/** Set up basic security constraints for the webapp. Add all users and passwords. */ static void initialize(RouterContext ctx, WebAppContext context) { SecurityHandler sec = new SecurityHandler(); List<ConstraintMapping> constraints = new ArrayList(4); ConsolePasswordManager mgr = new ConsolePasswordManager(ctx); boolean enable = ctx.getBooleanProperty(PROP_PW_ENABLE); if (enable) { Map<String, String> userpw = mgr.getMD5(PROP_CONSOLE_PW); if (userpw.isEmpty()) { enable = false; ctx.router().saveConfig(PROP_CONSOLE_PW, "false"); } else { HashUserRealm realm = new HashUserRealm(JETTY_REALM); sec.setUserRealm(realm); sec.setAuthenticator(authenticator); for (Map.Entry<String, String> e : userpw.entrySet()) { String user = e.getKey(); String pw = e.getValue(); realm.put(user, MD5.__TYPE + pw); realm.addUserToRole(user, JETTY_ROLE); Constraint constraint = new Constraint(user, JETTY_ROLE); constraint.setAuthenticate(true); ConstraintMapping cm = new ConstraintMapping(); cm.setConstraint(constraint); cm.setPathSpec("/"); constraints.add(cm); } } } // This forces a '403 Forbidden' response for TRACE and OPTIONS unless the // WAC handler handles it. // (LocaleWebAppHandler returns a '405 Method Not Allowed') // TRACE and OPTIONS aren't really security issues... // TRACE doesn't echo stuff unless you call setTrace(true) // But it might bug some people // The other strange methods - PUT, DELETE, MOVE - are disabled by default // See also: // http://old.nabble.com/Disable-HTTP-TRACE-in-Jetty-5.x-td12412607.html Constraint sc = new Constraint(); sc.setName("No trace"); ConstraintMapping cm = new ConstraintMapping(); cm.setMethod("TRACE"); cm.setConstraint(sc); cm.setPathSpec("/"); constraints.add(cm); sc = new Constraint(); sc.setName("No options"); cm = new ConstraintMapping(); cm.setMethod("OPTIONS"); cm.setConstraint(sc); cm.setPathSpec("/"); constraints.add(cm); ConstraintMapping cmarr[] = constraints.toArray(new ConstraintMapping[constraints.size()]); sec.setConstraintMappings(cmarr); context.setSecurityHandler(sec); }
public void configureRealm() throws IOException { File realmProps = new File(IJetty.__JETTY_DIR + "/" + IJetty.__ETC_DIR + "/realm.properties"); if (realmProps.exists()) { HashUserRealm realm = new HashUserRealm( "Console", IJetty.__JETTY_DIR + "/" + IJetty.__ETC_DIR + "/realm.properties"); realm.setRefreshInterval(0); if (_consolePassword != null) realm.put("admin", _consolePassword); // set the admin password for console webapp server.addUserRealm(realm); } }
private static SecurityHandler createBasicAuthenticationSecurityHandler() { Constraint constraint = new Constraint(Constraint.__BASIC_AUTH, "superuser"); constraint.setAuthenticate(true); HashUserRealm myRealm = new HashUserRealm("MyRealm"); myRealm.put("tobechanged", "tobechanged"); myRealm.addUserToRole("tobechanged", "superuser"); SecurityHandler securityHandler = new SecurityHandler(); securityHandler.setUserRealm(myRealm); ConstraintMapping constraintMapping = new ConstraintMapping(); constraintMapping.setConstraint(constraint); constraintMapping.setPathSpec("/*"); securityHandler.setConstraintMappings(new ConstraintMapping[] {constraintMapping}); return securityHandler; }