Search in sources :

Example 6 with HttpServletRequest

use of javax.servlet.http.HttpServletRequest in project camel by apache.

the class HttpBasicAuthTest method createRouteBuilder.

@Override
protected RouteBuilder createRouteBuilder() throws Exception {
    return new RouteBuilder() {

        @Override
        public void configure() throws Exception {
            from("jetty://http://localhost:{{port}}/test?handlers=myAuthHandler").process(new Processor() {

                public void process(Exchange exchange) throws Exception {
                    HttpServletRequest req = exchange.getIn().getBody(HttpServletRequest.class);
                    assertNotNull(req);
                    Principal user = req.getUserPrincipal();
                    assertNotNull(user);
                    assertEquals("donald", user.getName());
                }
            }).transform(constant("Bye World"));
        }
    };
}
Also used : Exchange(org.apache.camel.Exchange) HttpServletRequest(javax.servlet.http.HttpServletRequest) Processor(org.apache.camel.Processor) RouteBuilder(org.apache.camel.builder.RouteBuilder) Principal(java.security.Principal)

Example 7 with HttpServletRequest

use of javax.servlet.http.HttpServletRequest in project hadoop by apache.

the class RestCsrfPreventionFilter method doFilter.

@Override
public void doFilter(ServletRequest request, ServletResponse response, final FilterChain chain) throws IOException, ServletException {
    final HttpServletRequest httpRequest = (HttpServletRequest) request;
    final HttpServletResponse httpResponse = (HttpServletResponse) response;
    handleHttpInteraction(new ServletFilterHttpInteraction(httpRequest, httpResponse, chain));
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpServletResponse(javax.servlet.http.HttpServletResponse)

Example 8 with HttpServletRequest

use of javax.servlet.http.HttpServletRequest in project hadoop by apache.

the class JWTRedirectAuthenticationHandler method alternateAuthenticate.

@Override
public AuthenticationToken alternateAuthenticate(HttpServletRequest request, HttpServletResponse response) throws IOException, AuthenticationException {
    AuthenticationToken token = null;
    String serializedJWT = null;
    HttpServletRequest req = (HttpServletRequest) request;
    serializedJWT = getJWTFromCookie(req);
    if (serializedJWT == null) {
        String loginURL = constructLoginURL(request);
        LOG.info("sending redirect to: " + loginURL);
        ((HttpServletResponse) response).sendRedirect(loginURL);
    } else {
        String userName = null;
        SignedJWT jwtToken = null;
        boolean valid = false;
        try {
            jwtToken = SignedJWT.parse(serializedJWT);
            valid = validateToken(jwtToken);
            if (valid) {
                userName = jwtToken.getJWTClaimsSet().getSubject();
                LOG.info("USERNAME: " + userName);
            } else {
                LOG.warn("jwtToken failed validation: " + jwtToken.serialize());
            }
        } catch (ParseException pe) {
            // unable to parse the token let's try and get another one
            LOG.warn("Unable to parse the JWT token", pe);
        }
        if (valid) {
            LOG.debug("Issuing AuthenticationToken for user.");
            token = new AuthenticationToken(userName, userName, getType());
        } else {
            String loginURL = constructLoginURL(request);
            LOG.info("token validation failed - sending redirect to: " + loginURL);
            ((HttpServletResponse) response).sendRedirect(loginURL);
        }
    }
    return token;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpServletResponse(javax.servlet.http.HttpServletResponse) SignedJWT(com.nimbusds.jwt.SignedJWT) ParseException(java.text.ParseException)

Example 9 with HttpServletRequest

use of javax.servlet.http.HttpServletRequest in project hadoop by apache.

the class TestAltKerberosAuthenticationHandler method testNonDefaultNonBrowserUserAgentAsBrowser.

@Test(timeout = 60000)
public void testNonDefaultNonBrowserUserAgentAsBrowser() throws Exception {
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
    if (handler != null) {
        handler.destroy();
        handler = null;
    }
    handler = getNewAuthenticationHandler();
    Properties props = getDefaultProperties();
    props.setProperty("alt-kerberos.non-browser.user-agents", "foo, bar");
    try {
        handler.init(props);
    } catch (Exception ex) {
        handler = null;
        throw ex;
    }
    // Pretend we're something that will not match with "foo" (or "bar")
    Mockito.when(request.getHeader("User-Agent")).thenReturn("blah");
    // Should use alt authentication
    AuthenticationToken token = handler.authenticate(request, response);
    Assert.assertEquals("A", token.getUserName());
    Assert.assertEquals("B", token.getName());
    Assert.assertEquals(getExpectedType(), token.getType());
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpServletResponse(javax.servlet.http.HttpServletResponse) Properties(java.util.Properties) AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException) IOException(java.io.IOException) Test(org.junit.Test)

Example 10 with HttpServletRequest

use of javax.servlet.http.HttpServletRequest in project hadoop by apache.

the class TestAuthenticationFilter method testGetTokenExpired.

@Test
public void testGetTokenExpired() throws Exception {
    AuthenticationFilter filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        Mockito.when(config.getInitParameter("management.operation.return")).thenReturn("true");
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
        Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn("secret");
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.SIGNATURE_SECRET, "management.operation.return")).elements());
        getMockedServletContextWithStringSigner(config);
        filter.init(config);
        AuthenticationToken token = new AuthenticationToken("u", "p", DummyAuthenticationHandler.TYPE);
        token.setExpires(System.currentTimeMillis() - TOKEN_VALIDITY_SEC);
        SignerSecretProvider secretProvider = StringSignerSecretProviderCreator.newStringSignerSecretProvider();
        Properties secretProviderProps = new Properties();
        secretProviderProps.setProperty(AuthenticationFilter.SIGNATURE_SECRET, "secret");
        secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
        Signer signer = new Signer(secretProvider);
        String tokenSigned = signer.sign(token.toString());
        Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
        HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
        Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie });
        boolean failed = false;
        try {
            filter.getToken(request);
        } catch (AuthenticationException ex) {
            Assert.assertEquals("AuthenticationToken expired", ex.getMessage());
            failed = true;
        } finally {
            Assert.assertTrue("token not expired", failed);
        }
    } finally {
        filter.destroy();
    }
}
Also used : HttpCookie(java.net.HttpCookie) Cookie(javax.servlet.http.Cookie) SignerSecretProvider(org.apache.hadoop.security.authentication.util.SignerSecretProvider) AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException) Properties(java.util.Properties) Signer(org.apache.hadoop.security.authentication.util.Signer) HttpServletRequest(javax.servlet.http.HttpServletRequest) FilterConfig(javax.servlet.FilterConfig) Vector(java.util.Vector) Test(org.junit.Test)

Aggregations

HttpServletRequest (javax.servlet.http.HttpServletRequest)2488 HttpServletResponse (javax.servlet.http.HttpServletResponse)1308 Test (org.junit.Test)987 IOException (java.io.IOException)595 ServletException (javax.servlet.ServletException)498 AbstractHandler (org.eclipse.jetty.server.handler.AbstractHandler)223 FilterChain (javax.servlet.FilterChain)200 ContentResponse (org.eclipse.jetty.client.api.ContentResponse)196 Test (org.testng.annotations.Test)168 Request (org.eclipse.jetty.server.Request)164 CountDownLatch (java.util.concurrent.CountDownLatch)160 HttpServlet (javax.servlet.http.HttpServlet)156 HttpSession (javax.servlet.http.HttpSession)150 HashMap (java.util.HashMap)130 PrintWriter (java.io.PrintWriter)121 Map (java.util.Map)100 InterruptedIOException (java.io.InterruptedIOException)97 ServletRequest (javax.servlet.ServletRequest)95 ServletContext (javax.servlet.ServletContext)91 ServletOutputStream (javax.servlet.ServletOutputStream)90