Examples with JAASLoginService - org.eclipse.jetty.plus.jaas.JAASLoginService

Example 1 with JAASLoginService

use of org.eclipse.jetty.plus.jaas.JAASLoginService in project h2o-3 by h2oai.

the class JettyHTTPD method createServer.

protected void createServer(Connector connector) throws Exception {
    _server.setConnectors(new Connector[] { connector });
    if (H2O.ARGS.hash_login || H2O.ARGS.ldap_login || H2O.ARGS.kerberos_login) {
        // REFER TO http://www.eclipse.org/jetty/documentation/9.1.4.v20140401/embedded-examples.html#embedded-secured-hello-handler
        if (H2O.ARGS.login_conf == null) {
            Log.err("Must specify -login_conf argument");
            H2O.exit(1);
        }
        LoginService loginService;
        if (H2O.ARGS.hash_login) {
            Log.info("Configuring HashLoginService");
            loginService = new HashLoginService("H2O", H2O.ARGS.login_conf);
        } else if (H2O.ARGS.ldap_login) {
            Log.info("Configuring JAASLoginService (with LDAP)");
            System.setProperty("java.security.auth.login.config", H2O.ARGS.login_conf);
            loginService = new JAASLoginService("ldaploginmodule");
        } else if (H2O.ARGS.kerberos_login) {
            Log.info("Configuring JAASLoginService (with Kerberos)");
            System.setProperty("java.security.auth.login.config", H2O.ARGS.login_conf);
            loginService = new JAASLoginService("krb5loginmodule");
        } else {
            throw H2O.fail();
        }
        IdentityService identityService = new DefaultIdentityService();
        loginService.setIdentityService(identityService);
        _server.addBean(loginService);
        // Set a security handler as the first handler in the chain.
        ConstraintSecurityHandler security = new ConstraintSecurityHandler();
        // Set up a constraint to authenticate all calls, and allow certain roles in.
        Constraint constraint = new Constraint();
        constraint.setName("auth");
        constraint.setAuthenticate(true);
        // Configure role stuff (to be disregarded).  We are ignoring roles, and only going off the user name.
        //
        //   Jetty 8 and prior.
        //
        //     Jetty 8 requires the security.setStrict(false) and ANY_ROLE.
        security.setStrict(false);
        constraint.setRoles(new String[] { Constraint.ANY_ROLE });
        //   Jetty 9 and later.
        //
        //     Jetty 9 and later uses a different servlet spec, and ANY_AUTH gives the same behavior
        //     for that API version as ANY_ROLE did previously.  This required some low-level debugging
        //     to figure out, so I'm documenting it here.
        //     Jetty 9 did not require security.setStrict(false).
        //
        // constraint.setRoles(new String[]{Constraint.ANY_AUTH});
        ConstraintMapping mapping = new ConstraintMapping();
        // Lock down all API calls
        mapping.setPathSpec("/*");
        mapping.setConstraint(constraint);
        security.setConstraintMappings(Collections.singletonList(mapping));
        // Authentication / Authorization
        security.setAuthenticator(new BasicAuthenticator());
        security.setLoginService(loginService);
        // Pass-through to H2O if authenticated.
        registerHandlers(security);
        _server.setHandler(security);
    } else {
        registerHandlers(_server);
    }
    _server.start();
}

Also used : BasicAuthenticator(org.eclipse.jetty.security.authentication.BasicAuthenticator) Constraint(org.eclipse.jetty.util.security.Constraint) JAASLoginService(org.eclipse.jetty.plus.jaas.JAASLoginService) JAASLoginService(org.eclipse.jetty.plus.jaas.JAASLoginService)

Aggregations

JAASLoginService (org.eclipse.jetty.plus.jaas.JAASLoginService)1 BasicAuthenticator (org.eclipse.jetty.security.authentication.BasicAuthenticator)1 Constraint (org.eclipse.jetty.util.security.Constraint)1