use of org.eclipse.jetty.security.authentication.FormAuthenticator in project drill by apache.
the class WebServer method createSecurityHandler.
/**
* @return {@link SecurityHandler} with appropriate {@link LoginService}, {@link Authenticator} and constraints.
*/
private ConstraintSecurityHandler createSecurityHandler() {
ConstraintSecurityHandler security = new ConstraintSecurityHandler();
Set<String> knownRoles = ImmutableSet.of(AUTHENTICATED_ROLE, ADMIN_ROLE);
security.setConstraintMappings(Collections.<ConstraintMapping>emptyList(), knownRoles);
security.setAuthenticator(new FormAuthenticator("/login", "/login", true));
security.setLoginService(new DrillRestLoginService(workManager.getContext()));
return security;
}
use of org.eclipse.jetty.security.authentication.FormAuthenticator in project jetty.project by eclipse.
the class ConstraintTest method testFormDispatch.
@Test
public void testFormDispatch() throws Exception {
_security.setAuthenticator(new FormAuthenticator("/testLoginPage", "/testErrorPage", true));
_server.start();
String response;
response = _connector.getResponse("GET /ctx/noauth/info HTTP/1.0\r\n\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
response = _connector.getResponse("GET /ctx/forbid/info HTTP/1.0\r\n\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 403 Forbidden"));
response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n\r\n");
Assert.assertThat(response, Matchers.containsString("Cache-Control: no-cache"));
Assert.assertThat(response, Matchers.containsString("Expires"));
Assert.assertThat(response, Matchers.containsString("URI=/ctx/testLoginPage"));
String session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx"));
response = _connector.getResponse("POST /ctx/j_security_check HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "Content-Type: application/x-www-form-urlencoded\r\n" + "Content-Length: 31\r\n" + "\r\n" + "j_username=user&j_password=wrong\r\n");
Assert.assertThat(response, Matchers.containsString("testErrorPage"));
response = _connector.getResponse("POST /ctx/j_security_check HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "Content-Type: application/x-www-form-urlencoded\r\n" + "Content-Length: 35\r\n" + "\r\n" + "j_username=user&j_password=password\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 302 "));
Assert.assertThat(response, Matchers.containsString("Location"));
Assert.assertThat(response, Matchers.containsString("Location"));
Assert.assertThat(response, Matchers.containsString("/ctx/auth/info"));
session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx"));
response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
response = _connector.getResponse("GET /ctx/admin/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 403"));
Assert.assertThat(response, Matchers.containsString("!role"));
}
use of org.eclipse.jetty.security.authentication.FormAuthenticator in project jetty.project by eclipse.
the class ConstraintTest method testStrictFormDispatch.
@Test
public void testStrictFormDispatch() throws Exception {
_security.setAuthenticator(new FormAuthenticator("/testLoginPage", "/testErrorPage", true));
_server.start();
String response;
response = _connector.getResponse("GET /ctx/noauth/info HTTP/1.0\r\n\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
response = _connector.getResponse("GET /ctx/forbid/info HTTP/1.0\r\n\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 403 Forbidden"));
response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n\r\n");
// assertThat(response,containsString(" 302 Found"));
// assertThat(response,containsString("/ctx/testLoginPage"));
Assert.assertThat(response, Matchers.containsString("Cache-Control: no-cache"));
Assert.assertThat(response, Matchers.containsString("Expires"));
Assert.assertThat(response, Matchers.containsString("URI=/ctx/testLoginPage"));
String session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx"));
response = _connector.getResponse("POST /ctx/j_security_check HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "Content-Type: application/x-www-form-urlencoded\r\n" + "Content-Length: 31\r\n" + "\r\n" + "j_username=user&j_password=wrong\r\n");
// assertThat(response,containsString("Location"));
Assert.assertThat(response, Matchers.containsString("testErrorPage"));
response = _connector.getResponse("POST /ctx/j_security_check HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "Content-Type: application/x-www-form-urlencoded\r\n" + "Content-Length: 36\r\n" + "\r\n" + "j_username=user0&j_password=password\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 302 "));
Assert.assertThat(response, Matchers.containsString("Location"));
Assert.assertThat(response, Matchers.containsString("/ctx/auth/info"));
session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx"));
response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 403"));
Assert.assertThat(response, Matchers.containsString("!role"));
response = _connector.getResponse("GET /ctx/admin/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 403"));
Assert.assertThat(response, Matchers.containsString("!role"));
// log in again as user2
response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n\r\n");
// assertThat(response,startsWith("HTTP/1.1 302 "));
// assertThat(response,containsString("testLoginPage"));
session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx"));
response = _connector.getResponse("POST /ctx/j_security_check HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "Content-Type: application/x-www-form-urlencoded\r\n" + "Content-Length: 36\r\n" + "\r\n" + "j_username=user2&j_password=password\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 302 "));
Assert.assertThat(response, Matchers.containsString("Location"));
Assert.assertThat(response, Matchers.containsString("/ctx/auth/info"));
session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx"));
response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
response = _connector.getResponse("GET /ctx/admin/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 403"));
Assert.assertThat(response, Matchers.containsString("!role"));
// log in again as admin
response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n\r\n");
// assertThat(response,startsWith("HTTP/1.1 302 "));
// assertThat(response,containsString("testLoginPage"));
session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx"));
response = _connector.getResponse("POST /ctx/j_security_check HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "Content-Type: application/x-www-form-urlencoded\r\n" + "Content-Length: 36\r\n" + "\r\n" + "j_username=admin&j_password=password\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 302 "));
Assert.assertThat(response, Matchers.containsString("Location"));
Assert.assertThat(response, Matchers.containsString("/ctx/auth/info"));
session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx"));
response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
response = _connector.getResponse("GET /ctx/admin/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "\r\n");
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
}
use of org.eclipse.jetty.security.authentication.FormAuthenticator in project jetty.project by eclipse.
the class DefaultAuthenticatorFactory method getAuthenticator.
public Authenticator getAuthenticator(Server server, ServletContext context, AuthConfiguration configuration, IdentityService identityService, LoginService loginService) {
String auth = configuration.getAuthMethod();
Authenticator authenticator = null;
if (auth == null || Constraint.__BASIC_AUTH.equalsIgnoreCase(auth))
authenticator = new BasicAuthenticator();
else if (Constraint.__DIGEST_AUTH.equalsIgnoreCase(auth))
authenticator = new DigestAuthenticator();
else if (Constraint.__FORM_AUTH.equalsIgnoreCase(auth))
authenticator = new FormAuthenticator();
else if (Constraint.__SPNEGO_AUTH.equalsIgnoreCase(auth))
authenticator = new SpnegoAuthenticator();
else if (// see Bug #377076
Constraint.__NEGOTIATE_AUTH.equalsIgnoreCase(auth))
authenticator = new SpnegoAuthenticator(Constraint.__NEGOTIATE_AUTH);
if (Constraint.__CERT_AUTH.equalsIgnoreCase(auth) || Constraint.__CERT_AUTH2.equalsIgnoreCase(auth))
authenticator = new ClientCertAuthenticator();
return authenticator;
}
Aggregations