Java Code Examples for org.eclipse.jetty.server.Authentication#User

The following examples show how to use org.eclipse.jetty.server.Authentication#User . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: TestInvokeHttpCommon.java    From localization_nifi with Apache License 2.0 6 votes vote down vote up
@Override
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse
        response)throws IOException, ServletException {
    baseRequest.setHandled(true);

    try {
        Authentication authentication = digestAuthenticator.validateRequest(request, response, true);

        if (authentication instanceof Authentication.User) {
            response.setContentType("text/plain");
            Authentication.User user = (Authentication.User) authentication;
            response.getWriter().println(user.getAuthMethod());
        } else if (authentication instanceof Authentication.ResponseSent) {
            Authentication.ResponseSent responseSent = (Authentication.ResponseSent) authentication;
        }
    } catch (ServerAuthException e) {
        e.printStackTrace();
    }
}
 
Example 2
Source File: ActivationAuthenticator.java    From datacollector with Apache License 2.0 6 votes vote down vote up
@Override
public Authentication validateRequest(
    ServletRequest request, ServletResponse response, boolean mandatory
) throws ServerAuthException {
  Authentication authentication = authenticator.validateRequest(request, response, mandatory);
  if (authentication instanceof Authentication.User) {
    Activation.Info activationInfo = activation.getInfo();
    if (activation.isEnabled() && !activationInfo.isValid()) {
      boolean hasTrial = activationInfo.getExpiration() > 0;
      authentication = new ExpiredActivationUser(
          (Authentication.User) authentication,
          hasTrial ? TRIAL_ALLOWED_ROLES : NO_TRIAL_ALLOWED_ROLES
      );
    }
  }
  return authentication;
}
 
Example 3
Source File: TestActivationAuthenticator.java    From datacollector with Apache License 2.0 6 votes vote down vote up
@Test
public void testCleanDelegationMethods() throws Exception {
  Authenticator auth = Mockito.mock(Authenticator.class);
  Activation activation = Mockito.mock(Activation.class);
  ActivationAuthenticator activationAuth = new ActivationAuthenticator(auth, activation);

  Authenticator.AuthConfiguration conf = Mockito.mock(Authenticator.AuthConfiguration.class);
  activationAuth.setConfiguration(conf);
  Mockito.verify(auth, Mockito.times(1)).setConfiguration(Mockito.eq(conf));

  Mockito.when(auth.getAuthMethod()).thenReturn("foo");
  Assert.assertEquals("foo", activationAuth.getAuthMethod());

  ServletRequest req = Mockito.mock(ServletRequest.class);
  activationAuth.prepareRequest(req);
  Mockito.verify(auth, Mockito.times(1)).prepareRequest(Mockito.eq(req));

  ServletResponse res = Mockito.mock(ServletResponse.class);
  Authentication.User user = Mockito.mock(Authentication.User.class);
  Mockito.when(auth.secureResponse(Mockito.eq(req), Mockito.eq(res), Mockito.eq(true), Mockito.eq(user)))
         .thenReturn(true);
  Assert.assertTrue(auth.secureResponse(req, res, true, user));
}
 
Example 4
Source File: TestInvokeHttpCommon.java    From nifi with Apache License 2.0 6 votes vote down vote up
@Override
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse
        response)throws IOException, ServletException {
    baseRequest.setHandled(true);

    try {
        Authentication authentication = digestAuthenticator.validateRequest(request, response, true);

        if (authentication instanceof Authentication.User) {
            response.setContentType("text/plain");
            Authentication.User user = (Authentication.User) authentication;
            response.getWriter().println(user.getAuthMethod());
        } else if (authentication instanceof Authentication.ResponseSent) {
            Authentication.ResponseSent responseSent = (Authentication.ResponseSent) authentication;
        }
    } catch (ServerAuthException e) {
        e.printStackTrace();
    }
}
 
Example 5
Source File: ProxyAuthenticator.java    From datacollector with Apache License 2.0 5 votes vote down vote up
@Override
public boolean secureResponse(
    ServletRequest request,
    ServletResponse response,
    boolean mandatory,
    Authentication.User validatedUser
) throws ServerAuthException {
  return authenticator.secureResponse(request, response, mandatory, validatedUser);
}
 
Example 6
Source File: JettyTokenAuthenticator.java    From cloud-security-xsuaa-integration with Apache License 2.0 4 votes vote down vote up
@Override
public boolean secureResponse(ServletRequest request, ServletResponse response, boolean mandatory,
		Authentication.User validatedUser) {
	return true;
}
 
Example 7
Source File: JettyTokenAuthenticator.java    From cloud-security-xsuaa-integration with Apache License 2.0 4 votes vote down vote up
@Override
public boolean secureResponse(ServletRequest request, ServletResponse response, boolean mandatory,
		Authentication.User validatedUser) {
	return true;
}
 
Example 8
Source File: JwtAuthenticator.java    From cruise-control with BSD 2-Clause "Simplified" License 4 votes vote down vote up
@Override
public boolean secureResponse(ServletRequest request, ServletResponse response, boolean mandatory, Authentication.User validatedUser) {
  return true;
}
 
Example 9
Source File: AbstractSSOAuthenticator.java    From datacollector with Apache License 2.0 4 votes vote down vote up
@Override
public boolean secureResponse(
    ServletRequest request, ServletResponse response, boolean mandatory, Authentication.User validatedUser
) throws ServerAuthException {
  return true;
}
 
Example 10
Source File: ActivationAuthenticator.java    From datacollector with Apache License 2.0 4 votes vote down vote up
@Override
public boolean secureResponse(
    ServletRequest request, ServletResponse response, boolean mandatory, Authentication.User validatedUser
) throws ServerAuthException {
  return authenticator.secureResponse(request, response, mandatory, validatedUser);
}
 
Example 11
Source File: TestActivationAuthenticator.java    From datacollector with Apache License 2.0 4 votes vote down vote up
@Test
public void testExpiredActivationUserWithTrial() {
  Authentication.User authUser = Mockito.mock(Authentication.User.class);
  Subject subject = new Subject();
  Principal principal = Mockito.mock(Principal.class);
  UserIdentity userIdentity = Mockito.mock(UserIdentity.class);
  Mockito.when(userIdentity.getSubject()).thenReturn(subject);
  Mockito.when(userIdentity.getUserPrincipal()).thenReturn(principal);
  Mockito.when(authUser.getUserIdentity()).thenReturn(userIdentity);
  Authentication.User expiredAuthUser = new ActivationAuthenticator.ExpiredActivationUser(
      authUser,
      ActivationAuthenticator.TRIAL_ALLOWED_ROLES
  );

  Mockito.when(authUser.getAuthMethod()).thenReturn("foo");
  Assert.assertEquals("foo", expiredAuthUser.getAuthMethod());
  Mockito.verify(authUser, Mockito.times(1)).getAuthMethod();

  // Call to expiredAuthUser calls Jetty logout implementation that takes (null) request
  expiredAuthUser.logout();
  Mockito.verify(authUser, Mockito.times(1)).logout(null);

  // non admin user
  Assert.assertTrue(expiredAuthUser.isUserInRole(null, "user"));
  Assert.assertTrue(expiredAuthUser.isUserInRole(null, AuthzRole.GUEST));
  Assert.assertTrue(expiredAuthUser.isUserInRole(null, AuthzRole.GUEST_REMOTE));
  Assert.assertFalse(expiredAuthUser.isUserInRole(null, AuthzRole.ADMIN_ACTIVATION));
  Assert.assertFalse(expiredAuthUser.isUserInRole(null, AuthzRole.ADMIN));
  Assert.assertFalse(expiredAuthUser.isUserInRole(null, "foo"));

  // admin user
  Mockito.when(authUser.isUserInRole(Mockito.eq(null), Mockito.eq(AuthzRole.ADMIN))).thenReturn(true);
  Assert.assertTrue(expiredAuthUser.isUserInRole(null, "user"));
  Assert.assertTrue(expiredAuthUser.isUserInRole(null, AuthzRole.GUEST));
  Assert.assertTrue(expiredAuthUser.isUserInRole(null, AuthzRole.GUEST_REMOTE));
  Assert.assertTrue(expiredAuthUser.isUserInRole(null, AuthzRole.ADMIN_ACTIVATION));
  Assert.assertFalse(expiredAuthUser.isUserInRole(null, AuthzRole.ADMIN));
  Assert.assertFalse(expiredAuthUser.isUserInRole(null, AuthzRole.ADMIN_REMOTE));
  Assert.assertFalse(expiredAuthUser.isUserInRole(null, "foo"));

  // remote admin user
  Mockito.when(authUser.isUserInRole(Mockito.eq(null), Mockito.eq(AuthzRole.ADMIN_REMOTE))).thenReturn(true);
  Assert.assertTrue(expiredAuthUser.isUserInRole(null, "user"));
  Assert.assertTrue(expiredAuthUser.isUserInRole(null, AuthzRole.GUEST));
  Assert.assertTrue(expiredAuthUser.isUserInRole(null, AuthzRole.GUEST_REMOTE));
  Assert.assertTrue(expiredAuthUser.isUserInRole(null, AuthzRole.ADMIN_ACTIVATION));
  Assert.assertFalse(expiredAuthUser.isUserInRole(null, AuthzRole.ADMIN));
  Assert.assertFalse(expiredAuthUser.isUserInRole(null, AuthzRole.ADMIN_REMOTE));
  Assert.assertFalse(expiredAuthUser.isUserInRole(null, "foo"));

  // verify UserIdentity.isUserInRole() delegation to ExpiredActivationUser.isUserInRole()
  expiredAuthUser = new ActivationAuthenticator.ExpiredActivationUser(
      authUser,
      ActivationAuthenticator.TRIAL_ALLOWED_ROLES
  );
  expiredAuthUser = Mockito.spy(expiredAuthUser);
  userIdentity = expiredAuthUser.getUserIdentity();
  UserIdentity.Scope scope = Mockito.mock(UserIdentity.Scope.class);
  Assert.assertTrue(userIdentity.isUserInRole(AuthzRole.GUEST,scope));
  Mockito.verify(expiredAuthUser, Mockito.times(1)).isUserInRole(Mockito.eq(scope), Mockito.eq(AuthzRole.GUEST));
}
 
Example 12
Source File: TestActivationAuthenticator.java    From datacollector with Apache License 2.0 4 votes vote down vote up
@Test
public void testExpiredActivationUserWithNoTrial() {
  Authentication.User authUser = Mockito.mock(Authentication.User.class);
  Subject subject = new Subject();
  Principal principal = Mockito.mock(Principal.class);
  UserIdentity userIdentity = Mockito.mock(UserIdentity.class);
  Mockito.when(userIdentity.getSubject()).thenReturn(subject);
  Mockito.when(userIdentity.getUserPrincipal()).thenReturn(principal);
  Mockito.when(authUser.getUserIdentity()).thenReturn(userIdentity);
  Authentication.User expiredAuthUser = new ActivationAuthenticator.ExpiredActivationUser(
      authUser,
      ActivationAuthenticator.NO_TRIAL_ALLOWED_ROLES
  );

  Mockito.when(authUser.getAuthMethod()).thenReturn("foo");
  Assert.assertEquals("foo", expiredAuthUser.getAuthMethod());
  Mockito.verify(authUser, Mockito.times(1)).getAuthMethod();

  // Call to expiredAuthUser calls Jetty logout implementation that takes (null) request
  expiredAuthUser.logout();
  Mockito.verify(authUser, Mockito.times(1)).logout(null);

  // non admin user
  Assert.assertTrue(expiredAuthUser.isUserInRole(null, "user"));
  Assert.assertFalse(expiredAuthUser.isUserInRole(null, AuthzRole.GUEST));
  Assert.assertFalse(expiredAuthUser.isUserInRole(null, AuthzRole.GUEST_REMOTE));
  Assert.assertFalse(expiredAuthUser.isUserInRole(null, AuthzRole.ADMIN_ACTIVATION));
  Assert.assertFalse(expiredAuthUser.isUserInRole(null, AuthzRole.ADMIN));
  Assert.assertFalse(expiredAuthUser.isUserInRole(null, "foo"));

  // admin user
  Mockito.when(authUser.isUserInRole(Mockito.eq(null), Mockito.eq(AuthzRole.ADMIN))).thenReturn(true);
  Assert.assertTrue(expiredAuthUser.isUserInRole(null, "user"));
  Assert.assertFalse(expiredAuthUser.isUserInRole(null, AuthzRole.GUEST));
  Assert.assertFalse(expiredAuthUser.isUserInRole(null, AuthzRole.GUEST_REMOTE));
  Assert.assertTrue(expiredAuthUser.isUserInRole(null, AuthzRole.ADMIN_ACTIVATION));
  Assert.assertFalse(expiredAuthUser.isUserInRole(null, AuthzRole.ADMIN));
  Assert.assertFalse(expiredAuthUser.isUserInRole(null, AuthzRole.ADMIN_REMOTE));
  Assert.assertFalse(expiredAuthUser.isUserInRole(null, "foo"));

  // remote admin user
  Mockito.when(authUser.isUserInRole(Mockito.eq(null), Mockito.eq(AuthzRole.ADMIN_REMOTE))).thenReturn(true);
  Assert.assertTrue(expiredAuthUser.isUserInRole(null, "user"));
  Assert.assertFalse(expiredAuthUser.isUserInRole(null, AuthzRole.GUEST));
  Assert.assertFalse(expiredAuthUser.isUserInRole(null, AuthzRole.GUEST_REMOTE));
  Assert.assertTrue(expiredAuthUser.isUserInRole(null, AuthzRole.ADMIN_ACTIVATION));
  Assert.assertFalse(expiredAuthUser.isUserInRole(null, AuthzRole.ADMIN));
  Assert.assertFalse(expiredAuthUser.isUserInRole(null, AuthzRole.ADMIN_REMOTE));
  Assert.assertFalse(expiredAuthUser.isUserInRole(null, "foo"));

  // verify UserIdentity.isUserInRole() delegation to ExpiredActivationUser.isUserInRole()
  expiredAuthUser = new ActivationAuthenticator.ExpiredActivationUser(
      authUser,
      ActivationAuthenticator.NO_TRIAL_ALLOWED_ROLES
  );
  expiredAuthUser = Mockito.spy(expiredAuthUser);
  userIdentity = expiredAuthUser.getUserIdentity();
  UserIdentity.Scope scope = Mockito.mock(UserIdentity.Scope.class);
  Assert.assertFalse(userIdentity.isUserInRole(AuthzRole.GUEST,scope));
  Mockito.verify(expiredAuthUser, Mockito.times(1)).isUserInRole(Mockito.eq(scope), Mockito.eq(AuthzRole.GUEST));
}
 
Example 13
Source File: AppEngineAuthentication.java    From appengine-java-vm-runtime with Apache License 2.0 4 votes vote down vote up
@Override
public boolean secureResponse(ServletRequest servletRequest, ServletResponse servletResponse,
    boolean isAuthMandatory, Authentication.User user) {
  return true;
}
 
Example 14
Source File: FederationAuthenticator.java    From cxf-fediz with Apache License 2.0 4 votes vote down vote up
private Authentication handleCachedAuthentication(HttpServletRequest request, HttpServletResponse response,
                                                  HttpSession session, FedizContext fedConfig) throws IOException {
    Authentication authentication =
        (Authentication) session.getAttribute(SessionAuthentication.__J_AUTHENTICATED);
    if (authentication != null) {
        // Has authentication been revoked?
        if (authentication instanceof Authentication.User
            && isTokenExpired(fedConfig, ((Authentication.User)authentication).getUserIdentity())) {
            session.removeAttribute(SessionAuthentication.__J_AUTHENTICATED);
        } else {
            //logout
            String action = request.getParameter(FederationConstants.PARAM_ACTION);
            boolean logout = FederationConstants.ACTION_SIGNOUT.equals(action);
            String logoutUrl = fedConfig.getLogoutURL();

            String uri = request.getRequestURI();
            if (uri == null) {
                uri = URIUtil.SLASH;
            }

            String contextName = request.getSession().getServletContext().getContextPath();
            if (contextName == null || contextName.isEmpty()) {
                contextName = "/";
            }

            if (logout || logoutUrl != null && !logoutUrl.isEmpty() && uri.equals(contextName + logoutUrl)) {
                session.invalidate();

                FedizProcessor wfProc =
                    FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
                signOutRedirectToIssuer(request, response, wfProc);

                return Authentication.SEND_CONTINUE;
            }

            String jUri = (String)session.getAttribute(J_URI);
            @SuppressWarnings("unchecked")
            MultiMap<String> jPost = (MultiMap<String>)session.getAttribute(J_POST);
            if (jUri != null && jPost != null) {
                StringBuffer buf = request.getRequestURL();
                if (request.getQueryString() != null) {
                    buf.append('?').append(request.getQueryString());
                }

                if (jUri.equals(buf.toString())) {
                    // This is a retry of an original POST request
                    // so restore method and parameters

                    session.removeAttribute(J_POST);
                    Request baseRequest = (Request)request;
                    // (req instanceof Request)?(Request)
                    // req:HttpConnection.getCurrentConnection().getRequest();
                    baseRequest.setMethod(HttpMethod.POST.asString());
                    baseRequest.setQueryParameters(jPost);
                }
            } else if (jUri != null) {
                session.removeAttribute(J_URI);
            }

            return authentication;
        }
    }
    return null;
}
 
Example 15
Source File: AbstractKeycloakJettyAuthenticator.java    From keycloak with Apache License 2.0 4 votes vote down vote up
@Override
public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, Authentication.User validatedUser) throws ServerAuthException {
    return true;
}
 
Example 16
Source File: AbstractSamlAuthenticator.java    From keycloak with Apache License 2.0 4 votes vote down vote up
@Override
public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, Authentication.User validatedUser) throws ServerAuthException {
    return true;
}