use of org.eclipse.jetty.security.authentication.DigestAuthenticator in project jetty.project by eclipse.
the class DigestPostTest method setUpServer.
@BeforeClass
public static void setUpServer() {
try {
_server = new Server();
_server.setConnectors(new Connector[] { new ServerConnector(_server) });
ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SECURITY);
context.setContextPath("/test");
context.addServlet(PostServlet.class, "/");
TestLoginService realm = new TestLoginService("test");
realm.putUser("testuser", new Password("password"), new String[] { "test" });
_server.addBean(realm);
ConstraintSecurityHandler security = (ConstraintSecurityHandler) context.getSecurityHandler();
security.setAuthenticator(new DigestAuthenticator());
security.setLoginService(realm);
Constraint constraint = new Constraint("SecureTest", "test");
constraint.setAuthenticate(true);
ConstraintMapping mapping = new ConstraintMapping();
mapping.setConstraint(constraint);
mapping.setPathSpec("/*");
security.setConstraintMappings(Collections.singletonList(mapping));
HandlerCollection handlers = new HandlerCollection();
handlers.setHandlers(new Handler[] { context, new DefaultHandler() });
_server.setHandler(handlers);
_server.start();
} catch (final Exception e) {
e.printStackTrace();
}
}
use of org.eclipse.jetty.security.authentication.DigestAuthenticator in project jetty.project by eclipse.
the class ConstraintTest method testDigest.
@Test
public void testDigest() throws Exception {
DigestAuthenticator authenticator = new DigestAuthenticator();
authenticator.setMaxNonceCount(5);
_security.setAuthenticator(authenticator);
_server.start();
String response;
response = _connector.getResponse("GET /ctx/noauth/info HTTP/1.0\r\n\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
response = _connector.getResponse("GET /ctx/forbid/info HTTP/1.0\r\n\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 403 Forbidden"));
response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 401 Unauthorized"));
Assert.assertThat(response, Matchers.containsString("WWW-Authenticate: Digest realm=\"TestRealm\""));
Pattern nonceP = Pattern.compile("nonce=\"([^\"]*)\",");
Matcher matcher = nonceP.matcher(response);
Assert.assertTrue(matcher.find());
String nonce = matcher.group(1);
//wrong password
String digest = digest(nonce, "user", "WRONG", "/ctx/auth/info", "1");
response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Digest username=\"user\", qop=auth, cnonce=\"1234567890\", uri=\"/ctx/auth/info\", realm=\"TestRealm\", " + "nc=1, " + "nonce=\"" + nonce + "\", " + "response=\"" + digest + "\"\r\n" + "\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 401 Unauthorized"));
// right password
digest = digest(nonce, "user", "password", "/ctx/auth/info", "2");
response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Digest username=\"user\", qop=auth, cnonce=\"1234567890\", uri=\"/ctx/auth/info\", realm=\"TestRealm\", " + "nc=2, " + "nonce=\"" + nonce + "\", " + "response=\"" + digest + "\"\r\n" + "\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
// once only
digest = digest(nonce, "user", "password", "/ctx/auth/info", "2");
response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Digest username=\"user\", qop=auth, cnonce=\"1234567890\", uri=\"/ctx/auth/info\", realm=\"TestRealm\", " + "nc=2, " + "nonce=\"" + nonce + "\", " + "response=\"" + digest + "\"\r\n" + "\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 401 Unauthorized"));
// increasing
digest = digest(nonce, "user", "password", "/ctx/auth/info", "4");
response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Digest username=\"user\", qop=auth, cnonce=\"1234567890\", uri=\"/ctx/auth/info\", realm=\"TestRealm\", " + "nc=4, " + "nonce=\"" + nonce + "\", " + "response=\"" + digest + "\"\r\n" + "\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
// out of order
digest = digest(nonce, "user", "password", "/ctx/auth/info", "3");
response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Digest username=\"user\", qop=auth, cnonce=\"1234567890\", uri=\"/ctx/auth/info\", realm=\"TestRealm\", " + "nc=3, " + "nonce=\"" + nonce + "\", " + "response=\"" + digest + "\"\r\n" + "\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
// stale
digest = digest(nonce, "user", "password", "/ctx/auth/info", "5");
response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Digest username=\"user\", qop=auth, cnonce=\"1234567890\", uri=\"/ctx/auth/info\", realm=\"TestRealm\", " + "nc=5, " + "nonce=\"" + nonce + "\", " + "response=\"" + digest + "\"\r\n" + "\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 401 Unauthorized"));
Assert.assertThat(response, Matchers.containsString("stale=true"));
}
use of org.eclipse.jetty.security.authentication.DigestAuthenticator in project blade by biezhi.
the class DefaultAuthenticatorFactory method getAuthenticator.
public Authenticator getAuthenticator(Server server, ServletContext context, AuthConfiguration configuration, IdentityService identityService, LoginService loginService) {
String auth = configuration.getAuthMethod();
Authenticator authenticator = null;
if (auth == null || Constraint.__BASIC_AUTH.equalsIgnoreCase(auth))
authenticator = new BasicAuthenticator();
else if (Constraint.__DIGEST_AUTH.equalsIgnoreCase(auth))
authenticator = new DigestAuthenticator();
else if (Constraint.__FORM_AUTH.equalsIgnoreCase(auth))
authenticator = new FormAuthenticator();
else if (Constraint.__SPNEGO_AUTH.equalsIgnoreCase(auth))
authenticator = new SpnegoAuthenticator();
else if (// see Bug #377076
Constraint.__NEGOTIATE_AUTH.equalsIgnoreCase(auth))
authenticator = new SpnegoAuthenticator(Constraint.__NEGOTIATE_AUTH);
if (Constraint.__CERT_AUTH.equalsIgnoreCase(auth) || Constraint.__CERT_AUTH2.equalsIgnoreCase(auth))
authenticator = new ClientCertAuthenticator();
return authenticator;
}
use of org.eclipse.jetty.security.authentication.DigestAuthenticator in project jetty.project by eclipse.
the class DefaultAuthenticatorFactory method getAuthenticator.
public Authenticator getAuthenticator(Server server, ServletContext context, AuthConfiguration configuration, IdentityService identityService, LoginService loginService) {
String auth = configuration.getAuthMethod();
Authenticator authenticator = null;
if (auth == null || Constraint.__BASIC_AUTH.equalsIgnoreCase(auth))
authenticator = new BasicAuthenticator();
else if (Constraint.__DIGEST_AUTH.equalsIgnoreCase(auth))
authenticator = new DigestAuthenticator();
else if (Constraint.__FORM_AUTH.equalsIgnoreCase(auth))
authenticator = new FormAuthenticator();
else if (Constraint.__SPNEGO_AUTH.equalsIgnoreCase(auth))
authenticator = new SpnegoAuthenticator();
else if (// see Bug #377076
Constraint.__NEGOTIATE_AUTH.equalsIgnoreCase(auth))
authenticator = new SpnegoAuthenticator(Constraint.__NEGOTIATE_AUTH);
if (Constraint.__CERT_AUTH.equalsIgnoreCase(auth) || Constraint.__CERT_AUTH2.equalsIgnoreCase(auth))
authenticator = new ClientCertAuthenticator();
return authenticator;
}
use of org.eclipse.jetty.security.authentication.DigestAuthenticator in project calcite-avatica by apache.
the class HttpServer method configureDigestAuthentication.
protected ConstraintSecurityHandler configureDigestAuthentication(Server server, ServerConnector connector, AvaticaServerConfiguration config) {
final String[] allowedRoles = config.getAllowedRoles();
final String realm = config.getHashLoginServiceRealm();
final String loginServiceProperties = config.getHashLoginServiceProperties();
HashLoginService loginService = new HashLoginService(realm, loginServiceProperties);
server.addBean(loginService);
return configureCommonAuthentication(server, connector, config, Constraint.__DIGEST_AUTH, allowedRoles, new DigestAuthenticator(), null, loginService);
}
Aggregations