Example 6 with AuthenticatorBase
use of org.apache.catalina.authenticator.AuthenticatorBase in project Payara by payara.
the class Request method authenticate.
// END S1AS 4703023
// ---------------------------------------------------- HttpRequest Methods
@Override
public boolean authenticate(HttpServletResponse response) throws IOException, ServletException {
if (context == null) {
// TODO: throw an exception
throw new ServletException("Internal error: Context null");
}
final AuthenticatorBase authBase = (AuthenticatorBase) context.getAuthenticator();
if (authBase == null) {
throw new ServletException("Internal error: Authenticator null");
}
byte[] alreadyCalled = (byte[]) reentrancyStatus.get();
if (alreadyCalled[0] == 1) {
// Re-entrancy from a JSR 196 module, so call the authenticate directly
try {
return authBase.authenticate(this, (HttpResponse) getResponse(), context.getLoginConfig());
} catch (Exception ex) {
throw new ServletException("Exception thrown while attempting to authenticate", ex);
}
} else {
// No re-entrancy, so call invokeAuthenticateDelegate to check if
// JSR196 module is present
alreadyCalled[0] = 1;
try {
final Realm realm = context.getRealm();
final Request req = this;
if (realm == null) {
throw new ServletException("Internal error: realm null");
}
try {
if (Globals.IS_SECURITY_ENABLED) {
Boolean ret = AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
@Override
public Boolean run() {
try {
return Boolean.valueOf(realm.invokeAuthenticateDelegate(req, (HttpResponse) getResponse(), context, (AuthenticatorBase) authBase, true));
} catch (IOException ex) {
throw new RuntimeException("Exception thrown while attempting to authenticate", ex);
}
}
});
return ret.booleanValue();
} else {
return realm.invokeAuthenticateDelegate(req, (HttpResponse) getResponse(), context, (AuthenticatorBase) authBase, true);
}
} catch (Exception ex) {
throw new ServletException("Exception thrown while attempting to authenticate", ex);
}
} finally {
// Reset the threadlocal re-entrancy check variable
alreadyCalled[0] = 0;
}
}
}
Also used :
ServletException(javax.servlet.ServletException)
AuthenticatorBase(org.apache.catalina.authenticator.AuthenticatorBase)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletRequest(javax.servlet.ServletRequest)
HttpRequest(org.apache.catalina.HttpRequest)
IOException(java.io.IOException)
AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean)
Realm(org.apache.catalina.Realm)
ServletException(javax.servlet.ServletException)
CharConversionException(java.io.CharConversionException)
UnsupportedCharsetException(java.nio.charset.UnsupportedCharsetException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
PrivilegedActionException(java.security.PrivilegedActionException)
IOException(java.io.IOException)
UnknownHostException(java.net.UnknownHostException)
Example 7 with AuthenticatorBase
use of org.apache.catalina.authenticator.AuthenticatorBase in project tomcat70 by apache.
the class TestWebSocketFrameClient method testConnectToBasicEndpoint.
@Test
public void testConnectToBasicEndpoint() throws Exception {
Tomcat tomcat = getTomcatInstance();
Context ctx = tomcat.addContext(URI_PROTECTED, null);
ctx.addApplicationListener(TesterEchoServer.Config.class.getName());
Tomcat.addServlet(ctx, "default", new DefaultServlet());
ctx.addServletMapping("/", "default");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/");
String utf8User = "test";
// pound sign
String utf8Pass = "123\u00A3";
tomcat.addUser(utf8User, utf8Pass);
tomcat.addRole(utf8User, ROLE);
SecurityConstraint sc = new SecurityConstraint();
sc.addAuthRole(ROLE);
sc.addCollection(collection);
ctx.addConstraint(sc);
LoginConfig lc = new LoginConfig();
lc.setAuthMethod("BASIC");
ctx.setLoginConfig(lc);
AuthenticatorBase basicAuthenticator = new org.apache.catalina.authenticator.BasicAuthenticator();
ctx.getPipeline().addValve(basicAuthenticator);
tomcat.start();
ClientEndpointConfig clientEndpointConfig = ClientEndpointConfig.Builder.create().build();
clientEndpointConfig.getUserProperties().put(Constants.WS_AUTHENTICATION_USER_NAME, utf8User);
clientEndpointConfig.getUserProperties().put(Constants.WS_AUTHENTICATION_PASSWORD, utf8Pass);
echoTester(URI_PROTECTED, clientEndpointConfig);
}
Also used :
Context(org.apache.catalina.Context)
AuthenticatorBase(org.apache.catalina.authenticator.AuthenticatorBase)
Tomcat(org.apache.catalina.startup.Tomcat)
ClientEndpointConfig(javax.websocket.ClientEndpointConfig)
LoginConfig(org.apache.catalina.deploy.LoginConfig)
SecurityConstraint(org.apache.catalina.deploy.SecurityConstraint)
LoginConfig(org.apache.catalina.deploy.LoginConfig)
DefaultServlet(org.apache.catalina.servlets.DefaultServlet)
ClientEndpointConfig(javax.websocket.ClientEndpointConfig)
SecurityCollection(org.apache.catalina.deploy.SecurityCollection)
Test(org.junit.Test)
Example 8 with AuthenticatorBase
use of org.apache.catalina.authenticator.AuthenticatorBase in project tomcat by apache.
the class TestRestCsrfPreventionFilter2 method setUpApplication.
private void setUpApplication() throws Exception {
context = tomcat.addContext(CONTEXT_PATH_LOGIN, System.getProperty("java.io.tmpdir"));
context.setSessionTimeout(SHORT_SESSION_TIMEOUT_MINS);
Tomcat.addServlet(context, SERVLET_NAME, new TesterServlet());
context.addServletMappingDecoded(URI_PROTECTED, SERVLET_NAME);
FilterDef filterDef = new FilterDef();
filterDef.setFilterName(FILTER_NAME);
filterDef.setFilterClass(RestCsrfPreventionFilter.class.getCanonicalName());
filterDef.addInitParameter(FILTER_INIT_PARAM, REMOVE_CUSTOMER + "," + ADD_CUSTOMER);
context.addFilterDef(filterDef);
FilterMap filterMap = new FilterMap();
filterMap.setFilterName(FILTER_NAME);
filterMap.addURLPatternDecoded(URI_CSRF_PROTECTED);
context.addFilterMap(filterMap);
SecurityCollection collection = new SecurityCollection();
collection.addPatternDecoded(URI_PROTECTED);
SecurityConstraint sc = new SecurityConstraint();
sc.addAuthRole(ROLE);
sc.addCollection(collection);
context.addConstraint(sc);
LoginConfig lc = new LoginConfig();
lc.setAuthMethod(METHOD);
context.setLoginConfig(lc);
AuthenticatorBase basicAuthenticator = new BasicAuthenticator();
context.getPipeline().addValve(basicAuthenticator);
}
Also used :
AuthenticatorBase(org.apache.catalina.authenticator.AuthenticatorBase)
FilterDef(org.apache.tomcat.util.descriptor.web.FilterDef)
BasicAuthenticator(org.apache.catalina.authenticator.BasicAuthenticator)
LoginConfig(org.apache.tomcat.util.descriptor.web.LoginConfig)
FilterMap(org.apache.tomcat.util.descriptor.web.FilterMap)
SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint)
SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection)
Example 9 with AuthenticatorBase
use of org.apache.catalina.authenticator.AuthenticatorBase in project tomcat by apache.
the class CoyoteAdapter method doConnectorAuthenticationAuthorization.
private void doConnectorAuthenticationAuthorization(org.apache.coyote.Request req, Request request) {
// Set the remote principal
String username = req.getRemoteUser().toString();
if (username != null) {
if (log.isDebugEnabled()) {
log.debug(sm.getString("coyoteAdapter.authenticate", username));
}
if (req.getRemoteUserNeedsAuthorization()) {
Authenticator authenticator = request.getContext().getAuthenticator();
if (!(authenticator instanceof AuthenticatorBase)) {
if (log.isDebugEnabled()) {
log.debug(sm.getString("coyoteAdapter.authorize", username));
}
// Custom authenticator that may not trigger authorization.
// Do the authorization here to make sure it is done.
request.setUserPrincipal(request.getContext().getRealm().authenticate(username));
}
// If the Authenticator is an instance of AuthenticatorBase then
// it will check req.getRemoteUserNeedsAuthorization() and
// trigger authorization as necessary. It will also cache the
// result preventing excessive calls to the Realm.
} else {
// The connector isn't configured for authorization. Create a
// user without any roles using the supplied user name.
request.setUserPrincipal(new CoyotePrincipal(username));
}
}
// Set the authorization type
String authType = req.getAuthType().toString();
if (authType != null) {
request.setAuthType(authType);
}
}
Also used :
AuthenticatorBase(org.apache.catalina.authenticator.AuthenticatorBase)
Authenticator(org.apache.catalina.Authenticator)
Aggregations
AuthenticatorBase (org.apache.catalina.authenticator.AuthenticatorBase)9
Context (org.apache.catalina.Context)4
DefaultServlet (org.apache.catalina.servlets.DefaultServlet)4
Tomcat (org.apache.catalina.startup.Tomcat)4
Test (org.junit.Test)4
LoginConfig (org.apache.catalina.deploy.LoginConfig)3
SecurityCollection (org.apache.catalina.deploy.SecurityCollection)3
SecurityConstraint (org.apache.catalina.deploy.SecurityConstraint)3
LoginConfig (org.apache.tomcat.util.descriptor.web.LoginConfig)3
SecurityCollection (org.apache.tomcat.util.descriptor.web.SecurityCollection)3
SecurityConstraint (org.apache.tomcat.util.descriptor.web.SecurityConstraint)3
ClientEndpointConfig (jakarta.websocket.ClientEndpointConfig)2
ClientEndpointConfig (javax.websocket.ClientEndpointConfig)2
Authenticator (org.apache.catalina.Authenticator)2
BasicAuthenticator (org.apache.catalina.authenticator.BasicAuthenticator)2
CharConversionException (java.io.CharConversionException)1
IOException (java.io.IOException)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
UnknownHostException (java.net.UnknownHostException)1
UnsupportedCharsetException (java.nio.charset.UnsupportedCharsetException)1
