Skip to main content
aboutsummaryrefslogtreecommitdiffstats
path: root/jetty-security
diff options
context:
space:
mode:
Diffstat (limited to 'jetty-security')
-rw-r--r--jetty-security/pom.xml31
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java2
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/CrossContextPsuedoSession.java37
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/HashCrossContextPsuedoSession.java100
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java6
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/LoginService.java7
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java5
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java27
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/SpnegoLoginService.java3
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java16
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java6
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SessionAuthentication.java4
-rw-r--r--jetty-security/src/test/java/org/eclipse/jetty/security/DataConstraintsTest.java8
13 files changed, 31 insertions, 221 deletions
diff --git a/jetty-security/pom.xml b/jetty-security/pom.xml
index 962f135f7c..838749b24f 100644
--- a/jetty-security/pom.xml
+++ b/jetty-security/pom.xml
@@ -2,7 +2,7 @@
<parent>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-project</artifactId>
- <version>9.2.8-SNAPSHOT</version>
+ <version>9.3.0-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>jetty-security</artifactId>
@@ -33,35 +33,6 @@
</executions>
</plugin>
<plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-assembly-plugin</artifactId>
- <executions>
- <execution>
- <phase>package</phase>
- <goals>
- <goal>single</goal>
- </goals>
- <configuration>
- <descriptorRefs>
- <descriptorRef>config</descriptorRef>
- </descriptorRefs>
- </configuration>
- </execution>
- </executions>
- </plugin>
- <plugin>
- <!--
- Required for OSGI
- -->
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-jar-plugin</artifactId>
- <configuration>
- <archive>
- <manifestFile>${project.build.outputDirectory}/META-INF/MANIFEST.MF</manifestFile>
- </archive>
- </configuration>
- </plugin>
- <plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
<configuration>
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java b/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java
index 28b2f59b5c..f15e20113b 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java
@@ -675,7 +675,7 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
if (dataConstraint == null || dataConstraint == UserDataConstraint.None)
return true;
- HttpConfiguration httpConfig = HttpChannel.getCurrentHttpChannel().getHttpConfiguration();
+ HttpConfiguration httpConfig = Request.getBaseRequest(request).getHttpChannel().getHttpConfiguration();
if (dataConstraint == UserDataConstraint.Confidential || dataConstraint == UserDataConstraint.Integral)
{
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/CrossContextPsuedoSession.java b/jetty-security/src/main/java/org/eclipse/jetty/security/CrossContextPsuedoSession.java
deleted file mode 100644
index 711a8e884f..0000000000
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/CrossContextPsuedoSession.java
+++ /dev/null
@@ -1,37 +0,0 @@
-//
-// ========================================================================
-// Copyright (c) 1995-2015 Mort Bay Consulting Pty. Ltd.
-// ------------------------------------------------------------------------
-// All rights reserved. This program and the accompanying materials
-// are made available under the terms of the Eclipse Public License v1.0
-// and Apache License v2.0 which accompanies this distribution.
-//
-// The Eclipse Public License is available at
-// http://www.eclipse.org/legal/epl-v10.html
-//
-// The Apache License v2.0 is available at
-// http://www.opensource.org/licenses/apache2.0.php
-//
-// You may elect to redistribute this code under either of these licenses.
-// ========================================================================
-//
-
-package org.eclipse.jetty.security;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-/**
- * @version $Rev: 4466 $ $Date: 2009-02-10 23:42:54 +0100 (Tue, 10 Feb 2009) $
- * @deprecated
- */
-public interface CrossContextPsuedoSession<T>
-{
-
- T fetch(HttpServletRequest request);
-
- void store(T data, HttpServletResponse response);
-
- void clear(HttpServletRequest request);
-
-}
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/HashCrossContextPsuedoSession.java b/jetty-security/src/main/java/org/eclipse/jetty/security/HashCrossContextPsuedoSession.java
deleted file mode 100644
index 61d8e3329e..0000000000
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/HashCrossContextPsuedoSession.java
+++ /dev/null
@@ -1,100 +0,0 @@
-//
-// ========================================================================
-// Copyright (c) 1995-2015 Mort Bay Consulting Pty. Ltd.
-// ------------------------------------------------------------------------
-// All rights reserved. This program and the accompanying materials
-// are made available under the terms of the Eclipse Public License v1.0
-// and Apache License v2.0 which accompanies this distribution.
-//
-// The Eclipse Public License is available at
-// http://www.eclipse.org/legal/epl-v10.html
-//
-// The Apache License v2.0 is available at
-// http://www.opensource.org/licenses/apache2.0.php
-//
-// You may elect to redistribute this code under either of these licenses.
-// ========================================================================
-//
-
-package org.eclipse.jetty.security;
-
-import java.security.SecureRandom;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Random;
-
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-/**
- * @version $Rev: 4660 $ $Date: 2009-02-25 17:29:53 +0100 (Wed, 25 Feb 2009) $
- * @deprecated
- */
-public class HashCrossContextPsuedoSession<T> implements CrossContextPsuedoSession<T>
-{
- private final String _cookieName;
-
- private final String _cookiePath;
-
- private final Random _random = new SecureRandom();
-
- private final Map<String, T> _data = new HashMap<String, T>();
-
- public HashCrossContextPsuedoSession(String cookieName, String cookiePath)
- {
- this._cookieName = cookieName;
- this._cookiePath = cookiePath == null ? "/" : cookiePath;
- }
-
- public T fetch(HttpServletRequest request)
- {
- Cookie[] cookies = request.getCookies();
- if (cookies == null)
- return null;
-
- for (Cookie cookie : cookies)
- {
- if (_cookieName.equals(cookie.getName()))
- {
- String key = cookie.getValue();
- return _data.get(key);
- }
- }
- return null;
- }
-
- public void store(T datum, HttpServletResponse response)
- {
- String key;
-
- synchronized (_data)
- {
- // Create new ID
- while (true)
- {
- key = Long.toString(Math.abs(_random.nextLong()), 30 + (int) (System.currentTimeMillis() % 7));
- if (!_data.containsKey(key)) break;
- }
-
- _data.put(key, datum);
- }
-
- Cookie cookie = new Cookie(_cookieName, key);
- cookie.setPath(_cookiePath);
- response.addCookie(cookie);
- }
-
- public void clear(HttpServletRequest request)
- {
- for (Cookie cookie : request.getCookies())
- {
- if (_cookieName.equals(cookie.getName()))
- {
- String key = cookie.getValue();
- _data.remove(key);
- break;
- }
- }
- }
-}
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java
index d0cd9905e7..089b894911 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java
@@ -29,6 +29,8 @@ import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
+import javax.servlet.ServletRequest;
+
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.Loader;
import org.eclipse.jetty.util.log.Log;
@@ -209,7 +211,7 @@ public class JDBCLoginService extends MappedLoginService
/* ------------------------------------------------------------ */
@Override
- public UserIdentity login(String username, Object credentials)
+ public UserIdentity login(String username, Object credentials, ServletRequest request)
{
long now = System.currentTimeMillis();
if (now - _lastHashPurge > _cacheTime || _cacheTime == 0)
@@ -219,7 +221,7 @@ public class JDBCLoginService extends MappedLoginService
closeConnection();
}
- return super.login(username,credentials);
+ return super.login(username,credentials, request);
}
/* ------------------------------------------------------------ */
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/LoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/LoginService.java
index 653f7c69fc..e481ca97d4 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/LoginService.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/LoginService.java
@@ -18,6 +18,8 @@
package org.eclipse.jetty.security;
+import javax.servlet.ServletRequest;
+
import org.eclipse.jetty.server.UserIdentity;
@@ -42,14 +44,15 @@ public interface LoginService
/** Login a user.
* @param username The user name
* @param credentials The users credentials
+ * @param request TODO
* @return A UserIdentity if the credentials matched, otherwise null
*/
- UserIdentity login(String username,Object credentials);
+ UserIdentity login(String username,Object credentials, ServletRequest request);
/* ------------------------------------------------------------ */
/** Validate a user identity.
* Validate that a UserIdentity previously created by a call
- * to {@link #login(String, Object)} is still valid.
+ * to {@link #login(String, Object, ServletRequest)} is still valid.
* @param user The user to validate
* @return true if authentication has not been revoked for the user.
*/
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java
index 752fd26a46..70b4c95329 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java
@@ -27,6 +27,7 @@ import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import javax.security.auth.Subject;
+import javax.servlet.ServletRequest;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.component.AbstractLifeCycle;
@@ -208,9 +209,9 @@ public abstract class MappedLoginService extends AbstractLifeCycle implements Lo
/* ------------------------------------------------------------ */
/**
- * @see org.eclipse.jetty.security.LoginService#login(java.lang.String, java.lang.Object)
+ * @see org.eclipse.jetty.security.LoginService#login(java.lang.String, java.lang.Object, ServletRequest)
*/
- public UserIdentity login(String username, Object credentials)
+ public UserIdentity login(String username, Object credentials, ServletRequest request)
{
if (username == null)
return null;
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
index 8462f7e488..ffd4db6939 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
@@ -309,33 +309,6 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
getInitParameter(name)==null)
setInitParameter(name,context.getInitParameter(name));
}
-
- //register a session listener to handle securing sessions when authentication is performed
- context.getContextHandler().addEventListener(new HttpSessionListener()
- {
- @Override
- public void sessionDestroyed(HttpSessionEvent se)
- {
- }
-
- @Override
- public void sessionCreated(HttpSessionEvent se)
- {
- //if current request is authenticated, then as we have just created the session, mark it as secure, as it has not yet been returned to a user
- HttpChannel<?> channel = HttpChannel.getCurrentHttpChannel();
-
- if (channel == null)
- return;
- Request request = channel.getRequest();
- if (request == null)
- return;
-
- if (request.isSecure())
- {
- se.getSession().setAttribute(AbstractSession.SESSION_KNOWN_ONLY_TO_AUTHENTICATED, Boolean.TRUE);
- }
- }
- });
}
// complicated resolution of login and identity service to handle
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/SpnegoLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/SpnegoLoginService.java
index cc59b47ebe..3614ab5559 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/SpnegoLoginService.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/SpnegoLoginService.java
@@ -21,6 +21,7 @@ package org.eclipse.jetty.security;
import java.util.Properties;
import javax.security.auth.Subject;
+import javax.servlet.ServletRequest;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.B64Code;
@@ -112,7 +113,7 @@ public class SpnegoLoginService extends AbstractLifeCycle implements LoginServic
* username will be null since the credentials will contain all the relevant info
*/
@Override
- public UserIdentity login(String username, Object credentials)
+ public UserIdentity login(String username, Object credentials, ServletRequest request)
{
String encodedAuthToken = (String)credentials;
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java
index 302f6517bd..a0c71fd31f 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java
@@ -235,9 +235,8 @@ public class FormAuthenticator extends LoginAuthenticator
//restore the original request's method on this request
if (LOG.isDebugEnabled()) LOG.debug("Restoring original method {} for {} with method {}", method, juri,httpRequest.getMethod());
- Request base_request = HttpChannel.getCurrentHttpChannel().getRequest();
- HttpMethod m = HttpMethod.fromString(method);
- base_request.setMethod(m,m.asString());
+ Request base_request = Request.getBaseRequest(request);
+ base_request.setMethod(method);
}
/* ------------------------------------------------------------ */
@@ -246,6 +245,9 @@ public class FormAuthenticator extends LoginAuthenticator
{
HttpServletRequest request = (HttpServletRequest)req;
HttpServletResponse response = (HttpServletResponse)res;
+ Request base_request = Request.getBaseRequest(request);
+ Response base_response = base_request.getResponse();
+
String uri = request.getRequestURI();
if (uri==null)
uri=URIUtil.SLASH;
@@ -290,8 +292,6 @@ public class FormAuthenticator extends LoginAuthenticator
LOG.debug("authenticated {}->{}",form_auth,nuri);
response.setContentLength(0);
- Response base_response = HttpChannel.getCurrentHttpChannel().getResponse();
- Request base_request = HttpChannel.getCurrentHttpChannel().getRequest();
int redirectCode = (base_request.getHttpVersion().getVersion() < HttpVersion.HTTP_1_1.getVersion() ? HttpServletResponse.SC_MOVED_TEMPORARILY : HttpServletResponse.SC_SEE_OTHER);
base_response.sendRedirect(redirectCode, response.encodeRedirectURL(nuri));
return form_auth;
@@ -317,8 +317,6 @@ public class FormAuthenticator extends LoginAuthenticator
else
{
LOG.debug("auth failed {}->{}",username,_formErrorPage);
- Response base_response = HttpChannel.getCurrentHttpChannel().getResponse();
- Request base_request = HttpChannel.getCurrentHttpChannel().getRequest();
int redirectCode = (base_request.getHttpVersion().getVersion() < HttpVersion.HTTP_1_1.getVersion() ? HttpServletResponse.SC_MOVED_TEMPORARILY : HttpServletResponse.SC_SEE_OTHER);
base_response.sendRedirect(redirectCode, response.encodeRedirectURL(URIUtil.addPaths(request.getContextPath(),_formErrorPage)));
}
@@ -358,7 +356,6 @@ public class FormAuthenticator extends LoginAuthenticator
if (j_post!=null)
{
LOG.debug("auth rePOST {}->{}",authentication,j_uri);
- Request base_request = HttpChannel.getCurrentHttpChannel().getRequest();
base_request.setContentParameters(j_post);
}
session.removeAttribute(__J_URI);
@@ -393,7 +390,6 @@ public class FormAuthenticator extends LoginAuthenticator
if (MimeTypes.Type.FORM_ENCODED.is(req.getContentType()) && HttpMethod.POST.is(request.getMethod()))
{
- Request base_request = (req instanceof Request)?(Request)req:HttpChannel.getCurrentHttpChannel().getRequest();
MultiMap<String> formParameters = new MultiMap<>();
base_request.extractFormParameters(formParameters);
session.setAttribute(__J_POST, formParameters);
@@ -413,8 +409,6 @@ public class FormAuthenticator extends LoginAuthenticator
else
{
LOG.debug("challenge {}->{}",session.getId(),_formLoginPage);
- Response base_response = HttpChannel.getCurrentHttpChannel().getResponse();
- Request base_request = HttpChannel.getCurrentHttpChannel().getRequest();
int redirectCode = (base_request.getHttpVersion().getVersion() < HttpVersion.HTTP_1_1.getVersion() ? HttpServletResponse.SC_MOVED_TEMPORARILY : HttpServletResponse.SC_SEE_OTHER);
base_response.sendRedirect(redirectCode, response.encodeRedirectURL(URIUtil.addPaths(request.getContextPath(),_formLoginPage)));
}
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java
index 0f2e09732b..ea559ff6c7 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java
@@ -58,7 +58,7 @@ public abstract class LoginAuthenticator implements Authenticator
/* ------------------------------------------------------------ */
public UserIdentity login(String username, Object password, ServletRequest request)
{
- UserIdentity user = _loginService.login(username,password);
+ UserIdentity user = _loginService.login(username,password, request);
if (user!=null)
{
renewSession((HttpServletRequest)request, (request instanceof Request? ((Request)request).getResponse() : null));
@@ -109,14 +109,14 @@ public abstract class LoginAuthenticator implements Authenticator
{
//if we should renew sessions, and there is an existing session that may have been seen by non-authenticated users
//(indicated by SESSION_SECURED not being set on the session) then we should change id
- if (httpSession.getAttribute(AbstractSession.SESSION_KNOWN_ONLY_TO_AUTHENTICATED)!=Boolean.TRUE)
+ if (httpSession.getAttribute(AbstractSession.SESSION_CREATED_SECURE)!=Boolean.TRUE)
{
if (httpSession instanceof AbstractSession)
{
AbstractSession abstractSession = (AbstractSession)httpSession;
String oldId = abstractSession.getId();
abstractSession.renewId(request);
- abstractSession.setAttribute(AbstractSession.SESSION_KNOWN_ONLY_TO_AUTHENTICATED, Boolean.TRUE);
+ abstractSession.setAttribute(AbstractSession.SESSION_CREATED_SECURE, Boolean.TRUE);
if (abstractSession.isIdChanged() && response != null && (response instanceof Response))
((Response)response).addCookie(abstractSession.getSessionManager().getSessionCookie(abstractSession, request.getContextPath(), request.isSecure()));
LOG.debug("renew {}->{}",oldId,abstractSession.getId());
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SessionAuthentication.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SessionAuthentication.java
index ddc1732d55..3a7c006b51 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SessionAuthentication.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SessionAuthentication.java
@@ -71,7 +71,7 @@ public class SessionAuthentication extends AbstractUserAuthentication implements
if (login_service==null)
throw new IllegalStateException("!LoginService");
- _userIdentity=login_service.login(_name,_credentials);
+ _userIdentity=login_service.login(_name,_credentials, null);
LOG.debug("Deserialized and relogged in {}",this);
}
@@ -89,7 +89,7 @@ public class SessionAuthentication extends AbstractUserAuthentication implements
if (security!=null)
security.logout(this);
if (_session!=null)
- _session.removeAttribute(AbstractSession.SESSION_KNOWN_ONLY_TO_AUTHENTICATED);
+ _session.removeAttribute(AbstractSession.SESSION_CREATED_SECURE);
}
@Override
diff --git a/jetty-security/src/test/java/org/eclipse/jetty/security/DataConstraintsTest.java b/jetty-security/src/test/java/org/eclipse/jetty/security/DataConstraintsTest.java
index aec891a6ea..77f4dd9475 100644
--- a/jetty-security/src/test/java/org/eclipse/jetty/security/DataConstraintsTest.java
+++ b/jetty-security/src/test/java/org/eclipse/jetty/security/DataConstraintsTest.java
@@ -20,7 +20,9 @@ package org.eclipse.jetty.security;
import java.io.IOException;
import java.util.Arrays;
+
import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -375,10 +377,10 @@ public class DataConstraintsTest
response = _connectorS.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n\r\n");
Assert.assertThat(response, Matchers.containsString("HTTP/1.1 403 Forbidden"));
- response = _connector.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n Authorization: Basic YWRtaW46cGFzc3dvcmQ=\r\n\r\n");
+ response = _connector.getResponses("GET /ctx/restricted/info HTTP/1.0\r\nAuthorization: Basic YWRtaW46cGFzc3dvcmQ=\r\n\r\n");
Assert.assertThat(response, Matchers.containsString("HTTP/1.1 403 Forbidden"));
- response = _connectorS.getResponses("GET /ctx/restricted/info HTTP/1.0\r\n Authorization: Basic YWRtaW46cGFzc3dvcmQ=\r\n\r\n");
+ response = _connectorS.getResponses("GET /ctx/restricted/info HTTP/1.0\r\nAuthorization: Basic YWRtaW46cGFzc3dvcmQ=\r\n\r\n");
Assert.assertThat(response, Matchers.containsString("HTTP/1.1 403 Forbidden"));
}
@@ -436,7 +438,7 @@ public class DataConstraintsTest
}
@Override
- public UserIdentity login(String username, Object credentials)
+ public UserIdentity login(String username, Object credentials, ServletRequest request)
{
if("admin".equals(username) && "password".equals(credentials))
return new DefaultUserIdentity(null,null,new String[] { "admin" } );

Back to the top