Examples with SecurityInitialHandler io.undertow.security.handlers.SecurityInitialHandler used on opensource projects

Example 1 with SecurityInitialHandler

use of io.undertow.security.handlers.SecurityInitialHandler in project cxf by apache.

the class UndertowBasicAuthHandler method buildSecurityHandler.

private void buildSecurityHandler() {
    HttpHandler handler = this.next;
    handler = new AuthenticationCallHandler(handler);
    handler = new AuthenticationConstraintHandler(handler);
    final List<AuthenticationMechanism> mechanisms = Collections.<AuthenticationMechanism>singletonList(new BasicAuthenticationMechanism("My Realm"));
    handler = new AuthenticationMechanismsHandler(handler, mechanisms);
    this.securityHandler = new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, identityManager, handler);
}

Example 2 with SecurityInitialHandler

use of io.undertow.security.handlers.SecurityInitialHandler in project cxf by apache.

the class UndertowDigestAuthHandler method buildSecurityHandler.

private void buildSecurityHandler() {
    HttpHandler handler = this.next;
    handler = new AuthenticationCallHandler(handler);
    handler = new AuthenticationConstraintHandler(handler);
    final List<AuthenticationMechanism> mechanisms = Collections.<AuthenticationMechanism>singletonList(new DigestAuthenticationMechanism("WSRealm", "WSDomain", "DIGEST", this.identityManager));
    handler = new AuthenticationMechanismsHandler(handler, mechanisms);
    this.securityHandler = new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, identityManager, handler);
}

Example 3 with SecurityInitialHandler

use of io.undertow.security.handlers.SecurityInitialHandler in project wildfly-swarm by wildfly-swarm.

the class SecureHttpContexts method secureHandler.

/**
 * Wraps the target handler and makes it inheritSecurity.
 * Includes a predicate for relevant web contexts.
 */
private HttpHandler secureHandler(final HttpHandler toWrap, SecurityRealm securityRealm) {
    HttpHandler handler = toWrap;
    handler = new AuthenticationCallHandler(handler);
    handler = new AuthenticationConstraintHandler(handler);
    RealmIdentityManager idm = new RealmIdentityManager(securityRealm);
    Set<AuthMechanism> mechanisms = securityRealm.getSupportedAuthenticationMechanisms();
    List<AuthenticationMechanism> undertowMechanisms = new ArrayList<AuthenticationMechanism>(mechanisms.size());
    undertowMechanisms.add(wrap(new CachedAuthenticatedSessionMechanism(), null));
    for (AuthMechanism current : mechanisms) {
        switch(current) {
            case DIGEST:
                List<DigestAlgorithm> digestAlgorithms = Collections.singletonList(DigestAlgorithm.MD5);
                List<DigestQop> digestQops = Collections.singletonList(DigestQop.AUTH);
                undertowMechanisms.add(wrap(new DigestAuthenticationMechanism(digestAlgorithms, digestQops, securityRealm.getName(), "Monitor", new SimpleNonceManager()), current));
                break;
            case PLAIN:
                undertowMechanisms.add(wrap(new BasicAuthenticationMechanism(securityRealm.getName()), current));
                break;
            case LOCAL:
                break;
            default:
        }
    }
    handler = new AuthenticationMechanismsHandler(handler, undertowMechanisms);
    handler = new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, idm, handler);
    // the predicate handler takes care that all of the above
    // will only be enacted on relevant web contexts
    handler = new PredicateHandler(exchange -> {
        if (!monitor.getSecurityRealm().isPresent()) {
            return false;
        }
        if (Queries.isAggregatorEndpoint(monitor, exchange.getRelativePath())) {
            return true;
        }
        if (Queries.isDirectAccessToHealthEndpoint(monitor, exchange.getRelativePath())) {
            if (!hasTokenAuth(exchange)) {
                return true;
            }
            return false;
        }
        if (HttpContexts.getDefaultContextNames().contains(exchange.getRelativePath())) {
            return true;
        }
        return false;
    }, handler, toWrap);
    return handler;
}

Example 4 with SecurityInitialHandler

use of io.undertow.security.handlers.SecurityInitialHandler in project wildfly-swarm by wildfly-swarm.

the class SecureHttpContexts method secureHandler.

/**
 * Wraps the target handler and makes it inheritSecurity.
 * Includes a predicate for relevant web contexts.
 */
@SuppressWarnings("deprecation")
private HttpHandler secureHandler(final HttpHandler toWrap, SecurityRealm securityRealm) {
    HttpHandler handler = toWrap;
    handler = new AuthenticationCallHandler(handler);
    handler = new AuthenticationConstraintHandler(handler);
    RealmIdentityManager idm = new RealmIdentityManager(securityRealm);
    Set<AuthMechanism> mechanisms = securityRealm.getSupportedAuthenticationMechanisms();
    List<AuthenticationMechanism> undertowMechanisms = new ArrayList<AuthenticationMechanism>(mechanisms.size());
    undertowMechanisms.add(wrap(new CachedAuthenticatedSessionMechanism(), null));
    for (AuthMechanism current : mechanisms) {
        switch(current) {
            case DIGEST:
                List<DigestAlgorithm> digestAlgorithms = Collections.singletonList(DigestAlgorithm.MD5);
                List<DigestQop> digestQops = Collections.singletonList(DigestQop.AUTH);
                undertowMechanisms.add(wrap(new DigestAuthenticationMechanism(digestAlgorithms, digestQops, securityRealm.getName(), "Monitor", new SimpleNonceManager()), current));
                break;
            case PLAIN:
                undertowMechanisms.add(wrap(new BasicAuthenticationMechanism(securityRealm.getName()), current));
                break;
            case LOCAL:
                break;
            default:
        }
    }
    handler = new AuthenticationMechanismsHandler(handler, undertowMechanisms);
    handler = new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, idm, handler);
    // the predicate handler takes care that all of the above
    // will only be enacted on relevant web contexts
    handler = new PredicateHandler(exchange -> {
        if (!monitor.getSecurityRealm().isPresent()) {
            return false;
        }
        if (Queries.isAggregatorEndpoint(monitor, exchange.getRelativePath())) {
            return true;
        }
        if (Queries.isDirectAccessToHealthEndpoint(monitor, exchange.getRelativePath())) {
            if (!hasTokenAuth(exchange)) {
                return true;
            }
            return false;
        }
        if (HttpContexts.getDefaultContextNames().contains(exchange.getRelativePath())) {
            return true;
        }
        return false;
    }, handler, toWrap);
    return handler;
}

Example 5 with SecurityInitialHandler

use of io.undertow.security.handlers.SecurityInitialHandler in project undertow by undertow-io.

the class AuthenticationTestBase method setAuthenticationChain.

@Before
public void setAuthenticationChain() {
    List<AuthenticationMechanism> testMechanisms = getTestMechanisms();
    if (testMechanisms == null) {
        return;
    }
    HttpHandler current = new ResponseHandler();
    current = new AuthenticationCallHandler(current);
    current = new AuthenticationConstraintHandler(current);
    current = new AuthenticationMechanismsHandler(current, testMechanisms);
    // Ensure empty on initialisation.
    auditReceiver.takeNotifications();
    current = new NotificationReceiverHandler(current, Collections.<NotificationReceiver>singleton(auditReceiver));
    if (cachingRequired()) {
        current = new CachedAuthenticatedSessionHandler(current);
    }
    current = new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, identityManager, current);
    setRootHandler(current);
}