Examples with ConstraintMapping org.eclipse.jetty.security.ConstraintMapping used on opensource projects

Example 11 with ConstraintMapping

use of org.eclipse.jetty.security.ConstraintMapping in project async-http-client by AsyncHttpClient.

the class TestUtils method addAuthHandler.

private static void addAuthHandler(Server server, String auth, LoginAuthenticator authenticator, Handler handler) {
    server.addBean(LOGIN_SERVICE);
    Constraint constraint = new Constraint();
    constraint.setName(auth);
    constraint.setRoles(new String[] { USER, ADMIN });
    constraint.setAuthenticate(true);
    ConstraintMapping mapping = new ConstraintMapping();
    mapping.setConstraint(constraint);
    mapping.setPathSpec("/*");
    Set<String> knownRoles = new HashSet<>();
    knownRoles.add(USER);
    knownRoles.add(ADMIN);
    List<ConstraintMapping> cm = new ArrayList<>();
    cm.add(mapping);
    ConstraintSecurityHandler security = new ConstraintSecurityHandler();
    security.setConstraintMappings(cm, knownRoles);
    security.setAuthenticator(authenticator);
    security.setLoginService(LOGIN_SERVICE);
    security.setHandler(handler);
    server.setHandler(security);
}

Example 12 with ConstraintMapping

use of org.eclipse.jetty.security.ConstraintMapping in project oozie by apache.

the class TestConstraintSecurityHandlerProvider method constraintHandlersCanBeSet.

@Test
public void constraintHandlersCanBeSet() {
    Configuration config = new Configuration(false);
    config.set("oozie.base.url", "https://localhost:11443/oozie");
    when(mockCfgService.getConf()).thenReturn(config);
    when(mockServices.get(ConfigurationService.class)).thenReturn(mockCfgService);
    ConstraintSecurityHandlerProvider constraintSecurityHandlerProvider = new ConstraintSecurityHandlerProvider(mockServices);
    ConstraintSecurityHandler actConstraintSecurityHandler = constraintSecurityHandlerProvider.get();
    List<ConstraintMapping> actConstraintMappings = actConstraintSecurityHandler.getConstraintMappings();
    assertEquals(actConstraintMappings.size(), 2);
    List<String> actPathSpecs = new ArrayList<>();
    for (ConstraintMapping sm : actConstraintMappings) {
        actPathSpecs.add(sm.getPathSpec());
    }
    assertTrue(actPathSpecs.contains(String.format("%s/callback/*", EmbeddedOozieServer.getContextPath(config))));
    assertTrue(actPathSpecs.contains("/*"));
}

Example 13 with ConstraintMapping

use of org.eclipse.jetty.security.ConstraintMapping in project oozie by apache.

the class ConstraintSecurityHandlerProvider method get.

@Override
public ConstraintSecurityHandler get() {
    String contextPath = EmbeddedOozieServer.getContextPath(oozieConfiguration);
    ConstraintMapping callbackConstraintMapping = new ConstraintMapping();
    callbackConstraintMapping.setPathSpec(String.format("%s/callback/*", contextPath));
    Constraint unsecureConstraint = new Constraint();
    unsecureConstraint.setDataConstraint(Constraint.DC_NONE);
    callbackConstraintMapping.setConstraint(unsecureConstraint);
    ConstraintMapping mapping = new ConstraintMapping();
    mapping.setPathSpec("/*");
    Constraint constraint = new Constraint();
    constraint.setDataConstraint(Constraint.DC_CONFIDENTIAL);
    mapping.setConstraint(constraint);
    ConstraintSecurityHandler security = new ConstraintSecurityHandler();
    security.setConstraintMappings(Arrays.asList(callbackConstraintMapping, mapping));
    return security;
}

Example 14 with ConstraintMapping

use of org.eclipse.jetty.security.ConstraintMapping in project i2p.i2p by i2p.

the class RouterConsoleRunner method initialize.

/**
 *  Set up basic security constraints for the webapp.
 *  Add all users and passwords.
 */
static void initialize(RouterContext ctx, WebAppContext context) {
    ConstraintSecurityHandler sec = new ConstraintSecurityHandler();
    List<ConstraintMapping> constraints = new ArrayList<ConstraintMapping>(4);
    ConsolePasswordManager mgr = new ConsolePasswordManager(ctx);
    boolean enable = ctx.getBooleanProperty(PROP_PW_ENABLE);
    if (enable) {
        Map<String, String> userpw = mgr.getMD5(PROP_CONSOLE_PW);
        if (userpw.isEmpty()) {
            enable = false;
            ctx.router().saveConfig(PROP_PW_ENABLE, "false");
        } else {
            HashLoginService realm = new CustomHashLoginService(JETTY_REALM, context.getContextPath(), ctx.logManager().getLog(RouterConsoleRunner.class));
            sec.setLoginService(realm);
            sec.setAuthenticator(authenticator);
            String[] role = new String[] { JETTY_ROLE };
            for (Map.Entry<String, String> e : userpw.entrySet()) {
                String user = e.getKey();
                String pw = e.getValue();
                Credential cred = Credential.getCredential(MD5_CREDENTIAL_TYPE + pw);
                realm.putUser(user, cred, role);
                Constraint constraint = new Constraint(user, JETTY_ROLE);
                constraint.setAuthenticate(true);
                ConstraintMapping cm = new ConstraintMapping();
                cm.setConstraint(constraint);
                cm.setPathSpec("/");
                constraints.add(cm);
                // Jetty does auth checking only with ISO-8859-1,
                // so register a 2nd and 3rd user with different encodings if necessary.
                // Might work, might not...
                // There's no standard and browser behavior varies.
                // Chrome sends UTF-8. Firefox doesn't send anything.
                // https://bugzilla.mozilla.org/show_bug.cgi?id=41489
                // see also RFC 7616/7617 (late 2015) and PasswordManager.md5Hex()
                byte[] b1 = DataHelper.getUTF8(user);
                byte[] b2 = DataHelper.getASCII(user);
                if (!DataHelper.eq(b1, b2)) {
                    try {
                        // each char truncated to 8 bytes
                        String user2 = new String(b2, "ISO-8859-1");
                        realm.putUser(user2, cred, role);
                        constraint = new Constraint(user2, JETTY_ROLE);
                        constraint.setAuthenticate(true);
                        cm = new ConstraintMapping();
                        cm.setConstraint(constraint);
                        cm.setPathSpec("/");
                        constraints.add(cm);
                        // each UTF-8 byte as a char
                        // this is what chrome does
                        String user3 = new String(b1, "ISO-8859-1");
                        realm.putUser(user3, cred, role);
                        constraint = new Constraint(user3, JETTY_ROLE);
                        constraint.setAuthenticate(true);
                        cm = new ConstraintMapping();
                        cm.setConstraint(constraint);
                        cm.setPathSpec("/");
                        constraints.add(cm);
                    } catch (UnsupportedEncodingException uee) {
                    }
                }
            }
        }
    }
    // This forces a '403 Forbidden' response for TRACE and OPTIONS unless the
    // WAC handler handles it.
    // (LocaleWebAppHandler returns a '405 Method Not Allowed')
    // TRACE and OPTIONS aren't really security issues...
    // TRACE doesn't echo stuff unless you call setTrace(true)
    // But it might bug some people
    // The other strange methods - PUT, DELETE, MOVE - are disabled by default
    // See also:
    // http://old.nabble.com/Disable-HTTP-TRACE-in-Jetty-5.x-td12412607.html
    Constraint sc = new Constraint();
    sc.setName("No trace");
    ConstraintMapping cm = new ConstraintMapping();
    cm.setMethod("TRACE");
    cm.setConstraint(sc);
    cm.setPathSpec("/");
    constraints.add(cm);
    sc = new Constraint();
    sc.setName("No options");
    cm = new ConstraintMapping();
    cm.setMethod("OPTIONS");
    cm.setConstraint(sc);
    cm.setPathSpec("/");
    constraints.add(cm);
    ConstraintMapping[] cmarr = constraints.toArray(new ConstraintMapping[constraints.size()]);
    sec.setConstraintMappings(cmarr);
    context.setSecurityHandler(sec);
    // see HashSessionManager javadoc
    synchronized (RouterConsoleRunner.class) {
        if (_jettyTimer == null) {
            _jettyTimer = new ScheduledExecutorScheduler("Console HashSessionScavenger", true);
            try {
                _jettyTimer.start();
            } catch (Exception e) {
                System.err.println("Warning: ScheduledExecutorScheduler start failed: " + e);
            }
        }
        context.getServletContext().setAttribute("org.eclipse.jetty.server.session.timer", _jettyTimer);
    }
}

Example 15 with ConstraintMapping

use of org.eclipse.jetty.security.ConstraintMapping in project goodies by sonatype.

the class JettyServerProvider method initAuthentication.

private void initAuthentication(String pathSpec, String authName) {
    authType = authName;
    Constraint constraint = new Constraint();
    if (authName == null) {
        authName = Constraint.__BASIC_AUTH;
    }
    constraint.setName(authName);
    constraint.setRoles(new String[] { "users" });
    constraint.setAuthenticate(true);
    ConstraintMapping cm = new ConstraintMapping();
    cm.setConstraint(constraint);
    cm.setPathSpec(pathSpec);
    securityHandler.setRealmName("Test Server");
    securityHandler.setAuthMethod(authName);
    securityHandler.setConstraintMappings(new ConstraintMapping[] { cm });
    loginService = new HashLoginService("Test Server");
    securityHandler.setLoginService(loginService);
    webappContext.setSecurityHandler(securityHandler);
}