use of org.apache.tomcat.util.descriptor.web.LoginConfig in project tomcat by apache.
the class TestStandardWrapper method doTest.
private void doTest(String servletClassName, boolean usePost, boolean useRole, boolean expect200, boolean denyUncovered) throws Exception {
// Setup Tomcat instance
Tomcat tomcat = getTomcatInstance();
// No file system docBase required
Context ctx = tomcat.addContext("", null);
ctx.setDenyUncoveredHttpMethods(denyUncovered);
Wrapper wrapper = Tomcat.addServlet(ctx, "servlet", servletClassName);
wrapper.setAsyncSupported(true);
ctx.addServletMappingDecoded("/", "servlet");
if (useRole) {
TesterMapRealm realm = new TesterMapRealm();
realm.addUser("testUser", "testPwd");
realm.addUserRole("testUser", "testRole");
ctx.setRealm(realm);
ctx.setLoginConfig(new LoginConfig("BASIC", null, null, null));
ctx.getPipeline().addValve(new BasicAuthenticator());
}
tomcat.start();
ByteChunk bc = new ByteChunk();
Map<String, List<String>> reqHeaders = null;
if (useRole) {
reqHeaders = new HashMap<>();
List<String> authHeaders = new ArrayList<>();
// testUser, testPwd
authHeaders.add("Basic dGVzdFVzZXI6dGVzdFB3ZA==");
reqHeaders.put("Authorization", authHeaders);
}
int rc;
if (usePost) {
rc = postUrl(null, "http://localhost:" + getPort() + "/", bc, reqHeaders, null);
} else {
rc = getUrl("http://localhost:" + getPort() + "/", bc, reqHeaders, null);
}
if (expect200) {
assertEquals("OK", bc.toString());
assertEquals(200, rc);
} else {
assertTrue(bc.getLength() > 0);
assertEquals(403, rc);
}
}
use of org.apache.tomcat.util.descriptor.web.LoginConfig in project tomcat by apache.
the class TestStandardContext method testBug50015.
@Test
public void testBug50015() throws Exception {
// Test that configuring servlet security constraints programmatically
// does work.
// Set up a container
Tomcat tomcat = getTomcatInstance();
// No file system docBase required
Context ctx = tomcat.addContext("", null);
// Setup realm
TesterMapRealm realm = new TesterMapRealm();
realm.addUser("tomcat", "tomcat");
realm.addUserRole("tomcat", "tomcat");
ctx.setRealm(realm);
// Configure app for BASIC auth
LoginConfig lc = new LoginConfig();
lc.setAuthMethod("BASIC");
ctx.setLoginConfig(lc);
ctx.getPipeline().addValve(new BasicAuthenticator());
// Add ServletContainerInitializer
ServletContainerInitializer sci = new Bug50015SCI();
ctx.addServletContainerInitializer(sci, null);
// Start the context
tomcat.start();
// Request the first servlet
ByteChunk bc = new ByteChunk();
int rc = getUrl("http://localhost:" + getPort() + "/bug50015", bc, null);
// Check for a 401
assertNotSame("OK", bc.toString());
assertEquals(401, rc);
}
use of org.apache.tomcat.util.descriptor.web.LoginConfig in project tomee by apache.
the class ConfigurationTest method autoConfig.
@Test
public void autoConfig() {
final Configuration configuration = new Configuration();
configuration.loadFromProperties(new PropertiesBuilder().p("http", "1234").p("stop", "1235").p("host", "here").p("dir", "target/dirtmp").p("quickSession", "false").p("webResourceCached", "false").p("withEjbRemote", "true").p("deployOpenEjbApp", "true").p("users.u1", "p1").p("users.u2", "p2").p("roles.admin", "u1,u2").p("roles.simple", "u1").p("realm", "org.apache.catalina.realm.JAASRealm").p("realm.appName", "app").p("realm.configFile", "configuration.jaas").p("login", "").p("login.realmName", "app").p("login.authMethod", "BASIC").p("securityConstraint", "").p("securityConstraint.authConstraint", "true").p("securityConstraint.authRole", "**").p("securityConstraint.collection", "api:/api/*").build());
assertEquals(1234, configuration.getHttpPort());
assertEquals(1235, configuration.getStopPort());
assertEquals("target/dirtmp", configuration.getDir());
assertFalse(configuration.isQuickSession());
assertTrue(configuration.isWithEjbRemote());
assertTrue(configuration.isDeployOpenEjbApp());
assertEquals(new HashMap<String, String>() {
{
put("u1", "p1");
put("u2", "p2");
}
}, configuration.getUsers());
assertEquals(new HashMap<String, String>() {
{
put("admin", "u1,u2");
put("simple", "u1");
}
}, configuration.getRoles());
assertNotNull(configuration.getRealm());
assertTrue(JAASRealm.class.isInstance(configuration.getRealm()));
final JAASRealm realm = JAASRealm.class.cast(configuration.getRealm());
assertEquals("app", realm.getAppName());
assertEquals("configuration.jaas", realm.getConfigFile());
assertNotNull(configuration.getLoginConfig());
final LoginConfig loginConfig = configuration.getLoginConfig().build();
assertEquals("app", loginConfig.getRealmName());
assertEquals("BASIC", loginConfig.getAuthMethod());
final Collection<SecurityConstaintBuilder> securityConstraints = configuration.getSecurityConstraints();
assertNotNull(securityConstraints);
assertEquals(1, securityConstraints.size());
final SecurityConstraint constraint = securityConstraints.iterator().next().build();
assertTrue(constraint.getAuthConstraint());
assertTrue(constraint.getAuthenticatedUsers());
assertEquals("/api/*", constraint.findCollection("api").findPatterns()[0]);
}
use of org.apache.tomcat.util.descriptor.web.LoginConfig in project tomee by apache.
the class TomcatWsRegistry method createNewContext.
private static Context createNewContext(final ClassLoader classLoader, String authMethod, String transportGuarantee, final String realmName, final String name) {
String path = name;
if (path == null) {
path = "/";
}
if (!path.startsWith("/")) {
path = "/" + path;
}
final StandardContext context = new IgnoredStandardContext();
context.setPath(path);
context.setDocBase("");
context.setParentClassLoader(classLoader);
context.setDelegate(true);
context.setName(name);
((TomcatWebAppBuilder) SystemInstance.get().getComponent(WebAppBuilder.class)).initJ2EEInfo(context);
// Configure security
if (authMethod != null) {
authMethod = authMethod.toUpperCase();
}
if (transportGuarantee != null) {
transportGuarantee = transportGuarantee.toUpperCase();
}
if (authMethod == null || "NONE".equals(authMethod)) {
//NOPMD
// ignore none for now as the NonLoginAuthenticator seems to be completely hosed
} else if ("BASIC".equals(authMethod) || "DIGEST".equals(authMethod) || "CLIENT-CERT".equals(authMethod)) {
//Setup a login configuration
final LoginConfig loginConfig = new LoginConfig();
loginConfig.setAuthMethod(authMethod);
loginConfig.setRealmName(realmName);
context.setLoginConfig(loginConfig);
//Setup a default Security Constraint
final String securityRole = SystemInstance.get().getProperty(TOMEE_JAXWS_SECURITY_ROLE_PREFIX + name, "default");
for (final String role : securityRole.split(",")) {
final SecurityCollection collection = new SecurityCollection();
collection.addMethod("GET");
collection.addMethod("POST");
collection.addPattern("/*");
collection.setName(role);
final SecurityConstraint sc = new SecurityConstraint();
sc.addAuthRole("*");
sc.addCollection(collection);
sc.setAuthConstraint(true);
sc.setUserConstraint(transportGuarantee);
context.addConstraint(sc);
context.addSecurityRole(role);
}
//Set the proper authenticator
if ("BASIC".equals(authMethod)) {
context.addValve(new BasicAuthenticator());
} else if ("DIGEST".equals(authMethod)) {
context.addValve(new DigestAuthenticator());
} else if ("CLIENT-CERT".equals(authMethod)) {
context.addValve(new SSLAuthenticator());
} else if ("NONE".equals(authMethod)) {
context.addValve(new NonLoginAuthenticator());
}
context.getPipeline().addValve(new OpenEJBValve());
} else {
throw new IllegalArgumentException("Invalid authMethod: " + authMethod);
}
return context;
}
use of org.apache.tomcat.util.descriptor.web.LoginConfig in project tomcat by apache.
the class AuthenticatorBase method getRealmName.
protected static String getRealmName(Context context) {
if (context == null) {
// Very unlikely
return REALM_NAME;
}
LoginConfig config = context.getLoginConfig();
if (config == null) {
return REALM_NAME;
}
String result = config.getRealmName();
if (result == null) {
return REALM_NAME;
}
return result;
}
Aggregations