Examples with SecurityCollection org.apache.tomcat.util.descriptor.web.SecurityCollection used on opensource projects

Search in sources :

Example 26 with SecurityCollection

use of org.apache.tomcat.util.descriptor.web.SecurityCollection in project tomcat by apache.

the class TestSSOnonLoginAndBasicAuthenticator method setUpLogin.

private void setUpLogin() throws Exception {
    // Must have a real docBase for webapps - just use temp
    basicContext = tomcat.addContext(CONTEXT_PATH_LOGIN, System.getProperty("java.io.tmpdir"));
    basicContext.setSessionTimeout(SHORT_SESSION_TIMEOUT_MINS);
    // Add protected servlet to the context
    Tomcat.addServlet(basicContext, "TesterServlet3", new TesterServletEncodeUrl());
    basicContext.addServletMappingDecoded(URI_PROTECTED, "TesterServlet3");
    SecurityCollection collection = new SecurityCollection();
    collection.addPatternDecoded(URI_PROTECTED);
    SecurityConstraint sc = new SecurityConstraint();
    sc.addAuthRole(ROLE);
    sc.addCollection(collection);
    basicContext.addConstraint(sc);
    // Add unprotected servlet to the context
    Tomcat.addServlet(basicContext, "TesterServlet4", new TesterServletEncodeUrl());
    basicContext.addServletMappingDecoded(URI_PUBLIC, "TesterServlet4");
    SecurityCollection collection2 = new SecurityCollection();
    collection2.addPatternDecoded(URI_PUBLIC);
    SecurityConstraint sc2 = new SecurityConstraint();
    // do not add a role - which signals access permitted without one
    sc2.addCollection(collection2);
    basicContext.addConstraint(sc2);
    // Configure the authenticator and inherit the Realm from Engine
    LoginConfig lc = new LoginConfig();
    lc.setAuthMethod("BASIC");
    basicContext.setLoginConfig(lc);
    AuthenticatorBase basicAuthenticator = new BasicAuthenticator();
    basicContext.getPipeline().addValve(basicAuthenticator);
}
Also used : TesterServletEncodeUrl(org.apache.catalina.startup.TesterServletEncodeUrl) LoginConfig(org.apache.tomcat.util.descriptor.web.LoginConfig) SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint) SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection)

Example 27 with SecurityCollection

use of org.apache.tomcat.util.descriptor.web.SecurityCollection in project tomcat by apache.

the class TestSSOnonLoginAndBasicAuthenticator method setUpNonLogin.

private void setUpNonLogin() throws Exception {
    // Must have a real docBase for webapps - just use temp
    nonloginContext = tomcat.addContext(CONTEXT_PATH_NOLOGIN, System.getProperty("java.io.tmpdir"));
    nonloginContext.setSessionTimeout(LONG_SESSION_TIMEOUT_MINS);
    // Add protected servlet to the context
    Tomcat.addServlet(nonloginContext, "TesterServlet1", new TesterServletEncodeUrl());
    nonloginContext.addServletMappingDecoded(URI_PROTECTED, "TesterServlet1");
    SecurityCollection collection1 = new SecurityCollection();
    collection1.addPatternDecoded(URI_PROTECTED);
    SecurityConstraint sc1 = new SecurityConstraint();
    sc1.addAuthRole(ROLE);
    sc1.addCollection(collection1);
    nonloginContext.addConstraint(sc1);
    // Add unprotected servlet to the context
    Tomcat.addServlet(nonloginContext, "TesterServlet2", new TesterServletEncodeUrl());
    nonloginContext.addServletMappingDecoded(URI_PUBLIC, "TesterServlet2");
    SecurityCollection collection2 = new SecurityCollection();
    collection2.addPatternDecoded(URI_PUBLIC);
    SecurityConstraint sc2 = new SecurityConstraint();
    // do not add a role - which signals access permitted without one
    sc2.addCollection(collection2);
    nonloginContext.addConstraint(sc2);
    // Configure the authenticator and inherit the Realm from Engine
    LoginConfig lc = new LoginConfig();
    lc.setAuthMethod("NONE");
    nonloginContext.setLoginConfig(lc);
    AuthenticatorBase nonloginAuthenticator = new NonLoginAuthenticator();
    nonloginContext.getPipeline().addValve(nonloginAuthenticator);
}
Also used : TesterServletEncodeUrl(org.apache.catalina.startup.TesterServletEncodeUrl) LoginConfig(org.apache.tomcat.util.descriptor.web.LoginConfig) SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint) SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection)

Example 28 with SecurityCollection

use of org.apache.tomcat.util.descriptor.web.SecurityCollection in project tomcat by apache.

the class TestAuthenticatorBaseCorsPreflight method test.

@Test
public void test() throws Exception {
    Tomcat tomcat = getTomcatInstance();
    File appDir = new File("test/webapp");
    Context ctx = tomcat.addContext("", appDir.getAbsolutePath());
    Tomcat.addServlet(ctx, "default", new DefaultServlet());
    ctx.addServletMappingDecoded("/", "default");
    LoginConfig loginConfig = new LoginConfig();
    loginConfig.setAuthMethod("BASIC");
    ctx.setLoginConfig(loginConfig);
    BasicAuthenticator basicAuth = new BasicAuthenticator();
    basicAuth.setAllowCorsPreflight(allowCorsPreflight.toString());
    ctx.getPipeline().addValve(basicAuth);
    Realm realm = new NullRealm();
    ctx.setRealm(realm);
    SecurityCollection securityCollection = new SecurityCollection();
    securityCollection.addPattern("/*");
    SecurityConstraint constraint = new SecurityConstraint();
    constraint.setAuthConstraint(true);
    constraint.addCollection(securityCollection);
    ctx.addConstraint(constraint);
    // For code coverage
    FilterDef otherFilter = new FilterDef();
    otherFilter.setFilterName("other");
    otherFilter.setFilterClass(AddDefaultCharsetFilter.class.getName());
    FilterMap otherMap = new FilterMap();
    otherMap.setFilterName("other");
    otherMap.addURLPatternDecoded("/other");
    ctx.addFilterDef(otherFilter);
    ctx.addFilterMap(otherMap);
    FilterDef corsFilter = new FilterDef();
    corsFilter.setFilterName("cors");
    corsFilter.setFilterClass(CorsFilter.class.getName());
    corsFilter.addInitParameter(CorsFilter.PARAM_CORS_ALLOWED_ORIGINS, ALLOWED_ORIGIN);
    corsFilter.addInitParameter(CorsFilter.PARAM_CORS_ALLOWED_METHODS, ALLOWED_METHOD);
    FilterMap corsFilterMap = new FilterMap();
    corsFilterMap.setFilterName("cors");
    corsFilterMap.addURLPatternDecoded(filterMapping);
    ctx.addFilterDef(corsFilter);
    ctx.addFilterMap(corsFilterMap);
    tomcat.start();
    Map<String, List<String>> reqHead = new HashMap<>();
    if (origin != null) {
        List<String> values = new ArrayList<>();
        if (SAME_ORIGIN.equals(origin)) {
            values.add(origin + ":" + getPort());
        } else {
            values.add(origin);
        }
        reqHead.put(CorsFilter.REQUEST_HEADER_ORIGIN, values);
    }
    if (accessControl != null) {
        List<String> values = new ArrayList<>();
        values.add(accessControl);
        reqHead.put(CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD, values);
    }
    ByteChunk out = new ByteChunk();
    int rc = methodUrl("http://localhost:" + getPort() + "/target", out, 300000, reqHead, null, method, false);
    if (allow) {
        Assert.assertEquals(200, rc);
    } else {
        Assert.assertEquals(403, rc);
    }
}
Also used : Context(org.apache.catalina.Context) CorsFilter(org.apache.catalina.filters.CorsFilter) Tomcat(org.apache.catalina.startup.Tomcat) FilterDef(org.apache.tomcat.util.descriptor.web.FilterDef) HashMap(java.util.HashMap) ByteChunk(org.apache.tomcat.util.buf.ByteChunk) ArrayList(java.util.ArrayList) NullRealm(org.apache.catalina.realm.NullRealm) AddDefaultCharsetFilter(org.apache.catalina.filters.AddDefaultCharsetFilter) FilterMap(org.apache.tomcat.util.descriptor.web.FilterMap) SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint) SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint) LoginConfig(org.apache.tomcat.util.descriptor.web.LoginConfig) ArrayList(java.util.ArrayList) List(java.util.List) DefaultServlet(org.apache.catalina.servlets.DefaultServlet) File(java.io.File) NullRealm(org.apache.catalina.realm.NullRealm) Realm(org.apache.catalina.Realm) SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection) TomcatBaseTest(org.apache.catalina.startup.TomcatBaseTest) Test(org.junit.Test)

Example 29 with SecurityCollection

use of org.apache.tomcat.util.descriptor.web.SecurityCollection in project tomcat by apache.

the class TestNonLoginAndBasicAuthenticator method setUpNonLogin.

private void setUpNonLogin() throws Exception {
    // Must have a real docBase for webapps - just use temp
    nonloginContext = tomcat.addContext(CONTEXT_PATH_NOLOGIN, System.getProperty("java.io.tmpdir"));
    // Add protected servlet to the context
    Tomcat.addServlet(nonloginContext, "TesterServlet1", new TesterServlet());
    nonloginContext.addServletMappingDecoded(URI_PROTECTED, "TesterServlet1");
    SecurityCollection collection1 = new SecurityCollection();
    collection1.addPatternDecoded(URI_PROTECTED);
    SecurityConstraint sc1 = new SecurityConstraint();
    sc1.addAuthRole(ROLE);
    sc1.addCollection(collection1);
    nonloginContext.addConstraint(sc1);
    // Add unprotected servlet to the context
    Tomcat.addServlet(nonloginContext, "TesterServlet2", new TesterServlet());
    nonloginContext.addServletMappingDecoded(URI_PUBLIC, "TesterServlet2");
    SecurityCollection collection2 = new SecurityCollection();
    collection2.addPatternDecoded(URI_PUBLIC);
    SecurityConstraint sc2 = new SecurityConstraint();
    // do not add a role - which signals access permitted without one
    sc2.addCollection(collection2);
    nonloginContext.addConstraint(sc2);
    // Configure the authenticator and inherit the Realm from Engine
    LoginConfig lc = new LoginConfig();
    lc.setAuthMethod("NONE");
    nonloginContext.setLoginConfig(lc);
    AuthenticatorBase nonloginAuthenticator = new NonLoginAuthenticator();
    nonloginContext.getPipeline().addValve(nonloginAuthenticator);
}
Also used : LoginConfig(org.apache.tomcat.util.descriptor.web.LoginConfig) TesterServlet(org.apache.catalina.startup.TesterServlet) SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint) SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection)

Example 30 with SecurityCollection

use of org.apache.tomcat.util.descriptor.web.SecurityCollection in project tomcat by apache.

the class TestSSOnonLoginAndDigestAuthenticator method setUpNonLogin.

private void setUpNonLogin(Tomcat tomcat) throws Exception {
    // Must have a real docBase for webapps - just use temp
    Context ctxt = tomcat.addContext(CONTEXT_PATH_NOLOGIN, System.getProperty("java.io.tmpdir"));
    ctxt.setSessionTimeout(LONG_TIMEOUT_SECS);
    // Add protected servlet
    Tomcat.addServlet(ctxt, "TesterServlet1", new TesterServlet());
    ctxt.addServletMappingDecoded(URI_PROTECTED, "TesterServlet1");
    SecurityCollection collection1 = new SecurityCollection();
    collection1.addPatternDecoded(URI_PROTECTED);
    SecurityConstraint sc1 = new SecurityConstraint();
    sc1.addAuthRole(ROLE);
    sc1.addCollection(collection1);
    ctxt.addConstraint(sc1);
    // Add unprotected servlet
    Tomcat.addServlet(ctxt, "TesterServlet2", new TesterServlet());
    ctxt.addServletMappingDecoded(URI_PUBLIC, "TesterServlet2");
    SecurityCollection collection2 = new SecurityCollection();
    collection2.addPatternDecoded(URI_PUBLIC);
    SecurityConstraint sc2 = new SecurityConstraint();
    // do not add a role - which signals access permitted without one
    sc2.addCollection(collection2);
    ctxt.addConstraint(sc2);
    // Configure the appropriate authenticator
    LoginConfig lc = new LoginConfig();
    lc.setAuthMethod("NONE");
    ctxt.setLoginConfig(lc);
    ctxt.getPipeline().addValve(new NonLoginAuthenticator());
}
Also used : Context(org.apache.catalina.Context) LoginConfig(org.apache.tomcat.util.descriptor.web.LoginConfig) TesterServlet(org.apache.catalina.startup.TesterServlet) SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint) SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection)

Aggregations

SecurityCollection (org.apache.tomcat.util.descriptor.web.SecurityCollection)32 SecurityConstraint (org.apache.tomcat.util.descriptor.web.SecurityConstraint)31 LoginConfig (org.apache.tomcat.util.descriptor.web.LoginConfig)17 Context (org.apache.catalina.Context)16 Tomcat (org.apache.catalina.startup.Tomcat)8 TesterServlet (org.apache.catalina.startup.TesterServlet)6 Test (org.junit.Test)6 BasicAuthenticator (org.apache.catalina.authenticator.BasicAuthenticator)5 ArrayList (java.util.ArrayList)4 TesterMapRealm (org.apache.catalina.startup.TesterMapRealm)4 AuthenticatorBase (org.apache.catalina.authenticator.AuthenticatorBase)3 SSLAuthenticator (org.apache.catalina.authenticator.SSLAuthenticator)3 StandardContext (org.apache.catalina.core.StandardContext)3 DefaultServlet (org.apache.catalina.servlets.DefaultServlet)3 TomcatEmbeddedServletContainerFactory (org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory)3 ClientEndpointConfig (jakarta.websocket.ClientEndpointConfig)2 File (java.io.File)2 HashSet (java.util.HashSet)2 lombok.val (lombok.val)2 DigestAuthenticator (org.apache.catalina.authenticator.DigestAuthenticator)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial