Skip to main content
aboutsummaryrefslogtreecommitdiffstats
path: root/jetty-security
diff options
context:
space:
mode:
authorJesse McConnell2012-01-17 19:36:44 +0000
committerJesse McConnell2012-01-17 19:36:44 +0000
commit90184ab3c3ba2cafae017aeae30e1bb780844aa2 (patch)
treeaf60f622a09167c1b82690dea83cdc19262740ac /jetty-security
parent9757a940890e69d2e07e733ad80d2a299a5cc524 (diff)
parent1537433b8199a412149619cdc372c484594ba9c0 (diff)
downloadorg.eclipse.jetty.project-90184ab3c3ba2cafae017aeae30e1bb780844aa2.tar.gz
org.eclipse.jetty.project-90184ab3c3ba2cafae017aeae30e1bb780844aa2.tar.xz
org.eclipse.jetty.project-90184ab3c3ba2cafae017aeae30e1bb780844aa2.zip
Latest merge from master
Diffstat (limited to 'jetty-security')
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java11
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java37
-rw-r--r--jetty-security/src/test/java/org/eclipse/jetty/security/DataConstraintsTest.java178
3 files changed, 214 insertions, 12 deletions
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java b/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java
index 44280872b4..e6356026ce 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java
@@ -358,7 +358,7 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
{
if (connector.isIntegral(request))
return true;
- if (connector.getConfidentialPort() > 0)
+ if (connector.getIntegralPort() > 0)
{
String url = connector.getIntegralScheme() + "://" + request.getServerName() + ":" + connector.getIntegralPort() + request.getRequestURI();
if (request.getQueryString() != null)
@@ -440,6 +440,13 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
public void dump(Appendable out,String indent) throws IOException
{
dumpThis(out);
- dump(out,indent,TypeUtil.asList(getHandlers()),getBeans(),Collections.singleton(_roles),_constraintMap.entrySet());
+ dump(out,indent,
+ Collections.singleton(getLoginService()),
+ Collections.singleton(getIdentityService()),
+ Collections.singleton(getAuthenticator()),
+ Collections.singleton(_roles),
+ _constraintMap.entrySet(),
+ getBeans(),
+ TypeUtil.asList(getHandlers()));
}
}
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
index 7e4232c579..da34f2d633 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
@@ -244,16 +244,19 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
return _initParameters.put(key,value);
}
-
/* ------------------------------------------------------------ */
protected LoginService findLoginService()
{
List<LoginService> list = getServer().getBeans(LoginService.class);
- for (LoginService service : list)
- if (service.getName()!=null && service.getName().equals(getRealmName()))
- return service;
- if (list.size()>0)
+ String realm=getRealmName();
+ if (realm!=null)
+ {
+ for (LoginService service : list)
+ if (service.getName()!=null && service.getName().equals(realm))
+ return service;
+ }
+ else if (list.size()==1)
return list.get(0);
return null;
}
@@ -414,7 +417,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
final Authenticator authenticator = _authenticator;
- if (authenticator!=null && checkSecurity(baseRequest))
+ if (checkSecurity(baseRequest))
{
Object constraintInfo = prepareConstraintInfo(pathInContext, baseRequest);
@@ -433,13 +436,24 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
boolean isAuthMandatory =
isAuthMandatory(baseRequest, base_response, constraintInfo);
+ if (isAuthMandatory && authenticator==null)
+ {
+ LOG.warn("No authenticator for: "+constraintInfo);
+ if (!baseRequest.isHandled())
+ {
+ response.sendError(Response.SC_FORBIDDEN);
+ baseRequest.setHandled(true);
+ }
+ return;
+ }
+
// check authentication
Object previousIdentity = null;
try
{
Authentication authentication = baseRequest.getAuthentication();
if (authentication==null || authentication==Authentication.NOT_CHECKED)
- authentication=authenticator.validateRequest(request, response, isAuthMandatory);
+ authentication=authenticator==null?Authentication.UNAUTHENTICATED:authenticator.validateRequest(request, response, isAuthMandatory);
if (authentication instanceof Authentication.Wrapped)
{
@@ -500,9 +514,11 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
else
{
baseRequest.setAuthentication(authentication);
- previousIdentity = _identityService.associate(null);
+ if (_identityService!=null)
+ previousIdentity = _identityService.associate(null);
handler.handle(pathInContext, baseRequest, request, response);
- authenticator.secureResponse(request, response, isAuthMandatory, null);
+ if (authenticator!=null)
+ authenticator.secureResponse(request, response, isAuthMandatory, null);
}
}
catch (ServerAuthException e)
@@ -513,7 +529,8 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
}
finally
{
- _identityService.disassociate(previousIdentity);
+ if (_identityService!=null)
+ _identityService.disassociate(previousIdentity);
}
}
else
diff --git a/jetty-security/src/test/java/org/eclipse/jetty/security/DataConstraintsTest.java b/jetty-security/src/test/java/org/eclipse/jetty/security/DataConstraintsTest.java
new file mode 100644
index 0000000000..8b3ab58041
--- /dev/null
+++ b/jetty-security/src/test/java/org/eclipse/jetty/security/DataConstraintsTest.java
@@ -0,0 +1,178 @@
+// ========================================================================
+// Copyright (c) 2004-2009 Mort Bay Consulting Pty. Ltd.
+// ------------------------------------------------------------------------
+// All rights reserved. This program and the accompanying materials
+// are made available under the terms of the Eclipse Public License v1.0
+// and Apache License v2.0 which accompanies this distribution.
+// The Eclipse Public License is available at
+// http://www.eclipse.org/legal/epl-v10.html
+// The Apache License v2.0 is available at
+// http://www.opensource.org/licenses/apache2.0.php
+// You may elect to redistribute this code under either of these licenses.
+// ========================================================================
+
+package org.eclipse.jetty.security;
+
+import static org.junit.Assert.assertThat;
+import static org.junit.matchers.JUnitMatchers.containsString;
+
+import java.io.IOException;
+import java.util.Arrays;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.eclipse.jetty.http.HttpSchemes;
+import org.eclipse.jetty.io.EndPoint;
+import org.eclipse.jetty.server.Connector;
+import org.eclipse.jetty.server.LocalConnector;
+import org.eclipse.jetty.server.Request;
+import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.server.handler.AbstractHandler;
+import org.eclipse.jetty.server.handler.ContextHandler;
+import org.eclipse.jetty.server.session.SessionHandler;
+import org.eclipse.jetty.util.security.Constraint;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+/**
+ * @version $Revision: 1441 $ $Date: 2010-04-02 12:28:17 +0200 (Fri, 02 Apr 2010) $
+ */
+public class DataConstraintsTest
+{
+ private Server _server;
+ private LocalConnector _connector;
+ private LocalConnector _connectorS;
+ private SessionHandler _session;
+ private ConstraintSecurityHandler _security;
+
+ @Before
+ public void startServer()
+ {
+ _server = new Server();
+ _connector = new LocalConnector();
+ _connector.setIntegralPort(9998);
+ _connector.setIntegralScheme("FTP");
+ _connector.setConfidentialPort(9999);
+ _connector.setConfidentialScheme("SPDY");
+ _connectorS = new LocalConnector()
+ {
+ @Override
+ public void customize(EndPoint endpoint, Request request) throws IOException
+ {
+ super.customize(endpoint,request);
+ request.setScheme(HttpSchemes.HTTPS);
+ }
+
+ @Override
+ public boolean isIntegral(Request request)
+ {
+ return true;
+ }
+
+ @Override
+ public boolean isConfidential(Request request)
+ {
+ return true;
+ }
+ };
+ _server.setConnectors(new Connector[]{_connector,_connectorS});
+
+ ContextHandler _context = new ContextHandler();
+ _session = new SessionHandler();
+
+ _context.setContextPath("/ctx");
+ _server.setHandler(_context);
+ _context.setHandler(_session);
+
+ _security = new ConstraintSecurityHandler();
+ _session.setHandler(_security);
+
+ _security.setHandler(new AbstractHandler()
+ {
+ public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
+ {
+ baseRequest.setHandled(true);
+ response.sendError(404);
+ }
+ });
+
+ }
+
+ @After
+ public void stopServer() throws Exception
+ {
+ if (_server.isRunning())
+ {
+ _server.stop();
+ _server.join();
+ }
+ }
+
+ @Test
+ public void testIntegral() throws Exception
+ {
+ Constraint constraint0 = new Constraint();
+ constraint0.setAuthenticate(false);
+ constraint0.setName("integral");
+ constraint0.setDataConstraint(Constraint.DC_INTEGRAL);
+ ConstraintMapping mapping0 = new ConstraintMapping();
+ mapping0.setPathSpec("/integral/*");
+ mapping0.setConstraint(constraint0);
+
+ _security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
+ {
+ mapping0
+ }));
+
+ _server.start();
+
+ String response;
+ response = _connector.getResponses("GET /ctx/some/thing HTTP/1.0\r\n\r\n");
+ assertThat(response, containsString("HTTP/1.1 404 Not Found"));
+
+ response = _connector.getResponses("GET /ctx/integral/info HTTP/1.0\r\n\r\n");
+ assertThat(response, containsString("HTTP/1.1 302 Found"));
+ assertThat(response, containsString("Location: FTP://"));
+ assertThat(response, containsString(":9998"));
+
+ response = _connectorS.getResponses("GET /ctx/integral/info HTTP/1.0\r\n\r\n");
+ assertThat(response, containsString("HTTP/1.1 404 Not Found"));
+
+ }
+
+ @Test
+ public void testConfidential() throws Exception
+ {
+ Constraint constraint0 = new Constraint();
+ constraint0.setAuthenticate(false);
+ constraint0.setName("confid");
+ constraint0.setDataConstraint(Constraint.DC_CONFIDENTIAL);
+ ConstraintMapping mapping0 = new ConstraintMapping();
+ mapping0.setPathSpec("/confid/*");
+ mapping0.setConstraint(constraint0);
+
+ _security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
+ {
+ mapping0
+ }));
+
+ _server.start();
+
+ String response;
+ response = _connector.getResponses("GET /ctx/some/thing HTTP/1.0\r\n\r\n");
+ assertThat(response, containsString("HTTP/1.1 404 Not Found"));
+
+ response = _connector.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
+ assertThat(response, containsString("HTTP/1.1 302 Found"));
+ assertThat(response, containsString("Location: SPDY://"));
+ assertThat(response, containsString(":9999"));
+
+ response = _connectorS.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
+ assertThat(response, containsString("HTTP/1.1 404 Not Found"));
+
+ }
+
+}

Back to the top