use of org.eclipse.jetty.server.Authentication in project drill by axbaretto.
the class DrillSpnegoAuthenticator method login.
public UserIdentity login(String username, Object password, ServletRequest request) {
final UserIdentity user = super.login(username, password, request);
if (user != null) {
final HttpSession session = ((HttpServletRequest) request).getSession(true);
final Authentication cached = new SessionAuthentication(this.getAuthMethod(), user, password);
session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached);
}
return user;
}
use of org.eclipse.jetty.server.Authentication in project drill by axbaretto.
the class DrillSpnegoAuthenticator method validateRequest.
/**
* Updated logic as compared to default implementation in
* {@link SpnegoAuthenticator#validateRequest(ServletRequest, ServletResponse, boolean)} to handle below cases:
* 1) Perform SPNEGO authentication only when spnegoLogin resource is requested. This helps to avoid authentication
* for each and every resource which the JETTY provided authenticator does.
* 2) Helps to redirect to the target URL after authentication is done successfully.
* 3) Clear-Up in memory session information once LogOut is triggered such that any future request also triggers SPNEGO
* authentication.
* @param request
* @param response
* @param mandatoryAuth
* @return
* @throws ServerAuthException
*/
@Override
public Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatoryAuth) throws ServerAuthException {
final HttpServletRequest req = (HttpServletRequest) request;
final HttpSession session = req.getSession(true);
final Authentication authentication = (Authentication) session.getAttribute(SessionAuthentication.__J_AUTHENTICATED);
final String uri = req.getRequestURI();
// If the Request URI is for /spnegoLogin then perform login
final boolean mandatory = mandatoryAuth || uri.equals(WebServerConstants.SPENGO_LOGIN_RESOURCE_PATH);
// For logout remove the attribute from the session that holds UserIdentity
if (authentication != null) {
if (uri.equals(WebServerConstants.LOGOUT_RESOURCE_PATH)) {
logger.debug("Logging out user {}", req.getRemoteAddr());
session.removeAttribute(SessionAuthentication.__J_AUTHENTICATED);
return null;
}
// Already logged in so just return the session attribute.
return authentication;
}
// Try to authenticate an unauthenticated session.
return authenticateSession(request, response, mandatory);
}
use of org.eclipse.jetty.server.Authentication in project drill by axbaretto.
the class TestDrillSpnegoAuthenticator method testAuthClientRequestForSpnegoLoginResource.
/**
* Test to verify response when request is sent for {@link WebServerConstants#SPENGO_LOGIN_RESOURCE_PATH} from
* authenticated session. Expectation is server will find the authenticated UserIdentity.
* @throws Exception
*/
@Test
public void testAuthClientRequestForSpnegoLoginResource() throws Exception {
final HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
final HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
final HttpSession session = Mockito.mock(HttpSession.class);
final Authentication authentication = Mockito.mock(UserAuthentication.class);
Mockito.when(request.getSession(true)).thenReturn(session);
Mockito.when(request.getRequestURI()).thenReturn(WebServerConstants.SPENGO_LOGIN_RESOURCE_PATH);
Mockito.when(session.getAttribute(SessionAuthentication.__J_AUTHENTICATED)).thenReturn(authentication);
final UserAuthentication returnedAuthentication = (UserAuthentication) spnegoAuthenticator.validateRequest(request, response, false);
assertEquals(authentication, returnedAuthentication);
verify(response, never()).sendError(401);
verify(response, never()).setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), HttpHeader.NEGOTIATE.asString());
}
use of org.eclipse.jetty.server.Authentication in project ddf by codice.
the class JettyAuthenticator method validateRequest.
@Override
public Authentication validateRequest(ServletRequest servletRequest, ServletResponse servletResponse, boolean mandatory) throws ServerAuthException {
TreeSet<ServiceReference<SecurityFilter>> sortedSecurityFilterServiceReferences = null;
final BundleContext bundleContext = getContext();
if (bundleContext == null) {
throw new ServerAuthException("Unable to get BundleContext. No servlet SecurityFilters can be applied. Blocking the request processing.");
}
try {
sortedSecurityFilterServiceReferences = new TreeSet<>(bundleContext.getServiceReferences(SecurityFilter.class, null));
} catch (InvalidSyntaxException ise) {
LOGGER.debug("Should never get this exception as there is no filter being passed.");
}
if (!CollectionUtils.isEmpty(sortedSecurityFilterServiceReferences)) {
LOGGER.debug("Found {} filter(s), now filtering...", sortedSecurityFilterServiceReferences.size());
final SecurityFilterChain chain = new SecurityFilterChain();
// run in order of highest to lowest service ranking.
for (ServiceReference<SecurityFilter> securityFilterServiceReference : sortedSecurityFilterServiceReferences) {
final SecurityFilter securityFilter = bundleContext.getService(securityFilterServiceReference);
if (!hasBeenInitialized(securityFilterServiceReference, bundleContext)) {
initializeSecurityFilter(bundleContext, securityFilterServiceReference, securityFilter);
}
chain.addSecurityFilter(securityFilter);
}
try {
chain.doFilter(servletRequest, servletResponse);
} catch (IOException e) {
throw new ServerAuthException("Unable to process security filter. Blocking the request processing.");
} catch (AuthenticationChallengeException e) {
return new Authentication.Challenge() {
};
} catch (AuthenticationException e) {
return new Authentication.Failure() {
};
}
} else {
LOGGER.debug("Did not find any SecurityFilters. Send auth failure...");
return new Authentication.Failure() {
};
}
Subject subject = (Subject) servletRequest.getAttribute(SecurityConstants.SECURITY_SUBJECT);
UserIdentity userIdentity = new JettyUserIdentity(getSecuritySubject(subject));
return new JettyAuthenticatedUser(userIdentity);
}
use of org.eclipse.jetty.server.Authentication in project calcite-avatica by apache.
the class AvaticaSpnegoAuthenticatorTest method testAuthenticatedDoesNothingExtra.
@Test
public void testAuthenticatedDoesNothingExtra() throws IOException {
// SEND_CONTINUE not listed here for explicit testing below.
List<Authentication> authsNotRequiringUpdate = Arrays.asList(Authentication.NOT_CHECKED, Authentication.SEND_FAILURE, Authentication.SEND_SUCCESS);
for (Authentication auth : authsNotRequiringUpdate) {
assertEquals(auth, authenticator.sendChallengeIfNecessary(auth, request, response));
verifyZeroInteractions(request);
verifyZeroInteractions(response);
}
}
Aggregations