Search in sources :

Example 16 with Authentication

use of org.eclipse.jetty.server.Authentication in project jetty.project by eclipse.

the class FormAuthenticator method login.

/* ------------------------------------------------------------ */
@Override
public UserIdentity login(String username, Object password, ServletRequest request) {
    UserIdentity user = super.login(username, password, request);
    if (user != null) {
        HttpSession session = ((HttpServletRequest) request).getSession(true);
        Authentication cached = new SessionAuthentication(getAuthMethod(), user, password);
        session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached);
    }
    return user;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpSession(javax.servlet.http.HttpSession) UserAuthentication(org.eclipse.jetty.security.UserAuthentication) Authentication(org.eclipse.jetty.server.Authentication) UserIdentity(org.eclipse.jetty.server.UserIdentity)

Example 17 with Authentication

use of org.eclipse.jetty.server.Authentication in project jetty.project by eclipse.

the class SecurityHandler method handle.

/* ------------------------------------------------------------ */
/*
     * @see org.eclipse.jetty.server.Handler#handle(java.lang.String,
     *      javax.servlet.http.HttpServletRequest,
     *      javax.servlet.http.HttpServletResponse, int)
     */
@Override
public void handle(String pathInContext, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
    final Response base_response = baseRequest.getResponse();
    final Handler handler = getHandler();
    if (handler == null)
        return;
    final Authenticator authenticator = _authenticator;
    if (checkSecurity(baseRequest)) {
        //See Servlet Spec 3.1 sec 13.6.3
        if (authenticator != null)
            authenticator.prepareRequest(baseRequest);
        RoleInfo roleInfo = prepareConstraintInfo(pathInContext, baseRequest);
        // Check data constraints
        if (!checkUserDataPermissions(pathInContext, baseRequest, base_response, roleInfo)) {
            if (!baseRequest.isHandled()) {
                response.sendError(HttpServletResponse.SC_FORBIDDEN);
                baseRequest.setHandled(true);
            }
            return;
        }
        // is Auth mandatory?
        boolean isAuthMandatory = isAuthMandatory(baseRequest, base_response, roleInfo);
        if (isAuthMandatory && authenticator == null) {
            LOG.warn("No authenticator for: " + roleInfo);
            if (!baseRequest.isHandled()) {
                response.sendError(HttpServletResponse.SC_FORBIDDEN);
                baseRequest.setHandled(true);
            }
            return;
        }
        // check authentication
        Object previousIdentity = null;
        try {
            Authentication authentication = baseRequest.getAuthentication();
            if (authentication == null || authentication == Authentication.NOT_CHECKED)
                authentication = authenticator == null ? Authentication.UNAUTHENTICATED : authenticator.validateRequest(request, response, isAuthMandatory);
            if (authentication instanceof Authentication.Wrapped) {
                request = ((Authentication.Wrapped) authentication).getHttpServletRequest();
                response = ((Authentication.Wrapped) authentication).getHttpServletResponse();
            }
            if (authentication instanceof Authentication.ResponseSent) {
                baseRequest.setHandled(true);
            } else if (authentication instanceof Authentication.User) {
                Authentication.User userAuth = (Authentication.User) authentication;
                baseRequest.setAuthentication(authentication);
                if (_identityService != null)
                    previousIdentity = _identityService.associate(userAuth.getUserIdentity());
                if (isAuthMandatory) {
                    boolean authorized = checkWebResourcePermissions(pathInContext, baseRequest, base_response, roleInfo, userAuth.getUserIdentity());
                    if (!authorized) {
                        response.sendError(HttpServletResponse.SC_FORBIDDEN, "!role");
                        baseRequest.setHandled(true);
                        return;
                    }
                }
                handler.handle(pathInContext, baseRequest, request, response);
                if (authenticator != null)
                    authenticator.secureResponse(request, response, isAuthMandatory, userAuth);
            } else if (authentication instanceof Authentication.Deferred) {
                DeferredAuthentication deferred = (DeferredAuthentication) authentication;
                baseRequest.setAuthentication(authentication);
                try {
                    handler.handle(pathInContext, baseRequest, request, response);
                } finally {
                    previousIdentity = deferred.getPreviousAssociation();
                }
                if (authenticator != null) {
                    Authentication auth = baseRequest.getAuthentication();
                    if (auth instanceof Authentication.User) {
                        Authentication.User userAuth = (Authentication.User) auth;
                        authenticator.secureResponse(request, response, isAuthMandatory, userAuth);
                    } else
                        authenticator.secureResponse(request, response, isAuthMandatory, null);
                }
            } else {
                baseRequest.setAuthentication(authentication);
                if (_identityService != null)
                    previousIdentity = _identityService.associate(null);
                handler.handle(pathInContext, baseRequest, request, response);
                if (authenticator != null)
                    authenticator.secureResponse(request, response, isAuthMandatory, null);
            }
        } catch (ServerAuthException e) {
            // jaspi 3.8.3 send HTTP 500 internal server error, with message
            // from AuthException
            response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
        } finally {
            if (_identityService != null)
                _identityService.disassociate(previousIdentity);
        }
    } else
        handler.handle(pathInContext, baseRequest, request, response);
}
Also used : Handler(org.eclipse.jetty.server.Handler) ContextHandler(org.eclipse.jetty.server.handler.ContextHandler) DeferredAuthentication(org.eclipse.jetty.security.authentication.DeferredAuthentication) Response(org.eclipse.jetty.server.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) DeferredAuthentication(org.eclipse.jetty.security.authentication.DeferredAuthentication) Authentication(org.eclipse.jetty.server.Authentication)

Example 18 with Authentication

use of org.eclipse.jetty.server.Authentication in project blade by biezhi.

the class SecurityHandler method handle.

/* ------------------------------------------------------------ */
/*
     * @see org.eclipse.jetty.server.Handler#handle(java.lang.String,
     *      javax.servlet.http.HttpServletRequest,
     *      javax.servlet.http.HttpServletResponse, int)
     */
@Override
public void handle(String pathInContext, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
    final Response base_response = baseRequest.getResponse();
    final Handler handler = getHandler();
    if (handler == null)
        return;
    final Authenticator authenticator = _authenticator;
    if (checkSecurity(baseRequest)) {
        //See Servlet Spec 3.1 sec 13.6.3
        if (authenticator != null)
            authenticator.prepareRequest(baseRequest);
        RoleInfo roleInfo = prepareConstraintInfo(pathInContext, baseRequest);
        // Check data constraints
        if (!checkUserDataPermissions(pathInContext, baseRequest, base_response, roleInfo)) {
            if (!baseRequest.isHandled()) {
                response.sendError(HttpServletResponse.SC_FORBIDDEN);
                baseRequest.setHandled(true);
            }
            return;
        }
        // is Auth mandatory?
        boolean isAuthMandatory = isAuthMandatory(baseRequest, base_response, roleInfo);
        if (isAuthMandatory && authenticator == null) {
            LOG.warn("No authenticator for: " + roleInfo);
            if (!baseRequest.isHandled()) {
                response.sendError(HttpServletResponse.SC_FORBIDDEN);
                baseRequest.setHandled(true);
            }
            return;
        }
        // check authentication
        Object previousIdentity = null;
        try {
            Authentication authentication = baseRequest.getAuthentication();
            if (authentication == null || authentication == Authentication.NOT_CHECKED)
                authentication = authenticator == null ? Authentication.UNAUTHENTICATED : authenticator.validateRequest(request, response, isAuthMandatory);
            if (authentication instanceof Authentication.Wrapped) {
                request = ((Authentication.Wrapped) authentication).getHttpServletRequest();
                response = ((Authentication.Wrapped) authentication).getHttpServletResponse();
            }
            if (authentication instanceof Authentication.ResponseSent) {
                baseRequest.setHandled(true);
            } else if (authentication instanceof Authentication.User) {
                Authentication.User userAuth = (Authentication.User) authentication;
                baseRequest.setAuthentication(authentication);
                if (_identityService != null)
                    previousIdentity = _identityService.associate(userAuth.getUserIdentity());
                if (isAuthMandatory) {
                    boolean authorized = checkWebResourcePermissions(pathInContext, baseRequest, base_response, roleInfo, userAuth.getUserIdentity());
                    if (!authorized) {
                        response.sendError(HttpServletResponse.SC_FORBIDDEN, "!role");
                        baseRequest.setHandled(true);
                        return;
                    }
                }
                handler.handle(pathInContext, baseRequest, request, response);
                if (authenticator != null)
                    authenticator.secureResponse(request, response, isAuthMandatory, userAuth);
            } else if (authentication instanceof Authentication.Deferred) {
                DeferredAuthentication deferred = (DeferredAuthentication) authentication;
                baseRequest.setAuthentication(authentication);
                try {
                    handler.handle(pathInContext, baseRequest, request, response);
                } finally {
                    previousIdentity = deferred.getPreviousAssociation();
                }
                if (authenticator != null) {
                    Authentication auth = baseRequest.getAuthentication();
                    if (auth instanceof Authentication.User) {
                        Authentication.User userAuth = (Authentication.User) auth;
                        authenticator.secureResponse(request, response, isAuthMandatory, userAuth);
                    } else
                        authenticator.secureResponse(request, response, isAuthMandatory, null);
                }
            } else {
                baseRequest.setAuthentication(authentication);
                if (_identityService != null)
                    previousIdentity = _identityService.associate(null);
                handler.handle(pathInContext, baseRequest, request, response);
                if (authenticator != null)
                    authenticator.secureResponse(request, response, isAuthMandatory, null);
            }
        } catch (ServerAuthException e) {
            // jaspi 3.8.3 send HTTP 500 internal server error, with message
            // from AuthException
            response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
        } finally {
            if (_identityService != null)
                _identityService.disassociate(previousIdentity);
        }
    } else
        handler.handle(pathInContext, baseRequest, request, response);
}
Also used : Handler(org.eclipse.jetty.server.Handler) ContextHandler(org.eclipse.jetty.server.handler.ContextHandler) DeferredAuthentication(org.eclipse.jetty.security.authentication.DeferredAuthentication) Response(org.eclipse.jetty.server.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) DeferredAuthentication(org.eclipse.jetty.security.authentication.DeferredAuthentication) Authentication(org.eclipse.jetty.server.Authentication)

Example 19 with Authentication

use of org.eclipse.jetty.server.Authentication in project blade by biezhi.

the class DeferredAuthentication method authenticate.

/* ------------------------------------------------------------ */
/**
     * @see Deferred#authenticate(ServletRequest, ServletResponse)
     */
@Override
public Authentication authenticate(ServletRequest request, ServletResponse response) {
    try {
        LoginService login_service = _authenticator.getLoginService();
        IdentityService identity_service = login_service.getIdentityService();
        Authentication authentication = _authenticator.validateRequest(request, response, true);
        if (authentication instanceof User && identity_service != null)
            _previousAssociation = identity_service.associate(((User) authentication).getUserIdentity());
        return authentication;
    } catch (ServerAuthException e) {
        LOG.debug(e);
    }
    return this;
}
Also used : IdentityService(org.eclipse.jetty.security.IdentityService) UserAuthentication(org.eclipse.jetty.security.UserAuthentication) Authentication(org.eclipse.jetty.server.Authentication) ServerAuthException(org.eclipse.jetty.security.ServerAuthException) LoginService(org.eclipse.jetty.security.LoginService)

Example 20 with Authentication

use of org.eclipse.jetty.server.Authentication in project blade by biezhi.

the class FormAuthenticator method login.

/* ------------------------------------------------------------ */
@Override
public UserIdentity login(String username, Object password, ServletRequest request) {
    UserIdentity user = super.login(username, password, request);
    if (user != null) {
        HttpSession session = ((HttpServletRequest) request).getSession(true);
        Authentication cached = new SessionAuthentication(getAuthMethod(), user, password);
        session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached);
    }
    return user;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpSession(javax.servlet.http.HttpSession) UserAuthentication(org.eclipse.jetty.security.UserAuthentication) Authentication(org.eclipse.jetty.server.Authentication) UserIdentity(org.eclipse.jetty.server.UserIdentity)

Aggregations

Authentication (org.eclipse.jetty.server.Authentication)32 UserAuthentication (org.eclipse.jetty.security.UserAuthentication)27 HttpServletRequest (javax.servlet.http.HttpServletRequest)17 HttpSession (javax.servlet.http.HttpSession)17 SessionAuthentication (org.eclipse.jetty.security.authentication.SessionAuthentication)14 HttpServletResponse (javax.servlet.http.HttpServletResponse)13 DeferredAuthentication (org.eclipse.jetty.security.authentication.DeferredAuthentication)12 UserIdentity (org.eclipse.jetty.server.UserIdentity)11 Test (org.junit.Test)9 SecurityTest (org.apache.drill.categories.SecurityTest)8 ServerAuthException (org.eclipse.jetty.security.ServerAuthException)8 IOException (java.io.IOException)4 ServletRequest (javax.servlet.ServletRequest)4 BaseTest (org.apache.drill.test.BaseTest)4 IdentityService (org.eclipse.jetty.security.IdentityService)4 LoginService (org.eclipse.jetty.security.LoginService)4 Request (org.eclipse.jetty.server.Request)4 Response (org.eclipse.jetty.server.Response)4 DefaultUserIdentity (org.eclipse.jetty.security.DefaultUserIdentity)3 Principal (java.security.Principal)2