Java Code Examples for org.eclipse.jetty.security.ConstraintMapping#setPathSpec()

The following examples show how to use org.eclipse.jetty.security.ConstraintMapping#setPathSpec() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: GerritRestClientTest.java    From gerrit-rest-java-client with Apache License 2.0 6 votes vote down vote up
private static SecurityHandler basicAuth(String username, String password, String realm) {
    HashLoginService loginService = new HashLoginService();
    loginService.putUser(username, Credential.getCredential(password), new String[]{"user"});
    loginService.setName(realm);

    Constraint constraint = new Constraint();
    constraint.setName(Constraint.__DIGEST_AUTH);
    constraint.setRoles(new String[]{"user"});
    constraint.setAuthenticate(true);

    ConstraintMapping constraintMapping = new ConstraintMapping();
    constraintMapping.setConstraint(constraint);
    constraintMapping.setPathSpec("/*");

    ConstraintSecurityHandler csh = new ConstraintSecurityHandler();
    csh.setAuthenticator(new BasicAuthenticator());
    csh.setRealmName("realm");
    csh.addConstraintMapping(constraintMapping);
    csh.setLoginService(loginService);
    return csh;
}
 
Example 2
Source File: BaleenWebApi.java    From baleen with Apache License 2.0 6 votes vote down vote up
private void addServlet(final Servlet servlet, final String path, WebPermission... permissions) {
  servletContextHandler.addServlet(new ServletHolder(servlet), path);
  if (permissions != null && permissions.length > 0) {
    for (WebPermission p : permissions) {
      Constraint constraint = getConstraintForPermission(p);
      ConstraintMapping mapping = new ConstraintMapping();
      mapping.setPathSpec(servletContextHandler.getContextPath() + path);
      mapping.setConstraint(constraint);
      if (p.hasMethod()) {
        mapping.setMethod(p.getMethod().name());
      }
      constraintMappings.add(mapping);
    }
  }

  LOGGER.info("Servlet added on path {}", path);
}
 
Example 3
Source File: HttpServer.java    From calcite-avatica with Apache License 2.0 6 votes vote down vote up
protected ConstraintSecurityHandler configureCommonAuthentication(String constraintName,
    String[] allowedRoles, Authenticator authenticator, String realm,
    LoginService loginService) {

  Constraint constraint = new Constraint();
  constraint.setName(constraintName);
  constraint.setRoles(allowedRoles);
  // This is telling Jetty to not allow unauthenticated requests through (very important!)
  constraint.setAuthenticate(true);

  ConstraintMapping cm = new ConstraintMapping();
  cm.setConstraint(constraint);
  cm.setPathSpec("/*");

  ConstraintSecurityHandler sh = new ConstraintSecurityHandler();
  sh.setAuthenticator(authenticator);
  sh.setLoginService(loginService);
  sh.setConstraintMappings(new ConstraintMapping[]{cm});
  sh.setRealmName(realm);

  return sh;
}
 
Example 4
Source File: AuthUtil.java    From rest-utils with Apache License 2.0 6 votes vote down vote up
/**
 * Build a secure or unsecure constraint using standard RestConfig for a path.
 *
 * @param restConfig the rest app's config.
 * @param authenticate authentication flag.
 * @param pathSpec path for constraint.
 * @return the constraint mapping.
 */
private static ConstraintMapping createConstraint(
    final RestConfig restConfig,
    final boolean authenticate,
    final String pathSpec
) {
  final Constraint constraint = new Constraint();
  constraint.setAuthenticate(authenticate);
  if (authenticate) {
    final List<String> roles = restConfig.getList(RestConfig.AUTHENTICATION_ROLES_CONFIG);
    constraint.setRoles(roles.toArray(new String[0]));
  }

  final ConstraintMapping mapping = new ConstraintMapping();
  mapping.setConstraint(constraint);
  mapping.setMethod("*");
  if (authenticate && AuthUtil.isCorsEnabled(restConfig)) {
    mapping.setMethodOmissions(new String[]{"OPTIONS"});
  }
  mapping.setPathSpec(pathSpec);
  return mapping;
}
 
Example 5
Source File: HttpServerUtil.java    From hbase with Apache License 2.0 6 votes vote down vote up
/**
 * Add constraints to a Jetty Context to disallow undesirable Http methods.
 * @param ctxHandler The context to modify
 * @param allowOptionsMethod if true then OPTIONS method will not be set in constraint mapping
 */
public static void constrainHttpMethods(ServletContextHandler ctxHandler,
    boolean allowOptionsMethod) {
  Constraint c = new Constraint();
  c.setAuthenticate(true);

  ConstraintMapping cmt = new ConstraintMapping();
  cmt.setConstraint(c);
  cmt.setMethod("TRACE");
  cmt.setPathSpec("/*");

  ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();

  if (!allowOptionsMethod) {
    ConstraintMapping cmo = new ConstraintMapping();
    cmo.setConstraint(c);
    cmo.setMethod("OPTIONS");
    cmo.setPathSpec("/*");
    securityHandler.setConstraintMappings(new ConstraintMapping[] { cmt, cmo });
  } else {
    securityHandler.setConstraintMappings(new ConstraintMapping[] { cmt });
  }

  ctxHandler.setSecurityHandler(securityHandler);
}
 
Example 6
Source File: DigestAuthSupplierJettyTest.java    From cxf with Apache License 2.0 5 votes vote down vote up
@Override
protected void run() {
    server = new Server(PORT);

    HashLoginService loginService = new HashLoginService();
    loginService.setName("My Realm");
    UserStore userStore = new UserStore();
    String[] roles = new String[] {"user"};
    userStore.addUser(USER, Credential.getCredential(PWD), roles);
    loginService.setUserStore(userStore);

    Constraint constraint = new Constraint();
    constraint.setName(Constraint.__DIGEST_AUTH);
    constraint.setRoles(roles);
    constraint.setAuthenticate(true);

    ConstraintMapping cm = new ConstraintMapping();
    cm.setConstraint(constraint);
    cm.setPathSpec("/*");

    ConstraintSecurityHandler csh = new ConstraintSecurityHandler();
    csh.setAuthenticator(new DigestAuthenticator());
    csh.addConstraintMapping(cm);
    csh.setLoginService(loginService);

    ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS);
    context.setSecurityHandler(csh);
    context.setContextPath("/");
    server.setHandler(context);
    context.addServlet(new ServletHolder(new TestServlet()), "/*");

    try {
        server.start();
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}
 
Example 7
Source File: HttpServer.java    From sensorhub with Mozilla Public License 2.0 5 votes vote down vote up
public void addServletSecurity(String pathSpec, String... roles)
{
    if (securityHandler != null)
    {
        Constraint constraint = new Constraint();
        constraint.setName(Constraint.__DIGEST_AUTH);
        constraint.setRoles(roles);
        constraint.setAuthenticate(true);         
        ConstraintMapping cm = new ConstraintMapping();
        cm.setConstraint(constraint);
        cm.setPathSpec(pathSpec);
        securityHandler.addConstraintMapping(cm);
    }
}
 
Example 8
Source File: AppEngineAuthenticationTest.java    From appengine-java-vm-runtime with Apache License 2.0 5 votes vote down vote up
private void addConstraint(
    ConstraintSecurityHandler handler, String path, String name, String... roles) {
  Constraint constraint = new Constraint();
  constraint.setName(name);
  constraint.setRoles(roles);
  constraint.setAuthenticate(true);
  ConstraintMapping mapping = new ConstraintMapping();
  mapping.setMethod("GET");
  mapping.setPathSpec(path);
  mapping.setConstraint(constraint);
  handler.addConstraintMapping(mapping);
}
 
Example 9
Source File: StandaloneAdminWeb.java    From chipster with MIT License 5 votes vote down vote up
public static void main(String args[]) throws Exception {
	org.eclipse.jetty.server.Server adminServer = new org.eclipse.jetty.server.Server();
	ServerConnector connector = new ServerConnector(adminServer);
	connector.setPort(8083);
	adminServer.setConnectors(new Connector[]{ connector });
	
	Constraint constraint = new Constraint();
	constraint.setName(Constraint.__BASIC_AUTH);
	constraint.setRoles(new String[] {"admin_role"});
	constraint.setAuthenticate(true);
	
	ConstraintMapping cm = new ConstraintMapping();
	cm.setConstraint(constraint);
	cm.setPathSpec("/*");
	
	HashLoginService loginService = new HashLoginService("Please enter Chipster Admin username and password");
	loginService.update("chipster", 
			new Password("chipster"), 
			new String[] {"admin_role"});
	
	ConstraintSecurityHandler sh = new ConstraintSecurityHandler();
	sh.setLoginService(loginService);
	sh.addConstraintMapping(cm);
	
	WebAppContext context = new WebAppContext();
	File war = new File("../chipster/dist/admin-web.war");
	//File war = new File("webapps/admin-web.war");
	context.setWar(war.getAbsolutePath());
	System.out.println(war.getAbsolutePath());
       context.setContextPath("/");
			
       context.setHandler(sh);
	HandlerCollection handlers = new HandlerCollection();
	handlers.setHandlers(new Handler[] {context, new DefaultHandler()});
			
	adminServer.setHandler(handlers);
       adminServer.start();
}
 
Example 10
Source File: JettySecurity.java    From camelinaction2 with Apache License 2.0 5 votes vote down vote up
public static ConstraintSecurityHandler createSecurityHandler() {
    Constraint constraint = new Constraint("BASIC", "customer");
    constraint.setAuthenticate(true);

    ConstraintMapping mapping = new ConstraintMapping();
    mapping.setConstraint(constraint);
    mapping.setPathSpec("/*");

    ConstraintSecurityHandler handler = new ConstraintSecurityHandler();
    handler.addConstraintMapping(mapping);
    handler.setAuthenticator(new BasicAuthenticator());
    handler.setLoginService(new HashLoginService("RiderAutoParts", "etc/rest-users.properties"));

    return handler;
}
 
Example 11
Source File: JavaxServletSyncServerITest.java    From hawkular-apm with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void initClass() throws Exception {
    server = new Server(8180);

    LoginService loginService = new HashLoginService("MyRealm",
            "src/test/resources/realm.properties");
    server.addBean(loginService);

    ConstraintSecurityHandler security = new ConstraintSecurityHandler();
    server.setHandler(security);

    Constraint constraint = new Constraint();
    constraint.setName("auth");
    constraint.setAuthenticate(true);
    constraint.setRoles(new String[] { "user", "admin" });

    ConstraintMapping mapping = new ConstraintMapping();
    mapping.setPathSpec("/*");
    mapping.setConstraint(constraint);

    security.setConstraintMappings(Collections.singletonList(mapping));
    security.setAuthenticator(new BasicAuthenticator());
    security.setLoginService(loginService);

    ServletContextHandler context = new ServletContextHandler();
    context.setContextPath("/");
    context.addServlet(EmbeddedServlet.class, "/hello");
    security.setHandler(context);

    server.start();
}
 
Example 12
Source File: AuthenticationIntegrationTest.java    From cruise-control with BSD 2-Clause "Simplified" License 5 votes vote down vote up
@Override
public List<ConstraintMapping> constraintMappings() {
  ConstraintMapping mapping = new ConstraintMapping();
  Constraint constraint = new Constraint();
  constraint.setAuthenticate(true);
  constraint.setName(Constraint.__BASIC_AUTH);
  constraint.setRoles(new String[] { ADMIN_ROLE });
  mapping.setConstraint(constraint);
  mapping.setPathSpec(ANY_PATH);

  return Collections.singletonList(mapping);
}
 
Example 13
Source File: EmissaryServer.java    From emissary with Apache License 2.0 5 votes vote down vote up
private ConstraintSecurityHandler buildSecurityHandler() {
    ConstraintSecurityHandler handler = new ConstraintSecurityHandler();
    Constraint constraint = new Constraint();
    constraint.setName("auth");
    constraint.setAuthenticate(true);
    constraint.setRoles(new String[] {"everyone", "emissary", "admin", "support", "manager"});
    ConstraintMapping mapping = new ConstraintMapping();
    mapping.setPathSpec("/*");
    mapping.setConstraint(constraint);
    handler.setConstraintMappings(Collections.singletonList(mapping));
    handler.setAuthenticator(new DigestAuthenticator());
    return handler;
}
 
Example 14
Source File: WebServerTestCase.java    From htmlunit with Apache License 2.0 5 votes vote down vote up
/**
 * Starts the web server delivering response from the provided connection.
 * @param mockConnection the sources for responses
 * @throws Exception if a problem occurs
 */
protected void startWebServer(final MockWebConnection mockConnection) throws Exception {
    if (STATIC_SERVER_ == null) {
        final Server server = buildServer(PORT);

        final WebAppContext context = new WebAppContext();
        context.setContextPath("/");
        context.setResourceBase("./");

        if (isBasicAuthentication()) {
            final Constraint constraint = new Constraint();
            constraint.setName(Constraint.__BASIC_AUTH);
            constraint.setRoles(new String[]{"user"});
            constraint.setAuthenticate(true);

            final ConstraintMapping constraintMapping = new ConstraintMapping();
            constraintMapping.setConstraint(constraint);
            constraintMapping.setPathSpec("/*");

            final ConstraintSecurityHandler handler = (ConstraintSecurityHandler) context.getSecurityHandler();
            handler.setLoginService(new HashLoginService("MyRealm", "./src/test/resources/realm.properties"));
            handler.setConstraintMappings(new ConstraintMapping[]{constraintMapping});
        }

        context.addServlet(MockWebConnectionServlet.class, "/*");
        server.setHandler(context);

        tryStart(PORT, server);
        STATIC_SERVER_ = server;
    }
    MockWebConnectionServlet.setMockconnection(mockConnection);
}
 
Example 15
Source File: WebDriverTestCase.java    From htmlunit with Apache License 2.0 4 votes vote down vote up
/**
 * Starts the web server delivering response from the provided connection.
 * @param mockConnection the sources for responses
 * @param serverCharset the {@link Charset} at the server side
 * @throws Exception if a problem occurs
 */
protected void startWebServer(final MockWebConnection mockConnection, final Charset serverCharset)
        throws Exception {
    if (Boolean.FALSE.equals(LAST_TEST_UsesMockWebConnection_)) {
        stopWebServers();
    }

    LAST_TEST_UsesMockWebConnection_ = Boolean.TRUE;
    if (STATIC_SERVER_ == null) {
        final Server server = buildServer(PORT);

        final WebAppContext context = new WebAppContext();
        context.setContextPath("/");
        context.setResourceBase("./");

        if (isBasicAuthentication()) {
            final Constraint constraint = new Constraint();
            constraint.setName(Constraint.__BASIC_AUTH);
            constraint.setRoles(new String[]{"user"});
            constraint.setAuthenticate(true);

            final ConstraintMapping constraintMapping = new ConstraintMapping();
            constraintMapping.setConstraint(constraint);
            constraintMapping.setPathSpec("/*");

            final ConstraintSecurityHandler handler = (ConstraintSecurityHandler) context.getSecurityHandler();
            handler.setLoginService(new HashLoginService("MyRealm", "./src/test/resources/realm.properties"));
            handler.setConstraintMappings(new ConstraintMapping[]{constraintMapping});
        }

        context.addServlet(MockWebConnectionServlet.class, "/*");
        if (serverCharset != null) {
            AsciiEncodingFilter.CHARSET_ = serverCharset;
            context.addFilter(AsciiEncodingFilter.class, "/*",
                    EnumSet.of(DispatcherType.INCLUDE, DispatcherType.REQUEST));
        }
        server.setHandler(context);
        WebServerTestCase.tryStart(PORT, server);

        STATIC_SERVER_STARTER_ = ExceptionUtils.getStackTrace(new Throwable("StaticServerStarter"));
        STATIC_SERVER_ = server;
    }
    MockWebConnectionServlet.MockConnection_ = mockConnection;

    if (STATIC_SERVER2_ == null && needThreeConnections()) {
        final Server server2 = buildServer(PORT2);
        final WebAppContext context2 = new WebAppContext();
        context2.setContextPath("/");
        context2.setResourceBase("./");
        context2.addServlet(MockWebConnectionServlet.class, "/*");
        server2.setHandler(context2);
        WebServerTestCase.tryStart(PORT2, server2);

        STATIC_SERVER2_STARTER_ = ExceptionUtils.getStackTrace(new Throwable("StaticServer2Starter"));
        STATIC_SERVER2_ = server2;

        final Server server3 = buildServer(PORT3);
        final WebAppContext context3 = new WebAppContext();
        context3.setContextPath("/");
        context3.setResourceBase("./");
        context3.addServlet(MockWebConnectionServlet.class, "/*");
        server3.setHandler(context3);
        WebServerTestCase.tryStart(PORT3, server3);

        STATIC_SERVER3_STARTER_ = ExceptionUtils.getStackTrace(new Throwable("StaticServer3Starter"));
        STATIC_SERVER3_ = server3;
        /*
         * The mock connection servlet call sit under both servers, so long as tests
         * keep the URLs distinct.
         */
    }
}
 
Example 16
Source File: JettyHttpServer.java    From everrest with Eclipse Public License 2.0 4 votes vote down vote up
public void start() throws Exception {
    RequestLogHandler handler = new RequestLogHandler();

    if (context == null) {
        context = new ServletContextHandler(handler, "/", ServletContextHandler.SESSIONS);
    }

    context.setEventListeners(new EventListener[]{new EverrestInitializedListener()});
    ServletHolder servletHolder = new ServletHolder(new EverrestServlet());

    context.addServlet(servletHolder, UNSECURE_PATH_SPEC);
    context.addServlet(servletHolder, SECURE_PATH_SPEC);

    //set up security
    Constraint constraint = new Constraint();
    constraint.setName(Constraint.__BASIC_AUTH);
    constraint.setRoles(new String[]{"cloud-admin", "users", "user", "temp_user"});
    constraint.setAuthenticate(true);

    ConstraintMapping constraintMapping = new ConstraintMapping();
    constraintMapping.setConstraint(constraint);
    constraintMapping.setPathSpec(SECURE_PATH_SPEC);

    ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
    securityHandler.addConstraintMapping(constraintMapping);

    HashLoginService loginService = new HashLoginService();

    UserStore userStore = new UserStore();

    userStore.addUser(ADMIN_USER_NAME, new Password(ADMIN_USER_PASSWORD),
                         new String[]{"cloud-admin",
                                      "users",
                                      "user",
                                      "temp_user",
                                      "developer",
                                      "admin",
                                      "workspace/developer",
                                      "workspace/admin",
                                      "account/owner",
                                      "account/member",
                                      "system/admin",
                                      "system/manager"
                         });
    userStore.addUser(MANAGER_USER_NAME, new Password(MANAGER_USER_PASSWORD), new String[]{"cloud-admin",
                                                                                              "user",
                                                                                              "temp_user",
                                                                                              "users"});
    loginService.setUserStore(userStore);

    securityHandler.setLoginService(loginService);
    securityHandler.setAuthenticator(new BasicAuthenticator());

    context.setSecurityHandler(securityHandler);

    server.setHandler(handler);

    server.start();
    ResourceBinder binder =
            (ResourceBinder)context.getServletContext().getAttribute(ResourceBinder.class.getName());
    DependencySupplier dependencies =
            (DependencySupplier)context.getServletContext().getAttribute(DependencySupplier.class.getName());
    GroovyResourcePublisher groovyPublisher = new GroovyResourcePublisher(binder, dependencies);
    context.getServletContext().setAttribute(GroovyResourcePublisher.class.getName(), groovyPublisher);

}
 
Example 17
Source File: ODataTestServer.java    From syndesis with Apache License 2.0 4 votes vote down vote up
@SuppressWarnings( "deprecation" )
private void initServer(SSLContext sslContext, String userName) throws UnknownHostException {
    ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS);
    context.setContextPath(FORWARD_SLASH);
    this.setHandler(context);

    ServletHandler productsHandler = new ServletHandler();
    productsHandler.addServletWithMapping(
        ProductsServlet.class,
        FORWARD_SLASH + PRODUCTS_SVC + FORWARD_SLASH + STAR);
    productsHandler.addFilterWithMapping(ODataPathFilter.class, FORWARD_SLASH + STAR, FilterMapping.REQUEST);
    context.insertHandler(productsHandler);

    if (userName != null) {
        LoginService loginService = new HashLoginService("MyRealm", "src/test/resources/realm.properties");
        this.addBean(loginService);

        ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
        Constraint constraint = new Constraint();
        constraint.setName("auth");
        constraint.setAuthenticate(true);
        constraint.setRoles(new String[] { USER, "admin" });

        ConstraintMapping mapping = new ConstraintMapping();
        mapping.setPathSpec(FORWARD_SLASH + PRODUCTS_SVC + FORWARD_SLASH + STAR);
        mapping.setConstraint(constraint);

        securityHandler.setConstraintMappings(Collections.singletonList(mapping));
        securityHandler.setAuthenticator(new BasicAuthenticator());

        context.setSecurityHandler(securityHandler);
    }

    httpConnector = new ServerConnector(this);
    httpConnector.setPort(httpPort); // Finds next available port if still 0
    this.addConnector(httpConnector);


    if (sslContext != null) {
        // HTTPS
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        httpConfiguration.setSecureScheme("https");
        httpConfiguration.setSecurePort(httpsPort); // Finds next available port if still 0
        httpConfiguration.addCustomizer(new SecureRequestCustomizer());

        final SslContextFactory sslContextFactory = new SslContextFactory();
        sslContextFactory.setSslContext(sslContext);
        httpsConnector = new ServerConnector(this, sslContextFactory, new HttpConnectionFactory(httpConfiguration));
        httpsConnector.setPort(httpsPort); // Finds next available port if still 0
        this.addConnector(httpsConnector);
    }
}
 
Example 18
Source File: LotteryApplication.java    From keycloak-dropwizard-integration with Apache License 2.0 4 votes vote down vote up
@Override
public void run(LotteryConfiguration configuration, Environment environment)
        throws ClassNotFoundException, IOException {

    // tag::constraint[]
    ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
    environment.getApplicationContext().setSecurityHandler(securityHandler);
    securityHandler.addRole("user");
    ConstraintMapping constraintMapping = new ConstraintMapping();
    constraintMapping.setPathSpec("/*");
    Constraint constraint = new Constraint();
    // end::constraint[]

    /* if I put false here, there will be deferred authentication. This will
    not work when using oAuth redirects (as they will not make it to the front end).
    The DeferredAuthentication will swallow them.

    This might be different with a bearer token?!
     */
    // tag::constraint[]
    constraint.setAuthenticate(true);
    constraint.setRoles(new String[]{"user"});
    constraintMapping.setConstraint(constraint);
    securityHandler.addConstraintMapping(constraintMapping);
    // end::constraint[]

    // tag::keycloak[]
    KeycloakJettyAuthenticator keycloak = new KeycloakJettyAuthenticator();
    environment.getApplicationContext().getSecurityHandler().setAuthenticator(keycloak);
    keycloak.setAdapterConfig(configuration.getKeycloakConfiguration());
    // end::keycloak[]

    // allow (stateful) sessions in Dropwizard, needed for Keycloak
    environment.jersey().register(HttpSessionFactory.class);
    environment.servlets().setSessionHandler(new SessionHandler());

    // register web resources.
    environment.jersey().register(DrawRessource.class);

    // support annotation @RolesAllowed
    // tag::roles[]
    environment.jersey().register(RolesAllowedDynamicFeature.class);
    // end::roles[]
}
 
Example 19
Source File: HttpReceiverServerPush.java    From datacollector with Apache License 2.0 4 votes vote down vote up
public static SecurityHandler getSpnegoAuthHandler(HttpSourceConfigs httpCourceConf, Stage.Context context) throws StageException {
  String domainRealm = httpCourceConf.getSpnegoConfigBean().getKerberosRealm();
  String principal = httpCourceConf.getSpnegoConfigBean().getSpnegoPrincipal();
  String keytab = httpCourceConf.getSpnegoConfigBean().getSpnegoKeytabFilePath();

  File f = new File(context.getResourcesDirectory()+"/spnego.conf");
  try {
    PrintWriter pw = new PrintWriter(f);
    pw.println(String.format(JGSS_INITITATE ,principal,keytab) +"\n"+ String.format(JGSS_ACCEPT,principal,keytab));
    pw.close();
  } catch (IOException e) {
    throw new StageException(Errors.HTTP_36, e);
  }

  System.setProperty(JAVAX_SECURITY_AUTH_USE_SUBJECT_CREDS_ONLY, "false");
  System.setProperty(JAVA_SECURITY_AUTH_LOGIN_CONFIG, context.getResourcesDirectory()+"/spnego.conf");

  Constraint constraint = new Constraint();
  constraint.setName(Constraint.__SPNEGO_AUTH);
  constraint.setRoles(new String[]{domainRealm});
  constraint.setAuthenticate(true);

  ConstraintMapping cm = new ConstraintMapping();
  cm.setConstraint(constraint);
  cm.setPathSpec("/*");

  SpnegoLoginService loginService = new SpnegoLoginService(){
    @Override
    protected void doStart() throws Exception {
      // Override the parent implementation to set the targetName without having
      // an extra .properties file.
      final Field targetNameField = SpnegoLoginService.class.getDeclaredField(TARGET_NAME_FIELD_NAME);
      targetNameField.setAccessible(true);
      targetNameField.set(this, principal);
    }
  };
  loginService.setName(domainRealm);

  ConstraintSecurityHandler csh = new ConstraintSecurityHandler();
  csh.setAuthenticator(new SpnegoAuthenticator());
  csh.setLoginService(loginService);
  csh.setConstraintMappings(new ConstraintMapping[]{cm});
  csh.setRealmName(domainRealm);

  return csh;
}
 
Example 20
Source File: Manager.java    From chipster with MIT License 4 votes vote down vote up
private void startAdmin(Configuration configuration) throws IOException,
			Exception {
		org.eclipse.jetty.server.Server adminServer = new org.eclipse.jetty.server.Server();
		ServerConnector connector = new ServerConnector(adminServer);
		connector.setPort(configuration.getInt("manager", "admin-port"));
		adminServer.setConnectors(new Connector[]{ connector });
		
		Constraint constraint = new Constraint();
		constraint.setName(Constraint.__BASIC_AUTH);
		constraint.setRoles(new String[] {ADMIN_ROLE});
		constraint.setAuthenticate(true);
		
		ConstraintMapping cm = new ConstraintMapping();
		cm.setConstraint(constraint);
		cm.setPathSpec("/*");
		
		HashLoginService loginService = new HashLoginService("Please enter Chipster Admin username and password");
		loginService.update(configuration.getString("manager", "admin-username"), 
				new Password(configuration.getString("manager", "admin-password")), 
				new String[] {ADMIN_ROLE});
		
		ConstraintSecurityHandler sh = new ConstraintSecurityHandler();
		sh.setLoginService(loginService);
		sh.addConstraintMapping(cm);
		
		WebAppContext context = new WebAppContext();
		context.setWar(new File(DirectoryLayout.getInstance().getWebappsDir(), "admin-web.war").getAbsolutePath());
        context.setContextPath("/");
		
//        context.setDescriptor(new ClassPathResource("WebContent/WEB-INF/web.xml").getURI().toString());
//        context.setResourceBase(new ClassPathResource("WebContent").getURI().toString());
//        context.setContextPath("/");
//        context.setParentLoaderPriority(true);
				
        context.setHandler(sh);
		HandlerCollection handlers = new HandlerCollection();
		handlers.setHandlers(new Handler[] {context, new DefaultHandler()});
				
		adminServer.setHandler(handlers);
        adminServer.start();
	}