Example 11 with AuthenticationMechanism
use of io.undertow.security.api.AuthenticationMechanism in project undertow by undertow-io.
the class DigestAuthentication2069TestCase method getTestMechanisms.
@Override
protected List<AuthenticationMechanism> getTestMechanisms() {
List<DigestQop> qopList = Collections.emptyList();
AuthenticationMechanism mechanism = new DigestAuthenticationMechanism(Collections.singletonList(DigestAlgorithm.MD5), qopList, REALM_NAME, "/", new SimpleNonceManager());
return Collections.singletonList(mechanism);
}
Also used :
DigestQop(io.undertow.security.impl.DigestQop)
DigestAuthenticationMechanism(io.undertow.security.impl.DigestAuthenticationMechanism)
DigestAuthenticationMechanism(io.undertow.security.impl.DigestAuthenticationMechanism)
AuthenticationMechanism(io.undertow.security.api.AuthenticationMechanism)
SimpleNonceManager(io.undertow.security.impl.SimpleNonceManager)
Example 12 with AuthenticationMechanism
use of io.undertow.security.api.AuthenticationMechanism in project undertow by undertow-io.
the class FormAuthTestCase method getTestMechanisms.
@Override
protected List<AuthenticationMechanism> getTestMechanisms() {
List<AuthenticationMechanism> ret = new ArrayList<>();
ret.add(new CachedAuthenticatedSessionMechanism());
ret.add(new FormAuthenticationMechanism("test", "/login", "/error"));
return ret;
}
Also used :
CachedAuthenticatedSessionMechanism(io.undertow.security.impl.CachedAuthenticatedSessionMechanism)
FormAuthenticationMechanism(io.undertow.security.impl.FormAuthenticationMechanism)
AuthenticationMechanism(io.undertow.security.api.AuthenticationMechanism)
FormAuthenticationMechanism(io.undertow.security.impl.FormAuthenticationMechanism)
ArrayList(java.util.ArrayList)
Example 13 with AuthenticationMechanism
use of io.undertow.security.api.AuthenticationMechanism in project undertow by undertow-io.
the class SsoTestCase method setup.
@BeforeClass
public static void setup() {
final SingleSignOnAuthenticationMechanism sso = new SingleSignOnAuthenticationMechanism(new InMemorySingleSignOnManager());
final PathHandler path = new PathHandler();
HttpHandler current = new ResponseHandler();
current = new AuthenticationCallHandler(current);
current = new AuthenticationConstraintHandler(current);
List<AuthenticationMechanism> mechs = new ArrayList<>();
mechs.add(sso);
mechs.add(new BasicAuthenticationMechanism("Test Realm"));
current = new AuthenticationMechanismsHandler(current, mechs);
current = new NotificationReceiverHandler(current, Collections.<NotificationReceiver>singleton(auditReceiver));
current = new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, identityManager, current);
path.addPrefixPath("/test1", current);
current = new ResponseHandler();
current = new AuthenticationCallHandler(current);
current = new AuthenticationConstraintHandler(current);
mechs = new ArrayList<>();
mechs.add(sso);
mechs.add(new FormAuthenticationMechanism("form", "/login", "/error"));
current = new AuthenticationMechanismsHandler(current, mechs);
current = new NotificationReceiverHandler(current, Collections.<NotificationReceiver>singleton(auditReceiver));
current = new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, identityManager, current);
path.addPrefixPath("/test2", current);
path.addPrefixPath("/login", new ResponseCodeHandler(StatusCodes.UNAUTHORIZED));
DefaultServer.setRootHandler(new SessionAttachmentHandler(path, new InMemorySessionManager(""), new SessionCookieConfig()));
}
Also used :
HttpHandler(io.undertow.server.HttpHandler)
AuthenticationConstraintHandler(io.undertow.security.handlers.AuthenticationConstraintHandler)
FormAuthenticationMechanism(io.undertow.security.impl.FormAuthenticationMechanism)
SingleSignOnAuthenticationMechanism(io.undertow.security.impl.SingleSignOnAuthenticationMechanism)
SingleSignOnAuthenticationMechanism(io.undertow.security.impl.SingleSignOnAuthenticationMechanism)
BasicAuthenticationMechanism(io.undertow.security.impl.BasicAuthenticationMechanism)
AuthenticationMechanism(io.undertow.security.api.AuthenticationMechanism)
FormAuthenticationMechanism(io.undertow.security.impl.FormAuthenticationMechanism)
ArrayList(java.util.ArrayList)
PathHandler(io.undertow.server.handlers.PathHandler)
ResponseCodeHandler(io.undertow.server.handlers.ResponseCodeHandler)
SessionAttachmentHandler(io.undertow.server.session.SessionAttachmentHandler)
InMemorySingleSignOnManager(io.undertow.security.impl.InMemorySingleSignOnManager)
NotificationReceiverHandler(io.undertow.security.handlers.NotificationReceiverHandler)
SecurityInitialHandler(io.undertow.security.handlers.SecurityInitialHandler)
AuthenticationMechanismsHandler(io.undertow.security.handlers.AuthenticationMechanismsHandler)
NotificationReceiver(io.undertow.security.api.NotificationReceiver)
AuthenticationCallHandler(io.undertow.security.handlers.AuthenticationCallHandler)
SessionCookieConfig(io.undertow.server.session.SessionCookieConfig)
BasicAuthenticationMechanism(io.undertow.security.impl.BasicAuthenticationMechanism)
InMemorySessionManager(io.undertow.server.session.InMemorySessionManager)
BeforeClass(org.junit.BeforeClass)
Example 14 with AuthenticationMechanism
use of io.undertow.security.api.AuthenticationMechanism in project undertow by undertow-io.
the class DeploymentManagerImpl method setupSecurityHandlers.
/**
* sets up the outer security handlers.
* <p>
* the handler that actually performs the access check happens later in the chain, it is not setup here
*
* @param initialHandler The handler to wrap with security handlers
*/
private HttpHandler setupSecurityHandlers(HttpHandler initialHandler) {
final DeploymentInfo deploymentInfo = deployment.getDeploymentInfo();
final LoginConfig loginConfig = deploymentInfo.getLoginConfig();
HttpHandler current = initialHandler;
current = new SSLInformationAssociationHandler(current);
final SecurityPathMatches securityPathMatches = buildSecurityConstraints();
securityPathMatches.logWarningsAboutUncoveredMethods();
current = new ServletAuthenticationCallHandler(current);
for (HandlerWrapper wrapper : deploymentInfo.getSecurityWrappers()) {
current = wrapper.wrap(current);
}
if (deploymentInfo.isDisableCachingForSecuredPages()) {
current = Handlers.predicate(Predicates.authRequired(), Handlers.disableCache(current), current);
}
if (!securityPathMatches.isEmpty()) {
current = new ServletAuthenticationConstraintHandler(current);
}
current = new ServletConfidentialityConstraintHandler(deploymentInfo.getConfidentialPortManager(), current);
if (!securityPathMatches.isEmpty()) {
current = new ServletSecurityConstraintHandler(securityPathMatches, current);
}
HandlerWrapper initialSecurityWrapper = deploymentInfo.getInitialSecurityWrapper();
String mechName = null;
if (initialSecurityWrapper == null) {
final Map<String, AuthenticationMechanismFactory> factoryMap = new HashMap<>(deploymentInfo.getAuthenticationMechanisms());
final IdentityManager identityManager = deploymentInfo.getIdentityManager();
if (!factoryMap.containsKey(BASIC_AUTH)) {
factoryMap.put(BASIC_AUTH, BasicAuthenticationMechanism.FACTORY);
}
if (!factoryMap.containsKey(FORM_AUTH)) {
factoryMap.put(FORM_AUTH, ServletFormAuthenticationMechanism.FACTORY);
}
if (!factoryMap.containsKey(DIGEST_AUTH)) {
factoryMap.put(DIGEST_AUTH, DigestAuthenticationMechanism.FACTORY);
}
if (!factoryMap.containsKey(CLIENT_CERT_AUTH)) {
factoryMap.put(CLIENT_CERT_AUTH, ClientCertAuthenticationMechanism.FACTORY);
}
if (!factoryMap.containsKey(ExternalAuthenticationMechanism.NAME)) {
factoryMap.put(ExternalAuthenticationMechanism.NAME, ExternalAuthenticationMechanism.FACTORY);
}
if (!factoryMap.containsKey(GenericHeaderAuthenticationMechanism.NAME)) {
factoryMap.put(GenericHeaderAuthenticationMechanism.NAME, GenericHeaderAuthenticationMechanism.FACTORY);
}
List<AuthenticationMechanism> authenticationMechanisms = new LinkedList<>();
if (deploymentInfo.isUseCachedAuthenticationMechanism()) {
authenticationMechanisms.add(new CachedAuthenticatedSessionMechanism(identityManager));
}
if (loginConfig != null || deploymentInfo.getJaspiAuthenticationMechanism() != null) {
// we don't allow multipart requests, and use the default encoding when it's set
FormEncodedDataDefinition formEncodedDataDefinition = new FormEncodedDataDefinition();
String reqEncoding = deploymentInfo.getDefaultRequestEncoding();
if (reqEncoding == null) {
reqEncoding = deploymentInfo.getDefaultEncoding();
}
if (reqEncoding != null) {
formEncodedDataDefinition.setDefaultEncoding(reqEncoding);
}
FormParserFactory parser = FormParserFactory.builder(false).addParser(formEncodedDataDefinition).build();
List<AuthMethodConfig> authMethods = Collections.<AuthMethodConfig>emptyList();
if (loginConfig != null) {
authMethods = loginConfig.getAuthMethods();
}
for (AuthMethodConfig method : authMethods) {
AuthenticationMechanismFactory factory = factoryMap.get(method.getName());
if (factory == null) {
throw UndertowServletMessages.MESSAGES.unknownAuthenticationMechanism(method.getName());
}
if (mechName == null) {
mechName = method.getName();
}
final Map<String, String> properties = new HashMap<>();
properties.put(AuthenticationMechanismFactory.CONTEXT_PATH, deploymentInfo.getContextPath());
properties.put(AuthenticationMechanismFactory.REALM, loginConfig.getRealmName());
properties.put(AuthenticationMechanismFactory.ERROR_PAGE, loginConfig.getErrorPage());
properties.put(AuthenticationMechanismFactory.LOGIN_PAGE, loginConfig.getLoginPage());
properties.putAll(method.getProperties());
String name = method.getName().toUpperCase(Locale.US);
// The mechanism name is passed in from the HttpServletRequest interface as the name reported needs to be
// comparable using '=='
name = name.equals(FORM_AUTH) ? FORM_AUTH : name;
name = name.equals(BASIC_AUTH) ? BASIC_AUTH : name;
name = name.equals(DIGEST_AUTH) ? DIGEST_AUTH : name;
name = name.equals(CLIENT_CERT_AUTH) ? CLIENT_CERT_AUTH : name;
authenticationMechanisms.add(factory.create(name, identityManager, parser, properties));
}
}
deployment.setAuthenticationMechanisms(authenticationMechanisms);
// if the JASPI auth mechanism is set then it takes over
if (deploymentInfo.getJaspiAuthenticationMechanism() == null) {
current = new AuthenticationMechanismsHandler(current, authenticationMechanisms);
} else {
current = new AuthenticationMechanismsHandler(current, Collections.<AuthenticationMechanism>singletonList(deploymentInfo.getJaspiAuthenticationMechanism()));
}
current = new CachedAuthenticatedSessionHandler(current, this.deployment.getServletContext());
}
List<NotificationReceiver> notificationReceivers = deploymentInfo.getNotificationReceivers();
if (!notificationReceivers.isEmpty()) {
current = new NotificationReceiverHandler(current, notificationReceivers);
}
if (initialSecurityWrapper == null) {
// TODO - A switch to constraint driven could be configurable, however before we can support that with servlets we would
// need additional tracking within sessions if a servlet has specifically requested that authentication occurs.
SecurityContextFactory contextFactory = deploymentInfo.getSecurityContextFactory();
if (contextFactory == null) {
contextFactory = SecurityContextFactoryImpl.INSTANCE;
}
current = new SecurityInitialHandler(deploymentInfo.getAuthenticationMode(), deploymentInfo.getIdentityManager(), mechName, contextFactory, current);
} else {
current = initialSecurityWrapper.wrap(current);
}
return current;
}
Also used :
IdentityManager(io.undertow.security.idm.IdentityManager)
HashMap(java.util.HashMap)
SecurityPathMatches(io.undertow.servlet.handlers.security.SecurityPathMatches)
ServletSecurityConstraintHandler(io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler)
HandlerWrapper(io.undertow.server.HandlerWrapper)
CachedAuthenticatedSessionHandler(io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler)
ServletAuthenticationConstraintHandler(io.undertow.servlet.handlers.security.ServletAuthenticationConstraintHandler)
SecurityInitialHandler(io.undertow.security.handlers.SecurityInitialHandler)
ServletAuthenticationCallHandler(io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler)
AuthMethodConfig(io.undertow.servlet.api.AuthMethodConfig)
LoginConfig(io.undertow.servlet.api.LoginConfig)
DeploymentInfo(io.undertow.servlet.api.DeploymentInfo)
HttpHandler(io.undertow.server.HttpHandler)
CachedAuthenticatedSessionMechanism(io.undertow.security.impl.CachedAuthenticatedSessionMechanism)
ClientCertAuthenticationMechanism(io.undertow.security.impl.ClientCertAuthenticationMechanism)
ExternalAuthenticationMechanism(io.undertow.security.impl.ExternalAuthenticationMechanism)
ServletFormAuthenticationMechanism(io.undertow.servlet.handlers.security.ServletFormAuthenticationMechanism)
BasicAuthenticationMechanism(io.undertow.security.impl.BasicAuthenticationMechanism)
DigestAuthenticationMechanism(io.undertow.security.impl.DigestAuthenticationMechanism)
AuthenticationMechanism(io.undertow.security.api.AuthenticationMechanism)
GenericHeaderAuthenticationMechanism(io.undertow.security.impl.GenericHeaderAuthenticationMechanism)
LinkedList(java.util.LinkedList)
FormParserFactory(io.undertow.server.handlers.form.FormParserFactory)
NotificationReceiverHandler(io.undertow.security.handlers.NotificationReceiverHandler)
AuthenticationMechanismsHandler(io.undertow.security.handlers.AuthenticationMechanismsHandler)
NotificationReceiver(io.undertow.security.api.NotificationReceiver)
ServletConfidentialityConstraintHandler(io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler)
FormEncodedDataDefinition(io.undertow.server.handlers.form.FormEncodedDataDefinition)
AuthenticationMechanismFactory(io.undertow.security.api.AuthenticationMechanismFactory)
SSLInformationAssociationHandler(io.undertow.servlet.handlers.security.SSLInformationAssociationHandler)
SecurityContextFactory(io.undertow.security.api.SecurityContextFactory)
Example 15 with AuthenticationMechanism
use of io.undertow.security.api.AuthenticationMechanism in project syncany by syncany.
the class WebServer method addSecurity.
private static HttpHandler addSecurity(final HttpHandler toWrap, IdentityManager identityManager) {
List<AuthenticationMechanism> mechanisms = Collections.<AuthenticationMechanism>singletonList(new BasicAuthenticationMechanism("Syncany"));
HttpHandler handler = toWrap;
handler = new AuthenticationCallHandler(handler);
handler = new AuthenticationConstraintHandler(handler);
handler = new AuthenticationMechanismsHandler(handler, mechanisms);
handler = new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, identityManager, handler);
return handler;
}
Also used :
HttpHandler(io.undertow.server.HttpHandler)
AuthenticationConstraintHandler(io.undertow.security.handlers.AuthenticationConstraintHandler)
SecurityInitialHandler(io.undertow.security.handlers.SecurityInitialHandler)
AuthenticationMechanismsHandler(io.undertow.security.handlers.AuthenticationMechanismsHandler)
BasicAuthenticationMechanism(io.undertow.security.impl.BasicAuthenticationMechanism)
AuthenticationMechanism(io.undertow.security.api.AuthenticationMechanism)
AuthenticationCallHandler(io.undertow.security.handlers.AuthenticationCallHandler)
BasicAuthenticationMechanism(io.undertow.security.impl.BasicAuthenticationMechanism)
Aggregations
AuthenticationMechanism (io.undertow.security.api.AuthenticationMechanism)16
AuthenticationMechanismsHandler (io.undertow.security.handlers.AuthenticationMechanismsHandler)12
SecurityInitialHandler (io.undertow.security.handlers.SecurityInitialHandler)12
HttpHandler (io.undertow.server.HttpHandler)12
AuthenticationCallHandler (io.undertow.security.handlers.AuthenticationCallHandler)11
AuthenticationConstraintHandler (io.undertow.security.handlers.AuthenticationConstraintHandler)11
BasicAuthenticationMechanism (io.undertow.security.impl.BasicAuthenticationMechanism)10
DigestAuthenticationMechanism (io.undertow.security.impl.DigestAuthenticationMechanism)5
CachedAuthenticatedSessionMechanism (io.undertow.security.impl.CachedAuthenticatedSessionMechanism)4
ArrayList (java.util.ArrayList)4
NotificationReceiver (io.undertow.security.api.NotificationReceiver)3
NotificationReceiverHandler (io.undertow.security.handlers.NotificationReceiverHandler)3
IdentityManager (io.undertow.security.idm.IdentityManager)3
DigestQop (io.undertow.security.impl.DigestQop)3
SimpleNonceManager (io.undertow.security.impl.SimpleNonceManager)3
HttpServerExchange (io.undertow.server.HttpServerExchange)3
AuthenticationMechanismFactory (io.undertow.security.api.AuthenticationMechanismFactory)2
AuthenticationMode (io.undertow.security.api.AuthenticationMode)2
DigestAlgorithm (io.undertow.security.idm.DigestAlgorithm)2
FormAuthenticationMechanism (io.undertow.security.impl.FormAuthenticationMechanism)2
