Examples with BasicAuthenticator org.eclipse.jetty.security.authentication.BasicAuthenticator used on opensource projects

Search in sources :

Example 6 with BasicAuthenticator

use of org.eclipse.jetty.security.authentication.BasicAuthenticator in project jetty.project by eclipse.

the class ConstraintTest method testDataRedirection.

@Test
public void testDataRedirection() throws Exception {
    _security.setAuthenticator(new BasicAuthenticator());
    _server.start();
    String response;
    response = _connector.getResponse("GET /ctx/data/info HTTP/1.0\r\n\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 403"));
    _config.setSecurePort(8443);
    _config.setSecureScheme("https");
    response = _connector.getResponse("GET /ctx/data/info HTTP/1.0\r\n\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 302 Found"));
    Assert.assertTrue(response.indexOf("Location") > 0);
    Assert.assertTrue(response.indexOf(":8443/ctx/data/info") > 0);
    Assert.assertThat(response, Matchers.not(Matchers.containsString("https:///")));
    _config.setSecurePort(443);
    response = _connector.getResponse("GET /ctx/data/info HTTP/1.0\r\n\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 302 Found"));
    Assert.assertTrue(response.indexOf("Location") > 0);
    Assert.assertTrue(!response.contains(":443/ctx/data/info"));
    _config.setSecurePort(8443);
    response = _connector.getResponse("GET /ctx/data/info HTTP/1.0\r\nHost: wobble.com\r\n\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 302 Found"));
    Assert.assertTrue(response.indexOf("Location") > 0);
    Assert.assertTrue(response.indexOf("https://wobble.com:8443/ctx/data/info") > 0);
    _config.setSecurePort(443);
    response = _connector.getResponse("GET /ctx/data/info HTTP/1.0\r\nHost: wobble.com\r\n\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 302 Found"));
    Assert.assertTrue(response.indexOf("Location") > 0);
    Assert.assertTrue(!response.contains(":443"));
    Assert.assertTrue(response.indexOf("https://wobble.com/ctx/data/info") > 0);
}
Also used : BasicAuthenticator(org.eclipse.jetty.security.authentication.BasicAuthenticator) Test(org.junit.Test)

Example 7 with BasicAuthenticator

use of org.eclipse.jetty.security.authentication.BasicAuthenticator in project jetty.project by eclipse.

the class ConstraintTest method testStrictBasic.

@Test
public void testStrictBasic() throws Exception {
    _security.setAuthenticator(new BasicAuthenticator());
    _server.start();
    String response;
    response = _connector.getResponse("GET /ctx/noauth/info HTTP/1.0\r\n\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
    response = _connector.getResponse("GET /ctx/forbid/info HTTP/1.0\r\n\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 403 Forbidden"));
    response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 401 Unauthorized"));
    Assert.assertThat(response, Matchers.containsString("WWW-Authenticate: basic realm=\"TestRealm\""));
    response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("user:wrong") + "\r\n" + "\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 401 Unauthorized"));
    Assert.assertThat(response, Matchers.containsString("WWW-Authenticate: basic realm=\"TestRealm\""));
    response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("user3:password") + "\r\n" + "\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 403"));
    response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("user2:password") + "\r\n" + "\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
    // test admin
    response = _connector.getResponse("GET /ctx/admin/info HTTP/1.0\r\n\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 401 Unauthorized"));
    Assert.assertThat(response, Matchers.containsString("WWW-Authenticate: basic realm=\"TestRealm\""));
    response = _connector.getResponse("GET /ctx/admin/info HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("admin:wrong") + "\r\n" + "\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 401 Unauthorized"));
    Assert.assertThat(response, Matchers.containsString("WWW-Authenticate: basic realm=\"TestRealm\""));
    response = _connector.getResponse("GET /ctx/admin/info HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("user:password") + "\r\n" + "\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 403 "));
    Assert.assertThat(response, Matchers.containsString("!role"));
    response = _connector.getResponse("GET /ctx/admin/info HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("admin:password") + "\r\n" + "\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
    response = _connector.getResponse("GET /ctx/admin/relax/info HTTP/1.0\r\n\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
}
Also used : BasicAuthenticator(org.eclipse.jetty.security.authentication.BasicAuthenticator) Test(org.junit.Test)

Example 8 with BasicAuthenticator

use of org.eclipse.jetty.security.authentication.BasicAuthenticator in project jetty.project by eclipse.

the class DataConstraintsTest method testConfidentialWithRolesSetAndMethodRestrictionAndAuthenticationRequired.

@Test
public void testConfidentialWithRolesSetAndMethodRestrictionAndAuthenticationRequired() throws Exception {
    Constraint constraint0 = new Constraint();
    constraint0.setRoles(new String[] { "admin" });
    constraint0.setAuthenticate(true);
    constraint0.setName("confid");
    constraint0.setDataConstraint(Constraint.DC_CONFIDENTIAL);
    ConstraintMapping mapping0 = new ConstraintMapping();
    mapping0.setPathSpec("/confid/*");
    mapping0.setMethod(HttpMethod.POST.asString());
    mapping0.setConstraint(constraint0);
    _security.setConstraintMappings(Arrays.asList(new ConstraintMapping[] { mapping0 }));
    DefaultIdentityService identityService = new DefaultIdentityService();
    _security.setLoginService(new CustomLoginService(identityService));
    _security.setIdentityService(identityService);
    _security.setAuthenticator(new BasicAuthenticator());
    _server.start();
    String response;
    response = _connector.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
    Assert.assertThat(response, Matchers.containsString("HTTP/1.1 404 Not Found"));
    response = _connectorS.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
    Assert.assertThat(response, Matchers.containsString("HTTP/1.1 404 Not Found"));
    response = _connector.getResponses("POST /ctx/confid/info HTTP/1.0\r\n\r\n");
    Assert.assertThat(response, Matchers.containsString("HTTP/1.1 302 Found"));
    response = _connectorS.getResponses("POST /ctx/confid/info HTTP/1.0\r\n\r\n");
    Assert.assertThat(response, Matchers.containsString("HTTP/1.1 401 Unauthorized"));
    response = _connector.getResponses("GET /ctx/confid/info HTTP/1.0\r\nAuthorization: Basic YWRtaW46cGFzc3dvcmQ=\r\n\r\n");
    Assert.assertThat(response, Matchers.containsString("HTTP/1.1 404 Not Found"));
    response = _connector.getResponses("POST /ctx/confid/info HTTP/1.0\r\nAuthorization: Basic YWRtaW46cGFzc3dvcmQ=\r\n\r\n");
    Assert.assertThat(response, Matchers.containsString("HTTP/1.1 302 Found"));
    response = _connectorS.getResponses("POST /ctx/confid/info HTTP/1.0\r\nAuthorization: Basic YWRtaW46cGFzc3dvcmQ=\r\n\r\n");
    Assert.assertThat(response, Matchers.containsString("HTTP/1.1 404 Not Found"));
}
Also used : BasicAuthenticator(org.eclipse.jetty.security.authentication.BasicAuthenticator) Constraint(org.eclipse.jetty.util.security.Constraint) Test(org.junit.Test)

Example 9 with BasicAuthenticator

use of org.eclipse.jetty.security.authentication.BasicAuthenticator in project jetty.project by eclipse.

the class SpecExampleConstraintTest method testUncoveredHttpMethodsDenied.

@Test
public void testUncoveredHttpMethodsDenied() throws Exception {
    try {
        _security.setDenyUncoveredHttpMethods(false);
        _security.setAuthenticator(new BasicAuthenticator());
        _server.start();
        //There are uncovered methods for GET/POST at url /*
        //without deny-uncovered-http-methods they should be accessible
        String response;
        response = _connector.getResponses("GET /ctx/index.html HTTP/1.0\r\n\r\n");
        assertThat(response, startsWith("HTTP/1.1 200 OK"));
        //set deny-uncovered-http-methods true
        _security.setDenyUncoveredHttpMethods(true);
        //check they cannot be accessed
        response = _connector.getResponses("GET /ctx/index.html HTTP/1.0\r\n\r\n");
        assertTrue(response.startsWith("HTTP/1.1 403 Forbidden"));
    } finally {
        _security.setDenyUncoveredHttpMethods(false);
    }
}
Also used : BasicAuthenticator(org.eclipse.jetty.security.authentication.BasicAuthenticator) Test(org.junit.Test)

Example 10 with BasicAuthenticator

use of org.eclipse.jetty.security.authentication.BasicAuthenticator in project blade by biezhi.

the class DefaultAuthenticatorFactory method getAuthenticator.

public Authenticator getAuthenticator(Server server, ServletContext context, AuthConfiguration configuration, IdentityService identityService, LoginService loginService) {
    String auth = configuration.getAuthMethod();
    Authenticator authenticator = null;
    if (auth == null || Constraint.__BASIC_AUTH.equalsIgnoreCase(auth))
        authenticator = new BasicAuthenticator();
    else if (Constraint.__DIGEST_AUTH.equalsIgnoreCase(auth))
        authenticator = new DigestAuthenticator();
    else if (Constraint.__FORM_AUTH.equalsIgnoreCase(auth))
        authenticator = new FormAuthenticator();
    else if (Constraint.__SPNEGO_AUTH.equalsIgnoreCase(auth))
        authenticator = new SpnegoAuthenticator();
    else if (// see Bug #377076
    Constraint.__NEGOTIATE_AUTH.equalsIgnoreCase(auth))
        authenticator = new SpnegoAuthenticator(Constraint.__NEGOTIATE_AUTH);
    if (Constraint.__CERT_AUTH.equalsIgnoreCase(auth) || Constraint.__CERT_AUTH2.equalsIgnoreCase(auth))
        authenticator = new ClientCertAuthenticator();
    return authenticator;
}
Also used : BasicAuthenticator(org.eclipse.jetty.security.authentication.BasicAuthenticator) ClientCertAuthenticator(org.eclipse.jetty.security.authentication.ClientCertAuthenticator) DigestAuthenticator(org.eclipse.jetty.security.authentication.DigestAuthenticator) FormAuthenticator(org.eclipse.jetty.security.authentication.FormAuthenticator) SpnegoAuthenticator(org.eclipse.jetty.security.authentication.SpnegoAuthenticator) SpnegoAuthenticator(org.eclipse.jetty.security.authentication.SpnegoAuthenticator) ClientCertAuthenticator(org.eclipse.jetty.security.authentication.ClientCertAuthenticator) DigestAuthenticator(org.eclipse.jetty.security.authentication.DigestAuthenticator) FormAuthenticator(org.eclipse.jetty.security.authentication.FormAuthenticator) BasicAuthenticator(org.eclipse.jetty.security.authentication.BasicAuthenticator)

Aggregations

BasicAuthenticator (org.eclipse.jetty.security.authentication.BasicAuthenticator)30 Constraint (org.eclipse.jetty.util.security.Constraint)19 Test (org.junit.Test)12 ConstraintMapping (org.eclipse.jetty.security.ConstraintMapping)11 ConstraintSecurityHandler (org.eclipse.jetty.security.ConstraintSecurityHandler)11 HashLoginService (org.eclipse.jetty.security.HashLoginService)11 Server (org.eclipse.jetty.server.Server)4 HashSet (java.util.HashSet)3 ServletContextHandler (org.eclipse.jetty.servlet.ServletContextHandler)3 ArrayList (java.util.ArrayList)2 ClientCertAuthenticator (org.eclipse.jetty.security.authentication.ClientCertAuthenticator)2 DigestAuthenticator (org.eclipse.jetty.security.authentication.DigestAuthenticator)2 FormAuthenticator (org.eclipse.jetty.security.authentication.FormAuthenticator)2 SpnegoAuthenticator (org.eclipse.jetty.security.authentication.SpnegoAuthenticator)2 Handler (org.eclipse.jetty.server.Handler)2 ServerConnector (org.eclipse.jetty.server.ServerConnector)2 ContextHandler (org.eclipse.jetty.server.handler.ContextHandler)2 DefaultHandler (org.eclipse.jetty.server.handler.DefaultHandler)2 HandlerCollection (org.eclipse.jetty.server.handler.HandlerCollection)2 HandlerList (org.eclipse.jetty.server.handler.HandlerList)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial