Example 6 with BasicAuthenticator
use of org.apache.catalina.authenticator.BasicAuthenticator in project tomcat by apache.
the class TestStandardContext method doTestDenyUncoveredHttpMethodsSCI.
private void doTestDenyUncoveredHttpMethodsSCI(boolean enableDeny) throws Exception {
// Test that denying uncovered HTTP methods when adding servlet security
// constraints programmatically does work.
// Set up a container
Tomcat tomcat = getTomcatInstance();
// No file system docBase required
Context ctx = tomcat.addContext("", null);
ctx.setDenyUncoveredHttpMethods(enableDeny);
// Setup realm
TesterMapRealm realm = new TesterMapRealm();
realm.addUser("tomcat", "tomcat");
realm.addUserRole("tomcat", "tomcat");
ctx.setRealm(realm);
// Configure app for BASIC auth
LoginConfig lc = new LoginConfig();
lc.setAuthMethod("BASIC");
ctx.setLoginConfig(lc);
ctx.getPipeline().addValve(new BasicAuthenticator());
// Add ServletContainerInitializer
ServletContainerInitializer sci = new DenyUncoveredHttpMethodsSCI();
ctx.addServletContainerInitializer(sci, null);
// Start the context
tomcat.start();
// Request the first servlet
ByteChunk bc = new ByteChunk();
int rc = getUrl("http://localhost:" + getPort() + "/test", bc, null);
// Check for a 401
if (enableDeny) {
// Should be default error page
Assert.assertTrue(bc.toString().contains("403"));
Assert.assertEquals(403, rc);
} else {
Assert.assertEquals("OK", bc.toString());
Assert.assertEquals(200, rc);
}
}
Also used :
Context(org.apache.catalina.Context)
ServletContext(javax.servlet.ServletContext)
ServletContainerInitializer(javax.servlet.ServletContainerInitializer)
Tomcat(org.apache.catalina.startup.Tomcat)
TesterMapRealm(org.apache.catalina.startup.TesterMapRealm)
BasicAuthenticator(org.apache.catalina.authenticator.BasicAuthenticator)
ByteChunk(org.apache.tomcat.util.buf.ByteChunk)
LoginConfig(org.apache.tomcat.util.descriptor.web.LoginConfig)
Example 7 with BasicAuthenticator
use of org.apache.catalina.authenticator.BasicAuthenticator in project tomcat by apache.
the class TestRestCsrfPreventionFilter2 method setUpApplication.
private void setUpApplication() throws Exception {
context = tomcat.addContext(CONTEXT_PATH_LOGIN, System.getProperty("java.io.tmpdir"));
context.setSessionTimeout(SHORT_SESSION_TIMEOUT_MINS);
Tomcat.addServlet(context, SERVLET_NAME, new TesterServlet());
context.addServletMappingDecoded(URI_PROTECTED, SERVLET_NAME);
FilterDef filterDef = new FilterDef();
filterDef.setFilterName(FILTER_NAME);
filterDef.setFilterClass(RestCsrfPreventionFilter.class.getCanonicalName());
filterDef.addInitParameter(FILTER_INIT_PARAM, REMOVE_CUSTOMER + "," + ADD_CUSTOMER);
context.addFilterDef(filterDef);
FilterMap filterMap = new FilterMap();
filterMap.setFilterName(FILTER_NAME);
filterMap.addURLPatternDecoded(URI_CSRF_PROTECTED);
context.addFilterMap(filterMap);
SecurityCollection collection = new SecurityCollection();
collection.addPatternDecoded(URI_PROTECTED);
SecurityConstraint sc = new SecurityConstraint();
sc.addAuthRole(ROLE);
sc.addCollection(collection);
context.addConstraint(sc);
LoginConfig lc = new LoginConfig();
lc.setAuthMethod(METHOD);
context.setLoginConfig(lc);
AuthenticatorBase basicAuthenticator = new BasicAuthenticator();
context.getPipeline().addValve(basicAuthenticator);
}
Also used :
AuthenticatorBase(org.apache.catalina.authenticator.AuthenticatorBase)
FilterDef(org.apache.tomcat.util.descriptor.web.FilterDef)
BasicAuthenticator(org.apache.catalina.authenticator.BasicAuthenticator)
LoginConfig(org.apache.tomcat.util.descriptor.web.LoginConfig)
FilterMap(org.apache.tomcat.util.descriptor.web.FilterMap)
SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint)
SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection)
Example 8 with BasicAuthenticator
use of org.apache.catalina.authenticator.BasicAuthenticator in project cas by apereo.
the class CasEmbeddedContainerTomcatConfiguration method configureBasicAuthn.
private void configureBasicAuthn(final TomcatEmbeddedServletContainerFactory tomcat) {
final CasEmbeddedApacheTomcatBasicAuthenticationProperties basic = casProperties.getServer().getBasicAuthn();
if (basic.isEnabled()) {
tomcat.addContextCustomizers(ctx -> {
final LoginConfig config = new LoginConfig();
config.setAuthMethod("BASIC");
ctx.setLoginConfig(config);
basic.getSecurityRoles().forEach(ctx::addSecurityRole);
basic.getAuthRoles().forEach(r -> {
final SecurityConstraint constraint = new SecurityConstraint();
constraint.addAuthRole(r);
final SecurityCollection collection = new SecurityCollection();
basic.getPatterns().forEach(collection::addPattern);
constraint.addCollection(collection);
ctx.addConstraint(constraint);
});
});
tomcat.addContextValves(new BasicAuthenticator());
}
}
Also used :
BasicAuthenticator(org.apache.catalina.authenticator.BasicAuthenticator)
LoginConfig(org.apache.tomcat.util.descriptor.web.LoginConfig)
CasEmbeddedApacheTomcatBasicAuthenticationProperties(org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatBasicAuthenticationProperties)
SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint)
SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection)
Aggregations
BasicAuthenticator (org.apache.catalina.authenticator.BasicAuthenticator)8
LoginConfig (org.apache.tomcat.util.descriptor.web.LoginConfig)8
Context (org.apache.catalina.Context)4
TesterMapRealm (org.apache.catalina.startup.TesterMapRealm)4
Tomcat (org.apache.catalina.startup.Tomcat)4
ByteChunk (org.apache.tomcat.util.buf.ByteChunk)4
SecurityCollection (org.apache.tomcat.util.descriptor.web.SecurityCollection)4
SecurityConstraint (org.apache.tomcat.util.descriptor.web.SecurityConstraint)4
ServletContext (javax.servlet.ServletContext)3
ServletContainerInitializer (javax.servlet.ServletContainerInitializer)2
DigestAuthenticator (org.apache.catalina.authenticator.DigestAuthenticator)2
NonLoginAuthenticator (org.apache.catalina.authenticator.NonLoginAuthenticator)2
SSLAuthenticator (org.apache.catalina.authenticator.SSLAuthenticator)2
StandardContext (org.apache.catalina.core.StandardContext)2
TomcatBaseTest (org.apache.catalina.startup.TomcatBaseTest)2
IgnoredStandardContext (org.apache.tomee.catalina.IgnoredStandardContext)2
OpenEJBValve (org.apache.tomee.catalina.OpenEJBValve)2
TomcatWebAppBuilder (org.apache.tomee.catalina.TomcatWebAppBuilder)2
Test (org.junit.Test)2
ArrayList (java.util.ArrayList)1
