPathSpec("/*");
disableTraceMapping.setMethod("TRACE");
disableTraceMapping.setConstraint(disableTraceConstraint);
return ImmutableList.of(
disableTraceMapping,
restMapping,
indexMapping,
docMapping,
logoutMapping,
noAuthMapping,
publicRestMapping
);
}
Example 19
| Source File: HttpReceiverServerPush.java From datacollector with Apache License 2.0 | 4 votes |
|
public static SecurityHandler getSpnegoAuthHandler(HttpSourceConfigs httpCourceConf, Stage.Context context) throws StageException {
String domainRealm = httpCourceConf.getSpnegoConfigBean().getKerberosRealm();
String principal = httpCourceConf.getSpnegoConfigBean().getSpnegoPrincipal();
String keytab = httpCourceConf.getSpnegoConfigBean().getSpnegoKeytabFilePath();
File f = new File(context.getResourcesDirectory()+"/spnego.conf");
try {
PrintWriter pw = new PrintWriter(f);
pw.println(String.format(JGSS_INITITATE ,principal,keytab) +"\n"+ String.format(JGSS_ACCEPT,principal,keytab));
pw.close();
} catch (IOException e) {
throw new StageException(Errors.HTTP_36, e);
}
System.setProperty(JAVAX_SECURITY_AUTH_USE_SUBJECT_CREDS_ONLY, "false");
System.setProperty(JAVA_SECURITY_AUTH_LOGIN_CONFIG, context.getResourcesDirectory()+"/spnego.conf");
Constraint constraint = new Constraint();
constraint.setName(Constraint.__SPNEGO_AUTH);
constraint.setRoles(new String[]{domainRealm});
constraint.setAuthenticate(true);
ConstraintMapping cm = new ConstraintMapping();
cm.setConstraint(constraint);
cm.setPathSpec("/*");
SpnegoLoginService loginService = new SpnegoLoginService(){
@Override
protected void doStart() throws Exception {
// Override the parent implementation to set the targetName without having
// an extra .properties file.
final Field targetNameField = SpnegoLoginService.class.getDeclaredField(TARGET_NAME_FIELD_NAME);
targetNameField.setAccessible(true);
targetNameField.set(this, principal);
}
};
loginService.setName(domainRealm);
ConstraintSecurityHandler csh = new ConstraintSecurityHandler();
csh.setAuthenticator(new SpnegoAuthenticator());
csh.setLoginService(loginService);
csh.setConstraintMappings(new ConstraintMapping[]{cm});
csh.setRealmName(domainRealm);
return csh;
}
Example 20
| Source File: TestWebServicesFetcher.java From datacollector with Apache License 2.0 | 4 votes |
|
protected void runServer(int port, boolean serverSsl, boolean clientSsl, String httpAuth, Callable<Void> test)
throws Exception {
Server server = createServer(port, serverSsl, clientSsl);
ServletContextHandler contextHandler = new ServletContextHandler();
if (!httpAuth.equals("none")) {
File realmFile = new File(getConfDir(), httpAuth + ".properties");
LoginService loginService = new HashLoginService(httpAuth, realmFile.getAbsolutePath());
server.addBean(loginService);
ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
switch (httpAuth) {
case "basic":
securityHandler.setAuthenticator(new BasicAuthenticator());
break;
case "digest":
securityHandler.setAuthenticator(new DigestAuthenticator());
break;
}
securityHandler.setLoginService(loginService);
Constraint constraint = new Constraint();
constraint.setName("auth");
constraint.setAuthenticate(true);
constraint.setRoles(new String[]{"user"});
ConstraintMapping mapping = new ConstraintMapping();
mapping.setPathSpec("/*");
mapping.setConstraint(constraint);
securityHandler.addConstraintMapping(mapping);
contextHandler.setSecurityHandler(securityHandler);
}
MockCyberArkServlet servlet = new MockCyberArkServlet();
contextHandler.addServlet(new ServletHolder(servlet), "/AIMWebService/api/Accounts");
contextHandler.setContextPath("/");
server.setHandler(contextHandler);
try {
server.start();
test.call();
} finally {
server.stop();
}
}
