/** * @return * @return * @see http://www.eclipse.org/jetty/documentation/current/embedded-examples.html */ private ConstraintSecurityHandler createSecurityHandler(Config config) { ConstraintSecurityHandler security = new ConstraintSecurityHandler(); Set<String> knownRoles = ImmutableSet.of(ADMIN_ROLE); security.setConstraintMappings(Collections.<ConstraintMapping> emptyList(), knownRoles); security.setAuthenticator(new FormAuthenticator("/login", "/login", true)); security .setLoginService(new AmLoginService(AMSecurityManagerImpl.instance())); return security; }
uri=URIUtil.SLASH; mandatory|=isJSecurityCheck(uri); if (!mandatory) return new DeferredAuthentication(this); if (isLoginOrErrorPage(URIUtil.addPaths(request.getServletPath(),request.getPathInfo())) &&!DeferredAuthentication.isDeferred(response)) return new DeferredAuthentication(this); if (isJSecurityCheck(uri)) UserIdentity user = login(username, password, request); LOG.debug("jsecuritycheck {} {}",username,user); HttpSession session = request.getSession(false); nuri = URIUtil.SLASH; form_auth = new FormAuthentication(getAuthMethod(),user);
public FormAuthenticator(String login,String error,boolean dispatch) { this(); if (login!=null) setLoginPage(login); if (error!=null) setErrorPage(error); _dispatch=dispatch; }
@Override public UserIdentity login(String username, Object password, ServletRequest request) { UserIdentity user = super.login(username,password,request); if (user!=null) { HttpSession session = ((HttpServletRequest)request).getSession(true); Authentication cached=new SessionAuthentication(getAuthMethod(),user,password); session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached); } return user; }
@Override public UserIdentity login(String username, Object password, ServletRequest request) { UserIdentity user = super.login(username,password,request); if (user!=null) { HttpSession session = ((HttpServletRequest)request).getSession(true); Authentication cached=new SessionAuthentication(getAuthMethod(),user,password); session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached); } return user; }
uri=URIUtil.SLASH; mandatory|=isJSecurityCheck(uri); if (!mandatory) return new DeferredAuthentication(this); if (isLoginOrErrorPage(URIUtil.addPaths(request.getServletPath(),request.getPathInfo())) &&!DeferredAuthentication.isDeferred(response)) return new DeferredAuthentication(this); if (isJSecurityCheck(uri)) UserIdentity user = login(username, password, request); session = request.getSession(true); if (user!=null) response.sendRedirect(response.encodeRedirectURL(nuri)); return new FormAuthentication(getAuthMethod(),user);
/** * @see org.eclipse.jetty.security.authentication.LoginAuthenticator#setConfiguration(org.eclipse.jetty.security.Authenticator.AuthConfiguration) */ @Override public void setConfiguration(AuthConfiguration configuration) { super.setConfiguration(configuration); String login=configuration.getInitParameter(FormAuthenticator.__FORM_LOGIN_PAGE); if (login!=null) setLoginPage(login); String error=configuration.getInitParameter(FormAuthenticator.__FORM_ERROR_PAGE); if (error!=null) setErrorPage(error); String dispatch=configuration.getInitParameter(FormAuthenticator.__FORM_DISPATCH); _dispatch = dispatch==null?_dispatch:Boolean.parseBoolean(dispatch); }
@Override public Authenticator getAuthenticator(Server server, ServletContext context, AuthConfiguration configuration, IdentityService identityService, LoginService loginService) { String auth=configuration.getAuthMethod(); Authenticator authenticator=null; if (auth==null || Constraint.__BASIC_AUTH.equalsIgnoreCase(auth)) authenticator=new BasicAuthenticator(); else if (Constraint.__DIGEST_AUTH.equalsIgnoreCase(auth)) authenticator=new DigestAuthenticator(); else if (Constraint.__FORM_AUTH.equalsIgnoreCase(auth)) authenticator=new FormAuthenticator(); else if ( Constraint.__SPNEGO_AUTH.equalsIgnoreCase(auth) ) authenticator = new SpnegoAuthenticator(); else if ( Constraint.__NEGOTIATE_AUTH.equalsIgnoreCase(auth) ) // see Bug #377076 authenticator = new SpnegoAuthenticator(Constraint.__NEGOTIATE_AUTH); if (Constraint.__CERT_AUTH.equalsIgnoreCase(auth)||Constraint.__CERT_AUTH2.equalsIgnoreCase(auth)) authenticator=new ClientCertAuthenticator(); return authenticator; }
@Override public UserIdentity login(String username, Object password, ServletRequest request) { UserIdentity user = super.login(username,password,request); if (user!=null) { HttpSession session = ((HttpServletRequest)request).getSession(true); Authentication cached=new SessionAuthentication(getAuthMethod(),user,password); session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached); } return user; }
uri=URIUtil.SLASH; mandatory|=isJSecurityCheck(uri); if (!mandatory) return new DeferredAuthentication(this); if (isLoginOrErrorPage(URIUtil.addPaths(request.getServletPath(),request.getPathInfo())) &&!DeferredAuthentication.isDeferred(response)) return new DeferredAuthentication(this); if (isJSecurityCheck(uri)) UserIdentity user = login(username, password, request); session = request.getSession(true); if (user!=null) response.sendRedirect(response.encodeRedirectURL(nuri)); return new FormAuthentication(getAuthMethod(),user);
public FormAuthenticator(String login,String error,boolean dispatch) { this(); if (login!=null) setLoginPage(login); if (error!=null) setErrorPage(error); _dispatch=dispatch; }
securityHandler.setLoginService(loginService); FormAuthenticator authenticator = new FormAuthenticator("/login", "/login", false); securityHandler.setAuthenticator(authenticator);
@Override public UserIdentity login(String username, Object password, ServletRequest request) { UserIdentity user = super.login(username,password,request); if (user!=null) { HttpSession session = ((HttpServletRequest)request).getSession(true); Authentication cached=new SessionAuthentication(getAuthMethod(),user,password); session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached); } return user; }
uri=URIUtil.SLASH; mandatory|=isJSecurityCheck(uri); if (!mandatory) return new DeferredAuthentication(this); if (isLoginOrErrorPage(URIUtil.addPaths(request.getServletPath(),request.getPathInfo())) &&!DeferredAuthentication.isDeferred(response)) return new DeferredAuthentication(this); if (isJSecurityCheck(uri)) UserIdentity user = login(username, password, request); session = request.getSession(true); if (user!=null) response.sendRedirect(response.encodeRedirectURL(nuri)); return new FormAuthentication(getAuthMethod(),user);
public FormAuthenticator(String login,String error,boolean dispatch) { this(); if (login!=null) setLoginPage(login); if (error!=null) setErrorPage(error); _dispatch=dispatch; }
public Authenticator getAuthenticator(Server server, ServletContext context, AuthConfiguration configuration, IdentityService identityService, LoginService loginService) { String auth=configuration.getAuthMethod(); Authenticator authenticator=null; if (auth==null || Constraint.__BASIC_AUTH.equalsIgnoreCase(auth)) authenticator=new BasicAuthenticator(); else if (Constraint.__DIGEST_AUTH.equalsIgnoreCase(auth)) authenticator=new DigestAuthenticator(); else if (Constraint.__FORM_AUTH.equalsIgnoreCase(auth)) authenticator=new FormAuthenticator(); else if ( Constraint.__SPNEGO_AUTH.equalsIgnoreCase(auth) ) authenticator = new SpnegoAuthenticator(); else if ( Constraint.__NEGOTIATE_AUTH.equalsIgnoreCase(auth) ) // see Bug #377076 authenticator = new SpnegoAuthenticator(Constraint.__NEGOTIATE_AUTH); if (Constraint.__CERT_AUTH.equalsIgnoreCase(auth)||Constraint.__CERT_AUTH2.equalsIgnoreCase(auth)) authenticator=new ClientCertAuthenticator(); return authenticator; }
@Override public UserIdentity login(String username, Object password, ServletRequest request) { UserIdentity user = super.login(username,password,request); if (user!=null) { HttpSession session = ((HttpServletRequest)request).getSession(true); Authentication cached=new SessionAuthentication(getAuthMethod(),user,password); session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached); } return user; }
uri=URIUtil.SLASH; mandatory|=isJSecurityCheck(uri); if (!mandatory) return new DeferredAuthentication(this); if (isLoginOrErrorPage(URIUtil.addPaths(request.getServletPath(),request.getPathInfo())) &&!DeferredAuthentication.isDeferred(response)) return new DeferredAuthentication(this); if (isJSecurityCheck(uri)) UserIdentity user = login(username, password, request); session = request.getSession(true); if (user!=null) response.sendRedirect(response.encodeRedirectURL(nuri)); return new FormAuthentication(getAuthMethod(),user);
public FormAuthenticator(String login,String error,boolean dispatch) { this(); if (login!=null) setLoginPage(login); if (error!=null) setErrorPage(error); _dispatch=dispatch; }
public Authenticator getAuthenticator(Server server, ServletContext context, AuthConfiguration configuration, IdentityService identityService, LoginService loginService) { String auth=configuration.getAuthMethod(); Authenticator authenticator=null; if (auth==null || Constraint.__BASIC_AUTH.equalsIgnoreCase(auth)) authenticator=new BasicAuthenticator(); else if (Constraint.__DIGEST_AUTH.equalsIgnoreCase(auth)) authenticator=new DigestAuthenticator(); else if (Constraint.__FORM_AUTH.equalsIgnoreCase(auth)) authenticator=new FormAuthenticator(); else if ( Constraint.__SPNEGO_AUTH.equalsIgnoreCase(auth) ) authenticator = new SpnegoAuthenticator(); else if ( Constraint.__NEGOTIATE_AUTH.equalsIgnoreCase(auth) ) // see Bug #377076 authenticator = new SpnegoAuthenticator(Constraint.__NEGOTIATE_AUTH); if (Constraint.__CERT_AUTH.equalsIgnoreCase(auth)||Constraint.__CERT_AUTH2.equalsIgnoreCase(auth)) authenticator=new ClientCertAuthenticator(); return authenticator; }