/** * Test case for {@link Request#login(String, String)} and * {@link Request#logout()}. */ @Test public void testLoginLogout() throws Exception{ // Setup Tomcat instance Tomcat tomcat = getTomcatInstance(); // No file system docBase required Context ctx = tomcat.addContext("", null); LoginConfig config = new LoginConfig(); config.setAuthMethod("BASIC"); ctx.setLoginConfig(config); ctx.getPipeline().addValve(new BasicAuthenticator()); Tomcat.addServlet(ctx, "servlet", new LoginLogoutServlet()); ctx.addServletMapping("/", "servlet"); MapRealm realm = new MapRealm(); realm.addUser(LoginLogoutServlet.USER, LoginLogoutServlet.PWD); ctx.setRealm(realm); tomcat.start(); ByteChunk res = getUrl("http://localhost:" + getPort() + "/"); assertEquals(LoginLogoutServlet.OK, res.toString()); }
private static void addBasicAuth(StandardContext context) { SecurityConstraint securityConstraint = new SecurityConstraint(); securityConstraint.addAuthRole("user"); SecurityCollection securityCollection = new SecurityCollection(); // securityCollection.addMethod("GET"); // defaults to all methods securityCollection.addPattern("/*"); securityConstraint.addCollection(securityCollection); LoginConfig loginConfig = new LoginConfig(); loginConfig.setAuthMethod("BASIC"); loginConfig.setRealmName("MusiMount"); context.addConstraint(securityConstraint); context.setLoginConfig(loginConfig); context.addValve(new BasicAuthenticator()); }
private void setUpApplication() throws Exception { context = tomcat.addContext(CONTEXT_PATH_LOGIN, System.getProperty("java.io.tmpdir")); context.setSessionTimeout(SHORT_SESSION_TIMEOUT_MINS); Tomcat.addServlet(context, SERVLET_NAME, new TesterServlet()); context.addServletMapping(URI_PROTECTED, SERVLET_NAME); FilterDef filterDef = new FilterDef(); filterDef.setFilterName(FILTER_NAME); filterDef.setFilterClass(RestCsrfPreventionFilter.class.getCanonicalName()); filterDef.addInitParameter(FILTER_INIT_PARAM, REMOVE_CUSTOMER + "," + ADD_CUSTOMER); context.addFilterDef(filterDef); FilterMap filterMap = new FilterMap(); filterMap.setFilterName(FILTER_NAME); filterMap.addURLPattern(URI_CSRF_PROTECTED); context.addFilterMap(filterMap); SecurityCollection collection = new SecurityCollection(); collection.addPattern(URI_PROTECTED); SecurityConstraint sc = new SecurityConstraint(); sc.addAuthRole(ROLE); sc.addCollection(collection); context.addConstraint(sc); LoginConfig lc = new LoginConfig(); lc.setAuthMethod(METHOD); context.setLoginConfig(lc); AuthenticatorBase basicAuthenticator = new BasicAuthenticator(); context.getPipeline().addValve(basicAuthenticator); }
@Test public void testBug50015() throws Exception { // Test that configuring servlet security constraints programmatically // does work. // Set up a container Tomcat tomcat = getTomcatInstance(); // No file system docBase required Context ctx = tomcat.addContext("", null); // Setup realm MapRealm realm = new MapRealm(); realm.addUser("tomcat", "tomcat"); realm.addUserRole("tomcat", "tomcat"); ctx.setRealm(realm); // Configure app for BASIC auth LoginConfig lc = new LoginConfig(); lc.setAuthMethod("BASIC"); ctx.setLoginConfig(lc); ctx.getPipeline().addValve(new BasicAuthenticator()); // Add ServletContainerInitializer ServletContainerInitializer sci = new Bug50015SCI(); ctx.addServletContainerInitializer(sci, null); // Start the context tomcat.start(); // Request the first servlet ByteChunk bc = new ByteChunk(); int rc = getUrl("http://localhost:" + getPort() + "/bug50015", bc, null); // Check for a 401 assertNotSame("OK", bc.toString()); assertEquals(401, rc); }
/** * Test case for {@link Request#login(String, String)} and * {@link Request#logout()}. */ @Test public void testLoginLogout() throws Exception{ // Setup Tomcat instance Tomcat tomcat = getTomcatInstance(); // Must have a real docBase - just use temp Context ctx = tomcat.addContext("", System.getProperty("java.io.tmpdir")); LoginConfig config = new LoginConfig(); config.setAuthMethod("BASIC"); ctx.setLoginConfig(config); ctx.getPipeline().addValve(new BasicAuthenticator()); Tomcat.addServlet(ctx, "servlet", new LoginLogoutServlet()); ctx.addServletMapping("/", "servlet"); MapRealm realm = new MapRealm(); realm.addUser(LoginLogoutServlet.USER, LoginLogoutServlet.PWD); ctx.setRealm(realm); tomcat.start(); ByteChunk res = getUrl("http://localhost:" + getPort() + "/"); assertEquals(LoginLogoutServlet.OK, res.toString()); }
@Test public void testBug50015() throws Exception { // Test that configuring servlet security constraints programmatically // does work. // Set up a container Tomcat tomcat = getTomcatInstance(); // Must have a real docBase - just use temp File docBase = new File(System.getProperty("java.io.tmpdir")); Context ctx = tomcat.addContext("", docBase.getAbsolutePath()); // Setup realm MapRealm realm = new MapRealm(); realm.addUser("tomcat", "tomcat"); realm.addUserRole("tomcat", "tomcat"); ctx.setRealm(realm); // Configure app for BASIC auth LoginConfig lc = new LoginConfig(); lc.setAuthMethod("BASIC"); ctx.setLoginConfig(lc); ctx.getPipeline().addValve(new BasicAuthenticator()); // Add ServletContainerInitializer ServletContainerInitializer sci = new Bug50015SCI(); ctx.addServletContainerInitializer(sci, null); // Start the context tomcat.start(); // Request the first servlet ByteChunk bc = new ByteChunk(); int rc = getUrl("http://localhost:" + getPort() + "/bug50015", bc, null); // Check for a 401 assertNotSame("OK", bc.toString()); assertEquals(401, rc); }
@Test public void testBug50015() throws Exception { // Set up a container Tomcat tomcat = getTomcatInstance(); // Must have a real docBase - just use temp File docBase = new File(System.getProperty("java.io.tmpdir")); Context ctx = tomcat.addContext("", docBase.getAbsolutePath()); // Setup realm MapRealm realm = new MapRealm(); realm.addUser("tomcat", "tomcat"); realm.addUserRole("tomcat", "tomcat"); ctx.setRealm(realm); // Configure app for BASIC auth LoginConfig lc = new LoginConfig(); lc.setAuthMethod("BASIC"); ctx.setLoginConfig(lc); ctx.getPipeline().addValve(new BasicAuthenticator()); // Add ServletContainerInitializer ServletContainerInitializer sci = new Bug50015SCI(); ctx.addServletContainerInitializer(sci, null); // Start the context tomcat.start(); // Request the first servlet ByteChunk bc = new ByteChunk(); int rc = getUrl("http://localhost:" + getPort() + "/bug50015", bc, null); // Check for a 401 assertNotSame("OK", bc.toString()); assertEquals(401, rc); }
@Deployment(testable = false) public static WebArchive createDeployment() { return ShrinkWrap.create(WebArchive.class, "example.war") .addClasses(SimpleEndpoint.class, MyCdiRealmBaseLazyRealm.class) .addAsManifestResource(new StringAsset("<Context preemptiveAuthentication=\"true\">\n" + " <Valve className=\"" + BasicAuthenticator.class.getName() + "\" />\n" + " <Realm cdi=\"true\"\n" + " className=\"org.apache.tomee.catalina.realm.LazyRealm\"\n" + " realmClass=\"" + MyCdiRealmBaseLazyRealm.class.getName() + "\" />\n" + "</Context>"), "context.xml") .addAsWebInfResource(EmptyAsset.INSTANCE, "beans.xml"); }
@Deployment(testable = false) public static WebArchive createDeployment() { return ShrinkWrap.create(WebArchive.class, "example.war") .addClasses(SimpleEndpoint.class, MyCdiLazyRealm.class) .addAsManifestResource(new StringAsset("<Context preemptiveAuthentication=\"true\">\n" + " <Valve className=\"" + BasicAuthenticator.class.getName() + "\" />\n" + " <Realm cdi=\"true\"\n" + " className=\"org.apache.tomee.catalina.realm.LazyRealm\"\n" + " realmClass=\"" + MyCdiLazyRealm.class.getName() + "\" />\n" + "</Context>"), "context.xml") .addAsWebInfResource(EmptyAsset.INSTANCE, "beans.xml"); }
@Deployment(testable = false) public static Archive<?> war() { return ShrinkWrap.create(WebArchive.class, "realm-test.war") .addClasses(MultiAuthenticator.class, MyService.class) .addAsWebResource(EmptyAsset.INSTANCE, "beans.xml") .addAsManifestResource(new StringAsset("<Context preemptiveAuthentication=\"true\" antiJARLocking=\"true\">\n" + "<Valve className=\"" + BasicAuthenticator.class.getName() + "\" />\n" + "<Realm className=\"" + CdiEventRealm.class.getName() + "\" />\n" + "</Context>"), "context.xml"); }
private void doTest(String servletClassName, boolean usePost, boolean useRole, boolean expect200) throws Exception { // Setup Tomcat instance Tomcat tomcat = getTomcatInstance(); // No file system docBase required Context ctx = tomcat.addContext("", null); Wrapper wrapper = Tomcat.addServlet(ctx, "servlet", servletClassName); wrapper.setAsyncSupported(true); ctx.addServletMapping("/", "servlet"); if (useRole) { MapRealm realm = new MapRealm(); realm.addUser("testUser", "testPwd"); realm.addUserRole("testUser", "testRole"); ctx.setRealm(realm); ctx.setLoginConfig(new LoginConfig("BASIC", null, null, null)); ctx.getPipeline().addValve(new BasicAuthenticator()); } tomcat.start(); ByteChunk bc = new ByteChunk(); Map<String,List<String>> reqHeaders = null; if (useRole) { reqHeaders = new HashMap<String,List<String>>(); List<String> authHeaders = new ArrayList<String>(); // testUser, testPwd authHeaders.add("Basic dGVzdFVzZXI6dGVzdFB3ZA=="); reqHeaders.put("Authorization", authHeaders); } int rc; if (usePost) { rc = postUrl(null, "http://localhost:" + getPort() + "/", bc, reqHeaders, null); } else { rc = getUrl("http://localhost:" + getPort() + "/", bc, reqHeaders, null); } if (expect200) { assertEquals("OK", bc.toString()); assertEquals(200, rc); } else { assertTrue(bc.getLength() > 0); assertEquals(403, rc); } }
private void doTest(String servletClassName, boolean usePost, boolean useRole, boolean expect200) throws Exception { // Setup Tomcat instance Tomcat tomcat = getTomcatInstance(); // Must have a real docBase - just use temp Context ctx = tomcat.addContext("", System.getProperty("java.io.tmpdir")); Wrapper wrapper = Tomcat.addServlet(ctx, "servlet", servletClassName); wrapper.setAsyncSupported(true); ctx.addServletMapping("/", "servlet"); if (useRole) { MapRealm realm = new MapRealm(); realm.addUser("testUser", "testPwd"); realm.addUserRole("testUser", "testRole"); ctx.setRealm(realm); ctx.setLoginConfig(new LoginConfig("BASIC", null, null, null)); ctx.getPipeline().addValve(new BasicAuthenticator()); } tomcat.start(); ByteChunk bc = new ByteChunk(); Map<String,List<String>> reqHeaders = null; if (useRole) { reqHeaders = new HashMap<String,List<String>>(); List<String> authHeaders = new ArrayList<String>(); // testUser, testPwd authHeaders.add("Basic dGVzdFVzZXI6dGVzdFB3ZA=="); reqHeaders.put("Authorization", authHeaders); } int rc; if (usePost) { rc = postUrl(null, "http://localhost:" + getPort() + "/", bc, reqHeaders, null); } else { rc = getUrl("http://localhost:" + getPort() + "/", bc, reqHeaders, null); } if (expect200) { assertEquals("OK", bc.toString()); assertEquals(200, rc); } else { assertTrue(bc.getLength() > 0); assertEquals(403, rc); } }
private void doTest(String servletClassName, boolean usePost, boolean useRole, boolean expect200) throws Exception { // Setup Tomcat instance Tomcat tomcat = getTomcatInstance(); // Must have a real docBase - just use temp Context ctx = tomcat.addContext("", System.getProperty("java.io.tmpdir")); Wrapper wrapper = Tomcat.addServlet(ctx, "servlet", servletClassName); wrapper.setAsyncSupported(true); ctx.addServletMapping("/", "servlet"); if (useRole) { MapRealm realm = new MapRealm(); realm.addUser("testUser", "testPwd"); realm.addUserRole("testUser", "testRole"); ctx.setRealm(realm); ctx.setLoginConfig(new LoginConfig("BASIC", null, null, null)); ctx.getPipeline().addValve(new BasicAuthenticator()); } tomcat.start(); ByteChunk bc = new ByteChunk(); Map<String,List<String>> reqHeaders = null; if (useRole) { reqHeaders = new HashMap<String,List<String>>(); List<String> authHeaders = new ArrayList<String>(); // testUser, testPwd authHeaders.add("Basic dGVzdFVzZXI6dGVzdFB3ZA=="); reqHeaders.put("Authorization", authHeaders); } int rc; if (usePost) { rc = postUrl(null, "http://localhost:" + getPort() + "/", bc, reqHeaders, null); } else { rc = getUrl("http://localhost:" + getPort() + "/", bc, reqHeaders, null); } if (expect200) { assertEquals("OK", bc.toString()); assertEquals(200, rc); } else { assertNull(bc.toString()); assertEquals(403, rc); } }
private static Context createNewContext(final ClassLoader classLoader, String authMethod, String transportGuarantee, final String realmName, final String name) { String path = name; if (path == null) { path = "/"; } if (!path.startsWith("/")) { path = "/" + path; } final StandardContext context = new IgnoredStandardContext(); context.setPath(path); context.setDocBase(""); context.setParentClassLoader(classLoader); context.setDelegate(true); context.setName(name); ((TomcatWebAppBuilder) SystemInstance.get().getComponent(WebAppBuilder.class)).initJ2EEInfo(context); // Configure security if (authMethod != null) { authMethod = authMethod.toUpperCase(); } if (transportGuarantee != null) { transportGuarantee = transportGuarantee.toUpperCase(); } if (authMethod == null || "NONE".equals(authMethod)) { //NOPMD // ignore none for now as the NonLoginAuthenticator seems to be completely hosed } else if ("BASIC".equals(authMethod) || "DIGEST".equals(authMethod) || "CLIENT-CERT".equals(authMethod)) { //Setup a login configuration final LoginConfig loginConfig = new LoginConfig(); loginConfig.setAuthMethod(authMethod); loginConfig.setRealmName(realmName); context.setLoginConfig(loginConfig); //Setup a default Security Constraint final String securityRole = SystemInstance.get().getProperty(TOMEE_JAXWS_SECURITY_ROLE_PREFIX + name, "default"); for (final String role : securityRole.split(",")) { final SecurityCollection collection = new SecurityCollection(); collection.addMethod("GET"); collection.addMethod("POST"); collection.addPattern("/*"); collection.setName(role); final SecurityConstraint sc = new SecurityConstraint(); sc.addAuthRole("*"); sc.addCollection(collection); sc.setAuthConstraint(true); sc.setUserConstraint(transportGuarantee); context.addConstraint(sc); context.addSecurityRole(role); } //Set the proper authenticator if ("BASIC".equals(authMethod)) { context.addValve(new BasicAuthenticator()); } else if ("DIGEST".equals(authMethod)) { context.addValve(new DigestAuthenticator()); } else if ("CLIENT-CERT".equals(authMethod)) { context.addValve(new SSLAuthenticator()); } else if ("NONE".equals(authMethod)) { context.addValve(new NonLoginAuthenticator()); } context.getPipeline().addValve(new OpenEJBValve()); } else { throw new IllegalArgumentException("Invalid authMethod: " + authMethod); } return context; }
@Override public String deploy(final ClassLoader loader, final HessianServer listener, final String hostname, final String app, final String authMethod, final String transportGuarantee, final String realmName, final String name) throws URISyntaxException { Container host = engine.findChild(hostname); if (host == null) { host = engine.findChild(engine.getDefaultHost()); if (host == null) { throw new IllegalArgumentException("Invalid virtual host '" + engine.getDefaultHost() + "'. Do you have a matchiing Host entry in the server.xml?"); } } final String contextRoot = contextName(app); Context context = Context.class.cast(host.findChild(contextRoot)); if (context == null) { Pair<Context, Integer> fakeContext = fakeContexts.get(contextRoot); if (fakeContext != null) { context = fakeContext.getLeft(); fakeContext.setValue(fakeContext.getValue() + 1); } else { context = Context.class.cast(host.findChild(contextRoot)); if (context == null) { fakeContext = fakeContexts.get(contextRoot); if (fakeContext == null) { context = createNewContext(loader, authMethod, transportGuarantee, realmName, app); fakeContext = new MutablePair<>(context, 1); fakeContexts.put(contextRoot, fakeContext); } else { context = fakeContext.getLeft(); fakeContext.setValue(fakeContext.getValue() + 1); } } } } final String servletMapping = generateServletPath(name); Wrapper wrapper = Wrapper.class.cast(context.findChild(servletMapping)); if (wrapper != null) { throw new IllegalArgumentException("Servlet " + servletMapping + " in web application context " + context.getName() + " already exists"); } wrapper = context.createWrapper(); wrapper.setName(HESSIAN.replace("/", "") + "_" + name); wrapper.setServlet(new OpenEJBHessianServlet(listener)); context.addChild(wrapper); context.addServletMappingDecoded(servletMapping, wrapper.getName()); if ("BASIC".equals(authMethod) && StandardContext.class.isInstance(context)) { final StandardContext standardContext = StandardContext.class.cast(context); boolean found = false; for (final Valve v : standardContext.getPipeline().getValves()) { if (LimitedBasicValve.class.isInstance(v) || BasicAuthenticator.class.isInstance(v)) { found = true; break; } } if (!found) { standardContext.addValve(new LimitedBasicValve()); } } final List<String> addresses = new ArrayList<>(); for (final Connector connector : connectors) { for (final String mapping : wrapper.findMappings()) { final URI address = new URI(connector.getScheme(), null, host.getName(), connector.getPort(), contextRoot + mapping, null, null); addresses.add(address.toString()); } } return HttpUtil.selectSingleAddress(addresses); }
private static Context createNewContext(final ClassLoader classLoader, final String rAuthMethod, final String rTransportGuarantee, final String realmName, final String name) { String path = name; if (path == null) { path = "/"; } if (!path.startsWith("/")) { path = "/" + path; } final StandardContext context = new IgnoredStandardContext(); context.setPath(path); context.setDocBase(""); context.setParentClassLoader(classLoader); context.setDelegate(true); context.setName(name); TomcatWebAppBuilder.class.cast(SystemInstance.get().getComponent(WebAppBuilder.class)).initJ2EEInfo(context); // Configure security String authMethod = rAuthMethod; if (authMethod != null) { authMethod = authMethod.toUpperCase(); } String transportGuarantee = rTransportGuarantee; if (transportGuarantee != null) { transportGuarantee = transportGuarantee.toUpperCase(); } if (authMethod != null & !"NONE".equals(authMethod)) { if ("BASIC".equals(authMethod) || "DIGEST".equals(authMethod) || "CLIENT-CERT".equals(authMethod)) { //Setup a login configuration final LoginConfig loginConfig = new LoginConfig(); loginConfig.setAuthMethod(authMethod); loginConfig.setRealmName(realmName); context.setLoginConfig(loginConfig); //Setup a default Security Constraint final String securityRole = SystemInstance.get().getProperty(TOMEE_HESSIAN_SECURITY_ROLE_PREFIX + name, "default"); for (final String role : securityRole.split(",")) { final SecurityCollection collection = new SecurityCollection(); collection.addMethod("GET"); collection.addMethod("POST"); collection.addPattern("/*"); collection.setName(role); final SecurityConstraint sc = new SecurityConstraint(); sc.addAuthRole("*"); sc.addCollection(collection); sc.setAuthConstraint(true); sc.setUserConstraint(transportGuarantee); context.addConstraint(sc); context.addSecurityRole(role); } } //Set the proper authenticator switch (authMethod) { case "BASIC": context.addValve(new BasicAuthenticator()); break; case "DIGEST": context.addValve(new DigestAuthenticator()); break; case "CLIENT-CERT": context.addValve(new SSLAuthenticator()); break; case "NONE": context.addValve(new NonLoginAuthenticator()); break; } context.getPipeline().addValve(new OpenEJBValve()); } else { throw new IllegalArgumentException("Invalid authMethod: " + authMethod); } return context; }
