示例#1
0
  /** Set up basic security constraints for the webapp. Add all users and passwords. */
  static void initialize(RouterContext ctx, WebAppContext context) {
    SecurityHandler sec = new SecurityHandler();
    List<ConstraintMapping> constraints = new ArrayList(4);
    ConsolePasswordManager mgr = new ConsolePasswordManager(ctx);
    boolean enable = ctx.getBooleanProperty(PROP_PW_ENABLE);
    if (enable) {
      Map<String, String> userpw = mgr.getMD5(PROP_CONSOLE_PW);
      if (userpw.isEmpty()) {
        enable = false;
        ctx.router().saveConfig(PROP_CONSOLE_PW, "false");
      } else {
        HashUserRealm realm = new HashUserRealm(JETTY_REALM);
        sec.setUserRealm(realm);
        sec.setAuthenticator(authenticator);
        for (Map.Entry<String, String> e : userpw.entrySet()) {
          String user = e.getKey();
          String pw = e.getValue();
          realm.put(user, MD5.__TYPE + pw);
          realm.addUserToRole(user, JETTY_ROLE);
          Constraint constraint = new Constraint(user, JETTY_ROLE);
          constraint.setAuthenticate(true);
          ConstraintMapping cm = new ConstraintMapping();
          cm.setConstraint(constraint);
          cm.setPathSpec("/");
          constraints.add(cm);
        }
      }
    }

    // This forces a '403 Forbidden' response for TRACE and OPTIONS unless the
    // WAC handler handles it.
    // (LocaleWebAppHandler returns a '405 Method Not Allowed')
    // TRACE and OPTIONS aren't really security issues...
    // TRACE doesn't echo stuff unless you call setTrace(true)
    // But it might bug some people
    // The other strange methods - PUT, DELETE, MOVE - are disabled by default
    // See also:
    // http://old.nabble.com/Disable-HTTP-TRACE-in-Jetty-5.x-td12412607.html

    Constraint sc = new Constraint();
    sc.setName("No trace");
    ConstraintMapping cm = new ConstraintMapping();
    cm.setMethod("TRACE");
    cm.setConstraint(sc);
    cm.setPathSpec("/");
    constraints.add(cm);

    sc = new Constraint();
    sc.setName("No options");
    cm = new ConstraintMapping();
    cm.setMethod("OPTIONS");
    cm.setConstraint(sc);
    cm.setPathSpec("/");
    constraints.add(cm);

    ConstraintMapping cmarr[] = constraints.toArray(new ConstraintMapping[constraints.size()]);
    sec.setConstraintMappings(cmarr);

    context.setSecurityHandler(sec);
  }
  private static SecurityHandler createBasicAuthenticationSecurityHandler() {
    Constraint constraint = new Constraint(Constraint.__BASIC_AUTH, "superuser");
    constraint.setAuthenticate(true);

    HashUserRealm myRealm = new HashUserRealm("MyRealm");
    myRealm.put("tobechanged", "tobechanged");
    myRealm.addUserToRole("tobechanged", "superuser");

    SecurityHandler securityHandler = new SecurityHandler();
    securityHandler.setUserRealm(myRealm);

    ConstraintMapping constraintMapping = new ConstraintMapping();
    constraintMapping.setConstraint(constraint);
    constraintMapping.setPathSpec("/*");
    securityHandler.setConstraintMappings(new ConstraintMapping[] {constraintMapping});
    return securityHandler;
  }