Example 26 with Constraint
use of org.eclipse.jetty.util.security.Constraint in project oozie by apache.
the class ConstraintSecurityHandlerProvider method get.
@Override
public ConstraintSecurityHandler get() {
String contextPath = EmbeddedOozieServer.getContextPath(oozieConfiguration);
ConstraintMapping callbackConstraintMapping = new ConstraintMapping();
callbackConstraintMapping.setPathSpec(String.format("%s/callback/*", contextPath));
Constraint unsecureConstraint = new Constraint();
unsecureConstraint.setDataConstraint(Constraint.DC_NONE);
callbackConstraintMapping.setConstraint(unsecureConstraint);
ConstraintMapping mapping = new ConstraintMapping();
mapping.setPathSpec("/*");
Constraint constraint = new Constraint();
constraint.setDataConstraint(Constraint.DC_CONFIDENTIAL);
mapping.setConstraint(constraint);
ConstraintSecurityHandler security = new ConstraintSecurityHandler();
security.setConstraintMappings(Arrays.asList(callbackConstraintMapping, mapping));
return security;
}
Also used :
ConstraintMapping(org.eclipse.jetty.security.ConstraintMapping)
Constraint(org.eclipse.jetty.util.security.Constraint)
ConstraintSecurityHandler(org.eclipse.jetty.security.ConstraintSecurityHandler)
Example 27 with Constraint
use of org.eclipse.jetty.util.security.Constraint in project i2p.i2p by i2p.
the class RouterConsoleRunner method initialize.
/**
* Set up basic security constraints for the webapp.
* Add all users and passwords.
*/
static void initialize(RouterContext ctx, WebAppContext context) {
ConstraintSecurityHandler sec = new ConstraintSecurityHandler();
List<ConstraintMapping> constraints = new ArrayList<ConstraintMapping>(4);
ConsolePasswordManager mgr = new ConsolePasswordManager(ctx);
boolean enable = ctx.getBooleanProperty(PROP_PW_ENABLE);
if (enable) {
Map<String, String> userpw = mgr.getMD5(PROP_CONSOLE_PW);
if (userpw.isEmpty()) {
enable = false;
ctx.router().saveConfig(PROP_PW_ENABLE, "false");
} else {
HashLoginService realm = new CustomHashLoginService(JETTY_REALM, context.getContextPath(), ctx.logManager().getLog(RouterConsoleRunner.class));
sec.setLoginService(realm);
sec.setAuthenticator(authenticator);
String[] role = new String[] { JETTY_ROLE };
for (Map.Entry<String, String> e : userpw.entrySet()) {
String user = e.getKey();
String pw = e.getValue();
Credential cred = Credential.getCredential(MD5_CREDENTIAL_TYPE + pw);
realm.putUser(user, cred, role);
Constraint constraint = new Constraint(user, JETTY_ROLE);
constraint.setAuthenticate(true);
ConstraintMapping cm = new ConstraintMapping();
cm.setConstraint(constraint);
cm.setPathSpec("/");
constraints.add(cm);
// Jetty does auth checking only with ISO-8859-1,
// so register a 2nd and 3rd user with different encodings if necessary.
// Might work, might not...
// There's no standard and browser behavior varies.
// Chrome sends UTF-8. Firefox doesn't send anything.
// https://bugzilla.mozilla.org/show_bug.cgi?id=41489
// see also RFC 7616/7617 (late 2015) and PasswordManager.md5Hex()
byte[] b1 = DataHelper.getUTF8(user);
byte[] b2 = DataHelper.getASCII(user);
if (!DataHelper.eq(b1, b2)) {
try {
// each char truncated to 8 bytes
String user2 = new String(b2, "ISO-8859-1");
realm.putUser(user2, cred, role);
constraint = new Constraint(user2, JETTY_ROLE);
constraint.setAuthenticate(true);
cm = new ConstraintMapping();
cm.setConstraint(constraint);
cm.setPathSpec("/");
constraints.add(cm);
// each UTF-8 byte as a char
// this is what chrome does
String user3 = new String(b1, "ISO-8859-1");
realm.putUser(user3, cred, role);
constraint = new Constraint(user3, JETTY_ROLE);
constraint.setAuthenticate(true);
cm = new ConstraintMapping();
cm.setConstraint(constraint);
cm.setPathSpec("/");
constraints.add(cm);
} catch (UnsupportedEncodingException uee) {
}
}
}
}
}
// This forces a '403 Forbidden' response for TRACE and OPTIONS unless the
// WAC handler handles it.
// (LocaleWebAppHandler returns a '405 Method Not Allowed')
// TRACE and OPTIONS aren't really security issues...
// TRACE doesn't echo stuff unless you call setTrace(true)
// But it might bug some people
// The other strange methods - PUT, DELETE, MOVE - are disabled by default
// See also:
// http://old.nabble.com/Disable-HTTP-TRACE-in-Jetty-5.x-td12412607.html
Constraint sc = new Constraint();
sc.setName("No trace");
ConstraintMapping cm = new ConstraintMapping();
cm.setMethod("TRACE");
cm.setConstraint(sc);
cm.setPathSpec("/");
constraints.add(cm);
sc = new Constraint();
sc.setName("No options");
cm = new ConstraintMapping();
cm.setMethod("OPTIONS");
cm.setConstraint(sc);
cm.setPathSpec("/");
constraints.add(cm);
ConstraintMapping[] cmarr = constraints.toArray(new ConstraintMapping[constraints.size()]);
sec.setConstraintMappings(cmarr);
context.setSecurityHandler(sec);
// see HashSessionManager javadoc
synchronized (RouterConsoleRunner.class) {
if (_jettyTimer == null) {
_jettyTimer = new ScheduledExecutorScheduler("Console HashSessionScavenger", true);
try {
_jettyTimer.start();
} catch (Exception e) {
System.err.println("Warning: ScheduledExecutorScheduler start failed: " + e);
}
}
context.getServletContext().setAttribute("org.eclipse.jetty.server.session.timer", _jettyTimer);
}
}
Also used :
ConstraintMapping(org.eclipse.jetty.security.ConstraintMapping)
Credential(org.eclipse.jetty.util.security.Credential)
Constraint(org.eclipse.jetty.util.security.Constraint)
ArrayList(java.util.ArrayList)
ScheduledExecutorScheduler(org.eclipse.jetty.util.thread.ScheduledExecutorScheduler)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
IOException(java.io.IOException)
HashLoginService(org.eclipse.jetty.security.HashLoginService)
ConstraintSecurityHandler(org.eclipse.jetty.security.ConstraintSecurityHandler)
Map(java.util.Map)
HashMap(java.util.HashMap)
Example 28 with Constraint
use of org.eclipse.jetty.util.security.Constraint in project goodies by sonatype.
the class JettyServerProvider method initAuthentication.
private void initAuthentication(String pathSpec, String authName) {
authType = authName;
Constraint constraint = new Constraint();
if (authName == null) {
authName = Constraint.__BASIC_AUTH;
}
constraint.setName(authName);
constraint.setRoles(new String[] { "users" });
constraint.setAuthenticate(true);
ConstraintMapping cm = new ConstraintMapping();
cm.setConstraint(constraint);
cm.setPathSpec(pathSpec);
securityHandler.setRealmName("Test Server");
securityHandler.setAuthMethod(authName);
securityHandler.setConstraintMappings(new ConstraintMapping[] { cm });
loginService = new HashLoginService("Test Server");
securityHandler.setLoginService(loginService);
webappContext.setSecurityHandler(securityHandler);
}
Also used :
ConstraintMapping(org.eclipse.jetty.security.ConstraintMapping)
HashLoginService(org.eclipse.jetty.security.HashLoginService)
Constraint(org.eclipse.jetty.util.security.Constraint)
Example 29 with Constraint
use of org.eclipse.jetty.util.security.Constraint in project tycho by eclipse.
the class HttpServer method doStartServer.
private static HttpServer doStartServer(String username, String password, int port) throws Exception {
Server server = new Server();
ContextHandlerCollection contexts = new ContextHandlerCollection();
server.setHandler(contexts);
Connector connector = new SocketConnector();
connector.setPort(port);
server.addConnector(connector);
if (username != null) {
HashLoginService userRealm = new HashLoginService("default");
userRealm.putUser(username, new Password(password), new String[] { Constraint.ANY_ROLE });
Constraint constraint = new Constraint("default", Constraint.ANY_ROLE);
constraint.setAuthenticate(true);
ConstraintMapping constraintMapping = new ConstraintMapping();
constraintMapping.setPathSpec("/*");
constraintMapping.setConstraint(constraint);
ConstraintSecurityHandler securedHandler = new ConstraintSecurityHandler();
securedHandler.setAuthenticator(new BasicAuthenticator());
securedHandler.addConstraintMapping(constraintMapping);
securedHandler.setLoginService(userRealm);
// chain handlers together
securedHandler.setHandler(contexts);
server.setHandler(securedHandler);
}
server.start();
return new HttpServer(port, server, contexts);
}
Also used :
SocketConnector(org.eclipse.jetty.server.bio.SocketConnector)
Connector(org.eclipse.jetty.server.Connector)
HashLoginService(org.eclipse.jetty.security.HashLoginService)
ConstraintMapping(org.eclipse.jetty.security.ConstraintMapping)
Server(org.eclipse.jetty.server.Server)
BasicAuthenticator(org.eclipse.jetty.security.authentication.BasicAuthenticator)
Constraint(org.eclipse.jetty.util.security.Constraint)
ConstraintSecurityHandler(org.eclipse.jetty.security.ConstraintSecurityHandler)
ContextHandlerCollection(org.eclipse.jetty.server.handler.ContextHandlerCollection)
SocketConnector(org.eclipse.jetty.server.bio.SocketConnector)
Password(org.eclipse.jetty.util.security.Password)
Example 30 with Constraint
use of org.eclipse.jetty.util.security.Constraint in project CCDD by nasa.
the class CcddWebServer method createServer.
/**
********************************************************************************************
* Create the web server
********************************************************************************************
*/
private void createServer() {
try {
// Create the web server using the currently specified port
server = new Server(Integer.valueOf(ccddMain.getProgPrefs().get(WEB_SERVER_PORT, DEFAULT_WEB_SERVER_PORT)));
// Stop the web server when the application exits
server.setStopAtShutdown(true);
// Create the login service
HashLoginService loginService = new HashLoginService("CCDDRealm") {
/**
********************************************************************************
* Override the login method so that the supplied user name and password can be
* authenticated by the PostgreSQL server
********************************************************************************
*/
@Override
public UserIdentity login(String user, Object password) {
UserIdentity identity = null;
try {
// Convert the password object to a string
String passwordS = password.toString();
// the user+password is authenticated initially
if (validUser == null || !validUser.equals(user) || !validPassword.equals(passwordS)) {
// Attempt to connect to the database using the supplied user and
// password
DriverManager.getConnection(dbControl.getDatabaseURL(dbControl.getDatabaseName()), user, passwordS);
// Store the authenticated user and password for future login requests
validUser = user;
validPassword = passwordS;
}
// User+password combination is valid, so set the user identity using the
// generic login credentials
identity = super.login("valid", "valid");
} catch (SQLException se) {
validUser = null;
validPassword = null;
// The supplied user+password combination is not valid; set the user
// identity using invalid credentials so that the request is rejected
identity = super.login("invalid", "invalid");
}
return identity;
}
};
// Create the user credentials that are used by the login service if the user's
// PostgreSQL credentials are authenticated
loginService.putUser("valid", Credential.getCredential("valid"), new String[] { "user" });
server.addBean(loginService);
// Set the security handler that secures content behind a particular portion of a URL
// space
ConstraintSecurityHandler security = new ConstraintSecurityHandler();
server.setHandler(security);
// Set a constraint that requires authentication and in addition that an authenticated
// user be a member of a given set of roles for authorization purposes
Constraint constraint = new Constraint();
constraint.setName("auth");
constraint.setAuthenticate(true);
constraint.setRoles(new String[] { "user" });
// Bind the URL pattern with the previously created constraint.
ConstraintMapping mapping = new ConstraintMapping();
mapping.setPathSpec("/*");
mapping.setConstraint(constraint);
// Apply the constraint mapping to the handler, set an authenticator to check the
// user's credentials, and set the login service which contains the single valid user
security.setConstraintMappings(Collections.singletonList(mapping));
security.setAuthenticator(new BasicAuthenticator());
security.setLoginService(loginService);
// Create the web server request access handler
accessHandler = new CcddWebDataAccessHandler(ccddMain);
security.setHandler(accessHandler);
} catch (Exception e) {
// Inform the user that creating the web server failed
eventLog.logFailEvent(ccddMain.getMainFrame(), "Web Server Error", "Cannot create web server; cause '" + e.getMessage() + "'", "<html><b>Cannot create web server");
}
}
Also used :
HashLoginService(org.eclipse.jetty.security.HashLoginService)
ConstraintMapping(org.eclipse.jetty.security.ConstraintMapping)
Server(org.eclipse.jetty.server.Server)
BasicAuthenticator(org.eclipse.jetty.security.authentication.BasicAuthenticator)
SQLException(java.sql.SQLException)
Constraint(org.eclipse.jetty.util.security.Constraint)
UserIdentity(org.eclipse.jetty.server.UserIdentity)
ConstraintSecurityHandler(org.eclipse.jetty.security.ConstraintSecurityHandler)
SQLException(java.sql.SQLException)
Aggregations
Constraint (org.eclipse.jetty.util.security.Constraint)78
ConstraintMapping (org.eclipse.jetty.security.ConstraintMapping)46
ConstraintSecurityHandler (org.eclipse.jetty.security.ConstraintSecurityHandler)34
BasicAuthenticator (org.eclipse.jetty.security.authentication.BasicAuthenticator)27
HashLoginService (org.eclipse.jetty.security.HashLoginService)20
Test (org.junit.Test)15
Server (org.eclipse.jetty.server.Server)13
ArrayList (java.util.ArrayList)9
WebAppContext (org.eclipse.jetty.webapp.WebAppContext)8
Password (org.eclipse.jetty.util.security.Password)7
HashSet (java.util.HashSet)6
File (java.io.File)5
IOException (java.io.IOException)5
ResourceHandler (org.eclipse.jetty.server.handler.ResourceHandler)5
LoginService (org.eclipse.jetty.security.LoginService)4
ServerConnector (org.eclipse.jetty.server.ServerConnector)4
ContextHandler (org.eclipse.jetty.server.handler.ContextHandler)4
HandlerList (org.eclipse.jetty.server.handler.HandlerList)4
ServletContextHandler (org.eclipse.jetty.servlet.ServletContextHandler)4
ServletHolder (org.eclipse.jetty.servlet.ServletHolder)4
