Examples with DigestAuthenticator org.eclipse.jetty.security.authentication.DigestAuthenticator used on opensource projects

Example 1 with DigestAuthenticator

use of org.eclipse.jetty.security.authentication.DigestAuthenticator in project jetty.project by eclipse.

the class DigestPostTest method setUpServer.

@BeforeClass
public static void setUpServer() {
    try {
        _server = new Server();
        _server.setConnectors(new Connector[] { new ServerConnector(_server) });
        ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SECURITY);
        context.setContextPath("/test");
        context.addServlet(PostServlet.class, "/");
        TestLoginService realm = new TestLoginService("test");
        realm.putUser("testuser", new Password("password"), new String[] { "test" });
        _server.addBean(realm);
        ConstraintSecurityHandler security = (ConstraintSecurityHandler) context.getSecurityHandler();
        security.setAuthenticator(new DigestAuthenticator());
        security.setLoginService(realm);
        Constraint constraint = new Constraint("SecureTest", "test");
        constraint.setAuthenticate(true);
        ConstraintMapping mapping = new ConstraintMapping();
        mapping.setConstraint(constraint);
        mapping.setPathSpec("/*");
        security.setConstraintMappings(Collections.singletonList(mapping));
        HandlerCollection handlers = new HandlerCollection();
        handlers.setHandlers(new Handler[] { context, new DefaultHandler() });
        _server.setHandler(handlers);
        _server.start();
    } catch (final Exception e) {
        e.printStackTrace();
    }
}

Example 2 with DigestAuthenticator

use of org.eclipse.jetty.security.authentication.DigestAuthenticator in project jetty.project by eclipse.

the class ConstraintTest method testDigest.

@Test
public void testDigest() throws Exception {
    DigestAuthenticator authenticator = new DigestAuthenticator();
    authenticator.setMaxNonceCount(5);
    _security.setAuthenticator(authenticator);
    _server.start();
    String response;
    response = _connector.getResponse("GET /ctx/noauth/info HTTP/1.0\r\n\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
    response = _connector.getResponse("GET /ctx/forbid/info HTTP/1.0\r\n\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 403 Forbidden"));
    response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 401 Unauthorized"));
    Assert.assertThat(response, Matchers.containsString("WWW-Authenticate: Digest realm=\"TestRealm\""));
    Pattern nonceP = Pattern.compile("nonce=\"([^\"]*)\",");
    Matcher matcher = nonceP.matcher(response);
    Assert.assertTrue(matcher.find());
    String nonce = matcher.group(1);
    //wrong password
    String digest = digest(nonce, "user", "WRONG", "/ctx/auth/info", "1");
    response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Digest username=\"user\", qop=auth, cnonce=\"1234567890\", uri=\"/ctx/auth/info\", realm=\"TestRealm\", " + "nc=1, " + "nonce=\"" + nonce + "\", " + "response=\"" + digest + "\"\r\n" + "\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 401 Unauthorized"));
    // right password
    digest = digest(nonce, "user", "password", "/ctx/auth/info", "2");
    response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Digest username=\"user\", qop=auth, cnonce=\"1234567890\", uri=\"/ctx/auth/info\", realm=\"TestRealm\", " + "nc=2, " + "nonce=\"" + nonce + "\", " + "response=\"" + digest + "\"\r\n" + "\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
    // once only
    digest = digest(nonce, "user", "password", "/ctx/auth/info", "2");
    response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Digest username=\"user\", qop=auth, cnonce=\"1234567890\", uri=\"/ctx/auth/info\", realm=\"TestRealm\", " + "nc=2, " + "nonce=\"" + nonce + "\", " + "response=\"" + digest + "\"\r\n" + "\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 401 Unauthorized"));
    // increasing
    digest = digest(nonce, "user", "password", "/ctx/auth/info", "4");
    response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Digest username=\"user\", qop=auth, cnonce=\"1234567890\", uri=\"/ctx/auth/info\", realm=\"TestRealm\", " + "nc=4, " + "nonce=\"" + nonce + "\", " + "response=\"" + digest + "\"\r\n" + "\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
    // out of order
    digest = digest(nonce, "user", "password", "/ctx/auth/info", "3");
    response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Digest username=\"user\", qop=auth, cnonce=\"1234567890\", uri=\"/ctx/auth/info\", realm=\"TestRealm\", " + "nc=3, " + "nonce=\"" + nonce + "\", " + "response=\"" + digest + "\"\r\n" + "\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
    // stale
    digest = digest(nonce, "user", "password", "/ctx/auth/info", "5");
    response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Digest username=\"user\", qop=auth, cnonce=\"1234567890\", uri=\"/ctx/auth/info\", realm=\"TestRealm\", " + "nc=5, " + "nonce=\"" + nonce + "\", " + "response=\"" + digest + "\"\r\n" + "\r\n");
    Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 401 Unauthorized"));
    Assert.assertThat(response, Matchers.containsString("stale=true"));
}

Example 3 with DigestAuthenticator

use of org.eclipse.jetty.security.authentication.DigestAuthenticator in project blade by biezhi.

the class DefaultAuthenticatorFactory method getAuthenticator.

public Authenticator getAuthenticator(Server server, ServletContext context, AuthConfiguration configuration, IdentityService identityService, LoginService loginService) {
    String auth = configuration.getAuthMethod();
    Authenticator authenticator = null;
    if (auth == null || Constraint.__BASIC_AUTH.equalsIgnoreCase(auth))
        authenticator = new BasicAuthenticator();
    else if (Constraint.__DIGEST_AUTH.equalsIgnoreCase(auth))
        authenticator = new DigestAuthenticator();
    else if (Constraint.__FORM_AUTH.equalsIgnoreCase(auth))
        authenticator = new FormAuthenticator();
    else if (Constraint.__SPNEGO_AUTH.equalsIgnoreCase(auth))
        authenticator = new SpnegoAuthenticator();
    else if (// see Bug #377076
    Constraint.__NEGOTIATE_AUTH.equalsIgnoreCase(auth))
        authenticator = new SpnegoAuthenticator(Constraint.__NEGOTIATE_AUTH);
    if (Constraint.__CERT_AUTH.equalsIgnoreCase(auth) || Constraint.__CERT_AUTH2.equalsIgnoreCase(auth))
        authenticator = new ClientCertAuthenticator();
    return authenticator;
}

Example 4 with DigestAuthenticator

use of org.eclipse.jetty.security.authentication.DigestAuthenticator in project jetty.project by eclipse.

the class DefaultAuthenticatorFactory method getAuthenticator.

public Authenticator getAuthenticator(Server server, ServletContext context, AuthConfiguration configuration, IdentityService identityService, LoginService loginService) {
    String auth = configuration.getAuthMethod();
    Authenticator authenticator = null;
    if (auth == null || Constraint.__BASIC_AUTH.equalsIgnoreCase(auth))
        authenticator = new BasicAuthenticator();
    else if (Constraint.__DIGEST_AUTH.equalsIgnoreCase(auth))
        authenticator = new DigestAuthenticator();
    else if (Constraint.__FORM_AUTH.equalsIgnoreCase(auth))
        authenticator = new FormAuthenticator();
    else if (Constraint.__SPNEGO_AUTH.equalsIgnoreCase(auth))
        authenticator = new SpnegoAuthenticator();
    else if (// see Bug #377076
    Constraint.__NEGOTIATE_AUTH.equalsIgnoreCase(auth))
        authenticator = new SpnegoAuthenticator(Constraint.__NEGOTIATE_AUTH);
    if (Constraint.__CERT_AUTH.equalsIgnoreCase(auth) || Constraint.__CERT_AUTH2.equalsIgnoreCase(auth))
        authenticator = new ClientCertAuthenticator();
    return authenticator;
}

Example 5 with DigestAuthenticator

use of org.eclipse.jetty.security.authentication.DigestAuthenticator in project calcite-avatica by apache.

the class HttpServer method configureDigestAuthentication.

protected ConstraintSecurityHandler configureDigestAuthentication(Server server, ServerConnector connector, AvaticaServerConfiguration config) {
    final String[] allowedRoles = config.getAllowedRoles();
    final String realm = config.getHashLoginServiceRealm();
    final String loginServiceProperties = config.getHashLoginServiceProperties();
    HashLoginService loginService = new HashLoginService(realm, loginServiceProperties);
    server.addBean(loginService);
    return configureCommonAuthentication(server, connector, config, Constraint.__DIGEST_AUTH, allowedRoles, new DigestAuthenticator(), null, loginService);
}