Examples with LoginConfig org.apache.tomcat.util.descriptor.web.LoginConfig used on opensource projects

Example 16 with LoginConfig

use of org.apache.tomcat.util.descriptor.web.LoginConfig in project tomcat by apache.

the class TestSSOnonLoginAndBasicAuthenticator method setUpLogin.

private void setUpLogin() throws Exception {
    // Must have a real docBase for webapps - just use temp
    basicContext = tomcat.addContext(CONTEXT_PATH_LOGIN, System.getProperty("java.io.tmpdir"));
    basicContext.setSessionTimeout(SHORT_SESSION_TIMEOUT_MINS);
    // Add protected servlet to the context
    Tomcat.addServlet(basicContext, "TesterServlet3", new TesterServletEncodeUrl());
    basicContext.addServletMappingDecoded(URI_PROTECTED, "TesterServlet3");
    SecurityCollection collection = new SecurityCollection();
    collection.addPatternDecoded(URI_PROTECTED);
    SecurityConstraint sc = new SecurityConstraint();
    sc.addAuthRole(ROLE);
    sc.addCollection(collection);
    basicContext.addConstraint(sc);
    // Add unprotected servlet to the context
    Tomcat.addServlet(basicContext, "TesterServlet4", new TesterServletEncodeUrl());
    basicContext.addServletMappingDecoded(URI_PUBLIC, "TesterServlet4");
    SecurityCollection collection2 = new SecurityCollection();
    collection2.addPatternDecoded(URI_PUBLIC);
    SecurityConstraint sc2 = new SecurityConstraint();
    // do not add a role - which signals access permitted without one
    sc2.addCollection(collection2);
    basicContext.addConstraint(sc2);
    // Configure the authenticator and inherit the Realm from Engine
    LoginConfig lc = new LoginConfig();
    lc.setAuthMethod("BASIC");
    basicContext.setLoginConfig(lc);
    AuthenticatorBase basicAuthenticator = new BasicAuthenticator();
    basicContext.getPipeline().addValve(basicAuthenticator);
}

Example 17 with LoginConfig

use of org.apache.tomcat.util.descriptor.web.LoginConfig in project tomcat by apache.

the class TestSSOnonLoginAndBasicAuthenticator method setUpNonLogin.

private void setUpNonLogin() throws Exception {
    // Must have a real docBase for webapps - just use temp
    nonloginContext = tomcat.addContext(CONTEXT_PATH_NOLOGIN, System.getProperty("java.io.tmpdir"));
    nonloginContext.setSessionTimeout(LONG_SESSION_TIMEOUT_MINS);
    // Add protected servlet to the context
    Tomcat.addServlet(nonloginContext, "TesterServlet1", new TesterServletEncodeUrl());
    nonloginContext.addServletMappingDecoded(URI_PROTECTED, "TesterServlet1");
    SecurityCollection collection1 = new SecurityCollection();
    collection1.addPatternDecoded(URI_PROTECTED);
    SecurityConstraint sc1 = new SecurityConstraint();
    sc1.addAuthRole(ROLE);
    sc1.addCollection(collection1);
    nonloginContext.addConstraint(sc1);
    // Add unprotected servlet to the context
    Tomcat.addServlet(nonloginContext, "TesterServlet2", new TesterServletEncodeUrl());
    nonloginContext.addServletMappingDecoded(URI_PUBLIC, "TesterServlet2");
    SecurityCollection collection2 = new SecurityCollection();
    collection2.addPatternDecoded(URI_PUBLIC);
    SecurityConstraint sc2 = new SecurityConstraint();
    // do not add a role - which signals access permitted without one
    sc2.addCollection(collection2);
    nonloginContext.addConstraint(sc2);
    // Configure the authenticator and inherit the Realm from Engine
    LoginConfig lc = new LoginConfig();
    lc.setAuthMethod("NONE");
    nonloginContext.setLoginConfig(lc);
    AuthenticatorBase nonloginAuthenticator = new NonLoginAuthenticator();
    nonloginContext.getPipeline().addValve(nonloginAuthenticator);
}

Example 18 with LoginConfig

use of org.apache.tomcat.util.descriptor.web.LoginConfig in project tomcat by apache.

the class TestSSOnonLoginAndDigestAuthenticator method setUpNonLogin.

private void setUpNonLogin(Tomcat tomcat) throws Exception {
    // Must have a real docBase for webapps - just use temp
    Context ctxt = tomcat.addContext(CONTEXT_PATH_NOLOGIN, System.getProperty("java.io.tmpdir"));
    ctxt.setSessionTimeout(LONG_TIMEOUT_SECS);
    // Add protected servlet
    Tomcat.addServlet(ctxt, "TesterServlet1", new TesterServlet());
    ctxt.addServletMappingDecoded(URI_PROTECTED, "TesterServlet1");
    SecurityCollection collection1 = new SecurityCollection();
    collection1.addPatternDecoded(URI_PROTECTED);
    SecurityConstraint sc1 = new SecurityConstraint();
    sc1.addAuthRole(ROLE);
    sc1.addCollection(collection1);
    ctxt.addConstraint(sc1);
    // Add unprotected servlet
    Tomcat.addServlet(ctxt, "TesterServlet2", new TesterServlet());
    ctxt.addServletMappingDecoded(URI_PUBLIC, "TesterServlet2");
    SecurityCollection collection2 = new SecurityCollection();
    collection2.addPatternDecoded(URI_PUBLIC);
    SecurityConstraint sc2 = new SecurityConstraint();
    // do not add a role - which signals access permitted without one
    sc2.addCollection(collection2);
    ctxt.addConstraint(sc2);
    // Configure the appropriate authenticator
    LoginConfig lc = new LoginConfig();
    lc.setAuthMethod("NONE");
    ctxt.setLoginConfig(lc);
    ctxt.getPipeline().addValve(new NonLoginAuthenticator());
}

Example 19 with LoginConfig

use of org.apache.tomcat.util.descriptor.web.LoginConfig in project tomcat by apache.

the class TesterDigestAuthenticatorPerformance method setUp.

@Before
public void setUp() throws Exception {
    ConcurrentMessageDigest.init("MD5");
    // Configure the Realm
    TesterMapRealm realm = new TesterMapRealm();
    realm.addUser(USER, PWD);
    realm.addUserRole(USER, ROLE);
    // Add the Realm to the Context
    Context context = new StandardContext();
    context.setName(CONTEXT_PATH);
    context.setRealm(realm);
    Host host = new StandardHost();
    context.setParent(host);
    Engine engine = new StandardEngine();
    host.setParent(engine);
    Service service = new StandardService();
    engine.setService(service);
    // Configure the Login config
    LoginConfig config = new LoginConfig();
    config.setRealmName(REALM);
    context.setLoginConfig(config);
    // Make the Context and Realm visible to the Authenticator
    authenticator.setContainer(context);
    authenticator.setNonceCountWindowSize(8 * 1024);
    authenticator.start();
}

Example 20 with LoginConfig

use of org.apache.tomcat.util.descriptor.web.LoginConfig in project tomcat by apache.

the class TestStandardContext method doTestDenyUncoveredHttpMethodsSCI.

private void doTestDenyUncoveredHttpMethodsSCI(boolean enableDeny) throws Exception {
    // Test that denying uncovered HTTP methods when adding servlet security
    // constraints programmatically does work.
    // Set up a container
    Tomcat tomcat = getTomcatInstance();
    // No file system docBase required
    Context ctx = tomcat.addContext("", null);
    ctx.setDenyUncoveredHttpMethods(enableDeny);
    // Setup realm
    TesterMapRealm realm = new TesterMapRealm();
    realm.addUser("tomcat", "tomcat");
    realm.addUserRole("tomcat", "tomcat");
    ctx.setRealm(realm);
    // Configure app for BASIC auth
    LoginConfig lc = new LoginConfig();
    lc.setAuthMethod("BASIC");
    ctx.setLoginConfig(lc);
    ctx.getPipeline().addValve(new BasicAuthenticator());
    // Add ServletContainerInitializer
    ServletContainerInitializer sci = new DenyUncoveredHttpMethodsSCI();
    ctx.addServletContainerInitializer(sci, null);
    // Start the context
    tomcat.start();
    // Request the first servlet
    ByteChunk bc = new ByteChunk();
    int rc = getUrl("http://localhost:" + getPort() + "/test", bc, null);
    // Check for a 401
    if (enableDeny) {
        // Should be default error page
        Assert.assertTrue(bc.toString().contains("403"));
        Assert.assertEquals(403, rc);
    } else {
        Assert.assertEquals("OK", bc.toString());
        Assert.assertEquals(200, rc);
    }
}