Example 16 with BasicAuthenticator
use of org.eclipse.jetty.security.authentication.BasicAuthenticator in project jetty.project by eclipse.
the class SecuredHelloHandler method main.
public static void main(String[] args) throws Exception {
// Create a basic jetty server object that will listen on port 8080.
// Note that if you set this to port 0 then a randomly available port
// will be assigned that you can either look in the logs for the port,
// or programmatically obtain it for use in test cases.
Server server = new Server(8080);
// Since this example is for our test webapp, we need to setup a
// LoginService so this shows how to create a very simple hashmap based
// one. The name of the LoginService needs to correspond to what is
// configured a webapp's web.xml and since it has a lifecycle of its own
// we register it as a bean with the Jetty server object so it can be
// started and stopped according to the lifecycle of the server itself.
// In this example the name can be whatever you like since we are not
// dealing with webapp realms.
LoginService loginService = new HashLoginService("MyRealm", "src/test/resources/realm.properties");
server.addBean(loginService);
// A security handler is a jetty handler that secures content behind a
// particular portion of a url space. The ConstraintSecurityHandler is a
// more specialized handler that allows matching of urls to different
// constraints. The server sets this as the first handler in the chain,
// effectively applying these constraints to all subsequent handlers in
// the chain.
ConstraintSecurityHandler security = new ConstraintSecurityHandler();
server.setHandler(security);
// This constraint requires authentication and in addition that an
// authenticated user be a member of a given set of roles for
// authorization purposes.
Constraint constraint = new Constraint();
constraint.setName("auth");
constraint.setAuthenticate(true);
constraint.setRoles(new String[] { "user", "admin" });
// Binds a url pattern with the previously created constraint. The roles
// for this constraing mapping are mined from the Constraint itself
// although methods exist to declare and bind roles separately as well.
ConstraintMapping mapping = new ConstraintMapping();
mapping.setPathSpec("/*");
mapping.setConstraint(constraint);
// First you see the constraint mapping being applied to the handler as
// a singleton list, however you can passing in as many security
// constraint mappings as you like so long as they follow the mapping
// requirements of the servlet api. Next we set a BasicAuthenticator
// instance which is the object that actually checks the credentials
// followed by the LoginService which is the store of known users, etc.
security.setConstraintMappings(Collections.singletonList(mapping));
security.setAuthenticator(new BasicAuthenticator());
security.setLoginService(loginService);
// The Hello Handler is the handler we are securing so we create one,
// and then set it as the handler on the
// security handler to complain the simple handler chain.
HelloHandler hh = new HelloHandler();
// chain the hello handler into the security handler
security.setHandler(hh);
// Start things up!
server.start();
// The use of server.join() the will make the current thread join and
// wait until the server is done executing.
// See
// http://docs.oracle.com/javase/7/docs/api/java/lang/Thread.html#join()
server.join();
}
Also used :
HashLoginService(org.eclipse.jetty.security.HashLoginService)
ConstraintMapping(org.eclipse.jetty.security.ConstraintMapping)
Server(org.eclipse.jetty.server.Server)
BasicAuthenticator(org.eclipse.jetty.security.authentication.BasicAuthenticator)
Constraint(org.eclipse.jetty.util.security.Constraint)
ConstraintSecurityHandler(org.eclipse.jetty.security.ConstraintSecurityHandler)
HashLoginService(org.eclipse.jetty.security.HashLoginService)
LoginService(org.eclipse.jetty.security.LoginService)
Example 17 with BasicAuthenticator
use of org.eclipse.jetty.security.authentication.BasicAuthenticator in project jetty.project by eclipse.
the class ConstraintTest method testBasic.
@Test
public void testBasic() throws Exception {
List<ConstraintMapping> list = new ArrayList<>(_security.getConstraintMappings());
Constraint constraint6 = new Constraint();
constraint6.setAuthenticate(true);
constraint6.setName("omit HEAD and GET");
constraint6.setRoles(new String[] { "user" });
ConstraintMapping mapping6 = new ConstraintMapping();
mapping6.setPathSpec("/omit/*");
mapping6.setConstraint(constraint6);
//requests for every method except GET and HEAD must be in role "user"
mapping6.setMethodOmissions(new String[] { "GET", "HEAD" });
list.add(mapping6);
Constraint constraint7 = new Constraint();
constraint7.setAuthenticate(true);
constraint7.setName("non-omitted GET");
constraint7.setRoles(new String[] { "administrator" });
ConstraintMapping mapping7 = new ConstraintMapping();
mapping7.setPathSpec("/omit/*");
mapping7.setConstraint(constraint7);
//requests for GET must be in role "admin"
mapping7.setMethod("GET");
list.add(mapping7);
Constraint constraint8 = new Constraint();
constraint8.setAuthenticate(true);
constraint8.setName("non specific");
constraint8.setRoles(new String[] { "foo" });
ConstraintMapping mapping8 = new ConstraintMapping();
mapping8.setPathSpec("/omit/*");
//requests for all methods must be in role "foo"
mapping8.setConstraint(constraint8);
list.add(mapping8);
Set<String> knownRoles = new HashSet<>();
knownRoles.add("user");
knownRoles.add("administrator");
knownRoles.add("foo");
_security.setConstraintMappings(list, knownRoles);
_security.setAuthenticator(new BasicAuthenticator());
_server.start();
String response;
response = _connector.getResponse("GET /ctx/noauth/info HTTP/1.0\r\n\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
response = _connector.getResponse("GET /ctx/forbid/info HTTP/1.0\r\n\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 403 Forbidden"));
response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 401 Unauthorized"));
Assert.assertThat(response, Matchers.containsString("WWW-Authenticate: basic realm=\"TestRealm\""));
response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("user:wrong") + "\r\n" + "\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 401 Unauthorized"));
Assert.assertThat(response, Matchers.containsString("WWW-Authenticate: basic realm=\"TestRealm\""));
response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("user:password") + "\r\n" + "\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
// test admin
response = _connector.getResponse("GET /ctx/admin/info HTTP/1.0\r\n\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 401 Unauthorized"));
Assert.assertThat(response, Matchers.containsString("WWW-Authenticate: basic realm=\"TestRealm\""));
response = _connector.getResponse("GET /ctx/admin/info HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("admin:wrong") + "\r\n" + "\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 401 Unauthorized"));
Assert.assertThat(response, Matchers.containsString("WWW-Authenticate: basic realm=\"TestRealm\""));
response = _connector.getResponse("GET /ctx/admin/info HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("user:password") + "\r\n" + "\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 403 "));
Assert.assertThat(response, Matchers.containsString("!role"));
response = _connector.getResponse("GET /ctx/admin/info HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("admin:password") + "\r\n" + "\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
response = _connector.getResponse("GET /ctx/admin/relax/info HTTP/1.0\r\n\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
//check GET is in role administrator
response = _connector.getResponse("GET /ctx/omit/x HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("admin:password") + "\r\n" + "\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
//check POST is in role user
response = _connector.getResponse("POST /ctx/omit/x HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("user2:password") + "\r\n" + "\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
//check POST can be in role foo too
response = _connector.getResponse("POST /ctx/omit/x HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("user3:password") + "\r\n" + "\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
//check HEAD cannot be in role user
response = _connector.getResponse("HEAD /ctx/omit/x HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("user2:password") + "\r\n" + "\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 403 "));
}
Also used :
BasicAuthenticator(org.eclipse.jetty.security.authentication.BasicAuthenticator)
Constraint(org.eclipse.jetty.util.security.Constraint)
ArrayList(java.util.ArrayList)
HashSet(java.util.HashSet)
Test(org.junit.Test)
Example 18 with BasicAuthenticator
use of org.eclipse.jetty.security.authentication.BasicAuthenticator in project jetty.project by eclipse.
the class DataConstraintsTest method testRestricted.
@Test
public void testRestricted() throws Exception {
Constraint constraint0 = new Constraint();
constraint0.setAuthenticate(true);
constraint0.setRoles(new String[] { "admin" });
constraint0.setName("restricted");
ConstraintMapping mapping0 = new ConstraintMapping();
mapping0.setPathSpec("/restricted/*");
mapping0.setMethod("GET");
mapping0.setConstraint(constraint0);
_security.setConstraintMappings(Arrays.asList(new ConstraintMapping[] { mapping0 }));
DefaultIdentityService identityService = new DefaultIdentityService();
_security.setLoginService(new CustomLoginService(identityService));
_security.setIdentityService(identityService);
_security.setAuthenticator(new BasicAuthenticator());
_server.start();
String response;
response = _connector.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n\r\n");
Assert.assertThat(response, Matchers.containsString("HTTP/1.1 401 Unauthorized"));
response = _connectorS.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n\r\n");
Assert.assertThat(response, Matchers.containsString("HTTP/1.1 401 Unauthorized"));
response = _connector.getResponses("GET /ctx/restricted/info HTTP/1.0\nAuthorization: Basic YWRtaW46cGFzc3dvcmQ=\n\n");
Assert.assertThat(response, Matchers.containsString("HTTP/1.1 404 Not Found"));
response = _connectorS.getResponses("GET /ctx/restricted/info HTTP/1.0\nAuthorization: Basic YWRtaW46cGFzc3dvcmQ=\n\n");
Assert.assertThat(response, Matchers.containsString("HTTP/1.1 404 Not Found"));
}
Also used :
BasicAuthenticator(org.eclipse.jetty.security.authentication.BasicAuthenticator)
Constraint(org.eclipse.jetty.util.security.Constraint)
Test(org.junit.Test)
Example 19 with BasicAuthenticator
use of org.eclipse.jetty.security.authentication.BasicAuthenticator in project jetty.project by eclipse.
the class SpecExampleConstraintTest method testBasic.
@Test
public void testBasic() throws Exception {
_security.setAuthenticator(new BasicAuthenticator());
_server.start();
String response;
/*
/star all methods except GET/POST forbidden
/acme/wholesale/star all methods except GET/POST forbidden
/acme/retail/star all methods except GET/POST forbidden
/acme/wholesale/star GET must be in role CONTRACTOR or SALESCLERK
/acme/wholesale/star POST must be in role CONTRACTOR and confidential transport
/acme/retail/star GET must be in role CONTRACTOR or HOMEOWNER
/acme/retail/star POST must be in role CONTRACTOR or HOMEOWNER
*/
//a user in role HOMEOWNER is forbidden HEAD request
response = _connector.getResponses("HEAD /ctx/index.html HTTP/1.0\r\n\r\n");
assertTrue(response.startsWith("HTTP/1.1 403 Forbidden"));
response = _connector.getResponses("HEAD /ctx/index.html HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("harry:password") + "\r\n" + "\r\n");
assertThat(response, startsWith("HTTP/1.1 403 Forbidden"));
response = _connector.getResponses("HEAD /ctx/acme/wholesale/index.html HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("harry:password") + "\r\n" + "\r\n");
assertThat(response, startsWith("HTTP/1.1 403 Forbidden"));
response = _connector.getResponses("HEAD /ctx/acme/retail/index.html HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("harry:password") + "\r\n" + "\r\n");
assertThat(response, startsWith("HTTP/1.1 403 Forbidden"));
//a user in role CONTRACTOR can do a GET
response = _connector.getResponses("GET /ctx/acme/wholesale/index.html HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("chris:password") + "\r\n" + "\r\n");
assertThat(response, startsWith("HTTP/1.1 200 OK"));
//a user in role CONTRACTOR can only do a post if confidential
response = _connector.getResponses("POST /ctx/acme/wholesale/index.html HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("chris:password") + "\r\n" + "\r\n");
assertThat(response, startsWith("HTTP/1.1 403 !"));
//a user in role HOMEOWNER can do a GET
response = _connector.getResponses("GET /ctx/acme/retail/index.html HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("harry:password") + "\r\n" + "\r\n");
assertThat(response, startsWith("HTTP/1.1 200 OK"));
}
Also used :
BasicAuthenticator(org.eclipse.jetty.security.authentication.BasicAuthenticator)
Test(org.junit.Test)
Example 20 with BasicAuthenticator
use of org.eclipse.jetty.security.authentication.BasicAuthenticator in project jetty.project by eclipse.
the class ConstraintTest method testRoleRef.
@Test
public void testRoleRef() throws Exception {
RoleCheckHandler check = new RoleCheckHandler();
_security.setHandler(check);
_security.setAuthenticator(new BasicAuthenticator());
_server.start();
String response;
response = _connector.getResponse("GET /ctx/noauth/info HTTP/1.0\r\n\r\n", 100000, TimeUnit.MILLISECONDS);
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("user2:password") + "\r\n" + "\r\n", 100000, TimeUnit.MILLISECONDS);
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 500 "));
_server.stop();
RoleRefHandler roleref = new RoleRefHandler();
roleref.setHandler(_security.getHandler());
_security.setHandler(roleref);
roleref.setHandler(check);
_server.start();
response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("user2:password") + "\r\n" + "\r\n", 100000, TimeUnit.MILLISECONDS);
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
}
Also used :
BasicAuthenticator(org.eclipse.jetty.security.authentication.BasicAuthenticator)
Test(org.junit.Test)
Aggregations
BasicAuthenticator (org.eclipse.jetty.security.authentication.BasicAuthenticator)30
Constraint (org.eclipse.jetty.util.security.Constraint)19
Test (org.junit.Test)12
ConstraintMapping (org.eclipse.jetty.security.ConstraintMapping)11
ConstraintSecurityHandler (org.eclipse.jetty.security.ConstraintSecurityHandler)11
HashLoginService (org.eclipse.jetty.security.HashLoginService)11
Server (org.eclipse.jetty.server.Server)4
HashSet (java.util.HashSet)3
ServletContextHandler (org.eclipse.jetty.servlet.ServletContextHandler)3
ArrayList (java.util.ArrayList)2
ClientCertAuthenticator (org.eclipse.jetty.security.authentication.ClientCertAuthenticator)2
DigestAuthenticator (org.eclipse.jetty.security.authentication.DigestAuthenticator)2
FormAuthenticator (org.eclipse.jetty.security.authentication.FormAuthenticator)2
SpnegoAuthenticator (org.eclipse.jetty.security.authentication.SpnegoAuthenticator)2
Handler (org.eclipse.jetty.server.Handler)2
ServerConnector (org.eclipse.jetty.server.ServerConnector)2
ContextHandler (org.eclipse.jetty.server.handler.ContextHandler)2
DefaultHandler (org.eclipse.jetty.server.handler.DefaultHandler)2
HandlerCollection (org.eclipse.jetty.server.handler.HandlerCollection)2
HandlerList (org.eclipse.jetty.server.handler.HandlerList)2
