Examples with Password org.eclipse.jetty.util.security.Password used on opensource projects

Example 1 with Password

use of org.eclipse.jetty.util.security.Password in project jetty.project by eclipse.

the class DigestPostTest method setUpServer.

@BeforeClass
public static void setUpServer() {
    try {
        _server = new Server();
        _server.setConnectors(new Connector[] { new ServerConnector(_server) });
        ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SECURITY);
        context.setContextPath("/test");
        context.addServlet(PostServlet.class, "/");
        TestLoginService realm = new TestLoginService("test");
        realm.putUser("testuser", new Password("password"), new String[] { "test" });
        _server.addBean(realm);
        ConstraintSecurityHandler security = (ConstraintSecurityHandler) context.getSecurityHandler();
        security.setAuthenticator(new DigestAuthenticator());
        security.setLoginService(realm);
        Constraint constraint = new Constraint("SecureTest", "test");
        constraint.setAuthenticate(true);
        ConstraintMapping mapping = new ConstraintMapping();
        mapping.setConstraint(constraint);
        mapping.setPathSpec("/*");
        security.setConstraintMappings(Collections.singletonList(mapping));
        HandlerCollection handlers = new HandlerCollection();
        handlers.setHandlers(new Handler[] { context, new DefaultHandler() });
        _server.setHandler(handlers);
        _server.start();
    } catch (final Exception e) {
        e.printStackTrace();
    }
}

Example 2 with Password

use of org.eclipse.jetty.util.security.Password in project jetty.project by eclipse.

the class BaseAuthModule method login.

protected boolean login(Subject clientSubject, String credentials, String authMethod, MessageInfo messageInfo) throws IOException, UnsupportedCallbackException {
    credentials = credentials.substring(credentials.indexOf(' ') + 1);
    credentials = B64Code.decode(credentials, StandardCharsets.ISO_8859_1);
    int i = credentials.indexOf(':');
    String userName = credentials.substring(0, i);
    String password = credentials.substring(i + 1);
    return login(clientSubject, userName, new Password(password), authMethod, messageInfo);
}

Example 3 with Password

use of org.eclipse.jetty.util.security.Password in project jetty.project by eclipse.

the class FormAuthModule method validateRequest.

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
    HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
    String uri = request.getRequestURI();
    if (uri == null)
        uri = URIUtil.SLASH;
    boolean mandatory = isMandatory(messageInfo);
    mandatory |= isJSecurityCheck(uri);
    HttpSession session = request.getSession(mandatory);
    // not mandatory or its the login or login error page don't authenticate
    if (!mandatory || isLoginOrErrorPage(URIUtil.addPaths(request.getServletPath(), request.getPathInfo())))
        // TODO return null for do nothing?
        return AuthStatus.SUCCESS;
    try {
        // Handle a request for authentication.
        if (isJSecurityCheck(uri)) {
            final String username = request.getParameter(__J_USERNAME);
            final String password = request.getParameter(__J_PASSWORD);
            boolean success = tryLogin(messageInfo, clientSubject, response, session, username, new Password(password));
            if (success) {
                // Redirect to original request                    
                String nuri = null;
                synchronized (session) {
                    nuri = (String) session.getAttribute(__J_URI);
                }
                if (nuri == null || nuri.length() == 0) {
                    nuri = request.getContextPath();
                    if (nuri.length() == 0)
                        nuri = URIUtil.SLASH;
                }
                response.setContentLength(0);
                response.sendRedirect(response.encodeRedirectURL(nuri));
                return AuthStatus.SEND_CONTINUE;
            }
            // not authenticated
            if (LOG.isDebugEnabled())
                LOG.debug("Form authentication FAILED for " + StringUtil.printable(username));
            if (_formErrorPage == null) {
                if (response != null)
                    response.sendError(HttpServletResponse.SC_FORBIDDEN);
            } else {
                response.setContentLength(0);
                response.sendRedirect(response.encodeRedirectURL(URIUtil.addPaths(request.getContextPath(), _formErrorPage)));
            }
            // that occur?
            return AuthStatus.SEND_FAILURE;
        }
        // Check if the session is already authenticated.
        SessionAuthentication sessionAuth = (SessionAuthentication) session.getAttribute(SessionAuthentication.__J_AUTHENTICATED);
        if (sessionAuth != null) {
            //to FormAuthModule
            if (sessionAuth.getUserIdentity().getSubject() == null)
                return AuthStatus.SEND_FAILURE;
            Set<Object> credentials = sessionAuth.getUserIdentity().getSubject().getPrivateCredentials();
            if (credentials == null || credentials.isEmpty())
                //if no private credentials, assume it cannot be authenticated
                return AuthStatus.SEND_FAILURE;
            clientSubject.getPrivateCredentials().addAll(credentials);
            clientSubject.getPrivateCredentials().add(sessionAuth.getUserIdentity());
            return AuthStatus.SUCCESS;
        }
        // if we can't send challenge
        if (DeferredAuthentication.isDeferred(response))
            return AuthStatus.SUCCESS;
        // redirect to login page  
        StringBuffer buf = request.getRequestURL();
        if (request.getQueryString() != null)
            buf.append("?").append(request.getQueryString());
        synchronized (session) {
            session.setAttribute(__J_URI, buf.toString());
        }
        response.setContentLength(0);
        response.sendRedirect(response.encodeRedirectURL(URIUtil.addPaths(request.getContextPath(), _formLoginPage)));
        return AuthStatus.SEND_CONTINUE;
    } catch (IOException e) {
        throw new AuthException(e.getMessage());
    } catch (UnsupportedCallbackException e) {
        throw new AuthException(e.getMessage());
    }
}

Example 4 with Password

use of org.eclipse.jetty.util.security.Password in project jetty.project by eclipse.

the class ConstraintTest method startServer.

@Before
public void startServer() {
    _server = new Server();
    _connector = new LocalConnector(_server);
    _config = _connector.getConnectionFactory(HttpConnectionFactory.class).getHttpConfiguration();
    _server.setConnectors(new Connector[] { _connector });
    ContextHandler _context = new ContextHandler();
    SessionHandler _session = new SessionHandler();
    TestLoginService _loginService = new TestLoginService(TEST_REALM);
    _loginService.putUser("user0", new Password("password"), new String[] {});
    _loginService.putUser("user", new Password("password"), new String[] { "user" });
    _loginService.putUser("user2", new Password("password"), new String[] { "user" });
    _loginService.putUser("admin", new Password("password"), new String[] { "user", "administrator" });
    _loginService.putUser("user3", new Password("password"), new String[] { "foo" });
    _context.setContextPath("/ctx");
    _server.setHandler(_context);
    _context.setHandler(_session);
    _server.addBean(_loginService);
    _security = new ConstraintSecurityHandler();
    _session.setHandler(_security);
    RequestHandler _handler = new RequestHandler();
    _security.setHandler(_handler);
    _security.setConstraintMappings(getConstraintMappings(), getKnownRoles());
}

Example 5 with Password

use of org.eclipse.jetty.util.security.Password in project symmetric-ds by JumpMind.

the class SymmetricWebServer method setupBasicAuthIfNeeded.

protected void setupBasicAuthIfNeeded(Server server) {
    if (StringUtils.isNotBlank(basicAuthUsername)) {
        ConstraintSecurityHandler sh = new ConstraintSecurityHandler();
        Constraint constraint = new Constraint();
        constraint.setName(Constraint.__BASIC_AUTH);
        constraint.setRoles(new String[] { SecurityConstants.EMBEDDED_WEBSERVER_DEFAULT_ROLE });
        constraint.setAuthenticate(true);
        ConstraintMapping cm = new ConstraintMapping();
        cm.setConstraint(constraint);
        cm.setPathSpec("/*");
        // sh.setConstraintMappings(new ConstraintMapping[] {cm});
        sh.addConstraintMapping(cm);
        sh.setAuthenticator(new BasicAuthenticator());
        HashLoginService loginService = new HashLoginService();
        loginService.putUser(basicAuthUsername, new Password(basicAuthPassword), null);
        sh.setLoginService(loginService);
        server.setHandler(sh);
    }
}