Examples with Constraint org.eclipse.jetty.util.security.Constraint used on opensource projects

Example 21 with Constraint

use of org.eclipse.jetty.util.security.Constraint in project blade by biezhi.

the class ConstraintSecurityHandler method configureRoleInfo.

/* ------------------------------------------------------------ */
/**
     * Initialize or update the RoleInfo from the constraint
     * @param ri the role info
     * @param mapping the constraint mapping
     */
protected void configureRoleInfo(RoleInfo ri, ConstraintMapping mapping) {
    Constraint constraint = mapping.getConstraint();
    boolean forbidden = constraint.isForbidden();
    ri.setForbidden(forbidden);
    //set up the data constraint (NOTE: must be done after setForbidden, as it nulls out the data constraint
    //which we need in order to do combining of omissions in prepareConstraintInfo
    UserDataConstraint userDataConstraint = UserDataConstraint.get(mapping.getConstraint().getDataConstraint());
    ri.setUserDataConstraint(userDataConstraint);
    //if forbidden, no point setting up roles
    if (!ri.isForbidden()) {
        //add in the roles
        boolean checked = mapping.getConstraint().getAuthenticate();
        ri.setChecked(checked);
        if (ri.isChecked()) {
            if (mapping.getConstraint().isAnyRole()) {
                // * means matches any defined role
                for (String role : _roles) ri.addRole(role);
                ri.setAnyRole(true);
            } else if (mapping.getConstraint().isAnyAuth()) {
                //being authenticated is sufficient, not necessary to check roles
                ri.setAnyAuth(true);
            } else {
                //user must be in one of the named roles
                String[] newRoles = mapping.getConstraint().getRoles();
                for (String role : newRoles) {
                    //check role has been defined
                    if (!_roles.contains(role))
                        throw new IllegalArgumentException("Attempt to use undeclared role: " + role + ", known roles: " + _roles);
                    ri.addRole(role);
                }
            }
        }
    }
}

Example 22 with Constraint

use of org.eclipse.jetty.util.security.Constraint in project blade by biezhi.

the class ConstraintSecurityHandler method processConstraintMappingWithMethodOmissions.

/* ------------------------------------------------------------ */
/** Constraints that name method omissions are dealt with differently.
     * We create an entry in the mappings with key "<method>.omission". This entry
     * is only ever combined with other omissions for the same method to produce a
     * consolidated RoleInfo. Then, when we wish to find the relevant constraints for
     *  a given Request (in prepareConstraintInfo()), we consult 3 types of entries in 
     * the mappings: an entry that names the method of the Request specifically, an
     * entry that names constraints that apply to all methods, entries of the form
     * <method>.omission, where the method of the Request is not named in the omission.
     * @param mapping the constraint mapping
     * @param mappings the mappings of roles
     */
protected void processConstraintMappingWithMethodOmissions(ConstraintMapping mapping, Map<String, RoleInfo> mappings) {
    String[] omissions = mapping.getMethodOmissions();
    StringBuilder sb = new StringBuilder();
    for (int i = 0; i < omissions.length; i++) {
        if (i > 0)
            sb.append(".");
        sb.append(omissions[i]);
    }
    sb.append(OMISSION_SUFFIX);
    RoleInfo ri = new RoleInfo();
    mappings.put(sb.toString(), ri);
    configureRoleInfo(ri, mapping);
}

Example 23 with Constraint

use of org.eclipse.jetty.util.security.Constraint in project camel by apache.

the class HttpAuthMethodPriorityTest method getSecurityHandler.

private SecurityHandler getSecurityHandler() throws IOException {
    Constraint constraint = new Constraint(Constraint.__BASIC_AUTH, "user");
    constraint.setAuthenticate(true);
    ConstraintMapping cm = new ConstraintMapping();
    cm.setPathSpec("/*");
    cm.setConstraint(constraint);
    ConstraintSecurityHandler sh = new ConstraintSecurityHandler();
    sh.setAuthenticator(new BasicAuthenticator());
    sh.setConstraintMappings(Arrays.asList(new ConstraintMapping[] { cm }));
    HashLoginService loginService = new HashLoginService("MyRealm", "src/test/resources/myRealm.properties");
    sh.setLoginService(loginService);
    sh.setConstraintMappings(Arrays.asList(new ConstraintMapping[] { cm }));
    return sh;
}

Example 24 with Constraint

use of org.eclipse.jetty.util.security.Constraint in project camel by apache.

the class JettyTestServer method basicAuth.

private SecurityHandler basicAuth(String username, String password, String realm) {
    HashLoginService l = new HashLoginService();
    l.putUser(username, Credential.getCredential(password), new String[] { "user" });
    l.setName(realm);
    Constraint constraint = new Constraint();
    constraint.setName(Constraint.__BASIC_AUTH);
    constraint.setRoles(new String[] { "user" });
    constraint.setAuthenticate(true);
    ConstraintMapping cm = new ConstraintMapping();
    cm.setConstraint(constraint);
    cm.setPathSpec("/*");
    ConstraintSecurityHandler csh = new ConstraintSecurityHandler();
    csh.setAuthenticator(new BasicAuthenticator());
    csh.setRealmName("myrealm");
    csh.addConstraintMapping(cm);
    csh.setLoginService(l);
    return csh;
}

Example 25 with Constraint

use of org.eclipse.jetty.util.security.Constraint in project opennms by OpenNMS.

the class JUnitServer method initializeServerWithConfig.

protected void initializeServerWithConfig(final JUnitHttpServer config) {
    Server server = null;
    if (config.https()) {
        server = new Server();
        // SSL context configuration
        SslContextFactory sslContextFactory = new SslContextFactory();
        sslContextFactory.setKeyStorePath(config.keystore());
        sslContextFactory.setKeyStorePassword(config.keystorePassword());
        sslContextFactory.setKeyManagerPassword(config.keyPassword());
        sslContextFactory.setTrustStorePath(config.keystore());
        sslContextFactory.setTrustStorePassword(config.keystorePassword());
        // HTTP Configuration
        HttpConfiguration http_config = new HttpConfiguration();
        http_config.setSecureScheme("https");
        http_config.setSecurePort(config.port());
        http_config.setOutputBufferSize(32768);
        http_config.setRequestHeaderSize(8192);
        http_config.setResponseHeaderSize(8192);
        http_config.setSendServerVersion(true);
        http_config.setSendDateHeader(false);
        // SSL HTTP Configuration
        HttpConfiguration https_config = new HttpConfiguration(http_config);
        https_config.addCustomizer(new SecureRequestCustomizer());
        // SSL Connector
        ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(https_config));
        sslConnector.setPort(config.port());
        server.addConnector(sslConnector);
    } else {
        server = new Server(config.port());
    }
    m_server = server;
    final ContextHandler context1 = new ContextHandler();
    context1.setContextPath("/");
    context1.setWelcomeFiles(new String[] { "index.html" });
    context1.setResourceBase(config.resource());
    context1.setClassLoader(Thread.currentThread().getContextClassLoader());
    context1.setVirtualHosts(config.vhosts());
    final ContextHandler context = context1;
    Handler topLevelHandler = null;
    final HandlerList handlers = new HandlerList();
    if (config.basicAuth()) {
        // check for basic auth if we're configured to do so
        LOG.debug("configuring basic auth");
        final HashLoginService loginService = new HashLoginService("MyRealm", config.basicAuthFile());
        loginService.setHotReload(true);
        m_server.addBean(loginService);
        final ConstraintSecurityHandler security = new ConstraintSecurityHandler();
        final Set<String> knownRoles = new HashSet<>();
        knownRoles.add("user");
        knownRoles.add("admin");
        knownRoles.add("moderator");
        final Constraint constraint = new Constraint();
        constraint.setName("auth");
        constraint.setAuthenticate(true);
        constraint.setRoles(knownRoles.toArray(new String[0]));
        final ConstraintMapping mapping = new ConstraintMapping();
        mapping.setPathSpec("/*");
        mapping.setConstraint(constraint);
        security.setConstraintMappings(Collections.singletonList(mapping), knownRoles);
        security.setAuthenticator(new BasicAuthenticator());
        security.setLoginService(loginService);
        security.setRealmName("MyRealm");
        security.setHandler(context);
        topLevelHandler = security;
    } else {
        topLevelHandler = context;
    }
    final Webapp[] webapps = config.webapps();
    if (webapps != null) {
        for (final Webapp webapp : webapps) {
            final WebAppContext wac = new WebAppContext();
            String path = null;
            if (!"".equals(webapp.pathSystemProperty()) && System.getProperty(webapp.pathSystemProperty()) != null) {
                path = System.getProperty(webapp.pathSystemProperty());
            } else {
                path = webapp.path();
            }
            if (path == null || "".equals(path)) {
                throw new IllegalArgumentException("path or pathSystemProperty of @Webapp points to a null or blank value");
            }
            wac.setWar(path);
            wac.setContextPath(webapp.context());
            handlers.addHandler(wac);
        }
    }
    final ResourceHandler rh = new ResourceHandler();
    rh.setWelcomeFiles(new String[] { "index.html" });
    rh.setResourceBase(config.resource());
    handlers.addHandler(rh);
    // fall through to default
    handlers.addHandler(new DefaultHandler());
    context.setHandler(handlers);
    m_server.setHandler(topLevelHandler);
}