private FormAuthClientSelectedMethods(
        boolean clientShouldUseCookies,
        boolean serverShouldUseCookies,
        boolean serverShouldChangeSessid)
        throws Exception {

      Tomcat tomcat = getTomcatInstance();

      // No file system docBase required
      Context ctx = tomcat.addContext("", null);
      Tomcat.addServlet(ctx, "SelectedMethods", new SelectedMethodsServlet());
      ctx.addServletMapping("/test", "SelectedMethods");
      // Login servlet just needs to respond "OK". Client will handle
      // creating a valid response. No need for a form.
      Tomcat.addServlet(ctx, "Login", new TesterServlet());
      ctx.addServletMapping("/login", "Login");

      // Configure the security constraints
      SecurityConstraint constraint = new SecurityConstraint();
      SecurityCollection collection = new SecurityCollection();
      collection.setName("Protect PUT");
      collection.addMethod("PUT");
      collection.addPattern("/test");
      constraint.addCollection(collection);
      constraint.addAuthRole("tomcat");
      ctx.addConstraint(constraint);

      // Configure authentication
      LoginConfig lc = new LoginConfig();
      lc.setAuthMethod("FORM");
      lc.setLoginPage("/login");
      ctx.setLoginConfig(lc);
      ctx.getPipeline().addValve(new FormAuthenticator());

      setUseCookies(clientShouldUseCookies);
      ctx.setCookies(serverShouldUseCookies);

      MapRealm realm = new MapRealm();
      realm.addUser("tomcat", "tomcat");
      realm.addUserRole("tomcat", "tomcat");
      ctx.setRealm(realm);

      tomcat.start();

      // perhaps this does not work until tomcat has started?
      ctx.setSessionTimeout(TIMEOUT_MINS);

      // Valve pipeline is only established after tomcat starts
      Valve[] valves = ctx.getPipeline().getValves();
      for (Valve valve : valves) {
        if (valve instanceof AuthenticatorBase) {
          ((AuthenticatorBase) valve).setChangeSessionIdOnAuthentication(serverShouldChangeSessid);
          break;
        }
      }

      // Port only known after Tomcat starts
      setPort(getPort());
    }
Esempio n. 2
0
  public static void main(String[] args) {

    // invoke: http://localhost:8080/Modern or  http://localhost:8080/Primitive

    System.setProperty("catalina.base", System.getProperty("user.dir"));
    Connector connector = new HttpConnector();
    Wrapper wrapper1 = new SimpleWrapper();
    wrapper1.setName("Primitive");
    wrapper1.setServletClass("PrimitiveServlet");
    Wrapper wrapper2 = new SimpleWrapper();
    wrapper2.setName("Modern");
    wrapper2.setServletClass("ModernServlet");

    Context context = new StandardContext();
    // StandardContext's start method adds a default mapper
    context.setPath("/myApp");
    context.setDocBase("myApp");
    LifecycleListener listener = new SimpleContextConfig();
    ((Lifecycle) context).addLifecycleListener(listener);

    context.addChild(wrapper1);
    context.addChild(wrapper2);
    // for simplicity, we don't add a valve, but you can add
    // valves to context or wrapper just as you did in Chapter 6

    Loader loader = new WebappLoader();
    context.setLoader(loader);
    // context.addServletMapping(pattern, name);
    context.addServletMapping("/Primitive", "Primitive");
    context.addServletMapping("/Modern", "Modern");
    // add ContextConfig. This listener is important because it configures
    // StandardContext (sets configured to true), otherwise StandardContext
    // won't start

    // add constraint
    SecurityCollection securityCollection = new SecurityCollection();
    securityCollection.addPattern("/");
    securityCollection.addMethod("GET");

    SecurityConstraint constraint = new SecurityConstraint();
    constraint.addCollection(securityCollection);
    constraint.addAuthRole("manager");
    LoginConfig loginConfig = new LoginConfig();
    loginConfig.setRealmName("Simple Realm");
    // add realm
    Realm realm = new SimpleRealm();

    context.setRealm(realm);
    context.addConstraint(constraint);
    context.setLoginConfig(loginConfig);

    connector.setContainer(context);

    try {
      connector.initialize();
      ((Lifecycle) connector).start();
      ((Lifecycle) context).start();

      // make the application wait until we press a key.
      System.in.read();
      ((Lifecycle) context).stop();
    } catch (Exception e) {
      e.printStackTrace();
    }
  }