Example 1 with AuthenticatorBase
use of org.apache.catalina.authenticator.AuthenticatorBase in project tomcat70 by apache.
the class TestWebSocketFrameClient method testConnectToDigestEndpoint.
@Test
public void testConnectToDigestEndpoint() throws Exception {
Tomcat tomcat = getTomcatInstance();
Context ctx = tomcat.addContext(URI_PROTECTED, null);
ctx.addApplicationListener(TesterEchoServer.Config.class.getName());
Tomcat.addServlet(ctx, "default", new DefaultServlet());
ctx.addServletMapping("/", "default");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
tomcat.addUser(USER, PWD);
tomcat.addRole(USER, ROLE);
SecurityConstraint sc = new SecurityConstraint();
sc.addAuthRole(ROLE);
sc.addCollection(collection);
ctx.addConstraint(sc);
LoginConfig lc = new LoginConfig();
lc.setAuthMethod("DIGEST");
ctx.setLoginConfig(lc);
AuthenticatorBase digestAuthenticator = new org.apache.catalina.authenticator.DigestAuthenticator();
ctx.getPipeline().addValve(digestAuthenticator);
tomcat.start();
ClientEndpointConfig clientEndpointConfig = ClientEndpointConfig.Builder.create().build();
clientEndpointConfig.getUserProperties().put(Constants.WS_AUTHENTICATION_USER_NAME, USER);
clientEndpointConfig.getUserProperties().put(Constants.WS_AUTHENTICATION_PASSWORD, PWD);
echoTester(URI_PROTECTED, clientEndpointConfig);
}
Also used :
Context(org.apache.catalina.Context)
AuthenticatorBase(org.apache.catalina.authenticator.AuthenticatorBase)
Tomcat(org.apache.catalina.startup.Tomcat)
ClientEndpointConfig(javax.websocket.ClientEndpointConfig)
LoginConfig(org.apache.catalina.deploy.LoginConfig)
LoginConfig(org.apache.catalina.deploy.LoginConfig)
DefaultServlet(org.apache.catalina.servlets.DefaultServlet)
ClientEndpointConfig(javax.websocket.ClientEndpointConfig)
SecurityConstraint(org.apache.catalina.deploy.SecurityConstraint)
SecurityCollection(org.apache.catalina.deploy.SecurityCollection)
Test(org.junit.Test)
Example 2 with AuthenticatorBase
use of org.apache.catalina.authenticator.AuthenticatorBase in project tomcat70 by apache.
the class CoyoteAdapter method doConnectorAuthenticationAuthorization.
private void doConnectorAuthenticationAuthorization(org.apache.coyote.Request req, Request request) {
// Set the remote principal
String username = req.getRemoteUser().toString();
if (username != null) {
if (log.isDebugEnabled()) {
log.debug(sm.getString("coyoteAdapter.authenticate", username));
}
if (req.getRemoteUserNeedsAuthorization()) {
Authenticator authenticator = request.getContext().getAuthenticator();
if (authenticator == null) {
// No security constraints configured for the application so
// no need to authorize the user. Use the CoyotePrincipal to
// provide the authenticated user.
request.setUserPrincipal(new CoyotePrincipal(username));
} else if (!(authenticator instanceof AuthenticatorBase)) {
if (log.isDebugEnabled()) {
log.debug(sm.getString("coyoteAdapter.authorize", username));
}
// Custom authenticator that may not trigger authorization.
// Do the authorization here to make sure it is done.
request.setUserPrincipal(request.getContext().getRealm().authenticate(username));
}
// If the Authenticator is an instance of AuthenticatorBase then
// it will check req.getRemoteUserNeedsAuthorization() and
// trigger authorization as necessary. It will also cache the
// result preventing excessive calls to the Realm.
} else {
// The connector isn't configured for authorization. Create a
// user without any roles using the supplied user name.
request.setUserPrincipal(new CoyotePrincipal(username));
}
}
// Set the authorization type
String authtype = req.getAuthType().toString();
if (authtype != null) {
request.setAuthType(authtype);
}
}
Also used :
AuthenticatorBase(org.apache.catalina.authenticator.AuthenticatorBase)
Authenticator(org.apache.catalina.Authenticator)
Example 3 with AuthenticatorBase
use of org.apache.catalina.authenticator.AuthenticatorBase in project tomcat70 by apache.
the class TestRestCsrfPreventionFilter2 method setUpApplication.
private void setUpApplication() throws Exception {
context = tomcat.addContext(CONTEXT_PATH_LOGIN, System.getProperty("java.io.tmpdir"));
context.setSessionTimeout(SHORT_SESSION_TIMEOUT_MINS);
Tomcat.addServlet(context, SERVLET_NAME, new TesterServlet());
context.addServletMapping(URI_PROTECTED, SERVLET_NAME);
FilterDef filterDef = new FilterDef();
filterDef.setFilterName(FILTER_NAME);
filterDef.setFilterClass(RestCsrfPreventionFilter.class.getCanonicalName());
filterDef.addInitParameter(FILTER_INIT_PARAM, REMOVE_CUSTOMER + "," + ADD_CUSTOMER);
context.addFilterDef(filterDef);
FilterMap filterMap = new FilterMap();
filterMap.setFilterName(FILTER_NAME);
filterMap.addURLPattern(URI_CSRF_PROTECTED);
context.addFilterMap(filterMap);
SecurityCollection collection = new SecurityCollection();
collection.addPattern(URI_PROTECTED);
SecurityConstraint sc = new SecurityConstraint();
sc.addAuthRole(ROLE);
sc.addCollection(collection);
context.addConstraint(sc);
LoginConfig lc = new LoginConfig();
lc.setAuthMethod(METHOD);
context.setLoginConfig(lc);
AuthenticatorBase basicAuthenticator = new BasicAuthenticator();
context.getPipeline().addValve(basicAuthenticator);
}
Also used :
AuthenticatorBase(org.apache.catalina.authenticator.AuthenticatorBase)
FilterDef(org.apache.catalina.deploy.FilterDef)
BasicAuthenticator(org.apache.catalina.authenticator.BasicAuthenticator)
LoginConfig(org.apache.catalina.deploy.LoginConfig)
FilterMap(org.apache.catalina.deploy.FilterMap)
SecurityConstraint(org.apache.catalina.deploy.SecurityConstraint)
SecurityCollection(org.apache.catalina.deploy.SecurityCollection)
Example 4 with AuthenticatorBase
use of org.apache.catalina.authenticator.AuthenticatorBase in project tomcat by apache.
the class TestWebSocketFrameClient method testConnectToDigestEndpoint.
@Test
public void testConnectToDigestEndpoint() throws Exception {
Tomcat tomcat = getTomcatInstance();
Context ctx = tomcat.addContext(URI_PROTECTED, null);
ctx.addApplicationListener(TesterEchoServer.Config.class.getName());
Tomcat.addServlet(ctx, "default", new DefaultServlet());
ctx.addServletMappingDecoded("/", "default");
SecurityCollection collection = new SecurityCollection();
collection.addPatternDecoded("/*");
tomcat.addUser(USER, PWD);
tomcat.addRole(USER, ROLE);
SecurityConstraint sc = new SecurityConstraint();
sc.addAuthRole(ROLE);
sc.addCollection(collection);
ctx.addConstraint(sc);
LoginConfig lc = new LoginConfig();
lc.setAuthMethod("DIGEST");
ctx.setLoginConfig(lc);
AuthenticatorBase digestAuthenticator = new org.apache.catalina.authenticator.DigestAuthenticator();
ctx.getPipeline().addValve(digestAuthenticator);
tomcat.start();
ClientEndpointConfig clientEndpointConfig = ClientEndpointConfig.Builder.create().build();
clientEndpointConfig.getUserProperties().put(Constants.WS_AUTHENTICATION_USER_NAME, USER);
clientEndpointConfig.getUserProperties().put(Constants.WS_AUTHENTICATION_PASSWORD, PWD);
echoTester(URI_PROTECTED, clientEndpointConfig);
}
Also used :
Context(org.apache.catalina.Context)
AuthenticatorBase(org.apache.catalina.authenticator.AuthenticatorBase)
Tomcat(org.apache.catalina.startup.Tomcat)
LoginConfig(org.apache.tomcat.util.descriptor.web.LoginConfig)
ClientEndpointConfig(jakarta.websocket.ClientEndpointConfig)
LoginConfig(org.apache.tomcat.util.descriptor.web.LoginConfig)
DefaultServlet(org.apache.catalina.servlets.DefaultServlet)
ClientEndpointConfig(jakarta.websocket.ClientEndpointConfig)
SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint)
SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection)
Test(org.junit.Test)
Example 5 with AuthenticatorBase
use of org.apache.catalina.authenticator.AuthenticatorBase in project tomcat by apache.
the class TestWebSocketFrameClient method testConnectToBasicEndpoint.
@Test
public void testConnectToBasicEndpoint() throws Exception {
Tomcat tomcat = getTomcatInstance();
Context ctx = tomcat.addContext(URI_PROTECTED, null);
ctx.addApplicationListener(TesterEchoServer.Config.class.getName());
Tomcat.addServlet(ctx, "default", new DefaultServlet());
ctx.addServletMappingDecoded("/", "default");
SecurityCollection collection = new SecurityCollection();
collection.addPatternDecoded("/");
String utf8User = "test";
// pound sign
String utf8Pass = "123\u00A3";
tomcat.addUser(utf8User, utf8Pass);
tomcat.addRole(utf8User, ROLE);
SecurityConstraint sc = new SecurityConstraint();
sc.addAuthRole(ROLE);
sc.addCollection(collection);
ctx.addConstraint(sc);
LoginConfig lc = new LoginConfig();
lc.setAuthMethod("BASIC");
ctx.setLoginConfig(lc);
AuthenticatorBase basicAuthenticator = new org.apache.catalina.authenticator.BasicAuthenticator();
ctx.getPipeline().addValve(basicAuthenticator);
tomcat.start();
ClientEndpointConfig clientEndpointConfig = ClientEndpointConfig.Builder.create().build();
clientEndpointConfig.getUserProperties().put(Constants.WS_AUTHENTICATION_USER_NAME, utf8User);
clientEndpointConfig.getUserProperties().put(Constants.WS_AUTHENTICATION_PASSWORD, utf8Pass);
echoTester(URI_PROTECTED, clientEndpointConfig);
}
Also used :
Context(org.apache.catalina.Context)
AuthenticatorBase(org.apache.catalina.authenticator.AuthenticatorBase)
Tomcat(org.apache.catalina.startup.Tomcat)
LoginConfig(org.apache.tomcat.util.descriptor.web.LoginConfig)
ClientEndpointConfig(jakarta.websocket.ClientEndpointConfig)
SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint)
LoginConfig(org.apache.tomcat.util.descriptor.web.LoginConfig)
DefaultServlet(org.apache.catalina.servlets.DefaultServlet)
ClientEndpointConfig(jakarta.websocket.ClientEndpointConfig)
SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection)
Test(org.junit.Test)
Aggregations
AuthenticatorBase (org.apache.catalina.authenticator.AuthenticatorBase)9
Context (org.apache.catalina.Context)4
DefaultServlet (org.apache.catalina.servlets.DefaultServlet)4
Tomcat (org.apache.catalina.startup.Tomcat)4
Test (org.junit.Test)4
LoginConfig (org.apache.catalina.deploy.LoginConfig)3
SecurityCollection (org.apache.catalina.deploy.SecurityCollection)3
SecurityConstraint (org.apache.catalina.deploy.SecurityConstraint)3
LoginConfig (org.apache.tomcat.util.descriptor.web.LoginConfig)3
SecurityCollection (org.apache.tomcat.util.descriptor.web.SecurityCollection)3
SecurityConstraint (org.apache.tomcat.util.descriptor.web.SecurityConstraint)3
ClientEndpointConfig (jakarta.websocket.ClientEndpointConfig)2
ClientEndpointConfig (javax.websocket.ClientEndpointConfig)2
Authenticator (org.apache.catalina.Authenticator)2
BasicAuthenticator (org.apache.catalina.authenticator.BasicAuthenticator)2
UnknownHostException (java.net.UnknownHostException)1
UnsupportedCharsetException (java.nio.charset.UnsupportedCharsetException)1
AtomicBoolean (java.util.concurrent.atomic.AtomicBoolean)1
FilterDef (org.apache.catalina.deploy.FilterDef)1
FilterMap (org.apache.catalina.deploy.FilterMap)1
