Search in sources :

Example 21 with Authentication

use of org.eclipse.jetty.server.Authentication in project drill by axbaretto.

the class DrillSpnegoAuthenticator method login.

public UserIdentity login(String username, Object password, ServletRequest request) {
    final UserIdentity user = super.login(username, password, request);
    if (user != null) {
        final HttpSession session = ((HttpServletRequest) request).getSession(true);
        final Authentication cached = new SessionAuthentication(this.getAuthMethod(), user, password);
        session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached);
    }
    return user;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpSession(javax.servlet.http.HttpSession) UserAuthentication(org.eclipse.jetty.security.UserAuthentication) DeferredAuthentication(org.eclipse.jetty.security.authentication.DeferredAuthentication) Authentication(org.eclipse.jetty.server.Authentication) SessionAuthentication(org.eclipse.jetty.security.authentication.SessionAuthentication) UserIdentity(org.eclipse.jetty.server.UserIdentity) SessionAuthentication(org.eclipse.jetty.security.authentication.SessionAuthentication)

Example 22 with Authentication

use of org.eclipse.jetty.server.Authentication in project drill by axbaretto.

the class DrillSpnegoAuthenticator method validateRequest.

/**
 * Updated logic as compared to default implementation in
 * {@link SpnegoAuthenticator#validateRequest(ServletRequest, ServletResponse, boolean)} to handle below cases:
 * 1) Perform SPNEGO authentication only when spnegoLogin resource is requested. This helps to avoid authentication
 *    for each and every resource which the JETTY provided authenticator does.
 * 2) Helps to redirect to the target URL after authentication is done successfully.
 * 3) Clear-Up in memory session information once LogOut is triggered such that any future request also triggers SPNEGO
 *    authentication.
 * @param request
 * @param response
 * @param mandatoryAuth
 * @return
 * @throws ServerAuthException
 */
@Override
public Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatoryAuth) throws ServerAuthException {
    final HttpServletRequest req = (HttpServletRequest) request;
    final HttpSession session = req.getSession(true);
    final Authentication authentication = (Authentication) session.getAttribute(SessionAuthentication.__J_AUTHENTICATED);
    final String uri = req.getRequestURI();
    // If the Request URI is for /spnegoLogin then perform login
    final boolean mandatory = mandatoryAuth || uri.equals(WebServerConstants.SPENGO_LOGIN_RESOURCE_PATH);
    // For logout remove the attribute from the session that holds UserIdentity
    if (authentication != null) {
        if (uri.equals(WebServerConstants.LOGOUT_RESOURCE_PATH)) {
            logger.debug("Logging out user {}", req.getRemoteAddr());
            session.removeAttribute(SessionAuthentication.__J_AUTHENTICATED);
            return null;
        }
        // Already logged in so just return the session attribute.
        return authentication;
    }
    // Try to authenticate an unauthenticated session.
    return authenticateSession(request, response, mandatory);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpSession(javax.servlet.http.HttpSession) UserAuthentication(org.eclipse.jetty.security.UserAuthentication) DeferredAuthentication(org.eclipse.jetty.security.authentication.DeferredAuthentication) Authentication(org.eclipse.jetty.server.Authentication) SessionAuthentication(org.eclipse.jetty.security.authentication.SessionAuthentication)

Example 23 with Authentication

use of org.eclipse.jetty.server.Authentication in project drill by axbaretto.

the class TestDrillSpnegoAuthenticator method testAuthClientRequestForSpnegoLoginResource.

/**
 * Test to verify response when request is sent for {@link WebServerConstants#SPENGO_LOGIN_RESOURCE_PATH} from
 * authenticated session. Expectation is server will find the authenticated UserIdentity.
 * @throws Exception
 */
@Test
public void testAuthClientRequestForSpnegoLoginResource() throws Exception {
    final HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    final HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
    final HttpSession session = Mockito.mock(HttpSession.class);
    final Authentication authentication = Mockito.mock(UserAuthentication.class);
    Mockito.when(request.getSession(true)).thenReturn(session);
    Mockito.when(request.getRequestURI()).thenReturn(WebServerConstants.SPENGO_LOGIN_RESOURCE_PATH);
    Mockito.when(session.getAttribute(SessionAuthentication.__J_AUTHENTICATED)).thenReturn(authentication);
    final UserAuthentication returnedAuthentication = (UserAuthentication) spnegoAuthenticator.validateRequest(request, response, false);
    assertEquals(authentication, returnedAuthentication);
    verify(response, never()).sendError(401);
    verify(response, never()).setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), HttpHeader.NEGOTIATE.asString());
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpSession(javax.servlet.http.HttpSession) SessionAuthentication(org.eclipse.jetty.security.authentication.SessionAuthentication) UserAuthentication(org.eclipse.jetty.security.UserAuthentication) Authentication(org.eclipse.jetty.server.Authentication) HttpServletResponse(javax.servlet.http.HttpServletResponse) UserAuthentication(org.eclipse.jetty.security.UserAuthentication) SecurityTest(org.apache.drill.categories.SecurityTest) Test(org.junit.Test)

Example 24 with Authentication

use of org.eclipse.jetty.server.Authentication in project ddf by codice.

the class JettyAuthenticator method validateRequest.

@Override
public Authentication validateRequest(ServletRequest servletRequest, ServletResponse servletResponse, boolean mandatory) throws ServerAuthException {
    TreeSet<ServiceReference<SecurityFilter>> sortedSecurityFilterServiceReferences = null;
    final BundleContext bundleContext = getContext();
    if (bundleContext == null) {
        throw new ServerAuthException("Unable to get BundleContext. No servlet SecurityFilters can be applied. Blocking the request processing.");
    }
    try {
        sortedSecurityFilterServiceReferences = new TreeSet<>(bundleContext.getServiceReferences(SecurityFilter.class, null));
    } catch (InvalidSyntaxException ise) {
        LOGGER.debug("Should never get this exception as there is no filter being passed.");
    }
    if (!CollectionUtils.isEmpty(sortedSecurityFilterServiceReferences)) {
        LOGGER.debug("Found {} filter(s), now filtering...", sortedSecurityFilterServiceReferences.size());
        final SecurityFilterChain chain = new SecurityFilterChain();
        // run in order of highest to lowest service ranking.
        for (ServiceReference<SecurityFilter> securityFilterServiceReference : sortedSecurityFilterServiceReferences) {
            final SecurityFilter securityFilter = bundleContext.getService(securityFilterServiceReference);
            if (!hasBeenInitialized(securityFilterServiceReference, bundleContext)) {
                initializeSecurityFilter(bundleContext, securityFilterServiceReference, securityFilter);
            }
            chain.addSecurityFilter(securityFilter);
        }
        try {
            chain.doFilter(servletRequest, servletResponse);
        } catch (IOException e) {
            throw new ServerAuthException("Unable to process security filter. Blocking the request processing.");
        } catch (AuthenticationChallengeException e) {
            return new Authentication.Challenge() {
            };
        } catch (AuthenticationException e) {
            return new Authentication.Failure() {
            };
        }
    } else {
        LOGGER.debug("Did not find any SecurityFilters. Send auth failure...");
        return new Authentication.Failure() {
        };
    }
    Subject subject = (Subject) servletRequest.getAttribute(SecurityConstants.SECURITY_SUBJECT);
    UserIdentity userIdentity = new JettyUserIdentity(getSecuritySubject(subject));
    return new JettyAuthenticatedUser(userIdentity);
}
Also used : AuthenticationChallengeException(org.codice.ddf.platform.filter.AuthenticationChallengeException) AuthenticationException(org.codice.ddf.platform.filter.AuthenticationException) UserIdentity(org.eclipse.jetty.server.UserIdentity) ServerAuthException(org.eclipse.jetty.security.ServerAuthException) IOException(java.io.IOException) Subject(ddf.security.Subject) ServiceReference(org.osgi.framework.ServiceReference) Authentication(org.eclipse.jetty.server.Authentication) SecurityFilter(org.codice.ddf.platform.filter.SecurityFilter) InvalidSyntaxException(org.osgi.framework.InvalidSyntaxException) BundleContext(org.osgi.framework.BundleContext)

Example 25 with Authentication

use of org.eclipse.jetty.server.Authentication in project calcite-avatica by apache.

the class AvaticaSpnegoAuthenticatorTest method testAuthenticatedDoesNothingExtra.

@Test
public void testAuthenticatedDoesNothingExtra() throws IOException {
    // SEND_CONTINUE not listed here for explicit testing below.
    List<Authentication> authsNotRequiringUpdate = Arrays.asList(Authentication.NOT_CHECKED, Authentication.SEND_FAILURE, Authentication.SEND_SUCCESS);
    for (Authentication auth : authsNotRequiringUpdate) {
        assertEquals(auth, authenticator.sendChallengeIfNecessary(auth, request, response));
        verifyZeroInteractions(request);
        verifyZeroInteractions(response);
    }
}
Also used : Authentication(org.eclipse.jetty.server.Authentication) Test(org.junit.Test)

Aggregations

Authentication (org.eclipse.jetty.server.Authentication)32 UserAuthentication (org.eclipse.jetty.security.UserAuthentication)27 HttpServletRequest (javax.servlet.http.HttpServletRequest)17 HttpSession (javax.servlet.http.HttpSession)17 SessionAuthentication (org.eclipse.jetty.security.authentication.SessionAuthentication)14 HttpServletResponse (javax.servlet.http.HttpServletResponse)13 DeferredAuthentication (org.eclipse.jetty.security.authentication.DeferredAuthentication)12 UserIdentity (org.eclipse.jetty.server.UserIdentity)11 Test (org.junit.Test)9 SecurityTest (org.apache.drill.categories.SecurityTest)8 ServerAuthException (org.eclipse.jetty.security.ServerAuthException)8 IOException (java.io.IOException)4 ServletRequest (javax.servlet.ServletRequest)4 BaseTest (org.apache.drill.test.BaseTest)4 IdentityService (org.eclipse.jetty.security.IdentityService)4 LoginService (org.eclipse.jetty.security.LoginService)4 Request (org.eclipse.jetty.server.Request)4 Response (org.eclipse.jetty.server.Response)4 DefaultUserIdentity (org.eclipse.jetty.security.DefaultUserIdentity)3 Principal (java.security.Principal)2