diff options
Diffstat (limited to 'jetty-security/src')
10 files changed, 442 insertions, 450 deletions
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java b/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java index e6356026ce..10f0050e68 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java @@ -15,7 +15,6 @@ package org.eclipse.jetty.security; import java.io.IOException; import java.util.Arrays; -import java.util.Collection; import java.util.Collections; import java.util.HashSet; import java.util.List; @@ -25,8 +24,8 @@ import java.util.concurrent.CopyOnWriteArrayList; import java.util.concurrent.CopyOnWriteArraySet; import org.eclipse.jetty.http.PathMap; -import org.eclipse.jetty.server.AbstractHttpConnection; -import org.eclipse.jetty.server.Connector; +import org.eclipse.jetty.server.HttpChannel; +import org.eclipse.jetty.server.HttpConfiguration; import org.eclipse.jetty.server.Request; import org.eclipse.jetty.server.Response; import org.eclipse.jetty.server.UserIdentity; @@ -37,15 +36,16 @@ import org.eclipse.jetty.util.security.Constraint; /* ------------------------------------------------------------ */ /** * Handler to enforce SecurityConstraints. This implementation is servlet spec - * 2.4 compliant and precomputes the constraint combinations for runtime + * 2.4 compliant and pre-computes the constraint combinations for runtime * efficiency. * */ public class ConstraintSecurityHandler extends SecurityHandler implements ConstraintAware { - private final List<ConstraintMapping> _constraintMappings= new CopyOnWriteArrayList<ConstraintMapping>(); - private final Set<String> _roles = new CopyOnWriteArraySet<String>(); - private final PathMap _constraintMap = new PathMap(); + private static final String ALL_METHODS = "*"; + private final List<ConstraintMapping> _constraintMappings= new CopyOnWriteArrayList<>(); + private final Set<String> _roles = new CopyOnWriteArraySet<>(); + private final PathMap<Map<String, RoleInfo>> _constraintMap = new PathMap<>(); private boolean _strict = true; /* ------------------------------------------------------------ */ @@ -138,14 +138,14 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr if (roles==null) { - roles = new HashSet<String>(); + roles = new HashSet<>(); for (ConstraintMapping cm : constraintMappings) { String[] cmr = cm.getConstraint().getRoles(); if (cmr!=null) { for (String r : cmr) - if (!"*".equals(r)) + if (!ALL_METHODS.equals(r)) roles.add(r); } } @@ -196,10 +196,10 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr public void addRole(String role) { boolean modified = _roles.add(role); - if (isStarted() && modified && _strict) + if (isStarted() && modified && isStrict()) { // Add the new role to currently defined any role role infos - for (Map<String,RoleInfo> map : (Collection<Map<String,RoleInfo>>)_constraintMap.values()) + for (Map<String,RoleInfo> map : _constraintMap.values()) { for (RoleInfo info : map.values()) { @@ -239,17 +239,19 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr protected void processConstraintMapping(ConstraintMapping mapping) { - Map<String, RoleInfo> mappings = (Map<String, RoleInfo>)_constraintMap.get(mapping.getPathSpec()); + Map<String, RoleInfo> mappings = _constraintMap.get(mapping.getPathSpec()); if (mappings == null) { - mappings = new StringMap(); + mappings = new StringMap<>(); _constraintMap.put(mapping.getPathSpec(),mappings); } - RoleInfo allMethodsRoleInfo = mappings.get(null); + RoleInfo allMethodsRoleInfo = mappings.get(ALL_METHODS); if (allMethodsRoleInfo != null && allMethodsRoleInfo.isForbidden()) return; String httpMethod = mapping.getMethod(); + if (httpMethod==null) + httpMethod=ALL_METHODS; RoleInfo roleInfo = mappings.get(httpMethod); if (roleInfo == null) { @@ -268,10 +270,10 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr roleInfo.setForbidden(forbidden); if (forbidden) { - if (httpMethod == null) + if (httpMethod.equals(ALL_METHODS)) { mappings.clear(); - mappings.put(null,roleInfo); + mappings.put(ALL_METHODS,roleInfo); } } else @@ -306,11 +308,11 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr } } } - if (httpMethod == null) + if (httpMethod.equals(ALL_METHODS)) { for (Map.Entry<String, RoleInfo> entry : mappings.entrySet()) { - if (entry.getKey() != null) + if (!entry.getKey().equals(ALL_METHODS)) { RoleInfo specific = entry.getValue(); specific.combine(roleInfo); @@ -320,47 +322,44 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr } } - protected Object prepareConstraintInfo(String pathInContext, Request request) + protected RoleInfo prepareConstraintInfo(String pathInContext, Request request) { - Map<String, RoleInfo> mappings = (Map<String, RoleInfo>)_constraintMap.match(pathInContext); + Map<String, RoleInfo> mappings = _constraintMap.match(pathInContext); if (mappings != null) { String httpMethod = request.getMethod(); RoleInfo roleInfo = mappings.get(httpMethod); if (roleInfo == null) - roleInfo = mappings.get(null); + roleInfo = mappings.get(ALL_METHODS); return roleInfo; } return null; } - protected boolean checkUserDataPermissions(String pathInContext, Request request, Response response, Object constraintInfo) throws IOException + @Override + protected boolean checkUserDataPermissions(String pathInContext, Request request, Response response, RoleInfo roleInfo) throws IOException { - if (constraintInfo == null) + if (roleInfo == null) return true; - RoleInfo roleInfo = (RoleInfo)constraintInfo; if (roleInfo.isForbidden()) return false; - UserDataConstraint dataConstraint = roleInfo.getUserDataConstraint(); if (dataConstraint == null || dataConstraint == UserDataConstraint.None) - { return true; - } - AbstractHttpConnection connection = AbstractHttpConnection.getCurrentConnection(); - Connector connector = connection.getConnector(); + + HttpConfiguration httpConfiguration = HttpChannel.getCurrentHttpChannel().getHttpConfiguration(); if (dataConstraint == UserDataConstraint.Integral) { - if (connector.isIntegral(request)) + if (httpConfiguration.isIntegral(request)) return true; - if (connector.getIntegralPort() > 0) + if (httpConfiguration.getIntegralPort() > 0) { - String url = connector.getIntegralScheme() + "://" + request.getServerName() + ":" + connector.getIntegralPort() + request.getRequestURI(); + String url = httpConfiguration.getIntegralScheme() + "://" + request.getServerName() + ":" + httpConfiguration.getIntegralPort() + request.getRequestURI(); if (request.getQueryString() != null) url += "?" + request.getQueryString(); response.setContentLength(0); @@ -374,12 +373,12 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr } else if (dataConstraint == UserDataConstraint.Confidential) { - if (connector.isConfidential(request)) + if (httpConfiguration.isConfidential(request)) return true; - if (connector.getConfidentialPort() > 0) + if (httpConfiguration.getConfidentialPort() > 0) { - String url = connector.getConfidentialScheme() + "://" + request.getServerName() + ":" + connector.getConfidentialPort() + String url = httpConfiguration.getConfidentialScheme() + "://" + request.getServerName() + ":" + httpConfiguration.getConfidentialPort() + request.getRequestURI(); if (request.getQueryString() != null) url += "?" + request.getQueryString(); @@ -402,11 +401,7 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr protected boolean isAuthMandatory(Request baseRequest, Response base_response, Object constraintInfo) { - if (constraintInfo == null) - { - return false; - } - return ((RoleInfo)constraintInfo).isChecked(); + return constraintInfo != null && ((RoleInfo)constraintInfo).isChecked(); } @Override diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java index 6d8794e8eb..262b40dcee 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java @@ -4,11 +4,11 @@ // All rights reserved. This program and the accompanying materials // are made available under the terms of the Eclipse Public License v1.0 // and Apache License v2.0 which accompanies this distribution. -// The Eclipse Public License is available at +// The Eclipse Public License is available at // http://www.eclipse.org/legal/epl-v10.html // The Apache License v2.0 is available at // http://www.opensource.org/licenses/apache2.0.php -// You may elect to redistribute this code under either of these licenses. +// You may elect to redistribute this code under either of these licenses. // ======================================================================== package org.eclipse.jetty.security; @@ -20,7 +20,6 @@ import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Set; - import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -50,11 +49,11 @@ import org.eclipse.jetty.util.log.Logger; * or will be create during {@link #start()} with a call to * either the default or set AuthenticatorFactory. * <p> - * SecurityHandler has a set of initparameters that are used by the + * SecurityHandler has a set of initparameters that are used by the * Authentication.Configuration. At startup, any context init parameters - * that start with "org.eclipse.jetty.security." that do not have - * values in the SecurityHandler init parameters, are copied. - * + * that start with "org.eclipse.jetty.security." that do not have + * values in the SecurityHandler init parameters, are copied. + * */ public abstract class SecurityHandler extends HandlerWrapper implements Authenticator.AuthConfiguration { @@ -66,7 +65,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti private Authenticator.Factory _authenticatorFactory=new DefaultAuthenticatorFactory(); private String _realmName; private String _authMethod; - private final Map<String,String> _initParameters=new HashMap<String,String>(); + private final Map<String,String> _initParameters=new HashMap<>(); private LoginService _loginService; private boolean _loginServiceShared; private IdentityService _identityService; @@ -76,7 +75,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti protected SecurityHandler() { } - + /* ------------------------------------------------------------ */ /** Get the identityService. * @return the identityService @@ -199,7 +198,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti throw new IllegalStateException("running"); _authMethod = authMethod; } - + /* ------------------------------------------------------------ */ /** * @return True if forwards to welcome files are authenticated @@ -227,13 +226,13 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti { return _initParameters.get(key); } - + /* ------------------------------------------------------------ */ public Set<String> getInitParameterNames() { return _initParameters.keySet(); } - + /* ------------------------------------------------------------ */ /** Set an initialization parameter. * @param key @@ -247,12 +246,12 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti throw new IllegalStateException("running"); return _initParameters.put(key,value); } - + /* ------------------------------------------------------------ */ protected LoginService findLoginService() { List<LoginService> list = getServer().getBeans(LoginService.class); - + String realm=getRealmName(); if (realm!=null) { @@ -264,15 +263,15 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti return list.get(0); return null; } - + /* ------------------------------------------------------------ */ protected IdentityService findIdentityService() { return getServer().getBean(IdentityService.class); } - + /* ------------------------------------------------------------ */ - /** + /** */ @Override protected void doStart() @@ -317,17 +316,17 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti } }); } - + // complicated resolution of login and identity service to handle // many different ways these can be constructed and injected. - + if (_loginService==null) { _loginService=findLoginService(); if (_loginService!=null) _loginServiceShared=true; } - + if (_identityService==null) { if (_loginService!=null) @@ -335,11 +334,11 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti if (_identityService==null) _identityService=findIdentityService(); - + if (_identityService==null && _realmName!=null) _identityService=new DefaultIdentityService(); } - + if (_loginService!=null) { if (_loginService.getIdentityService()==null) @@ -349,11 +348,12 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti } if (!_loginServiceShared && _loginService instanceof LifeCycle) - ((LifeCycle)_loginService).start(); - - if (_authenticator==null && _authenticatorFactory!=null && _identityService!=null) + ((LifeCycle)_loginService).start(); + + Authenticator.Factory authenticatorFactory = getAuthenticatorFactory(); + if (_authenticator==null && authenticatorFactory!=null && _identityService!=null) { - _authenticator=_authenticatorFactory.getAuthenticator(getServer(),ContextHandler.getCurrentContext(),this, _identityService, _loginService); + _authenticator=authenticatorFactory.getAuthenticator(getServer(),ContextHandler.getCurrentContext(),this, _identityService, _loginService); if (_authenticator!=null) _authMethod=_authenticator.getAuthMethod(); } @@ -384,10 +384,10 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti protected void doStop() throws Exception { super.doStop(); - + if (!_loginServiceShared && _loginService instanceof LifeCycle) ((LifeCycle)_loginService).stop(); - + } /* ------------------------------------------------------------ */ @@ -399,7 +399,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti case ASYNC: return true; case FORWARD: - if (_checkWelcomeFiles && request.getAttribute("org.eclipse.jetty.server.welcome") != null) + if (isCheckWelcomeFiles() && request.getAttribute("org.eclipse.jetty.server.welcome") != null) { request.removeAttribute("org.eclipse.jetty.server.welcome"); return true; @@ -409,7 +409,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti return false; } } - + /* ------------------------------------------------------------ */ /** * @see org.eclipse.jetty.security.Authenticator.AuthConfiguration#isSessionRenewedOnAuthentication() @@ -418,7 +418,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti { return _renewSession; } - + /* ------------------------------------------------------------ */ /** Set renew the session on Authentication. * <p> @@ -429,7 +429,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti { _renewSession=renew; } - + /* ------------------------------------------------------------ */ /* * @see org.eclipse.jetty.server.Handler#handle(java.lang.String, @@ -441,18 +441,18 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti { final Response base_response = baseRequest.getResponse(); final Handler handler=getHandler(); - + if (handler==null) return; final Authenticator authenticator = _authenticator; - + if (checkSecurity(baseRequest)) { - Object constraintInfo = prepareConstraintInfo(pathInContext, baseRequest); - + RoleInfo roleInfo = prepareConstraintInfo(pathInContext, baseRequest); + // Check data constraints - if (!checkUserDataPermissions(pathInContext, baseRequest, base_response, constraintInfo)) + if (!checkUserDataPermissions(pathInContext, baseRequest, base_response, roleInfo)) { if (!baseRequest.isHandled()) { @@ -463,12 +463,12 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti } // is Auth mandatory? - boolean isAuthMandatory = - isAuthMandatory(baseRequest, base_response, constraintInfo); + boolean isAuthMandatory = + isAuthMandatory(baseRequest, base_response, roleInfo); if (isAuthMandatory && authenticator==null) { - LOG.warn("No authenticator for: "+constraintInfo); + LOG.warn("No authenticator for: "+roleInfo); if (!baseRequest.isHandled()) { response.sendError(Response.SC_FORBIDDEN); @@ -476,7 +476,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti } return; } - + // check authentication Object previousIdentity = null; try @@ -504,7 +504,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti if (isAuthMandatory) { - boolean authorized=checkWebResourcePermissions(pathInContext, baseRequest, base_response, constraintInfo, userAuth.getUserIdentity()); + boolean authorized=checkWebResourcePermissions(pathInContext, baseRequest, base_response, roleInfo, userAuth.getUserIdentity()); if (!authorized) { response.sendError(Response.SC_FORBIDDEN, "!role"); @@ -512,7 +512,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti return; } } - + handler.handle(pathInContext, baseRequest, request, response); if (authenticator!=null) authenticator.secureResponse(request, response, isAuthMandatory, userAuth); @@ -579,9 +579,8 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti Context context = ContextHandler.getCurrentContext(); if (context==null) return null; - - SecurityHandler security = context.getContextHandler().getChildHandlerByClass(SecurityHandler.class); - return security; + + return context.getContextHandler().getChildHandlerByClass(SecurityHandler.class); } /* ------------------------------------------------------------ */ @@ -593,7 +592,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti { login_service.logout(user.getUserIdentity()); } - + IdentityService identity_service=getIdentityService(); if (identity_service!=null) { @@ -602,12 +601,12 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti identity_service.disassociate(previous); } } - + /* ------------------------------------------------------------ */ - protected abstract Object prepareConstraintInfo(String pathInContext, Request request); + protected abstract RoleInfo prepareConstraintInfo(String pathInContext, Request request); /* ------------------------------------------------------------ */ - protected abstract boolean checkUserDataPermissions(String pathInContext, Request request, Response response, Object constraintInfo) throws IOException; + protected abstract boolean checkUserDataPermissions(String pathInContext, Request request, Response response, RoleInfo constraintInfo) throws IOException; /* ------------------------------------------------------------ */ protected abstract boolean isAuthMandatory(Request baseRequest, Response base_response, Object constraintInfo); @@ -616,7 +615,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti protected abstract boolean checkWebResourcePermissions(String pathInContext, Request request, Response response, Object constraintInfo, UserIdentity userIdentity) throws IOException; - + /* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */ public class NotChecked implements Principal @@ -638,7 +637,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti } } - + /* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */ public static Principal __NO_USER = new Principal() @@ -654,7 +653,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti return "No User"; } }; - + /* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */ /** diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/SpnegoLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/SpnegoLoginService.java index 94321f03ae..77583395db 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/SpnegoLoginService.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/SpnegoLoginService.java @@ -1,30 +1,31 @@ -package org.eclipse.jetty.security; -//======================================================================== -//Copyright (c) Webtide LLC -//------------------------------------------------------------------------ -//All rights reserved. This program and the accompanying materials -//are made available under the terms of the Eclipse Public License v1.0 -//and Apache License v2.0 which accompanies this distribution. +// ======================================================================== +// Copyright (c) Webtide LLC +// ------------------------------------------------------------------------ +// All rights reserved. This program and the accompanying materials +// are made available under the terms of the Eclipse Public License v1.0 +// and Apache License v2.0 which accompanies this distribution. // -//The Eclipse Public License is available at -//http://www.eclipse.org/legal/epl-v10.html +// The Eclipse Public License is available at +// http://www.eclipse.org/legal/epl-v10.html // -//The Apache License v2.0 is available at -//http://www.opensource.org/licenses/apache2.0.php +// The Apache License v2.0 is available at +// http://www.opensource.org/licenses/apache2.0.php // -//You may elect to redistribute this code under either of these licenses. -//======================================================================== +// You may elect to redistribute this code under either of these licenses. +// ======================================================================== + +package org.eclipse.jetty.security; import java.util.Properties; import javax.security.auth.Subject; import org.eclipse.jetty.server.UserIdentity; +import org.eclipse.jetty.util.B64Code; import org.eclipse.jetty.util.component.AbstractLifeCycle; import org.eclipse.jetty.util.log.Log; import org.eclipse.jetty.util.log.Logger; import org.eclipse.jetty.util.resource.Resource; -import org.eclipse.jetty.util.security.B64Code; import org.ietf.jgss.GSSContext; import org.ietf.jgss.GSSCredential; import org.ietf.jgss.GSSException; @@ -39,25 +40,25 @@ public class SpnegoLoginService extends AbstractLifeCycle implements LoginServic protected IdentityService _identityService;// = new LdapIdentityService(); protected String _name; private String _config; - + private String _targetName; public SpnegoLoginService() { - + } - + public SpnegoLoginService( String name ) { setName(name); } - + public SpnegoLoginService( String name, String config ) { setName(name); setConfig(config); } - + public String getName() { return _name; @@ -69,38 +70,38 @@ public class SpnegoLoginService extends AbstractLifeCycle implements LoginServic { throw new IllegalStateException("Running"); } - + _name = name; } - + public String getConfig() { return _config; } - + public void setConfig( String config ) { if (isRunning()) { throw new IllegalStateException("Running"); } - + _config = config; } - - - + + + @Override protected void doStart() throws Exception { Properties properties = new Properties(); Resource resource = Resource.newResource(_config); properties.load(resource.getInputStream()); - + _targetName = properties.getProperty("targetName"); - + LOG.debug("Target Name {}", _targetName); - + super.doStart(); } @@ -110,9 +111,9 @@ public class SpnegoLoginService extends AbstractLifeCycle implements LoginServic public UserIdentity login(String username, Object credentials) { String encodedAuthToken = (String)credentials; - + byte[] authToken = B64Code.decode(encodedAuthToken); - + GSSManager manager = GSSManager.getInstance(); try { @@ -135,7 +136,7 @@ public class SpnegoLoginService extends AbstractLifeCycle implements LoginServic { String clientName = gContext.getSrcName().toString(); String role = clientName.substring(clientName.indexOf('@') + 1); - + LOG.debug("SpnegoUserRealm: established a security context"); LOG.debug("Client Principal is: " + gContext.getSrcName()); LOG.debug("Server Principal is: " + gContext.getTargName()); @@ -145,7 +146,7 @@ public class SpnegoLoginService extends AbstractLifeCycle implements LoginServic Subject subject = new Subject(); subject.getPrincipals().add(user); - + return _identityService.newUserIdentity(subject,user, new String[]{role}); } } @@ -176,7 +177,7 @@ public class SpnegoLoginService extends AbstractLifeCycle implements LoginServic public void logout(UserIdentity user) { // TODO Auto-generated method stub - + } } diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/SpnegoUserPrincipal.java b/jetty-security/src/main/java/org/eclipse/jetty/security/SpnegoUserPrincipal.java index 26de9c2c20..d3c31e684d 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/SpnegoUserPrincipal.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/SpnegoUserPrincipal.java @@ -1,4 +1,3 @@ -package org.eclipse.jetty.security; //======================================================================== //Copyright 2011-2012 Mort Bay Consulting Pty. Ltd. //------------------------------------------------------------------------ @@ -12,28 +11,30 @@ package org.eclipse.jetty.security; //You may elect to redistribute this code under either of these licenses. //======================================================================== +package org.eclipse.jetty.security; + import java.security.Principal; -import org.eclipse.jetty.util.security.B64Code; +import org.eclipse.jetty.util.B64Code; public class SpnegoUserPrincipal implements Principal { private final String _name; private byte[] _token; private String _encodedToken; - + public SpnegoUserPrincipal( String name, String encodedToken ) { _name = name; _encodedToken = encodedToken; } - + public SpnegoUserPrincipal( String name, byte[] token ) { _name = name; _token = token; } - + public String getName() { return _name; @@ -47,7 +48,7 @@ public class SpnegoUserPrincipal implements Principal } return _token; } - + public String getEncodedToken() { if ( _encodedToken == null ) @@ -55,5 +56,5 @@ public class SpnegoUserPrincipal implements Principal _encodedToken = new String(B64Code.encode(_token,true)); } return _encodedToken; - } + } } diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java index 28be2d7a8c..81dfcb4360 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/BasicAuthenticator.java @@ -20,7 +20,7 @@ import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.eclipse.jetty.http.HttpHeaders; +import org.eclipse.jetty.http.HttpHeader; import org.eclipse.jetty.security.ServerAuthException; import org.eclipse.jetty.security.UserAuthentication; import org.eclipse.jetty.server.Authentication; @@ -57,7 +57,7 @@ public class BasicAuthenticator extends LoginAuthenticator { HttpServletRequest request = (HttpServletRequest)req; HttpServletResponse response = (HttpServletResponse)res; - String credentials = request.getHeader(HttpHeaders.AUTHORIZATION); + String credentials = request.getHeader(HttpHeader.AUTHORIZATION.asString()); try { @@ -94,7 +94,7 @@ public class BasicAuthenticator extends LoginAuthenticator if (_deferred.isDeferred(response)) return Authentication.UNAUTHENTICATED; - response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "basic realm=\"" + _loginService.getName() + '"'); + response.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), "basic realm=\"" + _loginService.getName() + '"'); response.sendError(HttpServletResponse.SC_UNAUTHORIZED); return Authentication.SEND_CONTINUE; } diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java index 488c4a8b2b..73cfc100a2 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java @@ -27,7 +27,7 @@ import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.eclipse.jetty.http.HttpHeaders; +import org.eclipse.jetty.http.HttpHeader; import org.eclipse.jetty.security.SecurityHandler; import org.eclipse.jetty.security.ServerAuthException; import org.eclipse.jetty.security.UserAuthentication; @@ -120,7 +120,7 @@ public class DigestAuthenticator extends LoginAuthenticator HttpServletRequest request = (HttpServletRequest)req; HttpServletResponse response = (HttpServletResponse)res; - String credentials = request.getHeader(HttpHeaders.AUTHORIZATION); + String credentials = request.getHeader(HttpHeader.AUTHORIZATION.asString()); try { @@ -197,7 +197,7 @@ public class DigestAuthenticator extends LoginAuthenticator String domain = request.getContextPath(); if (domain == null) domain = "/"; - response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "Digest realm=\"" + _loginService.getName() + response.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), "Digest realm=\"" + _loginService.getName() + "\", domain=\"" + domain + "\", nonce=\"" diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java index 7acb1eff2d..ab182b9bc5 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java @@ -4,11 +4,11 @@ // All rights reserved. This program and the accompanying materials // are made available under the terms of the Eclipse Public License v1.0 // and Apache License v2.0 which accompanies this distribution. -// The Eclipse Public License is available at +// The Eclipse Public License is available at // http://www.eclipse.org/legal/epl-v10.html // The Apache License v2.0 is available at // http://www.opensource.org/licenses/apache2.0.php -// You may elect to redistribute this code under either of these licenses. +// You may elect to redistribute this code under either of these licenses. // ======================================================================== package org.eclipse.jetty.security.authentication; @@ -27,14 +27,15 @@ import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponseWrapper; import javax.servlet.http.HttpSession; -import org.eclipse.jetty.http.HttpHeaders; -import org.eclipse.jetty.http.HttpMethods; +import org.eclipse.jetty.http.HttpHeader; +import org.eclipse.jetty.http.HttpHeaderValue; +import org.eclipse.jetty.http.HttpMethod; import org.eclipse.jetty.http.MimeTypes; import org.eclipse.jetty.security.ServerAuthException; import org.eclipse.jetty.security.UserAuthentication; -import org.eclipse.jetty.server.AbstractHttpConnection; import org.eclipse.jetty.server.Authentication; import org.eclipse.jetty.server.Authentication.User; +import org.eclipse.jetty.server.HttpChannel; import org.eclipse.jetty.server.Request; import org.eclipse.jetty.server.UserIdentity; import org.eclipse.jetty.util.MultiMap; @@ -46,18 +47,18 @@ import org.eclipse.jetty.util.security.Constraint; /** * FORM Authenticator. - * + * * <p>This authenticator implements form authentication will use dispatchers to * the login page if the {@link #__FORM_DISPATCH} init parameter is set to true. * Otherwise it will redirect.</p> - * + * * <p>The form authenticator redirects unauthenticated requests to a log page * which should use a form to gather username/password from the user and send them - * to the /j_security_check URI within the context. FormAuthentication uses + * to the /j_security_check URI within the context. FormAuthentication uses * {@link SessionAuthentication} to wrap Authentication results so that they * are associated with the session.</p> - * - * + * + * */ public class FormAuthenticator extends LoginAuthenticator { @@ -93,7 +94,7 @@ public class FormAuthenticator extends LoginAuthenticator setErrorPage(error); _dispatch=dispatch; } - + /* ------------------------------------------------------------ */ /** * If true, uris that cause a redirect to a login page will always @@ -106,14 +107,14 @@ public class FormAuthenticator extends LoginAuthenticator { _alwaysSaveUri = alwaysSave; } - - + + /* ------------------------------------------------------------ */ public boolean getAlwaysSaveUri () { return _alwaysSaveUri; } - + /* ------------------------------------------------------------ */ /** * @see org.eclipse.jetty.security.authentication.LoginAuthenticator#setConfiguration(org.eclipse.jetty.security.Authenticator.AuthConfiguration) @@ -148,7 +149,7 @@ public class FormAuthenticator extends LoginAuthenticator } _formLoginPage = path; _formLoginPath = path; - if (_formLoginPath.indexOf('?') > 0) + if (_formLoginPath.indexOf('?') > 0) _formLoginPath = _formLoginPath.substring(0, _formLoginPath.indexOf('?')); } @@ -170,14 +171,14 @@ public class FormAuthenticator extends LoginAuthenticator _formErrorPage = path; _formErrorPath = path; - if (_formErrorPath.indexOf('?') > 0) + if (_formErrorPath.indexOf('?') > 0) _formErrorPath = _formErrorPath.substring(0, _formErrorPath.indexOf('?')); } } /* ------------------------------------------------------------ */ public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException - { + { HttpServletRequest request = (HttpServletRequest)req; HttpServletResponse response = (HttpServletResponse)res; String uri = request.getRequestURI(); @@ -187,12 +188,12 @@ public class FormAuthenticator extends LoginAuthenticator mandatory|=isJSecurityCheck(uri); if (!mandatory) return _deferred; - + if (isLoginOrErrorPage(URIUtil.addPaths(request.getServletPath(),request.getPathInfo())) &&!DeferredAuthentication.isDeferred(response)) return _deferred; - + HttpSession session = request.getSession(true); - + try { // Handle a request for authentication. @@ -200,66 +201,66 @@ public class FormAuthenticator extends LoginAuthenticator { final String username = request.getParameter(__J_USERNAME); final String password = request.getParameter(__J_PASSWORD); - + UserIdentity user = _loginService.login(username,password); if (user!=null) { session=renewSession(request,response); - + // Redirect to original request String nuri; synchronized(session) { nuri = (String) session.getAttribute(__J_URI); } - + if (nuri == null || nuri.length() == 0) { nuri = request.getContextPath(); - if (nuri.length() == 0) + if (nuri.length() == 0) nuri = URIUtil.SLASH; } - response.setContentLength(0); + response.setContentLength(0); response.sendRedirect(response.encodeRedirectURL(nuri)); Authentication cached=new SessionAuthentication(getAuthMethod(),user,password); session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached); return new FormAuthentication(getAuthMethod(),user); } - + // not authenticated - if (LOG.isDebugEnabled()) + if (LOG.isDebugEnabled()) LOG.debug("Form authentication FAILED for " + StringUtil.printable(username)); if (_formErrorPage == null) { - if (response != null) + if (response != null) response.sendError(HttpServletResponse.SC_FORBIDDEN); } else if (_dispatch) { RequestDispatcher dispatcher = request.getRequestDispatcher(_formErrorPage); - response.setHeader(HttpHeaders.CACHE_CONTROL,"No-cache"); - response.setDateHeader(HttpHeaders.EXPIRES,1); + response.setHeader(HttpHeader.CACHE_CONTROL.asString(),HttpHeaderValue.NO_CACHE.asString()); + response.setDateHeader(HttpHeader.EXPIRES.asString(),1); dispatcher.forward(new FormRequest(request), new FormResponse(response)); } else { response.sendRedirect(response.encodeRedirectURL(URIUtil.addPaths(request.getContextPath(),_formErrorPage))); } - + return Authentication.SEND_FAILURE; } - + // Look for cached authentication Authentication authentication = (Authentication) session.getAttribute(SessionAuthentication.__J_AUTHENTICATED); - if (authentication != null) + if (authentication != null) { // Has authentication been revoked? - if (authentication instanceof Authentication.User && + if (authentication instanceof Authentication.User && _loginService!=null && !_loginService.validate(((Authentication.User)authentication).getUserIdentity())) { - + session.removeAttribute(SessionAuthentication.__J_AUTHENTICATED); } else @@ -267,7 +268,7 @@ public class FormAuthenticator extends LoginAuthenticator String j_uri=(String)session.getAttribute(__J_URI); if (j_uri!=null) { - MultiMap<String> j_post = (MultiMap<String>)session.getAttribute(__J_POST); + MultiMap j_post = (MultiMap)session.getAttribute(__J_POST); if (j_post!=null) { StringBuffer buf = request.getRequestURL(); @@ -279,50 +280,50 @@ public class FormAuthenticator extends LoginAuthenticator // This is a retry of an original POST request // so restore method and parameters - session.removeAttribute(__J_POST); - Request base_request = (req instanceof Request)?(Request)req:AbstractHttpConnection.getCurrentConnection().getRequest(); - base_request.setMethod(HttpMethods.POST); + session.removeAttribute(__J_POST); + Request base_request = HttpChannel.getCurrentHttpChannel().getRequest(); + base_request.setMethod(HttpMethod.POST,HttpMethod.POST.asString()); base_request.setParameters(j_post); } } else session.removeAttribute(__J_URI); - + } return authentication; } } // if we can't send challenge - if (_deferred.isDeferred(response)) - return Authentication.UNAUTHENTICATED; - + if (DeferredAuthentication.isDeferred(response)) + return Authentication.UNAUTHENTICATED; + // remember the current URI synchronized (session) { // But only if it is not set already, or we save every uri that leads to a login form redirect if (session.getAttribute(__J_URI)==null || _alwaysSaveUri) - { + { StringBuffer buf = request.getRequestURL(); if (request.getQueryString() != null) buf.append("?").append(request.getQueryString()); session.setAttribute(__J_URI, buf.toString()); - - if (MimeTypes.FORM_ENCODED.equalsIgnoreCase(req.getContentType()) && HttpMethods.POST.equals(request.getMethod())) + + if (MimeTypes.Type.FORM_ENCODED.is(req.getContentType()) && HttpMethod.POST.is(request.getMethod())) { - Request base_request = (req instanceof Request)?(Request)req:AbstractHttpConnection.getCurrentConnection().getRequest(); - base_request.extractParameters(); - session.setAttribute(__J_POST, new MultiMap<String>(base_request.getParameters())); + Request base_request = (req instanceof Request)?(Request)req:HttpChannel.getCurrentHttpChannel().getRequest(); + base_request.extractParameters(); + session.setAttribute(__J_POST, new MultiMap(base_request.getParameters())); } } } - + // send the the challenge if (_dispatch) { RequestDispatcher dispatcher = request.getRequestDispatcher(_formLoginPage); - response.setHeader(HttpHeaders.CACHE_CONTROL,"No-cache"); - response.setDateHeader(HttpHeaders.EXPIRES,1); + response.setHeader(HttpHeader.CACHE_CONTROL.asString(),HttpHeaderValue.NO_CACHE.asString()); + response.setDateHeader(HttpHeader.EXPIRES.asString(),1); dispatcher.forward(new FormRequest(request), new FormResponse(response)); } else @@ -330,24 +331,20 @@ public class FormAuthenticator extends LoginAuthenticator response.sendRedirect(response.encodeRedirectURL(URIUtil.addPaths(request.getContextPath(),_formLoginPage))); } return Authentication.SEND_CONTINUE; - - - } - catch (IOException e) - { - throw new ServerAuthException(e); + + } - catch (ServletException e) + catch (IOException | ServletException e) { throw new ServerAuthException(e); } } - + /* ------------------------------------------------------------ */ public boolean isJSecurityCheck(String uri) { int jsc = uri.indexOf(__J_SECURITY_CHECK); - + if (jsc<0) return false; int e=jsc+__J_SECURITY_CHECK.length(); @@ -356,13 +353,13 @@ public class FormAuthenticator extends LoginAuthenticator char c = uri.charAt(e); return c==';'||c=='#'||c=='/'||c=='?'; } - + /* ------------------------------------------------------------ */ public boolean isLoginOrErrorPage(String pathInContext) { return pathInContext != null && (pathInContext.equals(_formErrorPath) || pathInContext.equals(_formLoginPath)); } - + /* ------------------------------------------------------------ */ public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, User validatedUser) throws ServerAuthException { @@ -385,7 +382,7 @@ public class FormAuthenticator extends LoginAuthenticator return -1; return super.getDateHeader(name); } - + @Override public String getHeader(String name) { @@ -395,16 +392,16 @@ public class FormAuthenticator extends LoginAuthenticator } @Override - public Enumeration getHeaderNames() + public Enumeration<String> getHeaderNames() { return Collections.enumeration(Collections.list(super.getHeaderNames())); } @Override - public Enumeration getHeaders(String name) + public Enumeration<String> getHeaders(String name) { if (name.toLowerCase().startsWith("if-")) - return Collections.enumeration(Collections.EMPTY_LIST); + return Collections.<String>enumeration(Collections.<String>emptyList()); return super.getHeaders(name); } } @@ -438,30 +435,30 @@ public class FormAuthenticator extends LoginAuthenticator if (notIgnored(name)) super.setDateHeader(name,date); } - + @Override public void setHeader(String name, String value) { if (notIgnored(name)) super.setHeader(name,value); } - + private boolean notIgnored(String name) { - if (HttpHeaders.CACHE_CONTROL.equalsIgnoreCase(name) || - HttpHeaders.PRAGMA.equalsIgnoreCase(name) || - HttpHeaders.ETAG.equalsIgnoreCase(name) || - HttpHeaders.EXPIRES.equalsIgnoreCase(name) || - HttpHeaders.LAST_MODIFIED.equalsIgnoreCase(name) || - HttpHeaders.AGE.equalsIgnoreCase(name)) + if (HttpHeader.CACHE_CONTROL.is(name) || + HttpHeader.PRAGMA.is(name) || + HttpHeader.ETAG.is(name) || + HttpHeader.EXPIRES.is(name) || + HttpHeader.LAST_MODIFIED.is(name) || + HttpHeader.AGE.is(name)) return false; return true; } } - + /* ------------------------------------------------------------ */ /** This Authentication represents a just completed Form authentication. - * Subsequent requests from the same user are authenticated by the presents + * Subsequent requests from the same user are authenticated by the presents * of a {@link SessionAuthentication} instance in their session. */ public static class FormAuthentication extends UserAuthentication implements Authentication.ResponseSent @@ -470,7 +467,7 @@ public class FormAuthenticator extends LoginAuthenticator { super(method,userIdentity); } - + @Override public String toString() { diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SpnegoAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SpnegoAuthenticator.java index 412d3fd30c..dfe4192543 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SpnegoAuthenticator.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SpnegoAuthenticator.java @@ -22,7 +22,7 @@ import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.eclipse.jetty.http.HttpHeaders; +import org.eclipse.jetty.http.HttpHeader; import org.eclipse.jetty.security.ServerAuthException; import org.eclipse.jetty.security.UserAuthentication; import org.eclipse.jetty.server.Authentication; @@ -62,7 +62,7 @@ public class SpnegoAuthenticator extends LoginAuthenticator HttpServletRequest req = (HttpServletRequest)request; HttpServletResponse res = (HttpServletResponse)response; - String header = req.getHeader(HttpHeaders.AUTHORIZATION); + String header = req.getHeader(HttpHeader.AUTHORIZATION.asString()); if (!mandatory) { @@ -80,7 +80,7 @@ public class SpnegoAuthenticator extends LoginAuthenticator } LOG.debug("SpengoAuthenticator: sending challenge"); - res.setHeader(HttpHeaders.WWW_AUTHENTICATE, HttpHeaders.NEGOTIATE); + res.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), HttpHeader.NEGOTIATE.asString()); res.sendError(HttpServletResponse.SC_UNAUTHORIZED); return Authentication.SEND_CONTINUE; } @@ -89,7 +89,7 @@ public class SpnegoAuthenticator extends LoginAuthenticator throw new ServerAuthException(ioe); } } - else if (header != null && header.startsWith(HttpHeaders.NEGOTIATE)) + else if (header != null && header.startsWith(HttpHeader.NEGOTIATE.asString())) { String spnegoToken = header.substring(10); diff --git a/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java b/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java index 7fdf357ca7..52b35c8ad8 100644 --- a/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java +++ b/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java @@ -13,16 +13,14 @@ package org.eclipse.jetty.security; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; - import java.io.IOException; +import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; import java.util.HashSet; +import java.util.List; import java.util.Map; import java.util.Set; - import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -43,29 +41,33 @@ import org.eclipse.jetty.util.security.Constraint; import org.eclipse.jetty.util.security.Password; import org.junit.After; import org.junit.Before; -import org.junit.BeforeClass; import org.junit.Test; +import static org.hamcrest.Matchers.startsWith; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertThat; +import static org.junit.Assert.assertTrue; +import static org.junit.matchers.JUnitMatchers.containsString; + /** * @version $Revision: 1441 $ $Date: 2010-04-02 12:28:17 +0200 (Fri, 02 Apr 2010) $ */ public class ConstraintTest { private static final String TEST_REALM = "TestRealm"; - private static Server _server; - private static LocalConnector _connector; - private static SessionHandler _session; + private Server _server; + private LocalConnector _connector; private ConstraintSecurityHandler _security; - @BeforeClass - public static void startServer() + @Before + public void startServer() { _server = new Server(); - _connector = new LocalConnector(); + _connector = new LocalConnector(_server); _server.setConnectors(new Connector[]{_connector}); ContextHandler _context = new ContextHandler(); - _session = new SessionHandler(); + SessionHandler _session = new SessionHandler(); HashLoginService _loginService = new HashLoginService(TEST_REALM); _loginService.putUser("user",new Password("password")); @@ -77,11 +79,7 @@ public class ConstraintTest _context.setHandler(_session); _server.addBean(_loginService); - } - @Before - public void setupSecurity() - { _security = new ConstraintSecurityHandler(); _session.setHandler(_security); RequestHandler _handler = new RequestHandler(); @@ -133,52 +131,45 @@ public class ConstraintTest mapping5.setPathSpec("/forbid/post"); mapping5.setConstraint(constraint5); mapping5.setMethod("POST"); - - - Set<String> knownRoles=new HashSet<String>(); + + + Set<String> knownRoles=new HashSet<>(); knownRoles.add("user"); knownRoles.add("administrator"); - _security.setConstraintMappings(Arrays.asList(new ConstraintMapping[] - { - mapping0, mapping1, mapping2, mapping3, mapping4, mapping5 - }), knownRoles); + _security.setConstraintMappings(Arrays.asList(mapping0, mapping1, mapping2, mapping3, mapping4, mapping5), knownRoles); } @After public void stopServer() throws Exception { - if (_server.isRunning()) - { - _server.stop(); - _server.join(); - } + _server.stop(); } @Test public void testConstraints() throws Exception { - ConstraintMapping[] mappings =_security.getConstraintMappings().toArray(new ConstraintMapping[0]); - - assertTrue (mappings[0].getConstraint().isForbidden()); - assertFalse(mappings[1].getConstraint().isForbidden()); - assertFalse(mappings[2].getConstraint().isForbidden()); - assertFalse(mappings[3].getConstraint().isForbidden()); - - assertFalse(mappings[0].getConstraint().isAnyRole()); - assertTrue (mappings[1].getConstraint().isAnyRole()); - assertFalse(mappings[2].getConstraint().isAnyRole()); - assertFalse(mappings[3].getConstraint().isAnyRole()); - - assertFalse(mappings[0].getConstraint().hasRole("administrator")); - assertTrue (mappings[1].getConstraint().hasRole("administrator")); - assertTrue (mappings[2].getConstraint().hasRole("administrator")); - assertFalse(mappings[3].getConstraint().hasRole("administrator")); - - assertTrue (mappings[0].getConstraint().getAuthenticate()); - assertTrue (mappings[1].getConstraint().getAuthenticate()); - assertTrue (mappings[2].getConstraint().getAuthenticate()); - assertFalse(mappings[3].getConstraint().getAuthenticate()); + List<ConstraintMapping> mappings = new ArrayList<>(_security.getConstraintMappings()); + + assertTrue (mappings.get(0).getConstraint().isForbidden()); + assertFalse(mappings.get(1).getConstraint().isForbidden()); + assertFalse(mappings.get(2).getConstraint().isForbidden()); + assertFalse(mappings.get(3).getConstraint().isForbidden()); + + assertFalse(mappings.get(0).getConstraint().isAnyRole()); + assertTrue (mappings.get(1).getConstraint().isAnyRole()); + assertFalse(mappings.get(2).getConstraint().isAnyRole()); + assertFalse(mappings.get(3).getConstraint().isAnyRole()); + + assertFalse(mappings.get(0).getConstraint().hasRole("administrator")); + assertTrue (mappings.get(1).getConstraint().hasRole("administrator")); + assertTrue (mappings.get(2).getConstraint().hasRole("administrator")); + assertFalse(mappings.get(3).getConstraint().hasRole("administrator")); + + assertTrue (mappings.get(0).getConstraint().getAuthenticate()); + assertTrue (mappings.get(1).getConstraint().getAuthenticate()); + assertTrue (mappings.get(2).getConstraint().getAuthenticate()); + assertFalse(mappings.get(3).getConstraint().getAuthenticate()); } @Test @@ -190,52 +181,52 @@ public class ConstraintTest String response; response = _connector.getResponses("GET /ctx/noauth/info HTTP/1.0\r\n\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 OK")); + assertThat(response,startsWith("HTTP/1.1 200 OK")); response = _connector.getResponses("GET /ctx/forbid/info HTTP/1.0\r\n\r\n"); - assertTrue(response.startsWith("HTTP/1.1 403 Forbidden")); + assertThat(response,startsWith("HTTP/1.1 403 Forbidden")); response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n\r\n"); - assertTrue(response.startsWith("HTTP/1.1 401 Unauthorized")); - assertTrue(response.indexOf("WWW-Authenticate: basic realm=\"TestRealm\"") > 0); + assertThat(response,startsWith("HTTP/1.1 401 Unauthorized")); + assertThat(response,containsString("WWW-Authenticate: basic realm=\"TestRealm\"")); response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("user:wrong") + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 401 Unauthorized")); - assertTrue(response.indexOf("WWW-Authenticate: basic realm=\"TestRealm\"") > 0); + assertThat(response,startsWith("HTTP/1.1 401 Unauthorized")); + assertThat(response,containsString("WWW-Authenticate: basic realm=\"TestRealm\"")); response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("user:password") + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 OK")); + assertThat(response,startsWith("HTTP/1.1 200 OK")); // test admin response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n\r\n"); - assertTrue(response.startsWith("HTTP/1.1 401 Unauthorized")); - assertTrue(response.indexOf("WWW-Authenticate: basic realm=\"TestRealm\"") > 0); + assertThat(response,startsWith("HTTP/1.1 401 Unauthorized")); + assertThat(response,containsString("WWW-Authenticate: basic realm=\"TestRealm\"")); response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("admin:wrong") + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 401 Unauthorized")); - assertTrue(response.indexOf("WWW-Authenticate: basic realm=\"TestRealm\"") > 0); + assertThat(response,startsWith("HTTP/1.1 401 Unauthorized")); + assertThat(response,containsString("WWW-Authenticate: basic realm=\"TestRealm\"")); response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("user:password") + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 403 ")); - assertTrue(response.indexOf("!role") > 0); + assertThat(response,startsWith("HTTP/1.1 403 ")); + assertThat(response,containsString("!role")); response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("admin:password") + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 OK")); + assertThat(response,startsWith("HTTP/1.1 200 OK")); response = _connector.getResponses("GET /ctx/admin/relax/info HTTP/1.0\r\n\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 OK")); + assertThat(response,startsWith("HTTP/1.1 200 OK")); } @Test @@ -248,15 +239,15 @@ public class ConstraintTest String response; response = _connector.getResponses("GET /ctx/noauth/info HTTP/1.0\r\n\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 OK")); + assertThat(response,startsWith("HTTP/1.1 200 OK")); response = _connector.getResponses("GET /ctx/forbid/info HTTP/1.0\r\n\r\n"); - assertTrue(response.startsWith("HTTP/1.1 403 Forbidden")); + assertThat(response,startsWith("HTTP/1.1 403 Forbidden")); response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n\r\n"); - assertTrue(response.indexOf("Cache-Control: no-cache") > 0); - assertTrue(response.indexOf("Expires") > 0); - assertTrue(response.indexOf("URI=/ctx/testLoginPage") > 0); + assertThat(response,containsString("Cache-Control: no-cache")); + assertThat(response,containsString("Expires")); + assertThat(response,containsString("URI=/ctx/testLoginPage")); String session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx")); @@ -266,7 +257,7 @@ public class ConstraintTest "Content-Length: 31\r\n" + "\r\n" + "j_username=user&j_password=wrong\r\n"); - assertTrue(response.indexOf("testErrorPage") > 0); + assertThat(response,containsString("testErrorPage")); response = _connector.getResponses("POST /ctx/j_security_check HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + @@ -274,21 +265,23 @@ public class ConstraintTest "Content-Length: 35\r\n" + "\r\n" + "j_username=user&j_password=password\r\n"); - assertTrue(response.startsWith("HTTP/1.1 302 ")); - assertTrue(response.indexOf("Location") > 0); - assertTrue(response.indexOf("/ctx/auth/info") > 0); + assertThat(response,startsWith("HTTP/1.1 302 ")); + assertThat(response,containsString("Location")); + assertThat(response,containsString("Location")); + assertThat(response,containsString("/ctx/auth/info")); session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx")); response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 OK")); + assertThat(response,startsWith("HTTP/1.1 200 OK")); + response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 403")); - assertTrue(response.indexOf("!role") > 0); + assertThat(response,startsWith("HTTP/1.1 403")); + assertThat(response,containsString("!role")); } @Test @@ -301,51 +294,51 @@ public class ConstraintTest String response; response = _connector.getResponses("GET /ctx/noauth/info HTTP/1.0\r\n\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 OK")); + assertThat(response,startsWith("HTTP/1.1 200 OK")); response = _connector.getResponses("GET /ctx/forbid/info HTTP/1.0\r\n\r\n"); - assertTrue(response.startsWith("HTTP/1.1 403 Forbidden")); + assertThat(response,startsWith("HTTP/1.1 403 Forbidden")); response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n\r\n"); - assertTrue(response.indexOf(" 302 Found") > 0); - assertTrue(response.indexOf("/ctx/testLoginPage") > 0); + assertThat(response,containsString(" 302 Found")); + assertThat(response,containsString("/ctx/testLoginPage")); String session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx")); response = _connector.getResponses("GET /ctx/testLoginPage HTTP/1.0\r\n"+ "Cookie: JSESSIONID=" + session + "\r\n" + "\r\n"); - assertTrue(response.indexOf(" 200 OK") > 0); - assertTrue(response.indexOf("URI=/ctx/testLoginPage") > 0); + assertThat(response,containsString(" 200 OK")); + assertThat(response,containsString("URI=/ctx/testLoginPage")); response = _connector.getResponses("POST /ctx/j_security_check HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "Content-Type: application/x-www-form-urlencoded\r\n" + - "Content-Length: 31\r\n" + + "Content-Length: 32\r\n" + "\r\n" + - "j_username=user&j_password=wrong\r\n"); - assertTrue(response.indexOf("Location") > 0); + "j_username=user&j_password=wrong"); + assertThat(response,containsString("Location")); response = _connector.getResponses("POST /ctx/j_security_check HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "Content-Type: application/x-www-form-urlencoded\r\n" + "Content-Length: 35\r\n" + "\r\n" + - "j_username=user&j_password=password\r\n"); - assertTrue(response.startsWith("HTTP/1.1 302 ")); - assertTrue(response.indexOf("Location") > 0); - assertTrue(response.indexOf("/ctx/auth/info") > 0); + "j_username=user&j_password=password"); + assertThat(response,startsWith("HTTP/1.1 302 ")); + assertThat(response,containsString("Location")); + assertThat(response,containsString("/ctx/auth/info")); session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx")); response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 OK")); + assertThat(response,startsWith("HTTP/1.1 200 OK")); response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 403")); - assertTrue(response.indexOf("!role") > 0); + assertThat(response,startsWith("HTTP/1.1 403")); + assertThat(response,containsString("!role")); } @Test @@ -358,25 +351,25 @@ public class ConstraintTest String response; response = _connector.getResponses("GET /ctx/noauth/info HTTP/1.0\r\n\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 OK")); + assertThat(response,startsWith("HTTP/1.1 200 OK")); response = _connector.getResponses("GET /ctx/forbid/info HTTP/1.0\r\n\r\n"); - assertTrue(response.startsWith("HTTP/1.1 403 Forbidden")); + assertThat(response,startsWith("HTTP/1.1 403 Forbidden")); response = _connector.getResponses("POST /ctx/auth/info HTTP/1.0\r\n"+ "Content-Type: application/x-www-form-urlencoded\r\n" + "Content-Length: 27\r\n" + "\r\n" + "test_parameter=test_value\r\n"); - assertTrue(response.indexOf(" 302 Found") > 0); - assertTrue(response.indexOf("/ctx/testLoginPage") > 0); + assertThat(response,containsString(" 302 Found")); + assertThat(response,containsString("/ctx/testLoginPage")); String session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx")); response = _connector.getResponses("GET /ctx/testLoginPage HTTP/1.0\r\n"+ "Cookie: JSESSIONID=" + session + "\r\n" + "\r\n"); - assertTrue(response.indexOf(" 200 OK") > 0); - assertTrue(response.indexOf("URI=/ctx/testLoginPage") > 0); + assertThat(response,containsString(" 200 OK")); + assertThat(response,containsString("URI=/ctx/testLoginPage")); response = _connector.getResponses("POST /ctx/j_security_check HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + @@ -384,7 +377,7 @@ public class ConstraintTest "Content-Length: 31\r\n" + "\r\n" + "j_username=user&j_password=wrong\r\n"); - assertTrue(response.indexOf("Location") > 0); + assertThat(response,containsString("Location")); response = _connector.getResponses("POST /ctx/j_security_check HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + @@ -392,32 +385,32 @@ public class ConstraintTest "Content-Length: 35\r\n" + "\r\n" + "j_username=user&j_password=password\r\n"); - assertTrue(response.startsWith("HTTP/1.1 302 ")); - assertTrue(response.indexOf("Location") > 0); - assertTrue(response.indexOf("/ctx/auth/info") > 0); + assertThat(response,startsWith("HTTP/1.1 302 ")); + assertThat(response,containsString("Location")); + assertThat(response,containsString("/ctx/auth/info")); session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx")); // sneak in other request response = _connector.getResponses("GET /ctx/auth/other HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 OK")); + assertThat(response,startsWith("HTTP/1.1 200 OK")); assertTrue(!response.contains("test_value")); // retry post as GET response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 OK")); + assertThat(response,startsWith("HTTP/1.1 200 OK")); assertTrue(response.contains("test_value")); response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 403")); - assertTrue(response.indexOf("!role") > 0); + assertThat(response,startsWith("HTTP/1.1 403")); + assertThat(response,containsString("!role")); } - + @Test public void testFormNoCookies() throws Exception { @@ -428,47 +421,47 @@ public class ConstraintTest String response; response = _connector.getResponses("GET /ctx/noauth/info HTTP/1.0\r\n\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 OK")); + assertThat(response,startsWith("HTTP/1.1 200 OK")); response = _connector.getResponses("GET /ctx/forbid/info HTTP/1.0\r\n\r\n"); - assertTrue(response.startsWith("HTTP/1.1 403 Forbidden")); + assertThat(response,startsWith("HTTP/1.1 403 Forbidden")); response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n\r\n"); - assertTrue(response.indexOf(" 302 Found") > 0); - assertTrue(response.indexOf("/ctx/testLoginPage") > 0); + assertThat(response,containsString(" 302 Found")); + assertThat(response,containsString("/ctx/testLoginPage")); int jsession=response.indexOf(";jsessionid="); String session = response.substring(jsession + 12, response.indexOf("\r\n",jsession)); response = _connector.getResponses("GET /ctx/testLoginPage;jsessionid="+session+";other HTTP/1.0\r\n"+ "\r\n"); - assertTrue(response.indexOf(" 200 OK") > 0); - assertTrue(response.indexOf("URI=/ctx/testLoginPage") > 0); + assertThat(response,containsString(" 200 OK")); + assertThat(response,containsString("URI=/ctx/testLoginPage")); response = _connector.getResponses("POST /ctx/j_security_check;jsessionid="+session+";other HTTP/1.0\r\n" + "Content-Type: application/x-www-form-urlencoded\r\n" + "Content-Length: 31\r\n" + "\r\n" + "j_username=user&j_password=wrong\r\n"); - assertTrue(response.indexOf("Location") > 0); + assertThat(response,containsString("Location")); response = _connector.getResponses("POST /ctx/j_security_check;jsessionid="+session+";other HTTP/1.0\r\n" + "Content-Type: application/x-www-form-urlencoded\r\n" + "Content-Length: 35\r\n" + "\r\n" + "j_username=user&j_password=password\r\n"); - assertTrue(response.startsWith("HTTP/1.1 302 ")); - assertTrue(response.indexOf("Location") > 0); - assertTrue(response.indexOf("/ctx/auth/info") > 0); + assertThat(response,startsWith("HTTP/1.1 302 ")); + assertThat(response,containsString("Location")); + assertThat(response,containsString("/ctx/auth/info")); session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx")); response = _connector.getResponses("GET /ctx/auth/info;jsessionid="+session+";other HTTP/1.0\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 OK")); + assertThat(response,startsWith("HTTP/1.1 200 OK")); response = _connector.getResponses("GET /ctx/admin/info;jsessionid="+session+";other HTTP/1.0\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 403")); - assertTrue(response.indexOf("!role") > 0); + assertThat(response,startsWith("HTTP/1.1 403")); + assertThat(response,containsString("!role")); } @Test @@ -479,58 +472,58 @@ public class ConstraintTest String response; response = _connector.getResponses("GET /ctx/noauth/info HTTP/1.0\r\n\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 OK")); + assertThat(response,startsWith("HTTP/1.1 200 OK")); response = _connector.getResponses("GET /ctx/forbid/info HTTP/1.0\r\n\r\n"); - assertTrue(response.startsWith("HTTP/1.1 403 Forbidden")); + assertThat(response,startsWith("HTTP/1.1 403 Forbidden")); response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n\r\n"); - assertTrue(response.startsWith("HTTP/1.1 401 Unauthorized")); - assertTrue(response.indexOf("WWW-Authenticate: basic realm=\"TestRealm\"") > 0); + assertThat(response,startsWith("HTTP/1.1 401 Unauthorized")); + assertThat(response,containsString("WWW-Authenticate: basic realm=\"TestRealm\"")); response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("user:wrong") + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 401 Unauthorized")); - assertTrue(response.indexOf("WWW-Authenticate: basic realm=\"TestRealm\"") > 0); + assertThat(response,startsWith("HTTP/1.1 401 Unauthorized")); + assertThat(response,containsString("WWW-Authenticate: basic realm=\"TestRealm\"")); response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("user:password") + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 403")); + assertThat(response,startsWith("HTTP/1.1 403")); response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("user2:password") + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 OK")); + assertThat(response,startsWith("HTTP/1.1 200 OK")); // test admin response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n\r\n"); - assertTrue(response.startsWith("HTTP/1.1 401 Unauthorized")); - assertTrue(response.indexOf("WWW-Authenticate: basic realm=\"TestRealm\"") > 0); + assertThat(response,startsWith("HTTP/1.1 401 Unauthorized")); + assertThat(response,containsString("WWW-Authenticate: basic realm=\"TestRealm\"")); response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("admin:wrong") + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 401 Unauthorized")); - assertTrue(response.indexOf("WWW-Authenticate: basic realm=\"TestRealm\"") > 0); + assertThat(response,startsWith("HTTP/1.1 401 Unauthorized")); + assertThat(response,containsString("WWW-Authenticate: basic realm=\"TestRealm\"")); response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("user:password") + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 403 ")); - assertTrue(response.indexOf("!role") > 0); + assertThat(response,startsWith("HTTP/1.1 403 ")); + assertThat(response,containsString("!role")); response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("admin:password") + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 OK")); + assertThat(response,startsWith("HTTP/1.1 200 OK")); response = _connector.getResponses("GET /ctx/admin/relax/info HTTP/1.0\r\n\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 OK")); + assertThat(response,startsWith("HTTP/1.1 200 OK")); } @Test @@ -543,17 +536,17 @@ public class ConstraintTest String response; response = _connector.getResponses("GET /ctx/noauth/info HTTP/1.0\r\n\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 OK")); + assertThat(response,startsWith("HTTP/1.1 200 OK")); response = _connector.getResponses("GET /ctx/forbid/info HTTP/1.0\r\n\r\n"); - assertTrue(response.startsWith("HTTP/1.1 403 Forbidden")); + assertThat(response,startsWith("HTTP/1.1 403 Forbidden")); response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n\r\n"); - // assertTrue(response.indexOf(" 302 Found") > 0); - // assertTrue(response.indexOf("/ctx/testLoginPage") > 0); - assertTrue(response.indexOf("Cache-Control: no-cache") > 0); - assertTrue(response.indexOf("Expires") > 0); - assertTrue(response.indexOf("URI=/ctx/testLoginPage") > 0); + // assertThat(response,containsString(" 302 Found")); + // assertThat(response,containsString("/ctx/testLoginPage")); + assertThat(response,containsString("Cache-Control: no-cache")); + assertThat(response,containsString("Expires")); + assertThat(response,containsString("URI=/ctx/testLoginPage")); String session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx")); @@ -563,8 +556,8 @@ public class ConstraintTest "Content-Length: 31\r\n" + "\r\n" + "j_username=user&j_password=wrong\r\n"); - // assertTrue(response.indexOf("Location") > 0); - assertTrue(response.indexOf("testErrorPage") > 0); + // assertThat(response,containsString("Location")); + assertThat(response,containsString("testErrorPage")); response = _connector.getResponses("POST /ctx/j_security_check HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + @@ -572,29 +565,29 @@ public class ConstraintTest "Content-Length: 35\r\n" + "\r\n" + "j_username=user&j_password=password\r\n"); - assertTrue(response.startsWith("HTTP/1.1 302 ")); - assertTrue(response.indexOf("Location") > 0); - assertTrue(response.indexOf("/ctx/auth/info") > 0); + assertThat(response,startsWith("HTTP/1.1 302 ")); + assertThat(response,containsString("Location")); + assertThat(response,containsString("/ctx/auth/info")); session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx")); response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 403")); - assertTrue(response.indexOf("!role") > 0); + assertThat(response,startsWith("HTTP/1.1 403")); + assertThat(response,containsString("!role")); response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 403")); - assertTrue(response.indexOf("!role") > 0); + assertThat(response,startsWith("HTTP/1.1 403")); + assertThat(response,containsString("!role")); // log in again as user2 response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n\r\n"); -// assertTrue(response.startsWith("HTTP/1.1 302 ")); -// assertTrue(response.indexOf("testLoginPage") > 0); +// assertThat(response,startsWith("HTTP/1.1 302 ")); +// assertThat(response,containsString("testLoginPage")); session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx")); response = _connector.getResponses("POST /ctx/j_security_check HTTP/1.0\r\n" + @@ -603,28 +596,28 @@ public class ConstraintTest "Content-Length: 36\r\n" + "\r\n" + "j_username=user2&j_password=password\r\n"); - assertTrue(response.startsWith("HTTP/1.1 302 ")); - assertTrue(response.indexOf("Location") > 0); - assertTrue(response.indexOf("/ctx/auth/info") > 0); + assertThat(response,startsWith("HTTP/1.1 302 ")); + assertThat(response,containsString("Location")); + assertThat(response,containsString("/ctx/auth/info")); session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx")); response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 OK")); + assertThat(response,startsWith("HTTP/1.1 200 OK")); response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 403")); - assertTrue(response.indexOf("!role") > 0); + assertThat(response,startsWith("HTTP/1.1 403")); + assertThat(response,containsString("!role")); // log in again as admin response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n\r\n"); -// assertTrue(response.startsWith("HTTP/1.1 302 ")); -// assertTrue(response.indexOf("testLoginPage") > 0); +// assertThat(response,startsWith("HTTP/1.1 302 ")); +// assertThat(response,containsString("testLoginPage")); session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx")); response = _connector.getResponses("POST /ctx/j_security_check HTTP/1.0\r\n" + @@ -633,20 +626,20 @@ public class ConstraintTest "Content-Length: 36\r\n" + "\r\n" + "j_username=admin&j_password=password\r\n"); - assertTrue(response.startsWith("HTTP/1.1 302 ")); - assertTrue(response.indexOf("Location") > 0); - assertTrue(response.indexOf("/ctx/auth/info") > 0); + assertThat(response,startsWith("HTTP/1.1 302 ")); + assertThat(response,containsString("Location")); + assertThat(response,containsString("/ctx/auth/info")); session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx")); response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 OK")); + assertThat(response,startsWith("HTTP/1.1 200 OK")); response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 OK")); + assertThat(response,startsWith("HTTP/1.1 200 OK")); } @Test @@ -658,14 +651,14 @@ public class ConstraintTest String response; response = _connector.getResponses("GET /ctx/noauth/info HTTP/1.0\r\n\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 OK")); + assertThat(response,startsWith("HTTP/1.1 200 OK")); response = _connector.getResponses("GET /ctx/forbid/info HTTP/1.0\r\n\r\n"); - assertTrue(response.startsWith("HTTP/1.1 403 Forbidden")); + assertThat(response,startsWith("HTTP/1.1 403 Forbidden")); response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n\r\n"); - assertTrue(response.indexOf(" 302 Found") > 0); - assertTrue(response.indexOf("/ctx/testLoginPage") > 0); + assertThat(response,containsString(" 302 Found")); + assertThat(response,containsString("/ctx/testLoginPage")); String session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx")); @@ -675,7 +668,7 @@ public class ConstraintTest "Content-Length: 31\r\n" + "\r\n" + "j_username=user&j_password=wrong\r\n"); - assertTrue(response.indexOf("Location") > 0); + assertThat(response,containsString("Location")); response = _connector.getResponses("POST /ctx/j_security_check HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + @@ -683,29 +676,29 @@ public class ConstraintTest "Content-Length: 35\r\n" + "\r\n" + "j_username=user&j_password=password\r\n"); - assertTrue(response.startsWith("HTTP/1.1 302 ")); - assertTrue(response.indexOf("Location") > 0); - assertTrue(response.indexOf("/ctx/auth/info") > 0); + assertThat(response,startsWith("HTTP/1.1 302 ")); + assertThat(response,containsString("Location")); + assertThat(response,containsString("/ctx/auth/info")); session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx")); response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 403")); - assertTrue(response.indexOf("!role") > 0); + assertThat(response,startsWith("HTTP/1.1 403")); + assertThat(response,containsString("!role")); response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 403")); - assertTrue(response.indexOf("!role") > 0); + assertThat(response,startsWith("HTTP/1.1 403")); + assertThat(response,containsString("!role")); // log in again as user2 response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n\r\n"); - assertTrue(response.startsWith("HTTP/1.1 302 ")); - assertTrue(response.indexOf("testLoginPage") > 0); + assertThat(response,startsWith("HTTP/1.1 302 ")); + assertThat(response,containsString("testLoginPage")); session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx")); response = _connector.getResponses("POST /ctx/j_security_check HTTP/1.0\r\n" + @@ -714,29 +707,29 @@ public class ConstraintTest "Content-Length: 36\r\n" + "\r\n" + "j_username=user2&j_password=password\r\n"); - assertTrue(response.startsWith("HTTP/1.1 302 ")); - assertTrue(response.indexOf("Location") > 0); - assertTrue(response.indexOf("/ctx/auth/info") > 0); + assertThat(response,startsWith("HTTP/1.1 302 ")); + assertThat(response,containsString("Location")); + assertThat(response,containsString("/ctx/auth/info")); session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx")); response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 OK")); + assertThat(response,startsWith("HTTP/1.1 200 OK")); response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 403")); - assertTrue(response.indexOf("!role") > 0); + assertThat(response,startsWith("HTTP/1.1 403")); + assertThat(response,containsString("!role")); // log in again as admin response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n\r\n"); -// assertTrue(response.startsWith("HTTP/1.1 302 ")); -// assertTrue(response.indexOf("testLoginPage") > 0); +// assertThat(response,startsWith("HTTP/1.1 302 ")); +// assertThat(response,containsString("testLoginPage")); session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx")); response = _connector.getResponses("POST /ctx/j_security_check HTTP/1.0\r\n" + @@ -745,20 +738,20 @@ public class ConstraintTest "Content-Length: 36\r\n" + "\r\n" + "j_username=admin&j_password=password\r\n"); - assertTrue(response.startsWith("HTTP/1.1 302 ")); - assertTrue(response.indexOf("Location") > 0); - assertTrue(response.indexOf("/ctx/auth/info") > 0); + assertThat(response,startsWith("HTTP/1.1 302 ")); + assertThat(response,containsString("Location")); + assertThat(response,containsString("/ctx/auth/info")); session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx")); response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 OK")); + assertThat(response,startsWith("HTTP/1.1 200 OK")); response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n" + "Cookie: JSESSIONID=" + session + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 OK")); + assertThat(response,startsWith("HTTP/1.1 200 OK")); } @Test @@ -772,12 +765,12 @@ public class ConstraintTest String response; response = _connector.getResponses("GET /ctx/noauth/info HTTP/1.0\r\n\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 OK")); + assertThat(response,startsWith("HTTP/1.1 200 OK")); response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("user2:password") + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 500 ")); + assertThat(response,startsWith("HTTP/1.1 500 ")); _server.stop(); @@ -790,7 +783,7 @@ public class ConstraintTest response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("user2:password") + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 OK")); + assertThat(response,startsWith("HTTP/1.1 200 OK")); } @Test @@ -804,20 +797,20 @@ public class ConstraintTest response = _connector.getResponses("GET /ctx/noauth/info HTTP/1.0\r\n"+ "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 OK")); - assertTrue(response.indexOf("user=null") > 0); + assertThat(response,startsWith("HTTP/1.1 200 OK")); + assertThat(response,containsString("user=null")); response = _connector.getResponses("GET /ctx/noauth/info HTTP/1.0\r\n"+ "Authorization: Basic " + B64Code.encode("admin:wrong") + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 OK")); - assertTrue(response.indexOf("user=null") > 0); + assertThat(response,startsWith("HTTP/1.1 200 OK")); + assertThat(response,containsString("user=null")); response = _connector.getResponses("GET /ctx/noauth/info HTTP/1.0\r\n"+ "Authorization: Basic " + B64Code.encode("admin:password") + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 OK")); - assertTrue(response.indexOf("user=admin") > 0); + assertThat(response,startsWith("HTTP/1.1 200 OK")); + assertThat(response,containsString("user=admin")); } @Test @@ -829,13 +822,13 @@ public class ConstraintTest String response; response = _connector.getResponses("GET /ctx/forbid/somethig HTTP/1.0\r\n\r\n"); - assertTrue(response.startsWith("HTTP/1.1 403 ")); - + assertThat(response,startsWith("HTTP/1.1 403 ")); + response = _connector.getResponses("POST /ctx/forbid/post HTTP/1.0\r\n\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 ")); - + assertThat(response,startsWith("HTTP/1.1 200 ")); + response = _connector.getResponses("GET /ctx/forbid/post HTTP/1.0\r\n\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 ")); // This is so stupid, but it is the S P E C + assertThat(response,startsWith("HTTP/1.1 200 ")); // This is so stupid, but it is the S P E C } private class RequestHandler extends AbstractHandler { @@ -882,7 +875,7 @@ public class ConstraintTest public Map<String, String> getRoleRefMap() { - Map<String, String> map = new HashMap<String, String>(); + Map<String, String> map = new HashMap<>(); map.put("untranslated", "user"); return map; } diff --git a/jetty-security/src/test/java/org/eclipse/jetty/security/DataConstraintsTest.java b/jetty-security/src/test/java/org/eclipse/jetty/security/DataConstraintsTest.java index fd3ea0f92c..b477908ea9 100644 --- a/jetty-security/src/test/java/org/eclipse/jetty/security/DataConstraintsTest.java +++ b/jetty-security/src/test/java/org/eclipse/jetty/security/DataConstraintsTest.java @@ -23,11 +23,12 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.eclipse.jetty.http.HttpMethods; -import org.eclipse.jetty.http.HttpSchemes; -import org.eclipse.jetty.io.EndPoint; +import org.eclipse.jetty.http.HttpMethod; +import org.eclipse.jetty.http.HttpScheme; import org.eclipse.jetty.security.authentication.BasicAuthenticator; import org.eclipse.jetty.server.Connector; +import org.eclipse.jetty.server.HttpConfiguration; +import org.eclipse.jetty.server.HttpServerConnectionFactory; import org.eclipse.jetty.server.LocalConnector; import org.eclipse.jetty.server.Request; import org.eclipse.jetty.server.Server; @@ -55,21 +56,26 @@ public class DataConstraintsTest public void startServer() { _server = new Server(); - _connector = new LocalConnector(); - _connector.setMaxIdleTime(300000); - _connector.setIntegralPort(9998); - _connector.setIntegralScheme("FTP"); - _connector.setConfidentialPort(9999); - _connector.setConfidentialScheme("SPDY"); - _connectorS = new LocalConnector() + _connector = new LocalConnector(_server); + _connector.setIdleTimeout(300000); + HttpConfiguration httpConfiguration = new HttpConfiguration(null, false); + httpConfiguration.setIntegralPort(9998); + httpConfiguration.setIntegralScheme("FTP"); + httpConfiguration.setConfidentialPort(9999); + httpConfiguration.setConfidentialScheme("SPDY"); + _connector.setDefaultConnectionFactory(new HttpServerConnectionFactory(_connector, httpConfiguration)); + + _connectorS = new LocalConnector(_server); + _connectorS.setDefaultConnectionFactory(new HttpServerConnectionFactory(_connectorS, new HttpConfiguration(null,false) { @Override - public void customize(EndPoint endpoint, Request request) throws IOException + public void customize(Request request) throws IOException { - super.customize(endpoint,request); - request.setScheme(HttpSchemes.HTTPS); + request.setScheme(HttpScheme.HTTPS.asString()); + super.customize(request); } + @Override public boolean isIntegral(Request request) { @@ -81,7 +87,7 @@ public class DataConstraintsTest { return true; } - }; + })); _server.setConnectors(new Connector[]{_connector,_connectorS}); ContextHandler _context = new ContextHandler(); @@ -214,7 +220,7 @@ public class DataConstraintsTest constraint0.setDataConstraint(Constraint.DC_CONFIDENTIAL); ConstraintMapping mapping0 = new ConstraintMapping(); mapping0.setPathSpec("/confid/*"); - mapping0.setMethod(HttpMethods.POST); + mapping0.setMethod(HttpMethod.POST.asString()); mapping0.setConstraint(constraint0); _security.setConstraintMappings(Arrays.asList(new ConstraintMapping[] @@ -248,7 +254,7 @@ public class DataConstraintsTest constraint0.setDataConstraint(Constraint.DC_CONFIDENTIAL); ConstraintMapping mapping0 = new ConstraintMapping(); mapping0.setPathSpec("/confid/*"); - mapping0.setMethod(HttpMethods.POST); + mapping0.setMethod(HttpMethod.POST.asString()); mapping0.setConstraint(constraint0); _security.setConstraintMappings(Arrays.asList(new ConstraintMapping[] @@ -284,7 +290,7 @@ public class DataConstraintsTest constraint0.setDataConstraint(Constraint.DC_CONFIDENTIAL); ConstraintMapping mapping0 = new ConstraintMapping(); mapping0.setPathSpec("/confid/*"); - mapping0.setMethod(HttpMethods.POST); + mapping0.setMethod(HttpMethod.POST.asString()); mapping0.setConstraint(constraint0); _security.setConstraintMappings(Arrays.asList(new ConstraintMapping[] @@ -347,10 +353,10 @@ public class DataConstraintsTest response = _connectorS.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n\r\n"); assertThat(response, containsString("HTTP/1.1 403 Forbidden")); - response = _connector.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n Authorization: Basic YWRtaW46cGFzc3dvcmQ=\r\n\r\n"); + response = _connector.getResponses("GET /ctx/restricted/info HTTP/1.0\r\nAuthorization: Basic YWRtaW46cGFzc3dvcmQ=\r\n\r\n"); assertThat(response, containsString("HTTP/1.1 403 Forbidden")); - response = _connectorS.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n Authorization: Basic YWRtaW46cGFzc3dvcmQ=\r\n\r\n"); + response = _connectorS.getResponses("GET /ctx/restricted/info HTTP/1.0\r\nAuthorization: Basic YWRtaW46cGFzc3dvcmQ=\r\n\r\n"); assertThat(response, containsString("HTTP/1.1 403 Forbidden")); } |