Example 61 with Constraint
use of org.eclipse.jetty.util.security.Constraint in project hbase by apache.
the class HttpServerUtil method constrainHttpMethods.
/**
* Add constraints to a Jetty Context to disallow undesirable Http methods.
* @param ctxHandler The context to modify
*/
public static void constrainHttpMethods(ServletContextHandler ctxHandler) {
Constraint c = new Constraint();
c.setAuthenticate(true);
ConstraintMapping cmt = new ConstraintMapping();
cmt.setConstraint(c);
cmt.setMethod("TRACE");
cmt.setPathSpec("/*");
ConstraintMapping cmo = new ConstraintMapping();
cmo.setConstraint(c);
cmo.setMethod("OPTIONS");
cmo.setPathSpec("/*");
ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
securityHandler.setConstraintMappings(new ConstraintMapping[] { cmt, cmo });
ctxHandler.setSecurityHandler(securityHandler);
}
Also used :
ConstraintMapping(org.eclipse.jetty.security.ConstraintMapping)
Constraint(org.eclipse.jetty.util.security.Constraint)
ConstraintSecurityHandler(org.eclipse.jetty.security.ConstraintSecurityHandler)
Example 62 with Constraint
use of org.eclipse.jetty.util.security.Constraint in project blade by biezhi.
the class ConstraintSecurityHandler method createConstraint.
/* ------------------------------------------------------------ */
/**
* Create Constraint
*
* @param name the name
* @param rolesAllowed the list of allowed roles
* @param permitOrDeny the permission semantic
* @param transport the transport guarantee
* @return the created constraint
*/
public static Constraint createConstraint(String name, String[] rolesAllowed, EmptyRoleSemantic permitOrDeny, TransportGuarantee transport) {
Constraint constraint = createConstraint();
if (rolesAllowed == null || rolesAllowed.length == 0) {
if (permitOrDeny.equals(EmptyRoleSemantic.DENY)) {
//Equivalent to <auth-constraint> with no roles
constraint.setName(name + "-Deny");
constraint.setAuthenticate(true);
} else {
//Equivalent to no <auth-constraint>
constraint.setName(name + "-Permit");
constraint.setAuthenticate(false);
}
} else {
//Equivalent to <auth-constraint> with list of <security-role-name>s
constraint.setAuthenticate(true);
constraint.setRoles(rolesAllowed);
constraint.setName(name + "-RolesAllowed");
}
//Equivalent to //<user-data-constraint><transport-guarantee>CONFIDENTIAL</transport-guarantee></user-data-constraint>
constraint.setDataConstraint((transport.equals(TransportGuarantee.CONFIDENTIAL) ? Constraint.DC_CONFIDENTIAL : Constraint.DC_NONE));
return constraint;
}
Also used :
Constraint(org.eclipse.jetty.util.security.Constraint)
Example 63 with Constraint
use of org.eclipse.jetty.util.security.Constraint in project camel by apache.
the class JettyTestServer method basicAuth.
private SecurityHandler basicAuth(String username, String password, String realm) {
HashLoginService l = new HashLoginService();
l.putUser(username, Credential.getCredential(password), new String[] { "user" });
l.setName(realm);
Constraint constraint = new Constraint();
constraint.setName(Constraint.__BASIC_AUTH);
constraint.setRoles(new String[] { "user" });
constraint.setAuthenticate(true);
ConstraintMapping cm = new ConstraintMapping();
cm.setConstraint(constraint);
cm.setPathSpec("/*");
ConstraintSecurityHandler csh = new ConstraintSecurityHandler();
csh.setAuthenticator(new BasicAuthenticator());
csh.setRealmName("myrealm");
csh.addConstraintMapping(cm);
csh.setLoginService(l);
return csh;
}
Also used :
HashLoginService(org.eclipse.jetty.security.HashLoginService)
ConstraintMapping(org.eclipse.jetty.security.ConstraintMapping)
BasicAuthenticator(org.eclipse.jetty.security.authentication.BasicAuthenticator)
Constraint(org.eclipse.jetty.util.security.Constraint)
ConstraintSecurityHandler(org.eclipse.jetty.security.ConstraintSecurityHandler)
Example 64 with Constraint
use of org.eclipse.jetty.util.security.Constraint in project jena by apache.
the class FusekiTestAuth method makeSimpleSecurityHandler.
/** Create a Jetty {@link SecurityHandler} for basic authentication, one user/password/role. */
public static SecurityHandler makeSimpleSecurityHandler(String pathSpec, String realm, String user, String password, String role) {
Objects.requireNonNull(user);
Objects.requireNonNull(password);
Objects.requireNonNull(role);
Constraint constraint = new Constraint();
constraint.setName(Constraint.__BASIC_AUTH);
String[] roles = new String[] { role };
constraint.setRoles(roles);
constraint.setAuthenticate(true);
ConstraintMapping mapping = new ConstraintMapping();
mapping.setConstraint(constraint);
mapping.setPathSpec("/*");
IdentityService identService = new DefaultIdentityService();
ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
securityHandler.addConstraintMapping(mapping);
securityHandler.setIdentityService(identService);
UserStore userStore = makeUserStore(user, password, role);
HashLoginService loginService = new HashLoginService("Fuseki Authentication");
loginService.setUserStore(userStore);
loginService.setIdentityService(identService);
securityHandler.setLoginService(loginService);
securityHandler.setAuthenticator(new BasicAuthenticator());
if (realm != null)
securityHandler.setRealmName(realm);
return securityHandler;
}
Also used :
BasicAuthenticator(org.eclipse.jetty.security.authentication.BasicAuthenticator)
Constraint(org.eclipse.jetty.util.security.Constraint)
Example 65 with Constraint
use of org.eclipse.jetty.util.security.Constraint in project calcite-avatica by apache.
the class HttpServer method configureCommonAuthentication.
protected ConstraintSecurityHandler configureCommonAuthentication(Server server, ServerConnector connector, AvaticaServerConfiguration config, String constraintName, String[] allowedRoles, Authenticator authenticator, String realm, LoginService loginService) {
Constraint constraint = new Constraint();
constraint.setName(constraintName);
constraint.setRoles(allowedRoles);
// This is telling Jetty to not allow unauthenticated requests through (very important!)
constraint.setAuthenticate(true);
ConstraintMapping cm = new ConstraintMapping();
cm.setConstraint(constraint);
cm.setPathSpec("/*");
ConstraintSecurityHandler sh = new ConstraintSecurityHandler();
sh.setAuthenticator(authenticator);
sh.setLoginService(loginService);
sh.setConstraintMappings(new ConstraintMapping[] { cm });
sh.setRealmName(realm);
return sh;
}
Also used :
ConstraintMapping(org.eclipse.jetty.security.ConstraintMapping)
Constraint(org.eclipse.jetty.util.security.Constraint)
ConstraintSecurityHandler(org.eclipse.jetty.security.ConstraintSecurityHandler)
Aggregations
Constraint (org.eclipse.jetty.util.security.Constraint)78
ConstraintMapping (org.eclipse.jetty.security.ConstraintMapping)46
ConstraintSecurityHandler (org.eclipse.jetty.security.ConstraintSecurityHandler)34
BasicAuthenticator (org.eclipse.jetty.security.authentication.BasicAuthenticator)27
HashLoginService (org.eclipse.jetty.security.HashLoginService)20
Test (org.junit.Test)15
Server (org.eclipse.jetty.server.Server)13
ArrayList (java.util.ArrayList)9
WebAppContext (org.eclipse.jetty.webapp.WebAppContext)8
Password (org.eclipse.jetty.util.security.Password)7
HashSet (java.util.HashSet)6
File (java.io.File)5
IOException (java.io.IOException)5
ResourceHandler (org.eclipse.jetty.server.handler.ResourceHandler)5
LoginService (org.eclipse.jetty.security.LoginService)4
ServerConnector (org.eclipse.jetty.server.ServerConnector)4
ContextHandler (org.eclipse.jetty.server.handler.ContextHandler)4
HandlerList (org.eclipse.jetty.server.handler.HandlerList)4
ServletContextHandler (org.eclipse.jetty.servlet.ServletContextHandler)4
ServletHolder (org.eclipse.jetty.servlet.ServletHolder)4
