Example 96 with Filter
use of javax.servlet.Filter in project druid by druid-io.
the class BasicHTTPAuthenticatorTest method testGoodPassword.
@Test
public void testGoodPassword() throws IOException, ServletException {
String header = StringUtils.utf8Base64("userA:helloworld");
header = StringUtils.format("Basic %s", header);
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getHeader("Authorization")).andReturn(header);
req.setAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT, new AuthenticationResult("userA", "basic", "basic", null));
EasyMock.expectLastCall().times(1);
EasyMock.replay(req);
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
EasyMock.replay(resp);
FilterChain filterChain = EasyMock.createMock(FilterChain.class);
filterChain.doFilter(req, resp);
EasyMock.expectLastCall().times(1);
EasyMock.replay(filterChain);
Filter authenticatorFilter = AUTHENTICATOR.getFilter();
authenticatorFilter.doFilter(req, resp, filterChain);
EasyMock.verify(req, resp, filterChain);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Filter(javax.servlet.Filter)
FilterChain(javax.servlet.FilterChain)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
AuthenticationResult(org.apache.druid.server.security.AuthenticationResult)
Test(org.junit.Test)
Example 97 with Filter
use of javax.servlet.Filter in project druid by druid-io.
the class BasicHTTPAuthenticatorTest method testGoodPasswordWithValidator.
@Test
public void testGoodPasswordWithValidator() throws IOException, ServletException {
CredentialsValidator validator = EasyMock.createMock(CredentialsValidator.class);
BasicHTTPAuthenticator authenticatorWithValidator = new BasicHTTPAuthenticator(CACHE_MANAGER_PROVIDER, "basic", "basic", null, null, false, null, null, false, validator);
String header = StringUtils.utf8Base64("userA:helloworld");
header = StringUtils.format("Basic %s", header);
EasyMock.expect(validator.validateCredentials(EasyMock.eq("basic"), EasyMock.eq("basic"), EasyMock.eq("userA"), EasyMock.aryEq("helloworld".toCharArray()))).andReturn(new AuthenticationResult("userA", "basic", "basic", null)).times(1);
EasyMock.replay(validator);
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getHeader("Authorization")).andReturn(header);
req.setAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT, new AuthenticationResult("userA", "basic", "basic", null));
EasyMock.expectLastCall().times(1);
EasyMock.replay(req);
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
EasyMock.replay(resp);
FilterChain filterChain = EasyMock.createMock(FilterChain.class);
filterChain.doFilter(req, resp);
EasyMock.expectLastCall().times(1);
EasyMock.replay(filterChain);
Filter authenticatorFilter = authenticatorWithValidator.getFilter();
authenticatorFilter.doFilter(req, resp, filterChain);
EasyMock.verify(req, resp, validator, filterChain);
}
Also used :
BasicHTTPAuthenticator(org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Filter(javax.servlet.Filter)
FilterChain(javax.servlet.FilterChain)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
CredentialsValidator(org.apache.druid.security.basic.authentication.validator.CredentialsValidator)
AuthenticationResult(org.apache.druid.server.security.AuthenticationResult)
Test(org.junit.Test)
Example 98 with Filter
use of javax.servlet.Filter in project druid by druid-io.
the class BasicHTTPAuthenticatorTest method testBadPasswordWithSkipOnFailureValidator.
@Test
public void testBadPasswordWithSkipOnFailureValidator() throws IOException, ServletException {
CredentialsValidator validator = EasyMock.createMock(CredentialsValidator.class);
BasicHTTPAuthenticator authenticatorWithValidator = new BasicHTTPAuthenticator(CACHE_MANAGER_PROVIDER, "basic", "basic", null, null, false, null, null, true, validator);
String header = StringUtils.utf8Base64("userA:badpassword");
header = StringUtils.format("Basic %s", header);
EasyMock.expect(validator.validateCredentials(EasyMock.eq("basic"), EasyMock.eq("basic"), EasyMock.eq("userA"), EasyMock.aryEq("badpassword".toCharArray()))).andThrow(new BasicSecurityAuthenticationException("User authentication failed.")).times(1);
EasyMock.replay(validator);
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getHeader("Authorization")).andReturn(header);
EasyMock.replay(req);
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, "User authentication failed.");
EasyMock.expectLastCall().times(1);
EasyMock.replay(resp);
// Authentication filter should not move on to the next filter in the chain
FilterChain filterChain = EasyMock.createMock(FilterChain.class);
EasyMock.replay(filterChain);
Filter authenticatorFilter = authenticatorWithValidator.getFilter();
authenticatorFilter.doFilter(req, resp, filterChain);
EasyMock.verify(req, resp, validator, filterChain);
}
Also used :
BasicHTTPAuthenticator(org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
BasicSecurityAuthenticationException(org.apache.druid.security.basic.BasicSecurityAuthenticationException)
Filter(javax.servlet.Filter)
FilterChain(javax.servlet.FilterChain)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
CredentialsValidator(org.apache.druid.security.basic.authentication.validator.CredentialsValidator)
Test(org.junit.Test)
Example 99 with Filter
use of javax.servlet.Filter in project druid by druid-io.
the class BasicHTTPAuthenticatorTest method testUnknownUserWithSkipOnFailure.
@Test
public void testUnknownUserWithSkipOnFailure() throws IOException, ServletException {
CredentialsValidator validator = EasyMock.createMock(CredentialsValidator.class);
BasicHTTPAuthenticator authenticatorWithSkipOnFailure = new BasicHTTPAuthenticator(CACHE_MANAGER_PROVIDER, "basic", "basic", null, null, false, null, null, true, validator);
String header = StringUtils.utf8Base64("userB:helloworld");
header = StringUtils.format("Basic %s", header);
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getHeader("Authorization")).andReturn(header);
EasyMock.replay(req);
EasyMock.expect(validator.validateCredentials(EasyMock.eq("basic"), EasyMock.eq("basic"), EasyMock.eq("userB"), EasyMock.aryEq("helloworld".toCharArray()))).andReturn(null).times(1);
EasyMock.replay(validator);
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
EasyMock.replay(resp);
// Authentication filter should move on to the next filter in the chain without sending a response
FilterChain filterChain = EasyMock.createMock(FilterChain.class);
filterChain.doFilter(req, resp);
EasyMock.expectLastCall().times(1);
EasyMock.replay(filterChain);
Filter authenticatorFilter = authenticatorWithSkipOnFailure.getFilter();
authenticatorFilter.doFilter(req, resp, filterChain);
EasyMock.verify(req, resp, validator, filterChain);
}
Also used :
BasicHTTPAuthenticator(org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Filter(javax.servlet.Filter)
FilterChain(javax.servlet.FilterChain)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
CredentialsValidator(org.apache.druid.security.basic.authentication.validator.CredentialsValidator)
Test(org.junit.Test)
Example 100 with Filter
use of javax.servlet.Filter in project wechat by dllwh.
the class ShiroConfig method shiroFilter.
/**
* ----------------------------------------------------- Fields end
*/
/**
* @方法描述 :
*
* <pre>
* Shiro主过滤器本身功能十分强大,其强大之处就在于它支持任何基于URL路径表达式的、自定义的过滤器的执行
* Web应用中,Shiro可控制的Web请求必须经过Shiro主过滤器的拦截,Shiro对基于Spring的Web应用提供了完美的支持
* </pre>
*
* @return
*/
// @Bean("shiroFilter")
public ShiroFilterFactoryBean shiroFilter() {
ShiroFilterFactoryBean shiroFilterFactory = new ShiroFilterFactoryBean();
// Shiro的核心安全接口,这个属性是必须的
shiroFilterFactory.setSecurityManager(securityManager());
// 要求登录时的链接(可根据项目的URL进行替换),非必须的属性,如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
shiroFilterFactory.setLoginUrl(FilterHelper.LOGIN_ACTION);
// 登录成功后要跳转的链接
shiroFilterFactory.setSuccessUrl(FilterHelper.LOGIN_ACTION);
// 用户访问未对其授权的资源时,所显示的连接;
shiroFilterFactory.setUnauthorizedUrl(FilterHelper.UNAUTHORIZED);
/**
* 自定义拦截器
*/
Map<String, Filter> filtersMap = new LinkedHashMap<String, Filter>();
// 登录校验
filtersMap.put("loginFilter", new LoginFilter());
// 角色判断校验
filtersMap.put("roleFilter", new RoleFilter());
// 权限校验
filtersMap.put("permissionFilter", new PermissionFilter());
filtersMap.put("kickoutFilter", kickoutSessionFilter());
// 用户session
filtersMap.put("userSessionFilter", new UserSessionFilter());
shiroFilterFactory.setFilters(filtersMap);
/**
* Shiro连接约束配置,即权限控制map.
* 第一个'/'代表的路径是相对于HttpServletRequest.getContextPath()的值来的
*/
Map<String, String> filterMap = new LinkedHashMap<String, String>();
filterMap.put("/loginController**", "anon");
filterMap.put("/sysPage/**", "anon,kickoutFilter");
filterMap.put("/homeController/**", "loginFilter");
filterMap.put("/dataSourceController**", "authc,roleFilter[administrator]");
filterMap.put("/**", "authc,loginFilter,permissionFilter,kickoutFilter");
shiroFilterFactory.setFilterChainDefinitionMap(filterMap);
return shiroFilterFactory;
}
Also used :
ShiroFilterFactoryBean(org.apache.shiro.spring.web.ShiroFilterFactoryBean)
RoleFilter(com.cdeledu.core.shiro.filter.RoleFilter)
UserSessionFilter(com.cdeledu.core.shiro.filter.UserSessionFilter)
LoginFilter(com.cdeledu.core.shiro.filter.LoginFilter)
PermissionFilter(com.cdeledu.core.shiro.filter.PermissionFilter)
KickoutSessionFilter(com.cdeledu.core.shiro.filter.KickoutSessionFilter)
Filter(javax.servlet.Filter)
RoleFilter(com.cdeledu.core.shiro.filter.RoleFilter)
LoginFilter(com.cdeledu.core.shiro.filter.LoginFilter)
PermissionFilter(com.cdeledu.core.shiro.filter.PermissionFilter)
LinkedHashMap(java.util.LinkedHashMap)
UserSessionFilter(com.cdeledu.core.shiro.filter.UserSessionFilter)
Aggregations
Filter (javax.servlet.Filter)185
FilterChain (javax.servlet.FilterChain)67
Test (org.junit.Test)57
HttpServletRequest (javax.servlet.http.HttpServletRequest)53
HttpServletResponse (javax.servlet.http.HttpServletResponse)44
ServletRequest (javax.servlet.ServletRequest)43
ServletResponse (javax.servlet.ServletResponse)43
ServletException (javax.servlet.ServletException)28
FilterConfig (javax.servlet.FilterConfig)25
IOException (java.io.IOException)23
ServletContext (javax.servlet.ServletContext)20
Injector (com.google.inject.Injector)17
FilterHolder (org.eclipse.jetty.servlet.FilterHolder)16
OncePerRequestFilter (org.springframework.web.filter.OncePerRequestFilter)13
AnnotationConfigApplicationContext (org.springframework.context.annotation.AnnotationConfigApplicationContext)12
Map (java.util.Map)9
ServletContextHandler (org.eclipse.jetty.servlet.ServletContextHandler)9
ArrayList (java.util.ArrayList)8
Hashtable (java.util.Hashtable)8
DispatcherType (javax.servlet.DispatcherType)8
