@Override public void setUp() throws Exception { super.setUp(); JsonObject authConfig = new JsonObject().put("properties_path", "classpath:login/loginusers.properties"); authProvider = ShiroAuth.create(vertx, new ShiroAuthOptions().setType(ShiroAuthRealmType.PROPERTIES).setConfig(authConfig)); usernameParam = FormLoginHandler.DEFAULT_USERNAME_PARAM; passwordParam = FormLoginHandler.DEFAULT_PASSWORD_PARAM; }
@Override public void start(Future<Void> startFuture) throws Exception { ShellService service = ShellService.create(vertx, new ShellServiceOptions(). setHttpOptions( new HttpTermOptions(). setHost("localhost"). setPort(8080). setAuthOptions(new ShiroAuthOptions(). setConfig(new JsonObject().put("properties_path", "auth.properties"))))); service.start(ar -> { if (ar.succeeded()) { startFuture.succeeded(); } else { startFuture.fail(ar.cause()); } }); } }
@Test public void testSomething() { ShiroAuthOptions options = new ShiroAuthOptions( new JsonObject().put("provider", "shiro"). put("type", "PROPERTIES"). put("config", new JsonObject().put("foo", "bar"))); assertEquals(ShiroAuthRealmType.PROPERTIES, options.getType()); assertEquals(new JsonObject().put("foo", "bar"), options.getConfig()); } }
public static io.vertx.ext.auth.shiro.ShiroAuth create(io.vertx.ext.auth.shiro.ShiroAuth j_receiver, io.vertx.core.Vertx vertx, java.util.Map<String, Object> options) { return io.vertx.core.impl.ConversionHelper.fromObject(io.vertx.ext.auth.shiro.ShiroAuth.create(vertx, options != null ? new io.vertx.ext.auth.shiro.ShiroAuthOptions(io.vertx.core.impl.ConversionHelper.toJsonObject(options)) : null)); } }
@Override public void start(Future<Void> startFuture) throws Exception { ShellService service = ShellService.create(vertx, new ShellServiceOptions(). setSSHOptions( new SSHTermOptions(). setHost("localhost"). setPort(3000). setKeyPairOptions(new JksOptions(). setPath("keystore.jks"). setPassword("wibble")). setAuthOptions(new ShiroAuthOptions(). setConfig(new JsonObject().put("properties_path", "auth.properties"))))); service.start(ar -> { if (ar.succeeded()) { startFuture.succeeded(); } else { startFuture.fail(ar.cause()); } }); } }
@Test public void testSecurityBypass() throws Exception { Handler<RoutingContext> handler = rc -> { fail("should not get here"); rc.response().end("Welcome to the protected resource!"); }; JsonObject authConfig = new JsonObject().put("properties_path", "classpath:login/loginusers.properties"); AuthProvider authProvider = ShiroAuth.create(vertx, new ShiroAuthOptions().setType(ShiroAuthRealmType.PROPERTIES).setConfig(authConfig)); router.route().pathRegex("/api/.*").handler(BasicAuthHandler.create(authProvider)); router.route("/api/v1/standard-job-profiles").handler(handler); testRequest(HttpMethod.GET, "//api/v1/standard-job-profiles", 401, "Unauthorized"); } }
@Test public void testSendRequiresAuthorityHasnotAuthority() throws Exception { sockJSHandler.bridge(defaultOptions.addInboundPermitted(new PermittedOptions().setAddress(addr).setRequiredAuthority("pick_nose"))); router.clear(); router.route().handler(CookieHandler.create()); SessionStore store = LocalSessionStore.create(vertx); router.route().handler(SessionHandler.create(store)); JsonObject authConfig = new JsonObject().put("properties_path", "classpath:login/loginusers.properties"); AuthProvider authProvider = ShiroAuth.create(vertx, new ShiroAuthOptions().setType(ShiroAuthRealmType.PROPERTIES).setConfig(authConfig)); addLoginHandler(router, authProvider); router.route("/eventbus/*").handler(sockJSHandler); testError(new JsonObject().put("type", "send").put("address", addr).put("body", "foo"), "access_denied"); }
@Override public void setUp() throws Exception { super.setUp(); JsonObject authConfig = new JsonObject().put("properties_path", "classpath:login/loginusers.properties"); AuthProvider authProvider = ShiroAuth.create(vertx, new ShiroAuthOptions().setType(ShiroAuthRealmType.PROPERTIES).setConfig(authConfig)); // create a chain chain = ChainAuthHandler.create(); chain .append(JWTAuthHandler.create(null)) .append(BasicAuthHandler.create(authProvider)) .append(RedirectAuthHandler.create(authProvider)); router.route().handler(SessionHandler.create(LocalSessionStore.create(vertx))); router.route().handler(chain); router.route().handler(ctx -> ctx.response().end()); }
@Test public void testSendRequiresAuthorityHasAuthority() throws Exception { sockJSHandler.bridge(defaultOptions.addInboundPermitted(new PermittedOptions().setAddress(addr).setRequiredAuthority("bang_sticks"))); router.clear(); router.route().handler(CookieHandler.create()); SessionStore store = LocalSessionStore.create(vertx); router.route().handler(SessionHandler.create(store)); JsonObject authConfig = new JsonObject().put("properties_path", "classpath:login/loginusers.properties"); AuthProvider authProvider = ShiroAuth.create(vertx, new ShiroAuthOptions().setType(ShiroAuthRealmType.PROPERTIES).setConfig(authConfig)); addLoginHandler(router, authProvider); router.route("/eventbus/*").handler(sockJSHandler); testSend("foo"); }
@Test public void testLoginFail() throws Exception { String realm = "vertx-web"; Handler<RoutingContext> handler = rc -> { fail("should not get here"); rc.response().end("Welcome to the protected resource!"); }; JsonObject authConfig = new JsonObject().put("properties_path", "classpath:login/loginusers.properties"); AuthProvider authProvider = ShiroAuth.create(vertx, new ShiroAuthOptions().setType(ShiroAuthRealmType.PROPERTIES).setConfig(authConfig)); router.route("/protected/*").handler(BasicAuthHandler.create(authProvider)); router.route("/protected/somepage").handler(handler); testRequest(HttpMethod.GET, "/protected/somepage", null, resp -> { String wwwAuth = resp.headers().get("WWW-Authenticate"); assertNotNull(wwwAuth); assertEquals("Basic realm=\"" + realm + "\"", wwwAuth); }, 401, "Unauthorized", null); // Now try again with bad credentials testRequest(HttpMethod.GET, "/protected/somepage", req -> req.putHeader("Authorization", "Basic dGltOn5hdXdhZ2Vz"), resp -> { String wwwAuth = resp.headers().get("WWW-Authenticate"); assertNotNull(wwwAuth); assertEquals("Basic realm=\"" + realm + "\"", wwwAuth); }, 401, "Unauthorized", null); }
private void doLogin(String realm) throws Exception { Handler<RoutingContext> handler = rc -> { assertNotNull(rc.user()); assertEquals("tim", rc.user().principal().getString("username")); rc.response().end("Welcome to the protected resource!"); }; JsonObject authConfig = new JsonObject().put("properties_path", "classpath:login/loginusers.properties"); AuthProvider authProvider = ShiroAuth.create(vertx, new ShiroAuthOptions().setType(ShiroAuthRealmType.PROPERTIES).setConfig(authConfig)); router.route("/protected/*").handler(BasicAuthHandler.create(authProvider, realm)); router.route("/protected/somepage").handler(handler); testRequest(HttpMethod.GET, "/protected/somepage", null, resp -> { String wwwAuth = resp.headers().get("WWW-Authenticate"); assertNotNull(wwwAuth); assertEquals("Basic realm=\"" + realm + "\"", wwwAuth); }, 401, "Unauthorized", null); // Now try again with credentials testRequest(HttpMethod.GET, "/protected/somepage", req -> req.putHeader("Authorization", "Basic dGltOmRlbGljaW91czpzYXVzYWdlcw=="), resp -> { String wwwAuth = resp.headers().get("WWW-Authenticate"); assertNull(wwwAuth); }, 200, "OK", "Welcome to the protected resource!"); }
AuthProvider authProvider = ShiroAuth.create(vertx, new ShiroAuthOptions().setType(ShiroAuthRealmType.PROPERTIES).setConfig(authConfig)); AuthHandler authHandler = createAuthHandler(authProvider); if (authorities != null) {
AuthProvider authProvider = ShiroAuth.create(vertx, new ShiroAuthOptions().setType(ShiroAuthRealmType.PROPERTIES).setConfig(authConfig)); router.route().handler(UserSessionHandler.create(authProvider)); router.route("/protected/*").handler(BasicAuthHandler.create(authProvider));
@Override public void setUp() throws Exception { super.setUp(); JsonObject authConfig = new JsonObject().put("properties_path", "classpath:login/loginusers.properties"); authProvider = ShiroAuth.create(vertx, new ShiroAuthOptions().setType(ShiroAuthRealmType.PROPERTIES).setConfig(authConfig)); usernameParam = FormLoginHandler.DEFAULT_USERNAME_PARAM; passwordParam = FormLoginHandler.DEFAULT_PASSWORD_PARAM; }
private void assertResolve(File cwd, String path) { try { System.setProperty("vertx.cwd", cwd.getAbsolutePath()); ShiroAuth.create(vertx, new ShiroAuthOptions().setType( ShiroAuthRealmType.PROPERTIES ).setConfig( new JsonObject().put(PropertiesProviderConstants.PROPERTIES_PROPS_PATH_FIELD, path) ) ); } finally { System.clearProperty("vertx.cwd"); } } }
@Override public void setUp() throws Exception { super.setUp(); authProvider = ShiroAuth.create(vertx, new ShiroAuthOptions().setType(ShiroAuthRealmType.PROPERTIES).setConfig(getConfig())); }
@Test public void testResolve() throws Exception { ClassLoader loader = PropertiesShiroAuthProviderTest.class.getClassLoader(); File res = new File(loader.getResource("test-auth.properties").toURI()); try { ShiroAuth.create(vertx, new ShiroAuthOptions().setType( ShiroAuthRealmType.PROPERTIES ).setConfig( new JsonObject().put(PropertiesProviderConstants.PROPERTIES_PROPS_PATH_FIELD, res.getName()) )); fail(); } catch (Exception ignore) { } assertResolve(res.getParentFile(), res.getName()); assertResolve(res.getParentFile(), "file:" + res.getName()); assertResolve(res.getParentFile().getParentFile(), "file:" + res.getParentFile().getName() + File.separatorChar + res.getName()); assertResolve(res.getParentFile().getParentFile(), "classpath:" + res.getName()); assertResolve(res.getParentFile().getParentFile(), "url:" + res.toURI().toURL()); }
@Test public void testNoKeyPairConfigured() throws Exception { try { startShell(new SSHTermOptions().setPort(5000).setHost("localhost"). setAuthOptions(new ShiroAuthOptions().setType(ShiroAuthRealmType.PROPERTIES).setConfig( new JsonObject().put("properties_path", "classpath:test-auth.properties"))) ); } catch (ExecutionException e) { assertTrue(e.getCause() instanceof VertxException); assertEquals("No key pair store configured", e.getCause().getMessage()); } }
@Override public void setUp() throws Exception { super.setUp(); ldapServer = new EmbeddedADS(ldapWorkingDirectory.newFolder()); ldapServer.startServer(); insertTestUsers(); authProvider = ShiroAuth.create(vertx, new ShiroAuthOptions().setType(ShiroAuthRealmType.LDAP).setConfig(getConfig())); }
protected void startShell() throws Exception { startShell(new SSHTermOptions().setPort(5000).setHost("localhost").setKeyPairOptions( new JksOptions().setPath("src/test/resources/server-keystore.jks").setPassword("wibble")). setAuthOptions(new ShiroAuthOptions().setType(ShiroAuthRealmType.PROPERTIES).setConfig( new JsonObject().put("properties_path", "classpath:test-auth.properties")))); }