use of javax.servlet.http.HttpServletRequest in project camel by apache.
the class HttpBasicAuthTest method createRouteBuilder.
@Override
protected RouteBuilder createRouteBuilder() throws Exception {
return new RouteBuilder() {
@Override
public void configure() throws Exception {
from("jetty://http://localhost:{{port}}/test?handlers=myAuthHandler").process(new Processor() {
public void process(Exchange exchange) throws Exception {
HttpServletRequest req = exchange.getIn().getBody(HttpServletRequest.class);
assertNotNull(req);
Principal user = req.getUserPrincipal();
assertNotNull(user);
assertEquals("donald", user.getName());
}
}).transform(constant("Bye World"));
}
};
}
use of javax.servlet.http.HttpServletRequest in project hadoop by apache.
the class RestCsrfPreventionFilter method doFilter.
@Override
public void doFilter(ServletRequest request, ServletResponse response, final FilterChain chain) throws IOException, ServletException {
final HttpServletRequest httpRequest = (HttpServletRequest) request;
final HttpServletResponse httpResponse = (HttpServletResponse) response;
handleHttpInteraction(new ServletFilterHttpInteraction(httpRequest, httpResponse, chain));
}
use of javax.servlet.http.HttpServletRequest in project hadoop by apache.
the class JWTRedirectAuthenticationHandler method alternateAuthenticate.
@Override
public AuthenticationToken alternateAuthenticate(HttpServletRequest request, HttpServletResponse response) throws IOException, AuthenticationException {
AuthenticationToken token = null;
String serializedJWT = null;
HttpServletRequest req = (HttpServletRequest) request;
serializedJWT = getJWTFromCookie(req);
if (serializedJWT == null) {
String loginURL = constructLoginURL(request);
LOG.info("sending redirect to: " + loginURL);
((HttpServletResponse) response).sendRedirect(loginURL);
} else {
String userName = null;
SignedJWT jwtToken = null;
boolean valid = false;
try {
jwtToken = SignedJWT.parse(serializedJWT);
valid = validateToken(jwtToken);
if (valid) {
userName = jwtToken.getJWTClaimsSet().getSubject();
LOG.info("USERNAME: " + userName);
} else {
LOG.warn("jwtToken failed validation: " + jwtToken.serialize());
}
} catch (ParseException pe) {
// unable to parse the token let's try and get another one
LOG.warn("Unable to parse the JWT token", pe);
}
if (valid) {
LOG.debug("Issuing AuthenticationToken for user.");
token = new AuthenticationToken(userName, userName, getType());
} else {
String loginURL = constructLoginURL(request);
LOG.info("token validation failed - sending redirect to: " + loginURL);
((HttpServletResponse) response).sendRedirect(loginURL);
}
}
return token;
}
use of javax.servlet.http.HttpServletRequest in project hadoop by apache.
the class TestAltKerberosAuthenticationHandler method testNonDefaultNonBrowserUserAgentAsBrowser.
@Test(timeout = 60000)
public void testNonDefaultNonBrowserUserAgentAsBrowser() throws Exception {
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
if (handler != null) {
handler.destroy();
handler = null;
}
handler = getNewAuthenticationHandler();
Properties props = getDefaultProperties();
props.setProperty("alt-kerberos.non-browser.user-agents", "foo, bar");
try {
handler.init(props);
} catch (Exception ex) {
handler = null;
throw ex;
}
// Pretend we're something that will not match with "foo" (or "bar")
Mockito.when(request.getHeader("User-Agent")).thenReturn("blah");
// Should use alt authentication
AuthenticationToken token = handler.authenticate(request, response);
Assert.assertEquals("A", token.getUserName());
Assert.assertEquals("B", token.getName());
Assert.assertEquals(getExpectedType(), token.getType());
}
use of javax.servlet.http.HttpServletRequest in project hadoop by apache.
the class TestAuthenticationFilter method testGetTokenExpired.
@Test
public void testGetTokenExpired() throws Exception {
AuthenticationFilter filter = new AuthenticationFilter();
try {
FilterConfig config = Mockito.mock(FilterConfig.class);
Mockito.when(config.getInitParameter("management.operation.return")).thenReturn("true");
Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn("secret");
Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.SIGNATURE_SECRET, "management.operation.return")).elements());
getMockedServletContextWithStringSigner(config);
filter.init(config);
AuthenticationToken token = new AuthenticationToken("u", "p", DummyAuthenticationHandler.TYPE);
token.setExpires(System.currentTimeMillis() - TOKEN_VALIDITY_SEC);
SignerSecretProvider secretProvider = StringSignerSecretProviderCreator.newStringSignerSecretProvider();
Properties secretProviderProps = new Properties();
secretProviderProps.setProperty(AuthenticationFilter.SIGNATURE_SECRET, "secret");
secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
Signer signer = new Signer(secretProvider);
String tokenSigned = signer.sign(token.toString());
Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie });
boolean failed = false;
try {
filter.getToken(request);
} catch (AuthenticationException ex) {
Assert.assertEquals("AuthenticationToken expired", ex.getMessage());
failed = true;
} finally {
Assert.assertTrue("token not expired", failed);
}
} finally {
filter.destroy();
}
}
Aggregations