Example 6 with ConstraintSecurityHandler
use of org.eclipse.jetty.security.ConstraintSecurityHandler in project jetty.project by eclipse.
the class Runner method configure.
/**
* Configure a jetty instance and deploy the webapps presented as args
*
* @param args the command line arguments
* @throws Exception if unable to configure
*/
public void configure(String[] args) throws Exception {
// handle classpath bits first so we can initialize the log mechanism.
for (int i = 0; i < args.length; i++) {
if ("--lib".equals(args[i])) {
try (Resource lib = Resource.newResource(args[++i])) {
if (!lib.exists() || !lib.isDirectory())
usage("No such lib directory " + lib);
_classpath.addJars(lib);
}
} else if ("--jar".equals(args[i])) {
try (Resource jar = Resource.newResource(args[++i])) {
if (!jar.exists() || jar.isDirectory())
usage("No such jar " + jar);
_classpath.addPath(jar);
}
} else if ("--classes".equals(args[i])) {
try (Resource classes = Resource.newResource(args[++i])) {
if (!classes.exists() || !classes.isDirectory())
usage("No such classes directory " + classes);
_classpath.addPath(classes);
}
} else if (args[i].startsWith("--"))
i++;
}
initClassLoader();
LOG.info("Runner");
LOG.debug("Runner classpath {}", _classpath);
String contextPath = __defaultContextPath;
boolean contextPathSet = false;
int port = __defaultPort;
String host = null;
int stopPort = 0;
String stopKey = null;
boolean runnerServerInitialized = false;
for (int i = 0; i < args.length; i++) {
switch(args[i]) {
case "--port":
port = Integer.parseInt(args[++i]);
break;
case "--host":
host = args[++i];
break;
case "--stop-port":
stopPort = Integer.parseInt(args[++i]);
break;
case "--stop-key":
stopKey = args[++i];
break;
case "--log":
_logFile = args[++i];
break;
case "--out":
String outFile = args[++i];
PrintStream out = new PrintStream(new RolloverFileOutputStream(outFile, true, -1));
LOG.info("Redirecting stderr/stdout to " + outFile);
System.setErr(out);
System.setOut(out);
break;
case "--path":
contextPath = args[++i];
contextPathSet = true;
break;
case "--config":
if (_configFiles == null)
_configFiles = new ArrayList<>();
_configFiles.add(args[++i]);
break;
case "--lib":
//skip
++i;
break;
case "--jar":
//skip
++i;
break;
case "--classes":
//skip
++i;
break;
case "--stats":
_enableStats = true;
_statsPropFile = args[++i];
_statsPropFile = ("unsecure".equalsIgnoreCase(_statsPropFile) ? null : _statsPropFile);
break;
default:
if (// log handlers not registered, server maybe not created, etc
!runnerServerInitialized) {
if (// server not initialized yet
_server == null) {
// build the server
_server = new Server();
}
//apply jetty config files if there are any
if (_configFiles != null) {
for (String cfg : _configFiles) {
try (Resource resource = Resource.newResource(cfg)) {
XmlConfiguration xmlConfiguration = new XmlConfiguration(resource.getURL());
xmlConfiguration.configure(_server);
}
}
}
//check that everything got configured, and if not, make the handlers
HandlerCollection handlers = (HandlerCollection) _server.getChildHandlerByClass(HandlerCollection.class);
if (handlers == null) {
handlers = new HandlerCollection();
_server.setHandler(handlers);
}
//check if contexts already configured
_contexts = (ContextHandlerCollection) handlers.getChildHandlerByClass(ContextHandlerCollection.class);
if (_contexts == null) {
_contexts = new ContextHandlerCollection();
prependHandler(_contexts, handlers);
}
if (_enableStats) {
//if no stats handler already configured
if (handlers.getChildHandlerByClass(StatisticsHandler.class) == null) {
StatisticsHandler statsHandler = new StatisticsHandler();
Handler oldHandler = _server.getHandler();
statsHandler.setHandler(oldHandler);
_server.setHandler(statsHandler);
ServletContextHandler statsContext = new ServletContextHandler(_contexts, "/stats");
statsContext.addServlet(new ServletHolder(new StatisticsServlet()), "/");
statsContext.setSessionHandler(new SessionHandler());
if (_statsPropFile != null) {
HashLoginService loginService = new HashLoginService("StatsRealm", _statsPropFile);
Constraint constraint = new Constraint();
constraint.setName("Admin Only");
constraint.setRoles(new String[] { "admin" });
constraint.setAuthenticate(true);
ConstraintMapping cm = new ConstraintMapping();
cm.setConstraint(constraint);
cm.setPathSpec("/*");
ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
securityHandler.setLoginService(loginService);
securityHandler.setConstraintMappings(Collections.singletonList(cm));
securityHandler.setAuthenticator(new BasicAuthenticator());
statsContext.setSecurityHandler(securityHandler);
}
}
}
//ensure a DefaultHandler is present
if (handlers.getChildHandlerByClass(DefaultHandler.class) == null) {
handlers.addHandler(new DefaultHandler());
}
//ensure a log handler is present
_logHandler = (RequestLogHandler) handlers.getChildHandlerByClass(RequestLogHandler.class);
if (_logHandler == null) {
_logHandler = new RequestLogHandler();
handlers.addHandler(_logHandler);
}
//check a connector is configured to listen on
Connector[] connectors = _server.getConnectors();
if (connectors == null || connectors.length == 0) {
ServerConnector connector = new ServerConnector(_server);
connector.setPort(port);
if (host != null)
connector.setHost(host);
_server.addConnector(connector);
if (_enableStats)
connector.addBean(new ConnectionStatistics());
} else {
if (_enableStats) {
for (Connector connector : connectors) {
((AbstractConnector) connector).addBean(new ConnectionStatistics());
}
}
}
runnerServerInitialized = true;
}
// Create a context
try (Resource ctx = Resource.newResource(args[i])) {
if (!ctx.exists())
usage("Context '" + ctx + "' does not exist");
if (contextPathSet && !(contextPath.startsWith("/")))
contextPath = "/" + contextPath;
// Configure the context
if (!ctx.isDirectory() && ctx.toString().toLowerCase(Locale.ENGLISH).endsWith(".xml")) {
// It is a context config file
XmlConfiguration xmlConfiguration = new XmlConfiguration(ctx.getURL());
xmlConfiguration.getIdMap().put("Server", _server);
ContextHandler handler = (ContextHandler) xmlConfiguration.configure();
if (contextPathSet)
handler.setContextPath(contextPath);
_contexts.addHandler(handler);
String containerIncludeJarPattern = (String) handler.getAttribute(WebInfConfiguration.CONTAINER_JAR_PATTERN);
if (containerIncludeJarPattern == null)
containerIncludeJarPattern = __containerIncludeJarPattern;
else {
if (!containerIncludeJarPattern.contains(__containerIncludeJarPattern)) {
containerIncludeJarPattern = containerIncludeJarPattern + (StringUtil.isBlank(containerIncludeJarPattern) ? "" : "|") + __containerIncludeJarPattern;
}
}
handler.setAttribute(WebInfConfiguration.CONTAINER_JAR_PATTERN, containerIncludeJarPattern);
//check the configurations, if not explicitly set up, then configure all of them
if (handler instanceof WebAppContext) {
WebAppContext wac = (WebAppContext) handler;
if (wac.getConfigurationClasses() == null || wac.getConfigurationClasses().length == 0)
wac.setConfigurationClasses(__plusConfigurationClasses);
}
} else {
// assume it is a WAR file
WebAppContext webapp = new WebAppContext(_contexts, ctx.toString(), contextPath);
webapp.setConfigurationClasses(__plusConfigurationClasses);
webapp.setAttribute(WebInfConfiguration.CONTAINER_JAR_PATTERN, __containerIncludeJarPattern);
}
}
//reset
contextPathSet = false;
contextPath = __defaultContextPath;
break;
}
}
if (_server == null)
usage("No Contexts defined");
_server.setStopAtShutdown(true);
switch((stopPort > 0 ? 1 : 0) + (stopKey != null ? 2 : 0)) {
case 1:
usage("Must specify --stop-key when --stop-port is specified");
break;
case 2:
usage("Must specify --stop-port when --stop-key is specified");
break;
case 3:
ShutdownMonitor monitor = ShutdownMonitor.getInstance();
monitor.setPort(stopPort);
monitor.setKey(stopKey);
monitor.setExitVm(true);
break;
}
if (_logFile != null) {
NCSARequestLog requestLog = new NCSARequestLog(_logFile);
requestLog.setExtended(false);
_logHandler.setRequestLog(requestLog);
}
}
Also used :
SessionHandler(org.eclipse.jetty.server.session.SessionHandler)
AbstractConnector(org.eclipse.jetty.server.AbstractConnector)
ServerConnector(org.eclipse.jetty.server.ServerConnector)
Connector(org.eclipse.jetty.server.Connector)
ShutdownMonitor(org.eclipse.jetty.server.ShutdownMonitor)
Server(org.eclipse.jetty.server.Server)
ConnectionStatistics(org.eclipse.jetty.io.ConnectionStatistics)
Constraint(org.eclipse.jetty.util.security.Constraint)
ServletHolder(org.eclipse.jetty.servlet.ServletHolder)
ArrayList(java.util.ArrayList)
ContextHandlerCollection(org.eclipse.jetty.server.handler.ContextHandlerCollection)
RolloverFileOutputStream(org.eclipse.jetty.util.RolloverFileOutputStream)
XmlConfiguration(org.eclipse.jetty.xml.XmlConfiguration)
ServerConnector(org.eclipse.jetty.server.ServerConnector)
ServletContextHandler(org.eclipse.jetty.servlet.ServletContextHandler)
ContextHandler(org.eclipse.jetty.server.handler.ContextHandler)
WebAppContext(org.eclipse.jetty.webapp.WebAppContext)
HashLoginService(org.eclipse.jetty.security.HashLoginService)
BasicAuthenticator(org.eclipse.jetty.security.authentication.BasicAuthenticator)
RequestLogHandler(org.eclipse.jetty.server.handler.RequestLogHandler)
ConstraintSecurityHandler(org.eclipse.jetty.security.ConstraintSecurityHandler)
NCSARequestLog(org.eclipse.jetty.server.NCSARequestLog)
ContextHandlerCollection(org.eclipse.jetty.server.handler.ContextHandlerCollection)
HandlerCollection(org.eclipse.jetty.server.handler.HandlerCollection)
PrintStream(java.io.PrintStream)
ConstraintMapping(org.eclipse.jetty.security.ConstraintMapping)
Resource(org.eclipse.jetty.util.resource.Resource)
ServletContextHandler(org.eclipse.jetty.servlet.ServletContextHandler)
Handler(org.eclipse.jetty.server.Handler)
DefaultHandler(org.eclipse.jetty.server.handler.DefaultHandler)
ConstraintSecurityHandler(org.eclipse.jetty.security.ConstraintSecurityHandler)
StatisticsHandler(org.eclipse.jetty.server.handler.StatisticsHandler)
ContextHandler(org.eclipse.jetty.server.handler.ContextHandler)
SessionHandler(org.eclipse.jetty.server.session.SessionHandler)
RequestLogHandler(org.eclipse.jetty.server.handler.RequestLogHandler)
Constraint(org.eclipse.jetty.util.security.Constraint)
DefaultHandler(org.eclipse.jetty.server.handler.DefaultHandler)
StatisticsServlet(org.eclipse.jetty.servlet.StatisticsServlet)
StatisticsHandler(org.eclipse.jetty.server.handler.StatisticsHandler)
ServletContextHandler(org.eclipse.jetty.servlet.ServletContextHandler)
AbstractConnector(org.eclipse.jetty.server.AbstractConnector)
Example 7 with ConstraintSecurityHandler
use of org.eclipse.jetty.security.ConstraintSecurityHandler in project jetty.project by eclipse.
the class TestSecurityAnnotationConversions method makeWebAppContext.
private WebAppContext makeWebAppContext(String className, String servletName, String[] paths) {
WebAppContext wac = new WebAppContext();
ServletHolder[] holders = new ServletHolder[1];
holders[0] = new ServletHolder();
holders[0].setClassName(className);
holders[0].setName(servletName);
holders[0].setServletHandler(wac.getServletHandler());
wac.getServletHandler().setServlets(holders);
wac.setSecurityHandler(new ConstraintSecurityHandler());
ServletMapping[] servletMappings = new ServletMapping[1];
servletMappings[0] = new ServletMapping();
servletMappings[0].setPathSpecs(paths);
servletMappings[0].setServletName(servletName);
wac.getServletHandler().setServletMappings(servletMappings);
return wac;
}
Also used :
WebAppContext(org.eclipse.jetty.webapp.WebAppContext)
ServletMapping(org.eclipse.jetty.servlet.ServletMapping)
ServletHolder(org.eclipse.jetty.servlet.ServletHolder)
ConstraintSecurityHandler(org.eclipse.jetty.security.ConstraintSecurityHandler)
Example 8 with ConstraintSecurityHandler
use of org.eclipse.jetty.security.ConstraintSecurityHandler in project gitblit by gitblit.
the class GitBlitServer method start.
/**
* Start Gitblit GO.
*/
protected final void start(Params params) {
final File baseFolder = getBaseFolder(params);
FileSettings settings = params.FILESETTINGS;
if (!StringUtils.isEmpty(params.settingsfile)) {
if (new File(params.settingsfile).exists()) {
settings = new FileSettings(params.settingsfile);
}
}
if (params.dailyLogFile) {
// Configure log4j for daily log file generation
InputStream is = null;
try {
is = getClass().getResourceAsStream("/log4j.properties");
Properties loggingProperties = new Properties();
loggingProperties.load(is);
loggingProperties.put("log4j.appender.R.File", new File(baseFolder, "logs/gitblit.log").getAbsolutePath());
loggingProperties.put("log4j.rootCategory", "INFO, R");
if (settings.getBoolean(Keys.web.debugMode, false)) {
loggingProperties.put("log4j.logger.com.gitblit", "DEBUG");
}
PropertyConfigurator.configure(loggingProperties);
} catch (Exception e) {
e.printStackTrace();
} finally {
try {
if (is != null) {
is.close();
}
} catch (IOException e) {
e.printStackTrace();
}
}
}
logger = LoggerFactory.getLogger(GitBlitServer.class);
logger.info("\n" + Constants.getASCIIArt());
System.setProperty("java.awt.headless", "true");
String osname = System.getProperty("os.name");
String osversion = System.getProperty("os.version");
logger.info("Running on " + osname + " (" + osversion + ")");
QueuedThreadPool threadPool = new QueuedThreadPool();
int maxThreads = settings.getInteger(Keys.server.threadPoolSize, 50);
if (maxThreads > 0) {
threadPool.setMaxThreads(maxThreads);
}
Server server = new Server(threadPool);
server.setStopAtShutdown(true);
// conditionally configure the https connector
if (params.securePort > 0) {
File certificatesConf = new File(baseFolder, X509Utils.CA_CONFIG);
File serverKeyStore = new File(baseFolder, X509Utils.SERVER_KEY_STORE);
File serverTrustStore = new File(baseFolder, X509Utils.SERVER_TRUST_STORE);
File caRevocationList = new File(baseFolder, X509Utils.CA_REVOCATION_LIST);
// generate CA & web certificates, create certificate stores
X509Metadata metadata = new X509Metadata("localhost", params.storePassword);
// set default certificate values from config file
if (certificatesConf.exists()) {
FileBasedConfig config = new FileBasedConfig(certificatesConf, FS.detect());
try {
config.load();
} catch (Exception e) {
logger.error("Error parsing " + certificatesConf, e);
}
NewCertificateConfig certificateConfig = NewCertificateConfig.KEY.parse(config);
certificateConfig.update(metadata);
}
metadata.notAfter = new Date(System.currentTimeMillis() + 10 * TimeUtils.ONEYEAR);
X509Utils.prepareX509Infrastructure(metadata, baseFolder, new X509Log() {
@Override
public void log(String message) {
BufferedWriter writer = null;
try {
writer = new BufferedWriter(new FileWriter(new File(baseFolder, X509Utils.CERTS + File.separator + "log.txt"), true));
writer.write(MessageFormat.format("{0,date,yyyy-MM-dd HH:mm}: {1}", new Date(), message));
writer.newLine();
writer.flush();
} catch (Exception e) {
LoggerFactory.getLogger(GitblitAuthority.class).error("Failed to append log entry!", e);
} finally {
if (writer != null) {
try {
writer.close();
} catch (IOException e) {
}
}
}
}
});
if (serverKeyStore.exists()) {
/*
* HTTPS
*/
logger.info("Setting up HTTPS transport on port " + params.securePort);
GitblitSslContextFactory factory = new GitblitSslContextFactory(params.alias, serverKeyStore, serverTrustStore, params.storePassword, caRevocationList);
if (params.requireClientCertificates) {
factory.setNeedClientAuth(true);
} else {
factory.setWantClientAuth(true);
}
ServerConnector connector = new ServerConnector(server, factory);
connector.setSoLingerTime(-1);
connector.setIdleTimeout(30000);
connector.setPort(params.securePort);
String bindInterface = settings.getString(Keys.server.httpsBindInterface, null);
if (!StringUtils.isEmpty(bindInterface)) {
logger.warn(MessageFormat.format("Binding HTTPS transport on port {0,number,0} to {1}", params.securePort, bindInterface));
connector.setHost(bindInterface);
}
if (params.securePort < 1024 && !isWindows()) {
logger.warn("Gitblit needs to run with ROOT permissions for ports < 1024!");
}
server.addConnector(connector);
} else {
logger.warn("Failed to find or load Keystore?");
logger.warn("HTTPS transport DISABLED.");
}
}
// conditionally configure the http transport
if (params.port > 0) {
/*
* HTTP
*/
logger.info("Setting up HTTP transport on port " + params.port);
HttpConfiguration httpConfig = new HttpConfiguration();
if (params.port > 0 && params.securePort > 0 && settings.getBoolean(Keys.server.redirectToHttpsPort, true)) {
httpConfig.setSecureScheme("https");
httpConfig.setSecurePort(params.securePort);
}
httpConfig.setSendServerVersion(false);
httpConfig.setSendDateHeader(false);
ServerConnector connector = new ServerConnector(server, new HttpConnectionFactory(httpConfig));
connector.setSoLingerTime(-1);
connector.setIdleTimeout(30000);
connector.setPort(params.port);
String bindInterface = settings.getString(Keys.server.httpBindInterface, null);
if (!StringUtils.isEmpty(bindInterface)) {
logger.warn(MessageFormat.format("Binding HTTP transport on port {0,number,0} to {1}", params.port, bindInterface));
connector.setHost(bindInterface);
}
if (params.port < 1024 && !isWindows()) {
logger.warn("Gitblit needs to run with ROOT permissions for ports < 1024!");
}
server.addConnector(connector);
}
// tempDir is where the embedded Gitblit web application is expanded and
// where Jetty creates any necessary temporary files
File tempDir = com.gitblit.utils.FileUtils.resolveParameter(Constants.baseFolder$, baseFolder, params.temp);
if (tempDir.exists()) {
try {
FileUtils.delete(tempDir, FileUtils.RECURSIVE | FileUtils.RETRY);
} catch (IOException x) {
logger.warn("Failed to delete temp dir " + tempDir.getAbsolutePath(), x);
}
}
if (!tempDir.mkdirs()) {
logger.warn("Failed to create temp dir " + tempDir.getAbsolutePath());
}
// Get the execution path of this class
// We use this to set the WAR path.
ProtectionDomain protectionDomain = GitBlitServer.class.getProtectionDomain();
URL location = protectionDomain.getCodeSource().getLocation();
// Root WebApp Context
WebAppContext rootContext = new WebAppContext();
rootContext.setContextPath(settings.getString(Keys.server.contextPath, "/"));
rootContext.setServer(server);
rootContext.setWar(location.toExternalForm());
rootContext.setTempDirectory(tempDir);
// Set cookies HttpOnly so they are not accessible to JavaScript engines
HashSessionManager sessionManager = new HashSessionManager();
sessionManager.setHttpOnly(true);
// Use secure cookies if only serving https
sessionManager.setSecureRequestOnly((params.port <= 0 && params.securePort > 0) || (params.port > 0 && params.securePort > 0 && settings.getBoolean(Keys.server.redirectToHttpsPort, true)));
rootContext.getSessionHandler().setSessionManager(sessionManager);
// Ensure there is a defined User Service
String realmUsers = params.userService;
if (StringUtils.isEmpty(realmUsers)) {
logger.error(MessageFormat.format("PLEASE SPECIFY {0}!!", Keys.realm.userService));
return;
}
// Override settings from the command-line
settings.overrideSetting(Keys.realm.userService, params.userService);
settings.overrideSetting(Keys.git.repositoriesFolder, params.repositoriesFolder);
settings.overrideSetting(Keys.git.daemonPort, params.gitPort);
settings.overrideSetting(Keys.git.sshPort, params.sshPort);
// Start up an in-memory LDAP server, if configured
try {
if (!StringUtils.isEmpty(params.ldapLdifFile)) {
File ldifFile = new File(params.ldapLdifFile);
if (ldifFile != null && ldifFile.exists()) {
URI ldapUrl = new URI(settings.getRequiredString(Keys.realm.ldap.server));
String firstLine = new Scanner(ldifFile).nextLine();
String rootDN = firstLine.substring(4);
String bindUserName = settings.getString(Keys.realm.ldap.username, "");
String bindPassword = settings.getString(Keys.realm.ldap.password, "");
// Get the port
int port = ldapUrl.getPort();
if (port == -1)
port = 389;
InMemoryDirectoryServerConfig config = new InMemoryDirectoryServerConfig(rootDN);
config.addAdditionalBindCredentials(bindUserName, bindPassword);
config.setListenerConfigs(InMemoryListenerConfig.createLDAPConfig("default", port));
config.setSchema(null);
InMemoryDirectoryServer ds = new InMemoryDirectoryServer(config);
ds.importFromLDIF(true, new LDIFReader(ldifFile));
ds.startListening();
logger.info("LDAP Server started at ldap://localhost:" + port);
}
}
} catch (Exception e) {
// Completely optional, just show a warning
logger.warn("Unable to start LDAP server", e);
}
// Set the server's contexts
server.setHandler(rootContext);
// redirect HTTP requests to HTTPS
if (params.port > 0 && params.securePort > 0 && settings.getBoolean(Keys.server.redirectToHttpsPort, true)) {
logger.info(String.format("Configuring automatic http(%1$s) -> https(%2$s) redirects", params.port, params.securePort));
// Create the internal mechanisms to handle secure connections and redirects
Constraint constraint = new Constraint();
constraint.setDataConstraint(Constraint.DC_CONFIDENTIAL);
ConstraintMapping cm = new ConstraintMapping();
cm.setConstraint(constraint);
cm.setPathSpec("/*");
ConstraintSecurityHandler sh = new ConstraintSecurityHandler();
sh.setConstraintMappings(new ConstraintMapping[] { cm });
// Configure this context to use the Security Handler defined before
rootContext.setHandler(sh);
}
// Setup the Gitblit context
GitblitContext gitblit = newGitblit(settings, baseFolder);
rootContext.addEventListener(gitblit);
try {
// start the shutdown monitor
if (params.shutdownPort > 0) {
Thread shutdownMonitor = new ShutdownMonitorThread(server, params);
shutdownMonitor.start();
}
// start Jetty
server.start();
server.join();
} catch (Exception e) {
e.printStackTrace();
System.exit(100);
}
}
Also used :
ProtectionDomain(java.security.ProtectionDomain)
Scanner(java.util.Scanner)
InMemoryDirectoryServer(com.unboundid.ldap.listener.InMemoryDirectoryServer)
Server(org.eclipse.jetty.server.Server)
HashSessionManager(org.eclipse.jetty.server.session.HashSessionManager)
Constraint(org.eclipse.jetty.util.security.Constraint)
X509Metadata(com.gitblit.utils.X509Utils.X509Metadata)
FileWriter(java.io.FileWriter)
InMemoryDirectoryServerConfig(com.unboundid.ldap.listener.InMemoryDirectoryServerConfig)
HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration)
Properties(java.util.Properties)
URI(java.net.URI)
URL(java.net.URL)
BufferedWriter(java.io.BufferedWriter)
ServerConnector(org.eclipse.jetty.server.ServerConnector)
WebAppContext(org.eclipse.jetty.webapp.WebAppContext)
QueuedThreadPool(org.eclipse.jetty.util.thread.QueuedThreadPool)
ConstraintSecurityHandler(org.eclipse.jetty.security.ConstraintSecurityHandler)
GitblitContext(com.gitblit.servlet.GitblitContext)
GitblitAuthority(com.gitblit.authority.GitblitAuthority)
FileBasedConfig(org.eclipse.jgit.storage.file.FileBasedConfig)
NewCertificateConfig(com.gitblit.authority.NewCertificateConfig)
ConstraintMapping(org.eclipse.jetty.security.ConstraintMapping)
HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory)
InputStream(java.io.InputStream)
InMemoryDirectoryServer(com.unboundid.ldap.listener.InMemoryDirectoryServer)
X509Log(com.gitblit.utils.X509Utils.X509Log)
IOException(java.io.IOException)
CmdLineException(org.kohsuke.args4j.CmdLineException)
IOException(java.io.IOException)
UnknownHostException(java.net.UnknownHostException)
Constraint(org.eclipse.jetty.util.security.Constraint)
Date(java.util.Date)
LDIFReader(com.unboundid.ldif.LDIFReader)
File(java.io.File)
Example 9 with ConstraintSecurityHandler
use of org.eclipse.jetty.security.ConstraintSecurityHandler in project symmetric-ds by JumpMind.
the class SymmetricWebServer method setupBasicAuthIfNeeded.
protected void setupBasicAuthIfNeeded(Server server) {
if (StringUtils.isNotBlank(basicAuthUsername)) {
ConstraintSecurityHandler sh = new ConstraintSecurityHandler();
Constraint constraint = new Constraint();
constraint.setName(Constraint.__BASIC_AUTH);
constraint.setRoles(new String[] { SecurityConstants.EMBEDDED_WEBSERVER_DEFAULT_ROLE });
constraint.setAuthenticate(true);
ConstraintMapping cm = new ConstraintMapping();
cm.setConstraint(constraint);
cm.setPathSpec("/*");
// sh.setConstraintMappings(new ConstraintMapping[] {cm});
sh.addConstraintMapping(cm);
sh.setAuthenticator(new BasicAuthenticator());
HashLoginService loginService = new HashLoginService();
loginService.putUser(basicAuthUsername, new Password(basicAuthPassword), null);
sh.setLoginService(loginService);
server.setHandler(sh);
}
}
Also used :
ConstraintMapping(org.eclipse.jetty.security.ConstraintMapping)
HashLoginService(org.eclipse.jetty.security.HashLoginService)
BasicAuthenticator(org.eclipse.jetty.security.authentication.BasicAuthenticator)
Constraint(org.eclipse.jetty.util.security.Constraint)
ConstraintSecurityHandler(org.eclipse.jetty.security.ConstraintSecurityHandler)
Password(org.eclipse.jetty.util.security.Password)
Example 10 with ConstraintSecurityHandler
use of org.eclipse.jetty.security.ConstraintSecurityHandler in project opennms by OpenNMS.
the class JUnitServer method initializeServerWithConfig.
protected void initializeServerWithConfig(final JUnitHttpServer config) {
Server server = null;
if (config.https()) {
server = new Server();
// SSL context configuration
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(config.keystore());
sslContextFactory.setKeyStorePassword(config.keystorePassword());
sslContextFactory.setKeyManagerPassword(config.keyPassword());
sslContextFactory.setTrustStorePath(config.keystore());
sslContextFactory.setTrustStorePassword(config.keystorePassword());
// HTTP Configuration
HttpConfiguration http_config = new HttpConfiguration();
http_config.setSecureScheme("https");
http_config.setSecurePort(config.port());
http_config.setOutputBufferSize(32768);
http_config.setRequestHeaderSize(8192);
http_config.setResponseHeaderSize(8192);
http_config.setSendServerVersion(true);
http_config.setSendDateHeader(false);
// SSL HTTP Configuration
HttpConfiguration https_config = new HttpConfiguration(http_config);
https_config.addCustomizer(new SecureRequestCustomizer());
// SSL Connector
ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(https_config));
sslConnector.setPort(config.port());
server.addConnector(sslConnector);
} else {
server = new Server(config.port());
}
m_server = server;
final ContextHandler context1 = new ContextHandler();
context1.setContextPath("/");
context1.setWelcomeFiles(new String[] { "index.html" });
context1.setResourceBase(config.resource());
context1.setClassLoader(Thread.currentThread().getContextClassLoader());
context1.setVirtualHosts(config.vhosts());
final ContextHandler context = context1;
Handler topLevelHandler = null;
final HandlerList handlers = new HandlerList();
if (config.basicAuth()) {
// check for basic auth if we're configured to do so
LOG.debug("configuring basic auth");
final HashLoginService loginService = new HashLoginService("MyRealm", config.basicAuthFile());
loginService.setHotReload(true);
m_server.addBean(loginService);
final ConstraintSecurityHandler security = new ConstraintSecurityHandler();
final Set<String> knownRoles = new HashSet<String>();
knownRoles.add("user");
knownRoles.add("admin");
knownRoles.add("moderator");
final Constraint constraint = new Constraint();
constraint.setName("auth");
constraint.setAuthenticate(true);
constraint.setRoles(knownRoles.toArray(new String[0]));
final ConstraintMapping mapping = new ConstraintMapping();
mapping.setPathSpec("/*");
mapping.setConstraint(constraint);
security.setConstraintMappings(Collections.singletonList(mapping), knownRoles);
security.setAuthenticator(new BasicAuthenticator());
security.setLoginService(loginService);
security.setRealmName("MyRealm");
security.setHandler(context);
topLevelHandler = security;
} else {
topLevelHandler = context;
}
final Webapp[] webapps = config.webapps();
if (webapps != null) {
for (final Webapp webapp : webapps) {
final WebAppContext wac = new WebAppContext();
String path = null;
if (!"".equals(webapp.pathSystemProperty()) && System.getProperty(webapp.pathSystemProperty()) != null) {
path = System.getProperty(webapp.pathSystemProperty());
} else {
path = webapp.path();
}
if (path == null || "".equals(path)) {
throw new IllegalArgumentException("path or pathSystemProperty of @Webapp points to a null or blank value");
}
wac.setWar(path);
wac.setContextPath(webapp.context());
handlers.addHandler(wac);
}
}
final ResourceHandler rh = new ResourceHandler();
rh.setWelcomeFiles(new String[] { "index.html" });
rh.setResourceBase(config.resource());
handlers.addHandler(rh);
// fall through to default
handlers.addHandler(new DefaultHandler());
context.setHandler(handlers);
m_server.setHandler(topLevelHandler);
}
Also used :
HandlerList(org.eclipse.jetty.server.handler.HandlerList)
ConstraintMapping(org.eclipse.jetty.security.ConstraintMapping)
SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer)
JUnitHttpServer(org.opennms.core.test.http.annotations.JUnitHttpServer)
Server(org.eclipse.jetty.server.Server)
HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory)
Constraint(org.eclipse.jetty.util.security.Constraint)
Handler(org.eclipse.jetty.server.Handler)
ResourceHandler(org.eclipse.jetty.server.handler.ResourceHandler)
DefaultHandler(org.eclipse.jetty.server.handler.DefaultHandler)
ConstraintSecurityHandler(org.eclipse.jetty.security.ConstraintSecurityHandler)
ContextHandler(org.eclipse.jetty.server.handler.ContextHandler)
ResourceHandler(org.eclipse.jetty.server.handler.ResourceHandler)
HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration)
SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory)
DefaultHandler(org.eclipse.jetty.server.handler.DefaultHandler)
ServerConnector(org.eclipse.jetty.server.ServerConnector)
ContextHandler(org.eclipse.jetty.server.handler.ContextHandler)
WebAppContext(org.eclipse.jetty.webapp.WebAppContext)
SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory)
HashLoginService(org.eclipse.jetty.security.HashLoginService)
BasicAuthenticator(org.eclipse.jetty.security.authentication.BasicAuthenticator)
ConstraintSecurityHandler(org.eclipse.jetty.security.ConstraintSecurityHandler)
HashSet(java.util.HashSet)
Webapp(org.opennms.core.test.http.annotations.Webapp)
Aggregations
ConstraintSecurityHandler (org.eclipse.jetty.security.ConstraintSecurityHandler)24
ConstraintMapping (org.eclipse.jetty.security.ConstraintMapping)19
Constraint (org.eclipse.jetty.util.security.Constraint)19
HashLoginService (org.eclipse.jetty.security.HashLoginService)12
BasicAuthenticator (org.eclipse.jetty.security.authentication.BasicAuthenticator)11
Server (org.eclipse.jetty.server.Server)10
ServerConnector (org.eclipse.jetty.server.ServerConnector)5
WebAppContext (org.eclipse.jetty.webapp.WebAppContext)5
ContextHandler (org.eclipse.jetty.server.handler.ContextHandler)4
DefaultHandler (org.eclipse.jetty.server.handler.DefaultHandler)4
Password (org.eclipse.jetty.util.security.Password)4
IOException (java.io.IOException)3
HashSet (java.util.HashSet)3
Handler (org.eclipse.jetty.server.Handler)3
ContextHandlerCollection (org.eclipse.jetty.server.handler.ContextHandlerCollection)3
HandlerCollection (org.eclipse.jetty.server.handler.HandlerCollection)3
HandlerList (org.eclipse.jetty.server.handler.HandlerList)3
ServletContextHandler (org.eclipse.jetty.servlet.ServletContextHandler)3
ServletHolder (org.eclipse.jetty.servlet.ServletHolder)3
File (java.io.File)2
