Search in sources :

Example 1 with MessageDigestCredentialHandler

use of org.apache.catalina.realm.MessageDigestCredentialHandler in project tomcat by apache.

the class TestStandardWrapper method doTestRoleMapping.

private void doTestRoleMapping(String realmContainer) throws Exception {
    // Setup Tomcat instance
    Tomcat tomcat = getTomcatInstance();
    // No file system docBase required
    Context ctx = tomcat.addContext("", null);
    ctx.addRoleMapping("testRole", "very-complex-role-name");
    Wrapper wrapper = Tomcat.addServlet(ctx, "servlet", RoleAllowServlet.class.getName());
    ctx.addServletMappingDecoded("/", "servlet");
    ctx.setLoginConfig(new LoginConfig("BASIC", null, null, null));
    ctx.getPipeline().addValve(new BasicAuthenticator());
    TesterMapRealm realm = new TesterMapRealm();
    MessageDigestCredentialHandler ch = new MessageDigestCredentialHandler();
    ch.setAlgorithm("SHA");
    realm.setCredentialHandler(ch);
    /* Attach the realm to the appropriate container, but role mapping must
         * always succeed because it is evaluated at context level.
         */
    if (realmContainer.equals("engine")) {
        tomcat.getEngine().setRealm(realm);
    } else if (realmContainer.equals("host")) {
        tomcat.getHost().setRealm(realm);
    } else if (realmContainer.equals("context")) {
        ctx.setRealm(realm);
    } else {
        throw new IllegalArgumentException("realmContainer is invalid");
    }
    realm.addUser("testUser", ch.mutate("testPwd"));
    realm.addUserRole("testUser", "testRole1");
    realm.addUserRole("testUser", "very-complex-role-name");
    realm.addUserRole("testUser", "another-very-complex-role-name");
    tomcat.start();
    Principal p = realm.authenticate("testUser", "testPwd");
    Assert.assertNotNull(p);
    Assert.assertEquals("testUser", p.getName());
    // This one is mapped
    Assert.assertTrue(realm.hasRole(wrapper, p, "testRole"));
    Assert.assertTrue(realm.hasRole(wrapper, p, "testRole1"));
    Assert.assertFalse(realm.hasRole(wrapper, p, "testRole2"));
    Assert.assertTrue(realm.hasRole(wrapper, p, "very-complex-role-name"));
    Assert.assertTrue(realm.hasRole(wrapper, p, "another-very-complex-role-name"));
    // This now tests RealmBase#hasResourcePermission() because we need a wrapper
    // to be passed from an authenticator
    ByteChunk bc = new ByteChunk();
    Map<String, List<String>> reqHeaders = new HashMap<>();
    List<String> authHeaders = new ArrayList<>();
    // testUser, testPwd
    authHeaders.add("Basic dGVzdFVzZXI6dGVzdFB3ZA==");
    reqHeaders.put("Authorization", authHeaders);
    int rc = getUrl("http://localhost:" + getPort() + "/", bc, reqHeaders, null);
    Assert.assertEquals("OK", bc.toString());
    Assert.assertEquals(200, rc);
}
Also used : Context(org.apache.catalina.Context) ServletContext(jakarta.servlet.ServletContext) Wrapper(org.apache.catalina.Wrapper) Tomcat(org.apache.catalina.startup.Tomcat) ByteChunk(org.apache.tomcat.util.buf.ByteChunk) HashMap(java.util.HashMap) MessageDigestCredentialHandler(org.apache.catalina.realm.MessageDigestCredentialHandler) ArrayList(java.util.ArrayList) HttpConstraint(jakarta.servlet.annotation.HttpConstraint) HttpMethodConstraint(jakarta.servlet.annotation.HttpMethodConstraint) TesterMapRealm(org.apache.catalina.startup.TesterMapRealm) BasicAuthenticator(org.apache.catalina.authenticator.BasicAuthenticator) LoginConfig(org.apache.tomcat.util.descriptor.web.LoginConfig) ArrayList(java.util.ArrayList) List(java.util.List) Principal(java.security.Principal)

Aggregations

ServletContext (jakarta.servlet.ServletContext)1 HttpConstraint (jakarta.servlet.annotation.HttpConstraint)1 HttpMethodConstraint (jakarta.servlet.annotation.HttpMethodConstraint)1 Principal (java.security.Principal)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 List (java.util.List)1 Context (org.apache.catalina.Context)1 Wrapper (org.apache.catalina.Wrapper)1 BasicAuthenticator (org.apache.catalina.authenticator.BasicAuthenticator)1 MessageDigestCredentialHandler (org.apache.catalina.realm.MessageDigestCredentialHandler)1 TesterMapRealm (org.apache.catalina.startup.TesterMapRealm)1 Tomcat (org.apache.catalina.startup.Tomcat)1 ByteChunk (org.apache.tomcat.util.buf.ByteChunk)1 LoginConfig (org.apache.tomcat.util.descriptor.web.LoginConfig)1