Example 16 with SecurityCollection
use of org.apache.tomcat.util.descriptor.web.SecurityCollection in project tomcat by apache.
the class TestNonLoginAndBasicAuthenticator method setUpNonLogin.
private void setUpNonLogin() throws Exception {
// Must have a real docBase for webapps - just use temp
nonloginContext = tomcat.addContext(CONTEXT_PATH_NOLOGIN, System.getProperty("java.io.tmpdir"));
// Add protected servlet to the context
Tomcat.addServlet(nonloginContext, "TesterServlet1", new TesterServlet());
nonloginContext.addServletMappingDecoded(URI_PROTECTED, "TesterServlet1");
SecurityCollection collection1 = new SecurityCollection();
collection1.addPatternDecoded(URI_PROTECTED);
SecurityConstraint sc1 = new SecurityConstraint();
sc1.addAuthRole(ROLE);
sc1.addCollection(collection1);
nonloginContext.addConstraint(sc1);
// Add unprotected servlet to the context
Tomcat.addServlet(nonloginContext, "TesterServlet2", new TesterServlet());
nonloginContext.addServletMappingDecoded(URI_PUBLIC, "TesterServlet2");
SecurityCollection collection2 = new SecurityCollection();
collection2.addPatternDecoded(URI_PUBLIC);
SecurityConstraint sc2 = new SecurityConstraint();
// do not add a role - which signals access permitted without one
sc2.addCollection(collection2);
nonloginContext.addConstraint(sc2);
// Configure the authenticator and inherit the Realm from Engine
LoginConfig lc = new LoginConfig();
lc.setAuthMethod("NONE");
nonloginContext.setLoginConfig(lc);
AuthenticatorBase nonloginAuthenticator = new NonLoginAuthenticator();
nonloginContext.getPipeline().addValve(nonloginAuthenticator);
}
Also used :
LoginConfig(org.apache.tomcat.util.descriptor.web.LoginConfig)
TesterServlet(org.apache.catalina.startup.TesterServlet)
SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint)
SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection)
Example 17 with SecurityCollection
use of org.apache.tomcat.util.descriptor.web.SecurityCollection in project tomcat by apache.
the class TestSSOnonLoginAndBasicAuthenticator method setUpLogin.
private void setUpLogin() throws Exception {
// Must have a real docBase for webapps - just use temp
basicContext = tomcat.addContext(CONTEXT_PATH_LOGIN, System.getProperty("java.io.tmpdir"));
basicContext.setSessionTimeout(SHORT_SESSION_TIMEOUT_MINS);
// Add protected servlet to the context
Tomcat.addServlet(basicContext, "TesterServlet3", new TesterServletEncodeUrl());
basicContext.addServletMappingDecoded(URI_PROTECTED, "TesterServlet3");
SecurityCollection collection = new SecurityCollection();
collection.addPatternDecoded(URI_PROTECTED);
SecurityConstraint sc = new SecurityConstraint();
sc.addAuthRole(ROLE);
sc.addCollection(collection);
basicContext.addConstraint(sc);
// Add unprotected servlet to the context
Tomcat.addServlet(basicContext, "TesterServlet4", new TesterServletEncodeUrl());
basicContext.addServletMappingDecoded(URI_PUBLIC, "TesterServlet4");
SecurityCollection collection2 = new SecurityCollection();
collection2.addPatternDecoded(URI_PUBLIC);
SecurityConstraint sc2 = new SecurityConstraint();
// do not add a role - which signals access permitted without one
sc2.addCollection(collection2);
basicContext.addConstraint(sc2);
// Configure the authenticator and inherit the Realm from Engine
LoginConfig lc = new LoginConfig();
lc.setAuthMethod("BASIC");
basicContext.setLoginConfig(lc);
AuthenticatorBase basicAuthenticator = new BasicAuthenticator();
basicContext.getPipeline().addValve(basicAuthenticator);
}
Also used :
TesterServletEncodeUrl(org.apache.catalina.startup.TesterServletEncodeUrl)
LoginConfig(org.apache.tomcat.util.descriptor.web.LoginConfig)
SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint)
SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection)
Example 18 with SecurityCollection
use of org.apache.tomcat.util.descriptor.web.SecurityCollection in project tomcat by apache.
the class TestSSOnonLoginAndBasicAuthenticator method setUpNonLogin.
private void setUpNonLogin() throws Exception {
// Must have a real docBase for webapps - just use temp
nonloginContext = tomcat.addContext(CONTEXT_PATH_NOLOGIN, System.getProperty("java.io.tmpdir"));
nonloginContext.setSessionTimeout(LONG_SESSION_TIMEOUT_MINS);
// Add protected servlet to the context
Tomcat.addServlet(nonloginContext, "TesterServlet1", new TesterServletEncodeUrl());
nonloginContext.addServletMappingDecoded(URI_PROTECTED, "TesterServlet1");
SecurityCollection collection1 = new SecurityCollection();
collection1.addPatternDecoded(URI_PROTECTED);
SecurityConstraint sc1 = new SecurityConstraint();
sc1.addAuthRole(ROLE);
sc1.addCollection(collection1);
nonloginContext.addConstraint(sc1);
// Add unprotected servlet to the context
Tomcat.addServlet(nonloginContext, "TesterServlet2", new TesterServletEncodeUrl());
nonloginContext.addServletMappingDecoded(URI_PUBLIC, "TesterServlet2");
SecurityCollection collection2 = new SecurityCollection();
collection2.addPatternDecoded(URI_PUBLIC);
SecurityConstraint sc2 = new SecurityConstraint();
// do not add a role - which signals access permitted without one
sc2.addCollection(collection2);
nonloginContext.addConstraint(sc2);
// Configure the authenticator and inherit the Realm from Engine
LoginConfig lc = new LoginConfig();
lc.setAuthMethod("NONE");
nonloginContext.setLoginConfig(lc);
AuthenticatorBase nonloginAuthenticator = new NonLoginAuthenticator();
nonloginContext.getPipeline().addValve(nonloginAuthenticator);
}
Also used :
TesterServletEncodeUrl(org.apache.catalina.startup.TesterServletEncodeUrl)
LoginConfig(org.apache.tomcat.util.descriptor.web.LoginConfig)
SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint)
SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection)
Example 19 with SecurityCollection
use of org.apache.tomcat.util.descriptor.web.SecurityCollection in project tomcat by apache.
the class TestSSOnonLoginAndDigestAuthenticator method setUpNonLogin.
private void setUpNonLogin(Tomcat tomcat) throws Exception {
// Must have a real docBase for webapps - just use temp
Context ctxt = tomcat.addContext(CONTEXT_PATH_NOLOGIN, System.getProperty("java.io.tmpdir"));
ctxt.setSessionTimeout(LONG_TIMEOUT_SECS);
// Add protected servlet
Tomcat.addServlet(ctxt, "TesterServlet1", new TesterServlet());
ctxt.addServletMappingDecoded(URI_PROTECTED, "TesterServlet1");
SecurityCollection collection1 = new SecurityCollection();
collection1.addPatternDecoded(URI_PROTECTED);
SecurityConstraint sc1 = new SecurityConstraint();
sc1.addAuthRole(ROLE);
sc1.addCollection(collection1);
ctxt.addConstraint(sc1);
// Add unprotected servlet
Tomcat.addServlet(ctxt, "TesterServlet2", new TesterServlet());
ctxt.addServletMappingDecoded(URI_PUBLIC, "TesterServlet2");
SecurityCollection collection2 = new SecurityCollection();
collection2.addPatternDecoded(URI_PUBLIC);
SecurityConstraint sc2 = new SecurityConstraint();
// do not add a role - which signals access permitted without one
sc2.addCollection(collection2);
ctxt.addConstraint(sc2);
// Configure the appropriate authenticator
LoginConfig lc = new LoginConfig();
lc.setAuthMethod("NONE");
ctxt.setLoginConfig(lc);
ctxt.getPipeline().addValve(new NonLoginAuthenticator());
}
Also used :
Context(org.apache.catalina.Context)
LoginConfig(org.apache.tomcat.util.descriptor.web.LoginConfig)
TesterServlet(org.apache.catalina.startup.TesterServlet)
SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint)
SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection)
Example 20 with SecurityCollection
use of org.apache.tomcat.util.descriptor.web.SecurityCollection in project tomee by apache.
the class CdiEventRealmTest method find.
@Test
public void find() {
final SecurityConstraint[] securityConstraints = new CdiEventRealm().findSecurityConstraints(mock(Request.class), mock(Context.class));
assertEquals(1, securityConstraints.length);
final SecurityConstraint c = securityConstraints[0];
assertEquals("CONFIDENTIAL", c.getUserConstraint());
assertEquals(2, c.findAuthRoles().length);
assertEquals(1, c.findCollections().length);
SecurityCollection sc = c.findCollections()[0];
assertTrue(sc.findPattern("/*"));
}
Also used :
GSSContext(org.ietf.jgss.GSSContext)
Context(org.apache.catalina.Context)
CdiEventRealm(org.apache.tomee.catalina.realm.CdiEventRealm)
Request(org.apache.catalina.connector.Request)
SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint)
SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection)
Test(org.junit.Test)
Aggregations
SecurityCollection (org.apache.tomcat.util.descriptor.web.SecurityCollection)22
SecurityConstraint (org.apache.tomcat.util.descriptor.web.SecurityConstraint)21
LoginConfig (org.apache.tomcat.util.descriptor.web.LoginConfig)11
Context (org.apache.catalina.Context)10
TesterServlet (org.apache.catalina.startup.TesterServlet)5
Tomcat (org.apache.catalina.startup.Tomcat)4
ArrayList (java.util.ArrayList)3
BasicAuthenticator (org.apache.catalina.authenticator.BasicAuthenticator)3
SSLAuthenticator (org.apache.catalina.authenticator.SSLAuthenticator)3
StandardContext (org.apache.catalina.core.StandardContext)3
TesterMapRealm (org.apache.catalina.startup.TesterMapRealm)3
DigestAuthenticator (org.apache.catalina.authenticator.DigestAuthenticator)2
NonLoginAuthenticator (org.apache.catalina.authenticator.NonLoginAuthenticator)2
TesterServletEncodeUrl (org.apache.catalina.startup.TesterServletEncodeUrl)2
TesterContext (org.apache.tomcat.unittest.TesterContext)2
IgnoredStandardContext (org.apache.tomee.catalina.IgnoredStandardContext)2
OpenEJBValve (org.apache.tomee.catalina.OpenEJBValve)2
TomcatWebAppBuilder (org.apache.tomee.catalina.TomcatWebAppBuilder)2
Test (org.junit.Test)2
ConsumerContextConfig (com.dell.cpsd.service.common.client.context.ConsumerContextConfig)1
