Search in sources :

Example 6 with BasicAuthenticator

use of org.apache.catalina.authenticator.BasicAuthenticator in project tomcat by apache.

the class TestStandardContext method doTestDenyUncoveredHttpMethodsSCI.

private void doTestDenyUncoveredHttpMethodsSCI(boolean enableDeny) throws Exception {
    // Test that denying uncovered HTTP methods when adding servlet security
    // constraints programmatically does work.
    // Set up a container
    Tomcat tomcat = getTomcatInstance();
    // No file system docBase required
    Context ctx = tomcat.addContext("", null);
    ctx.setDenyUncoveredHttpMethods(enableDeny);
    // Setup realm
    TesterMapRealm realm = new TesterMapRealm();
    realm.addUser("tomcat", "tomcat");
    realm.addUserRole("tomcat", "tomcat");
    ctx.setRealm(realm);
    // Configure app for BASIC auth
    LoginConfig lc = new LoginConfig();
    lc.setAuthMethod("BASIC");
    ctx.setLoginConfig(lc);
    ctx.getPipeline().addValve(new BasicAuthenticator());
    // Add ServletContainerInitializer
    ServletContainerInitializer sci = new DenyUncoveredHttpMethodsSCI();
    ctx.addServletContainerInitializer(sci, null);
    // Start the context
    tomcat.start();
    // Request the first servlet
    ByteChunk bc = new ByteChunk();
    int rc = getUrl("http://localhost:" + getPort() + "/test", bc, null);
    // Check for a 401
    if (enableDeny) {
        // Should be default error page
        Assert.assertTrue(bc.toString().contains("403"));
        Assert.assertEquals(403, rc);
    } else {
        Assert.assertEquals("OK", bc.toString());
        Assert.assertEquals(200, rc);
    }
}
Also used : Context(org.apache.catalina.Context) ServletContext(javax.servlet.ServletContext) ServletContainerInitializer(javax.servlet.ServletContainerInitializer) Tomcat(org.apache.catalina.startup.Tomcat) TesterMapRealm(org.apache.catalina.startup.TesterMapRealm) BasicAuthenticator(org.apache.catalina.authenticator.BasicAuthenticator) ByteChunk(org.apache.tomcat.util.buf.ByteChunk) LoginConfig(org.apache.tomcat.util.descriptor.web.LoginConfig)

Example 7 with BasicAuthenticator

use of org.apache.catalina.authenticator.BasicAuthenticator in project tomcat by apache.

the class TestRestCsrfPreventionFilter2 method setUpApplication.

private void setUpApplication() throws Exception {
    context = tomcat.addContext(CONTEXT_PATH_LOGIN, System.getProperty("java.io.tmpdir"));
    context.setSessionTimeout(SHORT_SESSION_TIMEOUT_MINS);
    Tomcat.addServlet(context, SERVLET_NAME, new TesterServlet());
    context.addServletMappingDecoded(URI_PROTECTED, SERVLET_NAME);
    FilterDef filterDef = new FilterDef();
    filterDef.setFilterName(FILTER_NAME);
    filterDef.setFilterClass(RestCsrfPreventionFilter.class.getCanonicalName());
    filterDef.addInitParameter(FILTER_INIT_PARAM, REMOVE_CUSTOMER + "," + ADD_CUSTOMER);
    context.addFilterDef(filterDef);
    FilterMap filterMap = new FilterMap();
    filterMap.setFilterName(FILTER_NAME);
    filterMap.addURLPatternDecoded(URI_CSRF_PROTECTED);
    context.addFilterMap(filterMap);
    SecurityCollection collection = new SecurityCollection();
    collection.addPatternDecoded(URI_PROTECTED);
    SecurityConstraint sc = new SecurityConstraint();
    sc.addAuthRole(ROLE);
    sc.addCollection(collection);
    context.addConstraint(sc);
    LoginConfig lc = new LoginConfig();
    lc.setAuthMethod(METHOD);
    context.setLoginConfig(lc);
    AuthenticatorBase basicAuthenticator = new BasicAuthenticator();
    context.getPipeline().addValve(basicAuthenticator);
}
Also used : AuthenticatorBase(org.apache.catalina.authenticator.AuthenticatorBase) FilterDef(org.apache.tomcat.util.descriptor.web.FilterDef) BasicAuthenticator(org.apache.catalina.authenticator.BasicAuthenticator) LoginConfig(org.apache.tomcat.util.descriptor.web.LoginConfig) FilterMap(org.apache.tomcat.util.descriptor.web.FilterMap) SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint) SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection)

Example 8 with BasicAuthenticator

use of org.apache.catalina.authenticator.BasicAuthenticator in project cas by apereo.

the class CasEmbeddedContainerTomcatConfiguration method configureBasicAuthn.

private void configureBasicAuthn(final TomcatEmbeddedServletContainerFactory tomcat) {
    final CasEmbeddedApacheTomcatBasicAuthenticationProperties basic = casProperties.getServer().getBasicAuthn();
    if (basic.isEnabled()) {
        tomcat.addContextCustomizers(ctx -> {
            final LoginConfig config = new LoginConfig();
            config.setAuthMethod("BASIC");
            ctx.setLoginConfig(config);
            basic.getSecurityRoles().forEach(ctx::addSecurityRole);
            basic.getAuthRoles().forEach(r -> {
                final SecurityConstraint constraint = new SecurityConstraint();
                constraint.addAuthRole(r);
                final SecurityCollection collection = new SecurityCollection();
                basic.getPatterns().forEach(collection::addPattern);
                constraint.addCollection(collection);
                ctx.addConstraint(constraint);
            });
        });
        tomcat.addContextValves(new BasicAuthenticator());
    }
}
Also used : BasicAuthenticator(org.apache.catalina.authenticator.BasicAuthenticator) LoginConfig(org.apache.tomcat.util.descriptor.web.LoginConfig) CasEmbeddedApacheTomcatBasicAuthenticationProperties(org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatBasicAuthenticationProperties) SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint) SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection)

Aggregations

BasicAuthenticator (org.apache.catalina.authenticator.BasicAuthenticator)8 LoginConfig (org.apache.tomcat.util.descriptor.web.LoginConfig)8 Context (org.apache.catalina.Context)4 TesterMapRealm (org.apache.catalina.startup.TesterMapRealm)4 Tomcat (org.apache.catalina.startup.Tomcat)4 ByteChunk (org.apache.tomcat.util.buf.ByteChunk)4 SecurityCollection (org.apache.tomcat.util.descriptor.web.SecurityCollection)4 SecurityConstraint (org.apache.tomcat.util.descriptor.web.SecurityConstraint)4 ServletContext (javax.servlet.ServletContext)3 ServletContainerInitializer (javax.servlet.ServletContainerInitializer)2 DigestAuthenticator (org.apache.catalina.authenticator.DigestAuthenticator)2 NonLoginAuthenticator (org.apache.catalina.authenticator.NonLoginAuthenticator)2 SSLAuthenticator (org.apache.catalina.authenticator.SSLAuthenticator)2 StandardContext (org.apache.catalina.core.StandardContext)2 TomcatBaseTest (org.apache.catalina.startup.TomcatBaseTest)2 IgnoredStandardContext (org.apache.tomee.catalina.IgnoredStandardContext)2 OpenEJBValve (org.apache.tomee.catalina.OpenEJBValve)2 TomcatWebAppBuilder (org.apache.tomee.catalina.TomcatWebAppBuilder)2 Test (org.junit.Test)2 ArrayList (java.util.ArrayList)1