Search in sources :

Example 1 with DigestAuthenticator

use of org.eclipse.jetty.security.authentication.DigestAuthenticator in project jetty.project by eclipse.

the class DigestPostTest method setUpServer.

@BeforeClass
public static void setUpServer() {
    try {
        _server = new Server();
        _server.setConnectors(new Connector[] { new ServerConnector(_server) });
        ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SECURITY);
        context.setContextPath("/test");
        context.addServlet(PostServlet.class, "/");
        TestLoginService realm = new TestLoginService("test");
        realm.putUser("testuser", new Password("password"), new String[] { "test" });
        _server.addBean(realm);
        ConstraintSecurityHandler security = (ConstraintSecurityHandler) context.getSecurityHandler();
        security.setAuthenticator(new DigestAuthenticator());
        security.setLoginService(realm);
        Constraint constraint = new Constraint("SecureTest", "test");
        constraint.setAuthenticate(true);
        ConstraintMapping mapping = new ConstraintMapping();
        mapping.setConstraint(constraint);
        mapping.setPathSpec("/*");
        security.setConstraintMappings(Collections.singletonList(mapping));
        HandlerCollection handlers = new HandlerCollection();
        handlers.setHandlers(new Handler[] { context, new DefaultHandler() });
        _server.setHandler(handlers);
        _server.start();
    } catch (final Exception e) {
        e.printStackTrace();
    }
}
Also used : ServerConnector(org.eclipse.jetty.server.ServerConnector) ConstraintMapping(org.eclipse.jetty.security.ConstraintMapping) Server(org.eclipse.jetty.server.Server) DigestAuthenticator(org.eclipse.jetty.security.authentication.DigestAuthenticator) Constraint(org.eclipse.jetty.util.security.Constraint) ConstraintSecurityHandler(org.eclipse.jetty.security.ConstraintSecurityHandler) HandlerCollection(org.eclipse.jetty.server.handler.HandlerCollection) ServletContextHandler(org.eclipse.jetty.servlet.ServletContextHandler) IOException(java.io.IOException) Password(org.eclipse.jetty.util.security.Password) DefaultHandler(org.eclipse.jetty.server.handler.DefaultHandler) BeforeClass(org.junit.BeforeClass)

Example 2 with DigestAuthenticator

use of org.eclipse.jetty.security.authentication.DigestAuthenticator in project jetty.project by eclipse.

the class ConstraintTest method testDigest.

@Test
public void testDigest() throws Exception {
    DigestAuthenticator authenticator = new DigestAuthenticator();
    authenticator.setMaxNonceCount(5);
    _security.setAuthenticator(authenticator);
    _server.start();
    String response;
    response = _connector.getResponse("GET /ctx/noauth/info HTTP/1.0\r\n\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
    response = _connector.getResponse("GET /ctx/forbid/info HTTP/1.0\r\n\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 403 Forbidden"));
    response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 401 Unauthorized"));
    Assert.assertThat(response, Matchers.containsString("WWW-Authenticate: Digest realm=\"TestRealm\""));
    Pattern nonceP = Pattern.compile("nonce=\"([^\"]*)\",");
    Matcher matcher = nonceP.matcher(response);
    Assert.assertTrue(matcher.find());
    String nonce = matcher.group(1);
    //wrong password
    String digest = digest(nonce, "user", "WRONG", "/ctx/auth/info", "1");
    response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Digest username=\"user\", qop=auth, cnonce=\"1234567890\", uri=\"/ctx/auth/info\", realm=\"TestRealm\", " + "nc=1, " + "nonce=\"" + nonce + "\", " + "response=\"" + digest + "\"\r\n" + "\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 401 Unauthorized"));
    // right password
    digest = digest(nonce, "user", "password", "/ctx/auth/info", "2");
    response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Digest username=\"user\", qop=auth, cnonce=\"1234567890\", uri=\"/ctx/auth/info\", realm=\"TestRealm\", " + "nc=2, " + "nonce=\"" + nonce + "\", " + "response=\"" + digest + "\"\r\n" + "\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
    // once only
    digest = digest(nonce, "user", "password", "/ctx/auth/info", "2");
    response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Digest username=\"user\", qop=auth, cnonce=\"1234567890\", uri=\"/ctx/auth/info\", realm=\"TestRealm\", " + "nc=2, " + "nonce=\"" + nonce + "\", " + "response=\"" + digest + "\"\r\n" + "\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 401 Unauthorized"));
    // increasing
    digest = digest(nonce, "user", "password", "/ctx/auth/info", "4");
    response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Digest username=\"user\", qop=auth, cnonce=\"1234567890\", uri=\"/ctx/auth/info\", realm=\"TestRealm\", " + "nc=4, " + "nonce=\"" + nonce + "\", " + "response=\"" + digest + "\"\r\n" + "\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
    // out of order
    digest = digest(nonce, "user", "password", "/ctx/auth/info", "3");
    response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Digest username=\"user\", qop=auth, cnonce=\"1234567890\", uri=\"/ctx/auth/info\", realm=\"TestRealm\", " + "nc=3, " + "nonce=\"" + nonce + "\", " + "response=\"" + digest + "\"\r\n" + "\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
    // stale
    digest = digest(nonce, "user", "password", "/ctx/auth/info", "5");
    response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Digest username=\"user\", qop=auth, cnonce=\"1234567890\", uri=\"/ctx/auth/info\", realm=\"TestRealm\", " + "nc=5, " + "nonce=\"" + nonce + "\", " + "response=\"" + digest + "\"\r\n" + "\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 401 Unauthorized"));
    Assert.assertThat(response, Matchers.containsString("stale=true"));
}
Also used : Pattern(java.util.regex.Pattern) DigestAuthenticator(org.eclipse.jetty.security.authentication.DigestAuthenticator) Matcher(java.util.regex.Matcher) Test(org.junit.Test)

Example 3 with DigestAuthenticator

use of org.eclipse.jetty.security.authentication.DigestAuthenticator in project blade by biezhi.

the class DefaultAuthenticatorFactory method getAuthenticator.

public Authenticator getAuthenticator(Server server, ServletContext context, AuthConfiguration configuration, IdentityService identityService, LoginService loginService) {
    String auth = configuration.getAuthMethod();
    Authenticator authenticator = null;
    if (auth == null || Constraint.__BASIC_AUTH.equalsIgnoreCase(auth))
        authenticator = new BasicAuthenticator();
    else if (Constraint.__DIGEST_AUTH.equalsIgnoreCase(auth))
        authenticator = new DigestAuthenticator();
    else if (Constraint.__FORM_AUTH.equalsIgnoreCase(auth))
        authenticator = new FormAuthenticator();
    else if (Constraint.__SPNEGO_AUTH.equalsIgnoreCase(auth))
        authenticator = new SpnegoAuthenticator();
    else if (// see Bug #377076
    Constraint.__NEGOTIATE_AUTH.equalsIgnoreCase(auth))
        authenticator = new SpnegoAuthenticator(Constraint.__NEGOTIATE_AUTH);
    if (Constraint.__CERT_AUTH.equalsIgnoreCase(auth) || Constraint.__CERT_AUTH2.equalsIgnoreCase(auth))
        authenticator = new ClientCertAuthenticator();
    return authenticator;
}
Also used : BasicAuthenticator(org.eclipse.jetty.security.authentication.BasicAuthenticator) ClientCertAuthenticator(org.eclipse.jetty.security.authentication.ClientCertAuthenticator) DigestAuthenticator(org.eclipse.jetty.security.authentication.DigestAuthenticator) FormAuthenticator(org.eclipse.jetty.security.authentication.FormAuthenticator) SpnegoAuthenticator(org.eclipse.jetty.security.authentication.SpnegoAuthenticator) SpnegoAuthenticator(org.eclipse.jetty.security.authentication.SpnegoAuthenticator) ClientCertAuthenticator(org.eclipse.jetty.security.authentication.ClientCertAuthenticator) DigestAuthenticator(org.eclipse.jetty.security.authentication.DigestAuthenticator) FormAuthenticator(org.eclipse.jetty.security.authentication.FormAuthenticator) BasicAuthenticator(org.eclipse.jetty.security.authentication.BasicAuthenticator)

Example 4 with DigestAuthenticator

use of org.eclipse.jetty.security.authentication.DigestAuthenticator in project jetty.project by eclipse.

the class DefaultAuthenticatorFactory method getAuthenticator.

public Authenticator getAuthenticator(Server server, ServletContext context, AuthConfiguration configuration, IdentityService identityService, LoginService loginService) {
    String auth = configuration.getAuthMethod();
    Authenticator authenticator = null;
    if (auth == null || Constraint.__BASIC_AUTH.equalsIgnoreCase(auth))
        authenticator = new BasicAuthenticator();
    else if (Constraint.__DIGEST_AUTH.equalsIgnoreCase(auth))
        authenticator = new DigestAuthenticator();
    else if (Constraint.__FORM_AUTH.equalsIgnoreCase(auth))
        authenticator = new FormAuthenticator();
    else if (Constraint.__SPNEGO_AUTH.equalsIgnoreCase(auth))
        authenticator = new SpnegoAuthenticator();
    else if (// see Bug #377076
    Constraint.__NEGOTIATE_AUTH.equalsIgnoreCase(auth))
        authenticator = new SpnegoAuthenticator(Constraint.__NEGOTIATE_AUTH);
    if (Constraint.__CERT_AUTH.equalsIgnoreCase(auth) || Constraint.__CERT_AUTH2.equalsIgnoreCase(auth))
        authenticator = new ClientCertAuthenticator();
    return authenticator;
}
Also used : BasicAuthenticator(org.eclipse.jetty.security.authentication.BasicAuthenticator) ClientCertAuthenticator(org.eclipse.jetty.security.authentication.ClientCertAuthenticator) DigestAuthenticator(org.eclipse.jetty.security.authentication.DigestAuthenticator) FormAuthenticator(org.eclipse.jetty.security.authentication.FormAuthenticator) SpnegoAuthenticator(org.eclipse.jetty.security.authentication.SpnegoAuthenticator) SpnegoAuthenticator(org.eclipse.jetty.security.authentication.SpnegoAuthenticator) ClientCertAuthenticator(org.eclipse.jetty.security.authentication.ClientCertAuthenticator) DigestAuthenticator(org.eclipse.jetty.security.authentication.DigestAuthenticator) FormAuthenticator(org.eclipse.jetty.security.authentication.FormAuthenticator) BasicAuthenticator(org.eclipse.jetty.security.authentication.BasicAuthenticator)

Example 5 with DigestAuthenticator

use of org.eclipse.jetty.security.authentication.DigestAuthenticator in project calcite-avatica by apache.

the class HttpServer method configureDigestAuthentication.

protected ConstraintSecurityHandler configureDigestAuthentication(Server server, ServerConnector connector, AvaticaServerConfiguration config) {
    final String[] allowedRoles = config.getAllowedRoles();
    final String realm = config.getHashLoginServiceRealm();
    final String loginServiceProperties = config.getHashLoginServiceProperties();
    HashLoginService loginService = new HashLoginService(realm, loginServiceProperties);
    server.addBean(loginService);
    return configureCommonAuthentication(server, connector, config, Constraint.__DIGEST_AUTH, allowedRoles, new DigestAuthenticator(), null, loginService);
}
Also used : HashLoginService(org.eclipse.jetty.security.HashLoginService) DigestAuthenticator(org.eclipse.jetty.security.authentication.DigestAuthenticator)

Aggregations

DigestAuthenticator (org.eclipse.jetty.security.authentication.DigestAuthenticator)5 BasicAuthenticator (org.eclipse.jetty.security.authentication.BasicAuthenticator)2 ClientCertAuthenticator (org.eclipse.jetty.security.authentication.ClientCertAuthenticator)2 FormAuthenticator (org.eclipse.jetty.security.authentication.FormAuthenticator)2 SpnegoAuthenticator (org.eclipse.jetty.security.authentication.SpnegoAuthenticator)2 IOException (java.io.IOException)1 Matcher (java.util.regex.Matcher)1 Pattern (java.util.regex.Pattern)1 ConstraintMapping (org.eclipse.jetty.security.ConstraintMapping)1 ConstraintSecurityHandler (org.eclipse.jetty.security.ConstraintSecurityHandler)1 HashLoginService (org.eclipse.jetty.security.HashLoginService)1 Server (org.eclipse.jetty.server.Server)1 ServerConnector (org.eclipse.jetty.server.ServerConnector)1 DefaultHandler (org.eclipse.jetty.server.handler.DefaultHandler)1 HandlerCollection (org.eclipse.jetty.server.handler.HandlerCollection)1 ServletContextHandler (org.eclipse.jetty.servlet.ServletContextHandler)1 Constraint (org.eclipse.jetty.util.security.Constraint)1 Password (org.eclipse.jetty.util.security.Password)1 BeforeClass (org.junit.BeforeClass)1 Test (org.junit.Test)1