@Override protected AuthHandler createAuthHandler(AuthProvider authProvider) { return BasicAuthHandler.create(authProvider); }
public static void parseCredentials(io.vertx.ext.web.handler.BasicAuthHandler j_receiver, io.vertx.ext.web.RoutingContext context, io.vertx.core.Handler<io.vertx.core.AsyncResult<java.util.Map<String, Object>>> handler) { j_receiver.parseCredentials(context, handler != null ? new io.vertx.core.Handler<io.vertx.core.AsyncResult<io.vertx.core.json.JsonObject>>() { public void handle(io.vertx.core.AsyncResult<io.vertx.core.json.JsonObject> ar) { handler.handle(ar.map(event -> io.vertx.core.impl.ConversionHelper.fromJsonObject(event))); } } : null); } }
/** * Add a set of required authorities for this auth handler * @param authorities the set of authorities * @return a reference to this, so the API can be used fluently */ public io.vertx.rxjava.ext.web.handler.AuthHandler addAuthorities(Set<String> authorities) { delegate.addAuthorities(authorities); return this; }
/** * Add a required authority for this auth handler * @param authority the authority * @return a reference to this, so the API can be used fluently */ public io.vertx.rxjava.ext.web.handler.AuthHandler addAuthority(String authority) { delegate.addAuthority(authority); return this; }
/** * Authorizes the given user against all added authorities. * @param user a user. * @param handler the handler for the result. */ public void authorize(io.vertx.rxjava.ext.auth.User user, Handler<AsyncResult<Void>> handler) { delegate.authorize(user.getDelegate(), handler); }
/** * Add a required authority for this auth handler * @param authority the authority * @return a reference to this, so the API can be used fluently */ public io.vertx.rxjava.ext.web.handler.AuthHandler addAuthority(String authority) { delegate.addAuthority(authority); return this; }
/** * Authorizes the given user against all added authorities. * @param user a user. * @param handler the handler for the result. */ public void authorize(io.vertx.rxjava.ext.auth.User user, Handler<AsyncResult<Void>> handler) { delegate.authorize(user.getDelegate(), handler); }
@Test public void testSecurityBypass() throws Exception { Handler<RoutingContext> handler = rc -> { fail("should not get here"); rc.response().end("Welcome to the protected resource!"); }; JsonObject authConfig = new JsonObject().put("properties_path", "classpath:login/loginusers.properties"); AuthProvider authProvider = ShiroAuth.create(vertx, new ShiroAuthOptions().setType(ShiroAuthRealmType.PROPERTIES).setConfig(authConfig)); router.route().pathRegex("/api/.*").handler(BasicAuthHandler.create(authProvider)); router.route("/api/v1/standard-job-profiles").handler(handler); testRequest(HttpMethod.GET, "//api/v1/standard-job-profiles", 401, "Unauthorized"); } }
/** * Parses the credentials from the request into a JsonObject. The implementation should * be able to extract the required info for the auth provider in the format the provider * expects. * @param context the routing context * @param handler the handler to be called once the information is available. */ public void parseCredentials(io.vertx.rxjava.ext.web.RoutingContext context, Handler<AsyncResult<JsonObject>> handler) { delegate.parseCredentials(context.getDelegate(), handler); }
/** * Add a set of required authorities for this auth handler * @param authorities the set of authorities * @return a reference to this, so the API can be used fluently */ public io.vertx.rxjava.ext.web.handler.AuthHandler addAuthorities(Set<String> authorities) { delegate.addAuthorities(authorities); return this; }
AuthHandler oauth2Handler = BasicAuthHandler.create(oauth2);
/** * Parses the credentials from the request into a JsonObject. The implementation should * be able to extract the required info for the auth provider in the format the provider * expects. * @param context the routing context * @param handler the handler to be called once the information is available. */ public void parseCredentials(io.vertx.rxjava.ext.web.RoutingContext context, Handler<AsyncResult<JsonObject>> handler) { delegate.parseCredentials(context.getDelegate(), handler); }
@Override protected AuthHandler createAuthHandler(AuthProvider authProvider) { return BasicAuthHandler.create(authProvider); }
@Override public void setUp() throws Exception { super.setUp(); JsonObject authConfig = new JsonObject().put("properties_path", "classpath:login/loginusers.properties"); AuthProvider authProvider = ShiroAuth.create(vertx, new ShiroAuthOptions().setType(ShiroAuthRealmType.PROPERTIES).setConfig(authConfig)); // create a chain chain = ChainAuthHandler.create(); chain .append(JWTAuthHandler.create(null)) .append(BasicAuthHandler.create(authProvider)) .append(RedirectAuthHandler.create(authProvider)); router.route().handler(SessionHandler.create(LocalSessionStore.create(vertx))); router.route().handler(chain); router.route().handler(ctx -> ctx.response().end()); }
private void doLogin(String realm) throws Exception { Handler<RoutingContext> handler = rc -> { assertNotNull(rc.user()); assertEquals("tim", rc.user().principal().getString("username")); rc.response().end("Welcome to the protected resource!"); }; JsonObject authConfig = new JsonObject().put("properties_path", "classpath:login/loginusers.properties"); AuthProvider authProvider = ShiroAuth.create(vertx, new ShiroAuthOptions().setType(ShiroAuthRealmType.PROPERTIES).setConfig(authConfig)); router.route("/protected/*").handler(BasicAuthHandler.create(authProvider, realm)); router.route("/protected/somepage").handler(handler); testRequest(HttpMethod.GET, "/protected/somepage", null, resp -> { String wwwAuth = resp.headers().get("WWW-Authenticate"); assertNotNull(wwwAuth); assertEquals("Basic realm=\"" + realm + "\"", wwwAuth); }, 401, "Unauthorized", null); // Now try again with credentials testRequest(HttpMethod.GET, "/protected/somepage", req -> req.putHeader("Authorization", "Basic dGltOmRlbGljaW91czpzYXVzYWdlcw=="), resp -> { String wwwAuth = resp.headers().get("WWW-Authenticate"); assertNull(wwwAuth); }, 200, "OK", "Welcome to the protected resource!"); }
@Test public void testLoginFail() throws Exception { String realm = "vertx-web"; Handler<RoutingContext> handler = rc -> { fail("should not get here"); rc.response().end("Welcome to the protected resource!"); }; JsonObject authConfig = new JsonObject().put("properties_path", "classpath:login/loginusers.properties"); AuthProvider authProvider = ShiroAuth.create(vertx, new ShiroAuthOptions().setType(ShiroAuthRealmType.PROPERTIES).setConfig(authConfig)); router.route("/protected/*").handler(BasicAuthHandler.create(authProvider)); router.route("/protected/somepage").handler(handler); testRequest(HttpMethod.GET, "/protected/somepage", null, resp -> { String wwwAuth = resp.headers().get("WWW-Authenticate"); assertNotNull(wwwAuth); assertEquals("Basic realm=\"" + realm + "\"", wwwAuth); }, 401, "Unauthorized", null); // Now try again with bad credentials testRequest(HttpMethod.GET, "/protected/somepage", req -> req.putHeader("Authorization", "Basic dGltOn5hdXdhZ2Vz"), resp -> { String wwwAuth = resp.headers().get("WWW-Authenticate"); assertNotNull(wwwAuth); assertEquals("Basic realm=\"" + realm + "\"", wwwAuth); }, 401, "Unauthorized", null); }
/** * Create a basic auth handler, specifying realm * @param authProvider the auth service to use * @param realm the realm to use * @return the auth handler */ public static io.vertx.rxjava.ext.web.handler.AuthHandler create(io.vertx.rxjava.ext.auth.AuthProvider authProvider, String realm) { io.vertx.rxjava.ext.web.handler.AuthHandler ret = io.vertx.rxjava.ext.web.handler.AuthHandler.newInstance(io.vertx.ext.web.handler.BasicAuthHandler.create(authProvider.getDelegate(), realm)); return ret; }
/** * Create a basic auth handler * @param authProvider the auth provider to use * @return the auth handler */ public static io.vertx.rxjava.ext.web.handler.AuthHandler create(io.vertx.rxjava.ext.auth.AuthProvider authProvider) { io.vertx.rxjava.ext.web.handler.AuthHandler ret = io.vertx.rxjava.ext.web.handler.AuthHandler.newInstance(io.vertx.ext.web.handler.BasicAuthHandler.create(authProvider.getDelegate())); return ret; }
/** * Create a basic auth handler, specifying realm * @param authProvider the auth service to use * @param realm the realm to use * @return the auth handler */ public static io.vertx.rxjava.ext.web.handler.AuthHandler create(io.vertx.rxjava.ext.auth.AuthProvider authProvider, String realm) { io.vertx.rxjava.ext.web.handler.AuthHandler ret = io.vertx.rxjava.ext.web.handler.AuthHandler.newInstance(io.vertx.ext.web.handler.BasicAuthHandler.create(authProvider.getDelegate(), realm)); return ret; }
/** * Create a basic auth handler * @param authProvider the auth provider to use * @return the auth handler */ public static io.vertx.rxjava.ext.web.handler.AuthHandler create(io.vertx.rxjava.ext.auth.AuthProvider authProvider) { io.vertx.rxjava.ext.web.handler.AuthHandler ret = io.vertx.rxjava.ext.web.handler.AuthHandler.newInstance(io.vertx.ext.web.handler.BasicAuthHandler.create(authProvider.getDelegate())); return ret; }