Пример #1
0
  private static final SecurityHandler basicAuth(String realm) {

    OpenfireLoginService l = new OpenfireLoginService();
    l.setName(realm);

    Constraint constraint = new Constraint();
    constraint.setName(Constraint.__BASIC_AUTH);
    constraint.setRoles(new String[] {"jmxweb"});
    constraint.setAuthenticate(true);

    ConstraintMapping cm = new ConstraintMapping();
    cm.setConstraint(constraint);
    cm.setPathSpec("/*");

    ConstraintSecurityHandler csh = new ConstraintSecurityHandler();
    csh.setAuthenticator(new BasicAuthenticator());
    csh.setRealmName(realm);
    csh.addConstraintMapping(cm);
    csh.setLoginService(l);

    return csh;
  }
Пример #2
0
  protected void createServer(Connector connector) throws Exception {
    _server.setConnectors(new Connector[] {connector});

    if (H2O.ARGS.hash_login || H2O.ARGS.ldap_login) {
      // REFER TO
      // http://www.eclipse.org/jetty/documentation/9.1.4.v20140401/embedded-examples.html#embedded-secured-hello-handler
      if (H2O.ARGS.login_conf == null) {
        Log.err("Must specify -login_conf argument");
        H2O.exit(1);
      }

      LoginService loginService;
      if (H2O.ARGS.hash_login) {
        Log.info("Configuring HashLoginService");
        loginService = new HashLoginService("H2O", H2O.ARGS.login_conf);
      } else if (H2O.ARGS.ldap_login) {
        Log.info("Configuring JAASLoginService (with LDAP)");
        System.setProperty("java.security.auth.login.config", H2O.ARGS.login_conf);
        loginService = new JAASLoginService("ldaploginmodule");
      } else {
        throw H2O.fail();
      }
      IdentityService identityService = new DefaultIdentityService();
      loginService.setIdentityService(identityService);
      _server.addBean(loginService);

      // Set a security handler as the first handler in the chain.
      ConstraintSecurityHandler security = new ConstraintSecurityHandler();

      // Set up a constraint to authenticate all calls, and allow certain roles in.
      Constraint constraint = new Constraint();
      constraint.setName("auth");
      constraint.setAuthenticate(true);

      // Configure role stuff (to be disregarded).  We are ignoring roles, and only going off the
      // user name.
      //
      //   Jetty 8 and prior.
      //
      //     Jetty 8 requires the security.setStrict(false) and ANY_ROLE.
      security.setStrict(false);
      constraint.setRoles(new String[] {Constraint.ANY_ROLE});

      //   Jetty 9 and later.
      //
      //     Jetty 9 and later uses a different servlet spec, and ANY_AUTH gives the same behavior
      //     for that API version as ANY_ROLE did previously.  This required some low-level
      // debugging
      //     to figure out, so I'm documenting it here.
      //     Jetty 9 did not require security.setStrict(false).
      //
      // constraint.setRoles(new String[]{Constraint.ANY_AUTH});

      ConstraintMapping mapping = new ConstraintMapping();
      mapping.setPathSpec("/*"); // Lock down all API calls
      mapping.setConstraint(constraint);
      security.setConstraintMappings(Collections.singletonList(mapping));

      // Authentication / Authorization
      security.setAuthenticator(new BasicAuthenticator());
      security.setLoginService(loginService);

      // Pass-through to H2O if authenticated.
      registerHandlers(security);
      _server.setHandler(security);
    } else {
      registerHandlers(_server);
    }

    _server.start();
  }
Пример #3
0
  @Before
  public void setupSecurity() {
    _security = new ConstraintSecurityHandler();
    _session.setHandler(_security);
    RequestHandler _handler = new RequestHandler();
    _security.setHandler(_handler);

    /*

    <security-constraint>
    <web-resource-collection>
    <web-resource-name>precluded methods</web-resource-name>
    <url-pattern>/*</url-pattern>
    <url-pattern>/acme/wholesale/*</url-pattern>
    <url-pattern>/acme/retail/*</url-pattern>
    <http-method-exception>GET</http-method-exception>
    <http-method-exception>POST</http-method-exception>
    </web-resource-collection>
    <auth-constraint/>
    </security-constraint>
    */

    Constraint constraint0 = new Constraint();
    constraint0.setAuthenticate(true);
    constraint0.setName("precluded methods");
    ConstraintMapping mapping0 = new ConstraintMapping();
    mapping0.setPathSpec("/*");
    mapping0.setConstraint(constraint0);
    mapping0.setMethodOmissions(new String[] {"GET", "POST"});

    ConstraintMapping mapping1 = new ConstraintMapping();
    mapping1.setPathSpec("/acme/wholesale/*");
    mapping1.setConstraint(constraint0);
    mapping1.setMethodOmissions(new String[] {"GET", "POST"});

    ConstraintMapping mapping2 = new ConstraintMapping();
    mapping2.setPathSpec("/acme/retail/*");
    mapping2.setConstraint(constraint0);
    mapping2.setMethodOmissions(new String[] {"GET", "POST"});

    /*

    <security-constraint>
    <web-resource-collection>
    <web-resource-name>wholesale</web-resource-name>
    <url-pattern>/acme/wholesale/*</url-pattern>
    <http-method>GET</http-method>
    <http-method>PUT</http-method>
    </web-resource-collection>
    <auth-constraint>
    <role-name>SALESCLERK</role-name>
    </auth-constraint>
    </security-constraint>
    */
    Constraint constraint1 = new Constraint();
    constraint1.setAuthenticate(true);
    constraint1.setName("wholesale");
    constraint1.setRoles(new String[] {"SALESCLERK"});
    ConstraintMapping mapping3 = new ConstraintMapping();
    mapping3.setPathSpec("/acme/wholesale/*");
    mapping3.setConstraint(constraint1);
    mapping3.setMethod("GET");
    ConstraintMapping mapping4 = new ConstraintMapping();
    mapping4.setPathSpec("/acme/wholesale/*");
    mapping4.setConstraint(constraint1);
    mapping4.setMethod("PUT");

    /*
    <security-constraint>
      <web-resource-collection>
        <web-resource-name>wholesale 2</web-resource-name>
        <url-pattern>/acme/wholesale/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
        <role-name>CONTRACTOR</role-name>
      </auth-constraint>
      <user-data-constraint>
         <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
    </security-constraint>
     */
    Constraint constraint2 = new Constraint();
    constraint2.setAuthenticate(true);
    constraint2.setName("wholesale 2");
    constraint2.setRoles(new String[] {"CONTRACTOR"});
    constraint2.setDataConstraint(Constraint.DC_CONFIDENTIAL);
    ConstraintMapping mapping5 = new ConstraintMapping();
    mapping5.setPathSpec("/acme/wholesale/*");
    mapping5.setMethod("GET");
    mapping5.setConstraint(constraint2);
    ConstraintMapping mapping6 = new ConstraintMapping();
    mapping6.setPathSpec("/acme/wholesale/*");
    mapping6.setMethod("POST");
    mapping6.setConstraint(constraint2);

    /*
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>retail</web-resource-name>
    <url-pattern>/acme/retail/*</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
    <role-name>CONTRACTOR</role-name>
    <role-name>HOMEOWNER</role-name>
    </auth-constraint>
    </security-constraint>
    */
    Constraint constraint4 = new Constraint();
    constraint4.setName("retail");
    constraint4.setAuthenticate(true);
    constraint4.setRoles(new String[] {"CONTRACTOR", "HOMEOWNER"});
    ConstraintMapping mapping7 = new ConstraintMapping();
    mapping7.setPathSpec("/acme/retail/*");
    mapping7.setMethod("GET");
    mapping7.setConstraint(constraint4);
    ConstraintMapping mapping8 = new ConstraintMapping();
    mapping8.setPathSpec("/acme/retail/*");
    mapping8.setMethod("POST");
    mapping8.setConstraint(constraint4);

    Set<String> knownRoles = new HashSet<String>();
    knownRoles.add("CONTRACTOR");
    knownRoles.add("HOMEOWNER");
    knownRoles.add("SALESCLERK");

    _security.setConstraintMappings(
        Arrays.asList(
            new ConstraintMapping[] {
              mapping0, mapping1, mapping2, mapping3, mapping4, mapping5, mapping6, mapping7,
              mapping8
            }),
        knownRoles);
  }