/** * Generate constraints for the Flume HTTP Source * @return ConstraintSecurityHandler for use with Jetty servlet */ public static ConstraintSecurityHandler enforceConstraints() { Constraint c = new Constraint(); c.setAuthenticate(true); ConstraintMapping cmt = new ConstraintMapping(); cmt.setConstraint(c); cmt.setMethod("TRACE"); cmt.setPathSpec("/*"); ConstraintMapping cmo = new ConstraintMapping(); cmo.setConstraint(c); cmo.setMethod("OPTIONS"); cmo.setPathSpec("/*"); ConstraintSecurityHandler sh = new ConstraintSecurityHandler(); sh.setConstraintMappings(new ConstraintMapping[]{cmt, cmo}); return sh; } }
private static SecurityHandler basicAuth(String username, String password, String realm) UserStore userStore = new UserStore(); userStore.addUser(username, Credential.getCredential(password), new String[]{"user"}); HashLoginService l = new HashLoginService(); l.setUserStore(userStore); l.setName(realm); ConstraintMapping healthcheckConstraintMapping = new ConstraintMapping(); healthcheckConstraintMapping.setConstraint(noConstraint); healthcheckConstraintMapping.setPathSpec("/api/v1/health/check"); ConstraintMapping cm = new ConstraintMapping(); cm.setConstraint(constraint); cm.setPathSpec("/*"); ConstraintSecurityHandler csh = new ConstraintSecurityHandler(); csh.setAuthenticator(new BasicAuthenticator()); csh.setRealmName("myrealm"); csh.addConstraintMapping(healthcheckConstraintMapping); csh.addConstraintMapping(cm); csh.setLoginService(l);
private DigestAuthHandler() throws Exception { digestAuthenticator = new DigestAuthenticator(); ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler(); final HashLoginService hashLoginService = new HashLoginService("realm", "src/test/resources/TestInvokeHttp/realm.properties"); hashLoginService.start(); securityHandler.setLoginService(hashLoginService); securityHandler.setIdentityService(new DefaultIdentityService()); digestAuthenticator.setConfiguration(securityHandler); }
ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler(); org.eclipse.jetty.security.LoginService loginService = new org.eclipse.jetty.security.HashLoginService("LoklakRealm", DAO.conf_dir.getAbsolutePath() + "/http_auth"); if(auth) LoklakInstallation.server.addBean(loginService); ConstraintMapping mapping = new ConstraintMapping(); mapping.setPathSpec( "/*" ); mapping.setConstraint(constraint); securityHandler.addConstraintMapping(mapping); securityHandler.setAuthenticator(new BasicAuthenticator()); securityHandler.setLoginService(loginService); SessionHandler sessions = new SessionHandler(new HashSessionManager()); sessions.setHandler(gzipHandler); securityHandler.setHandler(sessions); ipaccess.setHandler(securityHandler);
private static void addAuthHandler(Server server, String auth, LoginAuthenticator authenticator, Handler handler) { server.addBean(LOGIN_SERVICE); Constraint constraint = new Constraint(); constraint.setName(auth); constraint.setRoles(new String[]{USER, ADMIN}); constraint.setAuthenticate(true); ConstraintMapping mapping = new ConstraintMapping(); mapping.setConstraint(constraint); mapping.setPathSpec("/*"); Set<String> knownRoles = new HashSet<>(); knownRoles.add(USER); knownRoles.add(ADMIN); List<ConstraintMapping> cm = new ArrayList<>(); cm.add(mapping); ConstraintSecurityHandler security = new ConstraintSecurityHandler(); security.setConstraintMappings(cm, knownRoles); security.setAuthenticator(authenticator); security.setLoginService(LOGIN_SERVICE); security.setHandler(handler); server.setHandler(security); }
ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler(); JAASLoginService jaasLoginService = new JAASLoginService( "Kettle" ); jaasLoginService.setLoginModuleName( System.getProperty( "loginmodulename" ) ); securityHandler.setLoginService( jaasLoginService ); } else { roles.add( "default" ); SlaveServer slaveServer = transformationMap.getSlaveServerConfig().getSlaveServer(); if ( !Utils.isEmpty( slaveServer.getPassword() ) ) { hashLoginService = new HashLoginService( "Kettle" ); hashLoginService.putUser( slaveServer.getUsername(), new Password( slaveServer.getPassword() ), new String[] { "default" } ); } else { hashLoginService = new HashLoginService( "Kettle", passwordFile ) { @Override public synchronized UserIdentity putUser( String userName, Credential credential, String[] roles ) { List<String> newRoles = new ArrayList<String>(); securityHandler.setLoginService( hashLoginService ); ConstraintMapping constraintMapping = new ConstraintMapping(); constraintMapping.setConstraint( constraint ); constraintMapping.setPathSpec( "/*" ); securityHandler.setConstraintMappings( new ConstraintMapping[] { constraintMapping } ); securityHandler.setHandler( handlers );
final ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler(); contextHandler.insertHandler(securityHandler); constraint.setRoles(roles.split(",")); final ConstraintMapping constraintMapping = new ConstraintMapping(); constraintMapping.setPathSpec(context.getProperty(AUTH_PATH_SPEC).evaluateAttributeExpressions().getValue()); constraintMapping.setConstraint(constraint); final DefaultAuthenticatorFactory authenticatorFactory = new DefaultAuthenticatorFactory(); securityHandler.setAuthenticatorFactory(authenticatorFactory); securityHandler.setAuthMethod(Constraint.__BASIC_AUTH); securityHandler.setRealmName(getClass().getSimpleName()); securityHandler.setConstraintMappings(Collections.singletonList(constraintMapping)); if (LOGIN_SERVICE_HASH.equals(loginServiceValue)) { final String usersFilePath = context.getProperty(USERS_PROPERTIES_FILE).evaluateAttributeExpressions().getValue(); loginService = new HashLoginService("HashLoginService", usersFilePath); } else { throw new IllegalArgumentException("Unsupported Login Service: " + loginServiceValue); securityHandler.setLoginService(loginService);
ConstraintMapping mapping = new ConstraintMapping(); mapping.setMethod(method); mapping.setPathSpec(url); mapping.setConstraint(sc); ((ConstraintAware)context.getSecurityHandler()).addConstraintMapping(mapping); ConstraintMapping mapping = new ConstraintMapping(); mapping.setMethodOmissions(new String[]{method}); mapping.setPathSpec(url); mapping.setConstraint(sc); ((ConstraintAware)context.getSecurityHandler()).addConstraintMapping(mapping); ConstraintMapping mapping = new ConstraintMapping(); mapping.setPathSpec(url); mapping.setConstraint(sc); ((ConstraintAware)context.getSecurityHandler()).addConstraintMapping(mapping);
/** * Secure the web server with PAM. */ void setupPam(Builder b, Handler handler) { LoginService loginService = new PamLoginService(); webServer.addBean(loginService); ConstraintSecurityHandler security = new ConstraintSecurityHandler(); Constraint constraint = new PamConstraint(); ConstraintMapping mapping = new PamConstraintMapping(constraint); security.setConstraintMappings(Collections.singletonList(mapping)); security.setAuthenticator(b.pamAuthenticator); security.setLoginService(loginService); security.setHandler(handler); webServer.setHandler(security); }
/** * @return * @return * @see http://www.eclipse.org/jetty/documentation/current/embedded-examples.html */ private ConstraintSecurityHandler createSecurityHandler(Config config) { ConstraintSecurityHandler security = new ConstraintSecurityHandler(); Set<String> knownRoles = ImmutableSet.of(ADMIN_ROLE); security.setConstraintMappings(Collections.<ConstraintMapping> emptyList(), knownRoles); security.setAuthenticator(new FormAuthenticator("/login", "/login", true)); security .setLoginService(new AmLoginService(AMSecurityManagerImpl.instance())); return security; }
if (pathMappings != null) ConstraintSecurityHandler.createConstraint(registration.getName(), servletSecurityElement); List<ConstraintMapping> mappings = ConstraintSecurityHandler.createConstraintsWithMappingsForPath(registration.getName(), pathSpec, servletSecurityElement); for (ConstraintMapping m:mappings) ((ConstraintAware)getSecurityHandler()).addConstraintMapping(m); ((ConstraintAware)getSecurityHandler()).checkPathsWithUncoveredHttpMethods(); getMetaData().setOriginAPI("constraint.url."+pathSpec); break; List<ConstraintMapping> constraintMappings = ConstraintSecurityHandler.removeConstraintMappingsForPath(pathSpec, ((ConstraintAware)getSecurityHandler()).getConstraintMappings()); List<ConstraintMapping> freshMappings = ConstraintSecurityHandler.createConstraintsWithMappingsForPath(registration.getName(), pathSpec, servletSecurityElement); constraintMappings.addAll(freshMappings); ((ConstraintSecurityHandler)getSecurityHandler()).setConstraintMappings(constraintMappings); ((ConstraintAware)getSecurityHandler()).checkPathsWithUncoveredHttpMethods(); break;
return new DeferredAuthentication(this); return new UserAuthentication(getAuthMethod(), user); if (DeferredAuthentication.isDeferred(response)) return Authentication.UNAUTHENTICATED; response.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), "basic realm=\"" + _loginService.getName() + '"'); response.sendError(HttpServletResponse.SC_UNAUTHORIZED); return Authentication.SEND_CONTINUE; } catch (IOException e) { throw new ServerAuthException(e);
@Override public synchronized UserIdentity putUser( String userName, Credential credential, String[] roles ) { List<String> newRoles = new ArrayList<String>(); newRoles.add( "default" ); Collections.addAll( newRoles, roles ); return super.putUser( userName, credential, newRoles.toArray( new String[newRoles.size()] ) ); } };
@Override public UserIdentity login(String username, Object credentials) { if (!securityMgr.login(username, (String) credentials)) { return null; } return new DefaultUserIdentity(null, new AMUserPrincipal(username), new String[] { ADMIN_ROLE }); }
@Override public void sessionDestroyed(HttpSessionEvent se) { final HttpSession session = se.getSession(); if (session == null) { return; } final Object authCreds = session .getAttribute(SessionAuthentication.__J_AUTHENTICATED); if (authCreds != null) { final SessionAuthentication sessionAuth = (SessionAuthentication) authCreds; securityHandler.logout(sessionAuth); session.removeAttribute(SessionAuthentication.__J_AUTHENTICATED); } } });
public void visitSecurityRole(WebAppContext context, Descriptor descriptor, XmlParser.Node node) { if (context.getSecurityHandler() == null) { LOG.warn("security-role declared but SecurityHandler==null"); return; } //ServletSpec 3.0, p74 elements with multiplicity >1 are additive when merged XmlParser.Node roleNode = node.get("role-name"); String role = roleNode.toString(false, true); ((ConstraintAware)context.getSecurityHandler()).addRole(role); }
@Override public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response)throws IOException, ServletException { baseRequest.setHandled(true); try { Authentication authentication = digestAuthenticator.validateRequest(request, response, true); if (authentication instanceof Authentication.User) { response.setContentType("text/plain"); Authentication.User user = (Authentication.User) authentication; response.getWriter().println(user.getAuthMethod()); } else if (authentication instanceof Authentication.ResponseSent) { Authentication.ResponseSent responseSent = (Authentication.ResponseSent) authentication; } } catch (ServerAuthException e) { e.printStackTrace(); } } }
/** * Servlet spec 3.1. When present in web.xml, this means that http methods that are * not covered by security constraints should have access denied. * <p> * See section 13.8.4, pg 145 * * @param context the of the processing * @param descriptor the descriptor * @param node the xml node */ public void visitDenyUncoveredHttpMethods(WebAppContext context, Descriptor descriptor, XmlParser.Node node) { if (context.getSecurityHandler() == null) { LOG.warn("deny-uncovered-http-methods declared but SecurityHandler==null"); return; } ((ConstraintAware)context.getSecurityHandler()).setDenyUncoveredHttpMethods(true); } }
private void configureSessionsAndSecurity(MutableServletContextHandler handler, Server server) { handler.setServer(server); if (handler.isSecurityEnabled()) { handler.getSecurityHandler().setServer(server); } if (handler.isSessionsEnabled()) { handler.getSessionHandler().setServer(server); } }
/** * Add constraints to a Jetty Context to disallow undesirable Http methods. * @param ctxHandler The context to modify * @param allowOptionsMethod if true then OPTIONS method will not be set in constraint mapping */ public static void constrainHttpMethods(ServletContextHandler ctxHandler, boolean allowOptionsMethod) { Constraint c = new Constraint(); c.setAuthenticate(true); ConstraintMapping cmt = new ConstraintMapping(); cmt.setConstraint(c); cmt.setMethod("TRACE"); cmt.setPathSpec("/*"); ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler(); if (!allowOptionsMethod) { ConstraintMapping cmo = new ConstraintMapping(); cmo.setConstraint(c); cmo.setMethod("OPTIONS"); cmo.setPathSpec("/*"); securityHandler.setConstraintMappings(new ConstraintMapping[] { cmt, cmo }); } else { securityHandler.setConstraintMappings(new ConstraintMapping[] { cmt }); } ctxHandler.setSecurityHandler(securityHandler); }