Examples with AuthMethodConfig - io.undertow.servlet.api.AuthMethodConfig

Example 6 with AuthMethodConfig

use of io.undertow.servlet.api.AuthMethodConfig in project undertow by undertow-io.

the class DeploymentManagerImpl method setupSecurityHandlers.

/**
     * sets up the outer security handlers.
     * <p/>
     * the handler that actually performs the access check happens later in the chain, it is not setup here
     *
     * @param initialHandler The handler to wrap with security handlers
     */
private HttpHandler setupSecurityHandlers(HttpHandler initialHandler) {
    final DeploymentInfo deploymentInfo = deployment.getDeploymentInfo();
    final LoginConfig loginConfig = deploymentInfo.getLoginConfig();
    HttpHandler current = initialHandler;
    current = new SSLInformationAssociationHandler(current);
    final SecurityPathMatches securityPathMatches = buildSecurityConstraints();
    securityPathMatches.logWarningsAboutUncoveredMethods();
    current = new ServletAuthenticationCallHandler(current);
    for (HandlerWrapper wrapper : deploymentInfo.getSecurityWrappers()) {
        current = wrapper.wrap(current);
    }
    if (deploymentInfo.isDisableCachingForSecuredPages()) {
        current = Handlers.predicate(Predicates.authRequired(), Handlers.disableCache(current), current);
    }
    if (!securityPathMatches.isEmpty()) {
        current = new ServletAuthenticationConstraintHandler(current);
    }
    current = new ServletConfidentialityConstraintHandler(deploymentInfo.getConfidentialPortManager(), current);
    if (!securityPathMatches.isEmpty()) {
        current = new ServletSecurityConstraintHandler(securityPathMatches, current);
    }
    HandlerWrapper initialSecurityWrapper = deploymentInfo.getInitialSecurityWrapper();
    String mechName = null;
    if (initialSecurityWrapper == null) {
        final Map<String, AuthenticationMechanismFactory> factoryMap = new HashMap<>(deploymentInfo.getAuthenticationMechanisms());
        final IdentityManager identityManager = deploymentInfo.getIdentityManager();
        if (!factoryMap.containsKey(BASIC_AUTH)) {
            factoryMap.put(BASIC_AUTH, new BasicAuthenticationMechanism.Factory(identityManager));
        }
        if (!factoryMap.containsKey(FORM_AUTH)) {
            factoryMap.put(FORM_AUTH, new ServletFormAuthenticationMechanism.Factory(identityManager));
        }
        if (!factoryMap.containsKey(DIGEST_AUTH)) {
            factoryMap.put(DIGEST_AUTH, new DigestAuthenticationMechanism.Factory(identityManager));
        }
        if (!factoryMap.containsKey(CLIENT_CERT_AUTH)) {
            factoryMap.put(CLIENT_CERT_AUTH, new ClientCertAuthenticationMechanism.Factory(identityManager));
        }
        if (!factoryMap.containsKey(ExternalAuthenticationMechanism.NAME)) {
            factoryMap.put(ExternalAuthenticationMechanism.NAME, new ExternalAuthenticationMechanism.Factory(identityManager));
        }
        if (!factoryMap.containsKey(GenericHeaderAuthenticationMechanism.NAME)) {
            factoryMap.put(GenericHeaderAuthenticationMechanism.NAME, new GenericHeaderAuthenticationMechanism.Factory(identityManager));
        }
        List<AuthenticationMechanism> authenticationMechanisms = new LinkedList<>();
        if (deploymentInfo.isUseCachedAuthenticationMechanism()) {
            authenticationMechanisms.add(new CachedAuthenticatedSessionMechanism(identityManager));
        }
        if (loginConfig != null || deploymentInfo.getJaspiAuthenticationMechanism() != null) {
            //we don't allow multipart requests, and use the default encoding when it's set
            FormEncodedDataDefinition formEncodedDataDefinition = new FormEncodedDataDefinition();
            if (deploymentInfo.getDefaultEncoding() != null) {
                formEncodedDataDefinition.setDefaultEncoding(deploymentInfo.getDefaultEncoding());
            }
            FormParserFactory parser = FormParserFactory.builder(false).addParser(formEncodedDataDefinition).build();
            List<AuthMethodConfig> authMethods = Collections.<AuthMethodConfig>emptyList();
            if (loginConfig != null) {
                authMethods = loginConfig.getAuthMethods();
            }
            for (AuthMethodConfig method : authMethods) {
                AuthenticationMechanismFactory factory = factoryMap.get(method.getName());
                if (factory == null) {
                    throw UndertowServletMessages.MESSAGES.unknownAuthenticationMechanism(method.getName());
                }
                if (mechName == null) {
                    mechName = method.getName();
                }
                final Map<String, String> properties = new HashMap<>();
                properties.put(AuthenticationMechanismFactory.CONTEXT_PATH, deploymentInfo.getContextPath());
                properties.put(AuthenticationMechanismFactory.REALM, loginConfig.getRealmName());
                properties.put(AuthenticationMechanismFactory.ERROR_PAGE, loginConfig.getErrorPage());
                properties.put(AuthenticationMechanismFactory.LOGIN_PAGE, loginConfig.getLoginPage());
                properties.putAll(method.getProperties());
                String name = method.getName().toUpperCase(Locale.US);
                // The mechanism name is passed in from the HttpServletRequest interface as the name reported needs to be
                // comparable using '=='
                name = name.equals(FORM_AUTH) ? FORM_AUTH : name;
                name = name.equals(BASIC_AUTH) ? BASIC_AUTH : name;
                name = name.equals(DIGEST_AUTH) ? DIGEST_AUTH : name;
                name = name.equals(CLIENT_CERT_AUTH) ? CLIENT_CERT_AUTH : name;
                authenticationMechanisms.add(factory.create(name, parser, properties));
            }
        }
        deployment.setAuthenticationMechanisms(authenticationMechanisms);
        //if the JASPI auth mechanism is set then it takes over
        if (deploymentInfo.getJaspiAuthenticationMechanism() == null) {
            current = new AuthenticationMechanismsHandler(current, authenticationMechanisms);
        } else {
            current = new AuthenticationMechanismsHandler(current, Collections.<AuthenticationMechanism>singletonList(deploymentInfo.getJaspiAuthenticationMechanism()));
        }
        current = new CachedAuthenticatedSessionHandler(current, this.deployment.getServletContext());
    }
    List<NotificationReceiver> notificationReceivers = deploymentInfo.getNotificationReceivers();
    if (!notificationReceivers.isEmpty()) {
        current = new NotificationReceiverHandler(current, notificationReceivers);
    }
    if (initialSecurityWrapper == null) {
        // TODO - A switch to constraint driven could be configurable, however before we can support that with servlets we would
        // need additional tracking within sessions if a servlet has specifically requested that authentication occurs.
        SecurityContextFactory contextFactory = deploymentInfo.getSecurityContextFactory();
        if (contextFactory == null) {
            contextFactory = SecurityContextFactoryImpl.INSTANCE;
        }
        current = new SecurityInitialHandler(deploymentInfo.getAuthenticationMode(), deploymentInfo.getIdentityManager(), mechName, contextFactory, current);
    } else {
        current = initialSecurityWrapper.wrap(current);
    }
    return current;
}

Also used : IdentityManager(io.undertow.security.idm.IdentityManager) DigestAuthenticationMechanism(io.undertow.security.impl.DigestAuthenticationMechanism) ExternalAuthenticationMechanism(io.undertow.security.impl.ExternalAuthenticationMechanism) HashMap(java.util.HashMap) SecurityPathMatches(io.undertow.servlet.handlers.security.SecurityPathMatches) ServletSecurityConstraintHandler(io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler) HandlerWrapper(io.undertow.server.HandlerWrapper) CachedAuthenticatedSessionHandler(io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler) ServletAuthenticationConstraintHandler(io.undertow.servlet.handlers.security.ServletAuthenticationConstraintHandler) SecurityInitialHandler(io.undertow.security.handlers.SecurityInitialHandler) ServletAuthenticationCallHandler(io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler) AuthMethodConfig(io.undertow.servlet.api.AuthMethodConfig) LoginConfig(io.undertow.servlet.api.LoginConfig) ServletFormAuthenticationMechanism(io.undertow.servlet.handlers.security.ServletFormAuthenticationMechanism) DeploymentInfo(io.undertow.servlet.api.DeploymentInfo) GenericHeaderAuthenticationMechanism(io.undertow.security.impl.GenericHeaderAuthenticationMechanism) HttpHandler(io.undertow.server.HttpHandler) CachedAuthenticatedSessionMechanism(io.undertow.security.impl.CachedAuthenticatedSessionMechanism) ClientCertAuthenticationMechanism(io.undertow.security.impl.ClientCertAuthenticationMechanism) ExternalAuthenticationMechanism(io.undertow.security.impl.ExternalAuthenticationMechanism) ServletFormAuthenticationMechanism(io.undertow.servlet.handlers.security.ServletFormAuthenticationMechanism) BasicAuthenticationMechanism(io.undertow.security.impl.BasicAuthenticationMechanism) DigestAuthenticationMechanism(io.undertow.security.impl.DigestAuthenticationMechanism) AuthenticationMechanism(io.undertow.security.api.AuthenticationMechanism) GenericHeaderAuthenticationMechanism(io.undertow.security.impl.GenericHeaderAuthenticationMechanism) LinkedList(java.util.LinkedList) FormParserFactory(io.undertow.server.handlers.form.FormParserFactory) NotificationReceiverHandler(io.undertow.security.handlers.NotificationReceiverHandler) AuthenticationMechanismsHandler(io.undertow.security.handlers.AuthenticationMechanismsHandler) NotificationReceiver(io.undertow.security.api.NotificationReceiver) ServletConfidentialityConstraintHandler(io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler) ClientCertAuthenticationMechanism(io.undertow.security.impl.ClientCertAuthenticationMechanism) FormEncodedDataDefinition(io.undertow.server.handlers.form.FormEncodedDataDefinition) AuthenticationMechanismFactory(io.undertow.security.api.AuthenticationMechanismFactory) BasicAuthenticationMechanism(io.undertow.security.impl.BasicAuthenticationMechanism) SSLInformationAssociationHandler(io.undertow.servlet.handlers.security.SSLInformationAssociationHandler) SecurityContextFactory(io.undertow.security.api.SecurityContextFactory)

Aggregations

AuthMethodConfig (io.undertow.servlet.api.AuthMethodConfig)6 DeploymentInfo (io.undertow.servlet.api.DeploymentInfo)5 LoginConfig (io.undertow.servlet.api.LoginConfig)5 SecurityConstraint (io.undertow.servlet.api.SecurityConstraint)4 WebResourceCollection (io.undertow.servlet.api.WebResourceCollection)4 HashMap (java.util.HashMap)4 PathHandler (io.undertow.server.handlers.PathHandler)3 DeploymentManager (io.undertow.servlet.api.DeploymentManager)3 ServletContainer (io.undertow.servlet.api.ServletContainer)3 ServletInfo (io.undertow.servlet.api.ServletInfo)3 SimpleServletTestCase (io.undertow.servlet.test.SimpleServletTestCase)3 BeforeClass (org.junit.BeforeClass)3 HandlerWrapper (io.undertow.server.HandlerWrapper)2 HttpHandler (io.undertow.server.HttpHandler)2 SendAuthTypeServlet (io.undertow.servlet.test.security.SendAuthTypeServlet)2 SendUsernameServlet (io.undertow.servlet.test.security.SendUsernameServlet)2 ServletIdentityManager (io.undertow.servlet.test.security.constraint.ServletIdentityManager)2 WebSocketDeploymentInfo (io.undertow.websockets.jsr.WebSocketDeploymentInfo)2 ArrayList (java.util.ArrayList)2 Map (java.util.Map)2