Search in sources :

Example 11 with AuthProvider

use of io.vertx.ext.auth.AuthProvider in project vertx-web by vert-x3.

the class BasicAuthHandlerTest method doLogin.

private void doLogin(String realm) throws Exception {
    Handler<RoutingContext> handler = rc -> {
        assertNotNull(rc.user());
        assertEquals("tim", rc.user().principal().getString("username"));
        rc.response().end("Welcome to the protected resource!");
    };
    JsonObject authConfig = new JsonObject().put("properties_path", "classpath:login/loginusers.properties");
    AuthProvider authProvider = ShiroAuth.create(vertx, ShiroAuthRealmType.PROPERTIES, authConfig);
    router.route("/protected/*").handler(BasicAuthHandler.create(authProvider, realm));
    router.route("/protected/somepage").handler(handler);
    testRequest(HttpMethod.GET, "/protected/somepage", null, resp -> {
        String wwwAuth = resp.headers().get("WWW-Authenticate");
        assertNotNull(wwwAuth);
        assertEquals("Basic realm=\"" + realm + "\"", wwwAuth);
    }, 401, "Unauthorized", null);
    // Now try again with credentials
    testRequest(HttpMethod.GET, "/protected/somepage", req -> req.putHeader("Authorization", "Basic dGltOmRlbGljaW91czpzYXVzYWdlcw=="), resp -> {
        String wwwAuth = resp.headers().get("WWW-Authenticate");
        assertNull(wwwAuth);
    }, 200, "OK", "Welcome to the protected resource!");
}
Also used : Session(io.vertx.ext.web.Session) PRNG(io.vertx.ext.auth.PRNG) ClusterSerializable(io.vertx.core.shareddata.impl.ClusterSerializable) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) SessionImpl(io.vertx.ext.web.sstore.impl.SessionImpl) Test(org.junit.Test) RoutingContext(io.vertx.ext.web.RoutingContext) Future(io.vertx.core.Future) AtomicReference(java.util.concurrent.atomic.AtomicReference) AuthProvider(io.vertx.ext.auth.AuthProvider) Buffer(io.vertx.core.buffer.Buffer) SessionStore(io.vertx.ext.web.sstore.SessionStore) ShiroAuth(io.vertx.ext.auth.shiro.ShiroAuth) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) HttpMethod(io.vertx.core.http.HttpMethod) Map(java.util.Map) JsonObject(io.vertx.core.json.JsonObject) AsyncResult(io.vertx.core.AsyncResult) Handler(io.vertx.core.Handler) ShiroAuthRealmType(io.vertx.ext.auth.shiro.ShiroAuthRealmType) RoutingContext(io.vertx.ext.web.RoutingContext) JsonObject(io.vertx.core.json.JsonObject) AuthProvider(io.vertx.ext.auth.AuthProvider)

Example 12 with AuthProvider

use of io.vertx.ext.auth.AuthProvider in project vertx-web by vert-x3.

the class BasicAuthHandlerTest method testSecurityBypass.

@Test
public void testSecurityBypass() throws Exception {
    Handler<RoutingContext> handler = rc -> {
        fail("should not get here");
        rc.response().end("Welcome to the protected resource!");
    };
    JsonObject authConfig = new JsonObject().put("properties_path", "classpath:login/loginusers.properties");
    AuthProvider authProvider = ShiroAuth.create(vertx, ShiroAuthRealmType.PROPERTIES, authConfig);
    router.route().pathRegex("/api/.*").handler(BasicAuthHandler.create(authProvider));
    router.route("/api/v1/standard-job-profiles").handler(handler);
    testRequest(HttpMethod.GET, "//api/v1/standard-job-profiles", 401, "Unauthorized");
}
Also used : Session(io.vertx.ext.web.Session) PRNG(io.vertx.ext.auth.PRNG) ClusterSerializable(io.vertx.core.shareddata.impl.ClusterSerializable) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) SessionImpl(io.vertx.ext.web.sstore.impl.SessionImpl) Test(org.junit.Test) RoutingContext(io.vertx.ext.web.RoutingContext) Future(io.vertx.core.Future) AtomicReference(java.util.concurrent.atomic.AtomicReference) AuthProvider(io.vertx.ext.auth.AuthProvider) Buffer(io.vertx.core.buffer.Buffer) SessionStore(io.vertx.ext.web.sstore.SessionStore) ShiroAuth(io.vertx.ext.auth.shiro.ShiroAuth) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) HttpMethod(io.vertx.core.http.HttpMethod) Map(java.util.Map) JsonObject(io.vertx.core.json.JsonObject) AsyncResult(io.vertx.core.AsyncResult) Handler(io.vertx.core.Handler) ShiroAuthRealmType(io.vertx.ext.auth.shiro.ShiroAuthRealmType) RoutingContext(io.vertx.ext.web.RoutingContext) JsonObject(io.vertx.core.json.JsonObject) AuthProvider(io.vertx.ext.auth.AuthProvider) Test(org.junit.Test)

Example 13 with AuthProvider

use of io.vertx.ext.auth.AuthProvider in project vertx-swagger by bobxwang.

the class RestApiVerticle method configRoute.

private void configRoute(final Router router) {
    router.get("/logout").handler(context -> {
        context.clearUser();
        context.response().setStatusCode(302).putHeader("Location", "/").end();
    });
    AuthProvider authProvider = ChainAuth.create();
    AuthHandler basicAuthHandler = BasicAuthHandler.create(authProvider);
    router.route("/private/*").handler(basicAuthHandler);
    Route route = router.route(HttpMethod.GET, "/private/path/");
    route.handler(ctx -> ctx.response().end(new JsonObject().put("rs", new Date().toString()).encodePrettily()));
    router.route(HttpMethod.GET, "/some/path/").handler(routingContext -> {
        HttpServerResponse response = routingContext.response();
        // 由于我们会在不同的处理器里写入响应,因此需要启用分块传输,仅当需要通过多个处理器输出响应时才需要
        response.setChunked(true);
        response.write("route1\n");
        // 1 秒后调用下一个处理器
        routingContext.vertx().setTimer(1000, tid -> routingContext.next());
    });
    router.route(HttpMethod.GET, "/some/path/").handler(routingContext -> {
        HttpServerResponse response = routingContext.response();
        response.write("route2\n");
        // 1 秒后调用下一个处理器
        routingContext.vertx().setTimer(1000, tid -> routingContext.next());
    });
    router.route(HttpMethod.GET, "/some/path/").handler(routingContext -> {
        HttpServerResponse response = routingContext.response();
        response.write("route3");
        // 结束响应
        routingContext.response().end();
    });
    router.route(HttpMethod.GET, "/long/time").blockingHandler(ctx -> {
        // call other service maybe long time, so here we using block pattern
        try {
            Thread.sleep(5000l);
        } catch (InterruptedException e) {
            e.printStackTrace();
        }
        ctx.response().end(new JsonObject().put("rs", new Date().toString()).encodePrettily());
    });
    // 如果您需要在一个阻塞处理器中处理一个 multipart 类型的表单数据,您需要首先使用一个非阻塞的处理器来调用 setExpectMultipart(true)
    router.post("/some/longtime/endpoint").handler(ctx -> {
        ctx.request().setExpectMultipart(true);
        ctx.next();
    }).blockingHandler(ctx -> {
    // 执行某些阻塞操作
    });
}
Also used : AuthHandler(io.vertx.ext.web.handler.AuthHandler) BasicAuthHandler(io.vertx.ext.web.handler.BasicAuthHandler) Route(io.vertx.ext.web.Route) AuthHandler(io.vertx.ext.web.handler.AuthHandler) ChainAuth(io.vertx.ext.auth.ChainAuth) Date(java.util.Date) ApiImplicitParam(io.swagger.annotations.ApiImplicitParam) Router(io.vertx.ext.web.Router) Autowired(org.springframework.beans.factory.annotation.Autowired) RoutingContext(io.vertx.ext.web.RoutingContext) Scope(org.springframework.context.annotation.Scope) AuthProvider(io.vertx.ext.auth.AuthProvider) BasicAuthHandler(io.vertx.ext.web.handler.BasicAuthHandler) Component(org.springframework.stereotype.Component) BBRouter(com.bob.vertx.swagger.BBRouter) HttpMethod(io.vertx.core.http.HttpMethod) HttpServerResponse(io.vertx.core.http.HttpServerResponse) AbstractVerticle(io.vertx.core.AbstractVerticle) JsonObject(io.vertx.core.json.JsonObject) ApiImplicitParams(io.swagger.annotations.ApiImplicitParams) ConfigurableBeanFactory(org.springframework.beans.factory.config.ConfigurableBeanFactory) HttpServerResponse(io.vertx.core.http.HttpServerResponse) JsonObject(io.vertx.core.json.JsonObject) AuthProvider(io.vertx.ext.auth.AuthProvider) Route(io.vertx.ext.web.Route) Date(java.util.Date)

Example 14 with AuthProvider

use of io.vertx.ext.auth.AuthProvider in project vertx-auth by vert-x3.

the class AuthJWTExamples method example14.

public void example14(Vertx vertx) {
    JsonObject config = new JsonObject().put("public-key", "BASE64-ENCODED-PUBLIC_KEY").put("permissionsClaimKey", "realm_access/roles");
    AuthProvider provider = JWTAuth.create(vertx, config);
}
Also used : JsonObject(io.vertx.core.json.JsonObject) AuthProvider(io.vertx.ext.auth.AuthProvider)

Example 15 with AuthProvider

use of io.vertx.ext.auth.AuthProvider in project vertx-auth by vert-x3.

the class CreateShiroAuthProviderTest method testCreateWithRealm.

@Test
public void testCreateWithRealm() {
    Realm realm = new MyShiroRealm();
    AuthProvider authProvider = ShiroAuth.create(vertx, realm);
    JsonObject authInfo = new JsonObject().put("username", "tim").put("password", "sausages");
    authProvider.authenticate(authInfo, onSuccess(user -> {
        assertNotNull(user);
        testComplete();
    }));
    await();
}
Also used : AuthenticationInfo(org.apache.shiro.authc.AuthenticationInfo) AuthenticationException(org.apache.shiro.authc.AuthenticationException) ShiroAuth(io.vertx.ext.auth.shiro.ShiroAuth) Realm(org.apache.shiro.realm.Realm) JsonObject(io.vertx.core.json.JsonObject) AuthenticationToken(org.apache.shiro.authc.AuthenticationToken) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) Test(org.junit.Test) VertxTestBase(io.vertx.test.core.VertxTestBase) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) AuthProvider(io.vertx.ext.auth.AuthProvider) JsonObject(io.vertx.core.json.JsonObject) AuthProvider(io.vertx.ext.auth.AuthProvider) Realm(org.apache.shiro.realm.Realm) Test(org.junit.Test)

Aggregations

AuthProvider (io.vertx.ext.auth.AuthProvider)17 JsonObject (io.vertx.core.json.JsonObject)15 SessionStore (io.vertx.ext.web.sstore.SessionStore)7 Test (org.junit.Test)7 HttpMethod (io.vertx.core.http.HttpMethod)5 ShiroAuth (io.vertx.ext.auth.shiro.ShiroAuth)5 RoutingContext (io.vertx.ext.web.RoutingContext)5 AsyncResult (io.vertx.core.AsyncResult)4 Future (io.vertx.core.Future)4 Handler (io.vertx.core.Handler)4 Buffer (io.vertx.core.buffer.Buffer)4 ClusterSerializable (io.vertx.core.shareddata.impl.ClusterSerializable)4 PRNG (io.vertx.ext.auth.PRNG)4 ShiroAuthRealmType (io.vertx.ext.auth.shiro.ShiroAuthRealmType)4 Router (io.vertx.ext.web.Router)4 Session (io.vertx.ext.web.Session)4 SessionImpl (io.vertx.ext.web.sstore.impl.SessionImpl)4 Map (java.util.Map)4 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)4 AtomicInteger (java.util.concurrent.atomic.AtomicInteger)4