/** * Secure the web server with PAM. */ void setupPam(Builder b, Handler handler) { LoginService loginService = new PamLoginService(); webServer.addBean(loginService); ConstraintSecurityHandler security = new ConstraintSecurityHandler(); Constraint constraint = new PamConstraint(); ConstraintMapping mapping = new PamConstraintMapping(constraint); security.setConstraintMappings(Collections.singletonList(mapping)); security.setAuthenticator(b.pamAuthenticator); security.setLoginService(loginService); security.setHandler(handler); webServer.setHandler(security); }
securityHandler.setHandler(resourceHandler);
SessionHandler sessions = new SessionHandler(new HashSessionManager()); sessions.setHandler(gzipHandler); securityHandler.setHandler(sessions); ipaccess.setHandler(securityHandler);
private static void addAuthHandler(Server server, String auth, LoginAuthenticator authenticator, Handler handler) { server.addBean(LOGIN_SERVICE); Constraint constraint = new Constraint(); constraint.setName(auth); constraint.setRoles(new String[]{USER, ADMIN}); constraint.setAuthenticate(true); ConstraintMapping mapping = new ConstraintMapping(); mapping.setConstraint(constraint); mapping.setPathSpec("/*"); Set<String> knownRoles = new HashSet<>(); knownRoles.add(USER); knownRoles.add(ADMIN); List<ConstraintMapping> cm = new ArrayList<>(); cm.add(mapping); ConstraintSecurityHandler security = new ConstraintSecurityHandler(); security.setConstraintMappings(cm, knownRoles); security.setAuthenticator(authenticator); security.setLoginService(LOGIN_SERVICE); security.setHandler(handler); server.setHandler(security); }
securityHandler.setHandler( handlers );
SessionHandler sessions = new SessionHandler(new HashSessionManager()); sessions.setHandler(gzipHandler); securityHandler.setHandler(sessions); ipaccess.setHandler(securityHandler);
@Override public void setHandler(Handler handler) { super.setHandler(handler); for (DrillHttpConstraintSecurityHandler securityHandler : securityHandlers.values()) { securityHandler.setHandler(handler); } }
@Override public void customize(Server server) { LOG.debug("Customizing server to allow requests for {}", USER_AUTHORIZED); HashLoginService login = new HashLoginService(); login.putUser(USER_AUTHORIZED, Credential.getCredential(USER_PW), new String[] {"users"}); login.setName("users"); Constraint constraint = new Constraint(); constraint.setName(Constraint.__BASIC_AUTH); constraint.setRoles(new String[]{"users"}); constraint.setAuthenticate(true); ConstraintMapping cm = new ConstraintMapping(); cm.setConstraint(constraint); cm.setPathSpec("/*"); ConstraintSecurityHandler security = new ConstraintSecurityHandler(); security.setAuthenticator(new BasicAuthenticator()); security.setRealmName("users"); security.addConstraintMapping(cm); security.setLoginService(login); // chain the PQS handler to security security.setHandler(server.getHandlers()[0]); server.setHandler(security); } }
private HandlerList configureHandlers() { final HandlerList handlerList = new HandlerList(); Handler avaticaHandler = handler; // Wrap the provided handler for security if we made one if (null != config) { ConstraintSecurityHandler securityHandler = getSecurityHandler(); securityHandler.setHandler(handler); avaticaHandler = securityHandler; } handlerList.setHandlers(new Handler[] {avaticaHandler, new DefaultHandler()}); server.setHandler(handlerList); return handlerList; }
private HandlerList configureHandlers() { final HandlerList handlerList = new HandlerList(); Handler avaticaHandler = handler; // Wrap the provided handler for security if we made one if (null != config) { ConstraintSecurityHandler securityHandler = getSecurityHandler(); securityHandler.setHandler(handler); avaticaHandler = securityHandler; } handlerList.setHandlers(new Handler[] {avaticaHandler, new DefaultHandler()}); server.setHandler(handlerList); return handlerList; }
/** * Secure the web server with PAM. */ void setupPam(Builder b, Handler handler) { LoginService loginService = new PamLoginService(); webServer.addBean(loginService); ConstraintSecurityHandler security = new ConstraintSecurityHandler(); Constraint constraint = new PamConstraint(); ConstraintMapping mapping = new PamConstraintMapping(constraint); security.setConstraintMappings(Collections.singletonList(mapping)); security.setAuthenticator(b.pamAuthenticator); security.setLoginService(loginService); security.setHandler(handler); webServer.setHandler(security); }
private void auth(ServletContextHandler ctx, Authenticator authType, String... methods) { AbstractLoginService users = new TestMappedLoginService(authRole); List<ConstraintMapping> mappings = new ArrayList<>(); if (methods == null || methods.length == 0) { mappings.add(createConstraintMapping()); } else { for (String method : methods) { ConstraintMapping cm = createConstraintMapping(); cm.setMethod(method.toUpperCase(Locale.ROOT)); mappings.add(cm); } } ConstraintSecurityHandler sec = new ConstraintSecurityHandler(); sec.setRealmName(realm); sec.setAuthenticator(authType); sec.setLoginService(users); sec.setConstraintMappings( mappings.toArray(new ConstraintMapping[0])); sec.setHandler(ctx); contexts.removeHandler(ctx); contexts.addHandler(sec); }
private ConstraintSecurityHandler getBaseAuth(HashLoginService service, WebAppContext webapp) { Constraint constraint = new Constraint(); constraint.setName("auth"); constraint.setAuthenticate(true); constraint.setRoles(new String[]{credentialsCfg.username}); ConstraintMapping mapping = new ConstraintMapping(); mapping.setPathSpec("/*"); mapping.setConstraint(constraint); ConstraintSecurityHandler security = new ConstraintSecurityHandler(); security.setConstraintMappings(Collections.singletonList(mapping)); security.setAuthenticator(new BasicAuthenticator()); security.setLoginService(service); security.setHandler(webapp); return security; } }
security.setAuthenticator(new BasicAuthenticator()); security.setLoginService(loginService); security.setHandler(configureHandler());
security.setLoginService(loginService); security.setHandler(configureHandler()); server.setHandler(security); server.start();
security.setAuthenticator(new BasicAuthenticator()); security.setLoginService(loginService); security.setHandler(configureHandler());
private void configureServer(Server server, WebAuthConfig authConfig, Handler servletHandler) throws BaleenException { Handler serverHandler; if (authConfig == null || authConfig.getType() == AuthType.NONE) { LOGGER.warn("No security applied to API"); // No security serverHandler = servletHandler; } else if (authConfig.getType() == AuthType.BASIC) { // Basic authentication LOGGER.info("Using Basic HTTP authentication for API"); HashLoginService loginService = new HashLoginService(authConfig.getName()); UserStore userStore = new UserStore(); for (WebUser user : authConfig.getUsers()) { Credential credential = Credential.getCredential(user.getPassword()); userStore.addUser(user.getUsername(), credential, user.getRolesAsArray()); } loginService.setUserStore(userStore); server.addBean(loginService); ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler(); securityHandler.setHandler(servletHandler); securityHandler.setConstraintMappings(constraintMappings); securityHandler.setAuthenticator(new BasicAuthenticator()); securityHandler.setLoginService(loginService); serverHandler = securityHandler; } else { throw new InvalidParameterException("Configuration of authentication failed"); } server.setHandler(serverHandler); }
private void configureServer(Server server, WebAuthConfig authConfig, Handler servletHandler) throws BaleenException { Handler serverHandler; if (authConfig == null || authConfig.getType() == AuthType.NONE) { LOGGER.warn("No security applied to API"); // No security serverHandler = servletHandler; } else if (authConfig.getType() == AuthType.BASIC) { // Basic authentication LOGGER.info("Using Basic HTTP authentication for API"); HashLoginService loginService = new HashLoginService(authConfig.getName()); UserStore userStore = new UserStore(); for (WebUser user : authConfig.getUsers()) { Credential credential = Credential.getCredential(user.getPassword()); userStore.addUser(user.getUsername(), credential, user.getRolesAsArray()); } loginService.setUserStore(userStore); server.addBean(loginService); ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler(); securityHandler.setHandler(servletHandler); securityHandler.setConstraintMappings(constraintMappings); securityHandler.setAuthenticator(new BasicAuthenticator()); securityHandler.setLoginService(loginService); serverHandler = securityHandler; } else { throw new InvalidParameterException("Configuration of authentication failed"); } server.setHandler(serverHandler); }
/** * Disables the HTTP TRACE method request which leads to Cross-Site Tracking (XST) problems. * * To disable it, we need to wrap the Handler (which has the HTTP TRACE enabled) with a constraint * that denies access to the HTTP TRACE method. * * @param handler The Handler which has the HTTP TRACE enabled. * @return A new Handler wrapped with the HTTP TRACE constraint and the Handler passed as * parameter. */ private Handler disableTraceMethod(Handler handler) { Constraint disableTraceConstraint = new Constraint(); disableTraceConstraint.setName("Disable TRACE"); disableTraceConstraint.setAuthenticate(true); ConstraintMapping mapping = new ConstraintMapping(); mapping.setConstraint(disableTraceConstraint); mapping.setMethod("TRACE"); mapping.setPathSpec("/"); ConstraintSecurityHandler constraintSecurityHandler = new ConstraintSecurityHandler(); constraintSecurityHandler.addConstraintMapping(mapping); constraintSecurityHandler.setHandler(handler); return constraintSecurityHandler; }
private void auth(ServletContextHandler ctx, Authenticator authType) { final String role = "can-access"; MappedLoginService users = new MappedLoginService() { @Override protected UserIdentity loadUser(String who) { return null; } @Override protected void loadUsers() throws IOException { putUser(username, new Password(password), new String[] { role }); } }; ConstraintMapping cm = new ConstraintMapping(); cm.setConstraint(new Constraint()); cm.getConstraint().setAuthenticate(true); cm.getConstraint().setDataConstraint(Constraint.DC_NONE); cm.getConstraint().setRoles(new String[] { role }); cm.setPathSpec("/*"); ConstraintSecurityHandler sec = new ConstraintSecurityHandler(); sec.setStrict(false); sec.setRealmName(realm); sec.setAuthenticator(authType); sec.setLoginService(users); sec.setConstraintMappings(new ConstraintMapping[] { cm }); sec.setHandler(ctx); contexts.removeHandler(ctx); contexts.addHandler(sec); }