@Override protected AuthHandler createAuthHandler(AuthProvider authProvider) { return BasicAuthHandler.create(authProvider); }
@Test public void testSecurityBypass() throws Exception { Handler<RoutingContext> handler = rc -> { fail("should not get here"); rc.response().end("Welcome to the protected resource!"); }; JsonObject authConfig = new JsonObject().put("properties_path", "classpath:login/loginusers.properties"); AuthProvider authProvider = ShiroAuth.create(vertx, new ShiroAuthOptions().setType(ShiroAuthRealmType.PROPERTIES).setConfig(authConfig)); router.route().pathRegex("/api/.*").handler(BasicAuthHandler.create(authProvider)); router.route("/api/v1/standard-job-profiles").handler(handler); testRequest(HttpMethod.GET, "//api/v1/standard-job-profiles", 401, "Unauthorized"); } }
AuthHandler oauth2Handler = BasicAuthHandler.create(oauth2);
@Override protected AuthHandler createAuthHandler(AuthProvider authProvider) { return BasicAuthHandler.create(authProvider); }
@Override public void setUp() throws Exception { super.setUp(); JsonObject authConfig = new JsonObject().put("properties_path", "classpath:login/loginusers.properties"); AuthProvider authProvider = ShiroAuth.create(vertx, new ShiroAuthOptions().setType(ShiroAuthRealmType.PROPERTIES).setConfig(authConfig)); // create a chain chain = ChainAuthHandler.create(); chain .append(JWTAuthHandler.create(null)) .append(BasicAuthHandler.create(authProvider)) .append(RedirectAuthHandler.create(authProvider)); router.route().handler(SessionHandler.create(LocalSessionStore.create(vertx))); router.route().handler(chain); router.route().handler(ctx -> ctx.response().end()); }
private void doLogin(String realm) throws Exception { Handler<RoutingContext> handler = rc -> { assertNotNull(rc.user()); assertEquals("tim", rc.user().principal().getString("username")); rc.response().end("Welcome to the protected resource!"); }; JsonObject authConfig = new JsonObject().put("properties_path", "classpath:login/loginusers.properties"); AuthProvider authProvider = ShiroAuth.create(vertx, new ShiroAuthOptions().setType(ShiroAuthRealmType.PROPERTIES).setConfig(authConfig)); router.route("/protected/*").handler(BasicAuthHandler.create(authProvider, realm)); router.route("/protected/somepage").handler(handler); testRequest(HttpMethod.GET, "/protected/somepage", null, resp -> { String wwwAuth = resp.headers().get("WWW-Authenticate"); assertNotNull(wwwAuth); assertEquals("Basic realm=\"" + realm + "\"", wwwAuth); }, 401, "Unauthorized", null); // Now try again with credentials testRequest(HttpMethod.GET, "/protected/somepage", req -> req.putHeader("Authorization", "Basic dGltOmRlbGljaW91czpzYXVzYWdlcw=="), resp -> { String wwwAuth = resp.headers().get("WWW-Authenticate"); assertNull(wwwAuth); }, 200, "OK", "Welcome to the protected resource!"); }
@Test public void testLoginFail() throws Exception { String realm = "vertx-web"; Handler<RoutingContext> handler = rc -> { fail("should not get here"); rc.response().end("Welcome to the protected resource!"); }; JsonObject authConfig = new JsonObject().put("properties_path", "classpath:login/loginusers.properties"); AuthProvider authProvider = ShiroAuth.create(vertx, new ShiroAuthOptions().setType(ShiroAuthRealmType.PROPERTIES).setConfig(authConfig)); router.route("/protected/*").handler(BasicAuthHandler.create(authProvider)); router.route("/protected/somepage").handler(handler); testRequest(HttpMethod.GET, "/protected/somepage", null, resp -> { String wwwAuth = resp.headers().get("WWW-Authenticate"); assertNotNull(wwwAuth); assertEquals("Basic realm=\"" + realm + "\"", wwwAuth); }, 401, "Unauthorized", null); // Now try again with bad credentials testRequest(HttpMethod.GET, "/protected/somepage", req -> req.putHeader("Authorization", "Basic dGltOn5hdXdhZ2Vz"), resp -> { String wwwAuth = resp.headers().get("WWW-Authenticate"); assertNotNull(wwwAuth); assertEquals("Basic realm=\"" + realm + "\"", wwwAuth); }, 401, "Unauthorized", null); }
/** * Create a basic auth handler * @param authProvider the auth provider to use * @return the auth handler */ public static io.vertx.rxjava.ext.web.handler.AuthHandler create(io.vertx.rxjava.ext.auth.AuthProvider authProvider) { io.vertx.rxjava.ext.web.handler.AuthHandler ret = io.vertx.rxjava.ext.web.handler.AuthHandler.newInstance(io.vertx.ext.web.handler.BasicAuthHandler.create(authProvider.getDelegate())); return ret; }
/** * Create a basic auth handler, specifying realm * @param authProvider the auth service to use * @param realm the realm to use * @return the auth handler */ public static io.vertx.rxjava.ext.web.handler.AuthHandler create(io.vertx.rxjava.ext.auth.AuthProvider authProvider, String realm) { io.vertx.rxjava.ext.web.handler.AuthHandler ret = io.vertx.rxjava.ext.web.handler.AuthHandler.newInstance(io.vertx.ext.web.handler.BasicAuthHandler.create(authProvider.getDelegate(), realm)); return ret; }
/** * Create a basic auth handler, specifying realm * @param authProvider the auth service to use * @param realm the realm to use * @return the auth handler */ public static io.vertx.rxjava.ext.web.handler.AuthHandler create(io.vertx.rxjava.ext.auth.AuthProvider authProvider, String realm) { io.vertx.rxjava.ext.web.handler.AuthHandler ret = io.vertx.rxjava.ext.web.handler.AuthHandler.newInstance(io.vertx.ext.web.handler.BasicAuthHandler.create(authProvider.getDelegate(), realm)); return ret; }
/** * Create a basic auth handler * @param authProvider the auth provider to use * @return the auth handler */ public static io.vertx.rxjava.ext.web.handler.AuthHandler create(io.vertx.rxjava.ext.auth.AuthProvider authProvider) { io.vertx.rxjava.ext.web.handler.AuthHandler ret = io.vertx.rxjava.ext.web.handler.AuthHandler.newInstance(io.vertx.ext.web.handler.BasicAuthHandler.create(authProvider.getDelegate())); return ret; }
private void setupAuthentication(Properties properties, AuthProvider authProvider) { AuthHandlerEnum ae = AuthHandlerEnum.valueOf(readProperty(AUTH_HANDLER_PROP, "REDIRECT", false)); switch (ae) { case BASIC: authHandler = BasicAuthHandler.create(authProvider); break; case REDIRECT: authHandler = new RedirectAuthHandlerBt(authProvider, loginPage, RedirectAuthHandler.DEFAULT_RETURN_URL_PARAM); break; default: throw new UnsupportedOperationException("unsupported definition for authentication handler: " + ae); } }
AuthProvider authProvider = ShiroAuth.create(vertx, new ShiroAuthOptions().setType(ShiroAuthRealmType.PROPERTIES).setConfig(authConfig)); router.route().handler(UserSessionHandler.create(authProvider)); router.route("/protected/*").handler(BasicAuthHandler.create(authProvider));
break; case AUTHENTICATION_TYPE_BASIC: authHandler = BasicAuthHandler.create(authProvider, AUTHENTICATION_BASIC_REALM); break; default:
break; case "basic": authHandler = BasicAuthHandler.create(authProvider); break; case "oauth2":
@Test public void testSecurityBypass() throws Exception { Handler<RoutingContext> handler = rc -> { fail("should not get here"); rc.response().end("Welcome to the protected resource!"); }; JsonObject authConfig = new JsonObject().put("properties_path", "classpath:login/loginusers.properties"); AuthProvider authProvider = ShiroAuth.create(vertx, new ShiroAuthOptions().setType(ShiroAuthRealmType.PROPERTIES).setConfig(authConfig)); router.route().pathRegex("/api/.*").handler(BasicAuthHandler.create(authProvider)); router.route("/api/v1/standard-job-profiles").handler(handler); testRequest(HttpMethod.GET, "//api/v1/standard-job-profiles", 401, "Unauthorized"); } }
AuthHandler oauth2Handler = BasicAuthHandler.create(oauth2);
@Override public void setUp() throws Exception { super.setUp(); JsonObject authConfig = new JsonObject().put("properties_path", "classpath:login/loginusers.properties"); AuthProvider authProvider = ShiroAuth.create(vertx, new ShiroAuthOptions().setType(ShiroAuthRealmType.PROPERTIES).setConfig(authConfig)); // create a chain chain = ChainAuthHandler.create(); chain .append(JWTAuthHandler.create(null)) .append(BasicAuthHandler.create(authProvider)) .append(RedirectAuthHandler.create(authProvider)); router.route().handler(SessionHandler.create(LocalSessionStore.create(vertx))); router.route().handler(chain); router.route().handler(ctx -> ctx.response().end()); }
private void doLogin(String realm) throws Exception { Handler<RoutingContext> handler = rc -> { assertNotNull(rc.user()); assertEquals("tim", rc.user().principal().getString("username")); rc.response().end("Welcome to the protected resource!"); }; JsonObject authConfig = new JsonObject().put("properties_path", "classpath:login/loginusers.properties"); AuthProvider authProvider = ShiroAuth.create(vertx, new ShiroAuthOptions().setType(ShiroAuthRealmType.PROPERTIES).setConfig(authConfig)); router.route("/protected/*").handler(BasicAuthHandler.create(authProvider, realm)); router.route("/protected/somepage").handler(handler); testRequest(HttpMethod.GET, "/protected/somepage", null, resp -> { String wwwAuth = resp.headers().get("WWW-Authenticate"); assertNotNull(wwwAuth); assertEquals("Basic realm=\"" + realm + "\"", wwwAuth); }, 401, "Unauthorized", null); // Now try again with credentials testRequest(HttpMethod.GET, "/protected/somepage", req -> req.putHeader("Authorization", "Basic dGltOmRlbGljaW91czpzYXVzYWdlcw=="), resp -> { String wwwAuth = resp.headers().get("WWW-Authenticate"); assertNull(wwwAuth); }, 200, "OK", "Welcome to the protected resource!"); }
@Test public void testLoginFail() throws Exception { String realm = "vertx-web"; Handler<RoutingContext> handler = rc -> { fail("should not get here"); rc.response().end("Welcome to the protected resource!"); }; JsonObject authConfig = new JsonObject().put("properties_path", "classpath:login/loginusers.properties"); AuthProvider authProvider = ShiroAuth.create(vertx, new ShiroAuthOptions().setType(ShiroAuthRealmType.PROPERTIES).setConfig(authConfig)); router.route("/protected/*").handler(BasicAuthHandler.create(authProvider)); router.route("/protected/somepage").handler(handler); testRequest(HttpMethod.GET, "/protected/somepage", null, resp -> { String wwwAuth = resp.headers().get("WWW-Authenticate"); assertNotNull(wwwAuth); assertEquals("Basic realm=\"" + realm + "\"", wwwAuth); }, 401, "Unauthorized", null); // Now try again with bad credentials testRequest(HttpMethod.GET, "/protected/somepage", req -> req.putHeader("Authorization", "Basic dGltOn5hdXdhZ2Vz"), resp -> { String wwwAuth = resp.headers().get("WWW-Authenticate"); assertNotNull(wwwAuth); assertEquals("Basic realm=\"" + realm + "\"", wwwAuth); }, 401, "Unauthorized", null); }