Examples with Constraint org.eclipse.jetty.util.security.Constraint used on opensource projects

Example 41 with Constraint

use of org.eclipse.jetty.util.security.Constraint in project elastic-core-maven by OrdinaryDude.

the class API method disableHttpMethods.

private static void disableHttpMethods(SecurityHandler securityHandler) {
    if (securityHandler instanceof ConstraintSecurityHandler) {
        ConstraintSecurityHandler constraintSecurityHandler = (ConstraintSecurityHandler) securityHandler;
        for (String method : DISABLED_HTTP_METHODS) {
            disableHttpMethod(constraintSecurityHandler, method);
        }
        ConstraintMapping enableEverythingButTraceMapping = new ConstraintMapping();
        Constraint enableEverythingButTraceConstraint = new Constraint();
        enableEverythingButTraceConstraint.setName("Enable everything but TRACE");
        enableEverythingButTraceMapping.setConstraint(enableEverythingButTraceConstraint);
        enableEverythingButTraceMapping.setMethodOmissions(DISABLED_HTTP_METHODS);
        enableEverythingButTraceMapping.setPathSpec("/");
        constraintSecurityHandler.addConstraintMapping(enableEverythingButTraceMapping);
    }
}

Example 42 with Constraint

use of org.eclipse.jetty.util.security.Constraint in project pentaho-kettle by pentaho.

the class WebServer method startServer.

public void startServer() throws Exception {
    server = new Server();
    List<String> roles = new ArrayList<>();
    roles.add(Constraint.ANY_ROLE);
    // Set up the security handler, optionally with JAAS
    // 
    ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
    if (System.getProperty("loginmodulename") != null && System.getProperty("java.security.auth.login.config") != null) {
        JAASLoginService jaasLoginService = new JAASLoginService(SERVICE_NAME);
        jaasLoginService.setLoginModuleName(System.getProperty("loginmodulename"));
        securityHandler.setLoginService(jaasLoginService);
    } else {
        roles.add(DEFAULT_ROLE);
        HashLoginService hashLoginService;
        SlaveServer slaveServer = transformationMap.getSlaveServerConfig().getSlaveServer();
        if (!Utils.isEmpty(slaveServer.getPassword())) {
            hashLoginService = new HashLoginService(SERVICE_NAME);
            UserStore userStore = new UserStore();
            userStore.addUser(slaveServer.getUsername(), new Password(slaveServer.getPassword()), new String[] { DEFAULT_ROLE });
            hashLoginService.setUserStore(userStore);
        } else {
            // See if there is a kettle.pwd file in the KETTLE_HOME directory:
            if (Utils.isEmpty(passwordFile)) {
                File homePwdFile = new File(Const.getKettleCartePasswordFile());
                if (homePwdFile.exists()) {
                    passwordFile = Const.getKettleCartePasswordFile();
                } else {
                    passwordFile = Const.getKettleLocalCartePasswordFile();
                }
            }
            hashLoginService = new HashLoginService(SERVICE_NAME, passwordFile) {

                @Override
                protected String[] loadRoleInfo(UserPrincipal user) {
                    List<String> newRoles = new ArrayList<>();
                    newRoles.add(DEFAULT_ROLE);
                    String[] roles = super.loadRoleInfo(user);
                    if (null != roles) {
                        Collections.addAll(newRoles, roles);
                    }
                    return newRoles.toArray(new String[0]);
                }
            };
        }
        securityHandler.setLoginService(hashLoginService);
    }
    Constraint constraint = new Constraint();
    constraint.setName(Constraint.__BASIC_AUTH);
    constraint.setRoles(roles.toArray(new String[0]));
    constraint.setAuthenticate(true);
    ConstraintMapping constraintMapping = new ConstraintMapping();
    constraintMapping.setConstraint(constraint);
    constraintMapping.setPathSpec("/*");
    securityHandler.setConstraintMappings(new ConstraintMapping[] { constraintMapping });
    // Add all the servlets defined in kettle-servlets.xml ...
    // 
    ContextHandlerCollection contexts = new ContextHandlerCollection();
    // Root
    // 
    ServletContextHandler root = new ServletContextHandler(contexts, GetRootServlet.CONTEXT_PATH, ServletContextHandler.SESSIONS);
    GetRootServlet rootServlet = new GetRootServlet();
    rootServlet.setJettyMode(true);
    root.addServlet(new ServletHolder(rootServlet), "/*");
    PluginRegistry pluginRegistry = PluginRegistry.getInstance();
    List<PluginInterface> plugins = pluginRegistry.getPlugins(CartePluginType.class);
    for (PluginInterface plugin : plugins) {
        CartePluginInterface servlet = pluginRegistry.loadClass(plugin, CartePluginInterface.class);
        servlet.setup(transformationMap, jobMap, socketRepository, detections);
        servlet.setJettyMode(true);
        ServletContextHandler servletContext = new ServletContextHandler(contexts, getContextPath(servlet), ServletContextHandler.SESSIONS);
        ServletHolder servletHolder = new ServletHolder((Servlet) servlet);
        servletContext.addServlet(servletHolder, "/*");
    }
    // setup jersey (REST)
    ServletHolder jerseyServletHolder = new ServletHolder(ServletContainer.class);
    jerseyServletHolder.setInitParameter("com.sun.jersey.config.property.resourceConfigClass", "com.sun.jersey.api.core.PackagesResourceConfig");
    jerseyServletHolder.setInitParameter("com.sun.jersey.config.property.packages", "org.pentaho.di.www.jaxrs");
    root.addServlet(jerseyServletHolder, "/api/*");
    // setup static resource serving
    // ResourceHandler mobileResourceHandler = new ResourceHandler();
    // mobileResourceHandler.setWelcomeFiles(new String[]{"index.html"});
    // mobileResourceHandler.setResourceBase(getClass().getClassLoader().
    // getResource("org/pentaho/di/www/mobile").toExternalForm());
    // Context mobileContext = new Context(contexts, "/mobile", Context.SESSIONS);
    // mobileContext.setHandler(mobileResourceHandler);
    // Allow png files to be shown for transformations and jobs...
    // 
    ResourceHandler resourceHandler = new ResourceHandler();
    resourceHandler.setResourceBase("temp");
    // add all handlers/contexts to server
    // set up static servlet
    ServletHolder staticHolder = new ServletHolder("static", DefaultServlet.class);
    // resourceBase maps to the path relative to where carte is started
    staticHolder.setInitParameter("resourceBase", "./static/");
    staticHolder.setInitParameter("dirAllowed", "true");
    staticHolder.setInitParameter("pathInfoOnly", "true");
    root.addServlet(staticHolder, "/static/*");
    HandlerList handlers = new HandlerList();
    handlers.setHandlers(new Handler[] { resourceHandler, contexts });
    securityHandler.setHandler(handlers);
    server.setHandler(securityHandler);
    // Start execution
    createListeners();
    server.start();
}

Example 43 with Constraint

use of org.eclipse.jetty.util.security.Constraint in project async-http-client by AsyncHttpClient.

the class TestUtils method addAuthHandler.

private static void addAuthHandler(Server server, String auth, LoginAuthenticator authenticator, Handler handler) {
    server.addBean(LOGIN_SERVICE);
    Constraint constraint = new Constraint();
    constraint.setName(auth);
    constraint.setRoles(new String[] { USER, ADMIN });
    constraint.setAuthenticate(true);
    ConstraintMapping mapping = new ConstraintMapping();
    mapping.setConstraint(constraint);
    mapping.setPathSpec("/*");
    Set<String> knownRoles = new HashSet<>();
    knownRoles.add(USER);
    knownRoles.add(ADMIN);
    List<ConstraintMapping> cm = new ArrayList<>();
    cm.add(mapping);
    ConstraintSecurityHandler security = new ConstraintSecurityHandler();
    security.setConstraintMappings(cm, knownRoles);
    security.setAuthenticator(authenticator);
    security.setLoginService(LOGIN_SERVICE);
    security.setHandler(handler);
    server.setHandler(security);
}

Example 44 with Constraint

use of org.eclipse.jetty.util.security.Constraint in project jetty.project by eclipse.

the class TestSecurityAnnotationConversions method testMethodAnnotation.

@Test
public void testMethodAnnotation() throws Exception {
    //ServletSecurity annotation with HttpConstraint of TransportGuarantee.CONFIDENTIAL, and a list of rolesAllowed, and
    //a HttpMethodConstraint for GET method that permits all and has TransportGuarantee.NONE (ie is default)
    WebAppContext wac = makeWebAppContext(Method1Servlet.class.getCanonicalName(), "method1Servlet", new String[] { "/foo/*", "*.foo" });
    //set up the expected outcomes: - a Constraint for the RolesAllowed on the class
    //with userdata constraint of DC_CONFIDENTIAL
    //and mappings for each of the pathSpecs
    Constraint expectedConstraint1 = new Constraint();
    expectedConstraint1.setAuthenticate(true);
    expectedConstraint1.setRoles(new String[] { "tom", "dick", "harry" });
    expectedConstraint1.setDataConstraint(Constraint.DC_CONFIDENTIAL);
    //a Constraint for the PermitAll on the doGet method with a userdata
    //constraint of DC_CONFIDENTIAL inherited from the class
    Constraint expectedConstraint2 = new Constraint();
    expectedConstraint2.setDataConstraint(Constraint.DC_NONE);
    ConstraintMapping[] expectedMappings = new ConstraintMapping[4];
    expectedMappings[0] = new ConstraintMapping();
    expectedMappings[0].setConstraint(expectedConstraint1);
    expectedMappings[0].setPathSpec("/foo/*");
    expectedMappings[0].setMethodOmissions(new String[] { "GET" });
    expectedMappings[1] = new ConstraintMapping();
    expectedMappings[1].setConstraint(expectedConstraint1);
    expectedMappings[1].setPathSpec("*.foo");
    expectedMappings[1].setMethodOmissions(new String[] { "GET" });
    expectedMappings[2] = new ConstraintMapping();
    expectedMappings[2].setConstraint(expectedConstraint2);
    expectedMappings[2].setPathSpec("/foo/*");
    expectedMappings[2].setMethod("GET");
    expectedMappings[3] = new ConstraintMapping();
    expectedMappings[3].setConstraint(expectedConstraint2);
    expectedMappings[3].setPathSpec("*.foo");
    expectedMappings[3].setMethod("GET");
    AnnotationIntrospector introspector = new AnnotationIntrospector();
    ServletSecurityAnnotationHandler annotationHandler = new ServletSecurityAnnotationHandler(wac);
    introspector.registerHandler(annotationHandler);
    introspector.introspect(Method1Servlet.class);
    compareResults(expectedMappings, ((ConstraintAware) wac.getSecurityHandler()).getConstraintMappings());
}

Example 45 with Constraint

use of org.eclipse.jetty.util.security.Constraint in project jetty.project by eclipse.

the class SecuredHelloHandler method main.

public static void main(String[] args) throws Exception {
    // Create a basic jetty server object that will listen on port 8080.
    // Note that if you set this to port 0 then a randomly available port
    // will be assigned that you can either look in the logs for the port,
    // or programmatically obtain it for use in test cases.
    Server server = new Server(8080);
    // Since this example is for our test webapp, we need to setup a
    // LoginService so this shows how to create a very simple hashmap based
    // one. The name of the LoginService needs to correspond to what is
    // configured a webapp's web.xml and since it has a lifecycle of its own
    // we register it as a bean with the Jetty server object so it can be
    // started and stopped according to the lifecycle of the server itself.
    // In this example the name can be whatever you like since we are not
    // dealing with webapp realms.
    LoginService loginService = new HashLoginService("MyRealm", "src/test/resources/realm.properties");
    server.addBean(loginService);
    // A security handler is a jetty handler that secures content behind a
    // particular portion of a url space. The ConstraintSecurityHandler is a
    // more specialized handler that allows matching of urls to different
    // constraints. The server sets this as the first handler in the chain,
    // effectively applying these constraints to all subsequent handlers in
    // the chain.
    ConstraintSecurityHandler security = new ConstraintSecurityHandler();
    server.setHandler(security);
    // This constraint requires authentication and in addition that an
    // authenticated user be a member of a given set of roles for
    // authorization purposes.
    Constraint constraint = new Constraint();
    constraint.setName("auth");
    constraint.setAuthenticate(true);
    constraint.setRoles(new String[] { "user", "admin" });
    // Binds a url pattern with the previously created constraint. The roles
    // for this constraing mapping are mined from the Constraint itself
    // although methods exist to declare and bind roles separately as well.
    ConstraintMapping mapping = new ConstraintMapping();
    mapping.setPathSpec("/*");
    mapping.setConstraint(constraint);
    // First you see the constraint mapping being applied to the handler as
    // a singleton list, however you can passing in as many security
    // constraint mappings as you like so long as they follow the mapping
    // requirements of the servlet api. Next we set a BasicAuthenticator
    // instance which is the object that actually checks the credentials
    // followed by the LoginService which is the store of known users, etc.
    security.setConstraintMappings(Collections.singletonList(mapping));
    security.setAuthenticator(new BasicAuthenticator());
    security.setLoginService(loginService);
    // The Hello Handler is the handler we are securing so we create one,
    // and then set it as the handler on the
    // security handler to complain the simple handler chain.
    HelloHandler hh = new HelloHandler();
    // chain the hello handler into the security handler
    security.setHandler(hh);
    // Start things up!
    server.start();
    // The use of server.join() the will make the current thread join and
    // wait until the server is done executing.
    // See
    // http://docs.oracle.com/javase/7/docs/api/java/lang/Thread.html#join()
    server.join();
}