private void doConnectorAuthenticationAuthorization(org.apache.coyote.Request req, Request request) { // Set the remote principal String username = req.getRemoteUser().toString(); if (username != null) { if (log.isDebugEnabled()) { log.debug(sm.getString("coyoteAdapter.authenticate", username)); } if (req.getRemoteUserNeedsAuthorization()) { Authenticator authenticator = request.getContext().getAuthenticator(); if (authenticator == null) { // No security constraints configured for the application so // no need to authorize the user. Use the CoyotePrincipal to // provide the authenticated user. request.setUserPrincipal(new CoyotePrincipal(username)); } else if (!(authenticator instanceof AuthenticatorBase)) { if (log.isDebugEnabled()) { log.debug(sm.getString("coyoteAdapter.authorize", username)); } // Custom authenticator that may not trigger authorization. // Do the authorization here to make sure it is done. request.setUserPrincipal( request.getContext().getRealm().authenticate(username)); } // If the Authenticator is an instance of AuthenticatorBase then // it will check req.getRemoteUserNeedsAuthorization() and // trigger authorization as necessary. It will also cache the // result preventing excessive calls to the Realm. } else { // The connector isn't configured for authorization. Create a // user without any roles using the supplied user name. request.setUserPrincipal(new CoyotePrincipal(username)); } } // Set the authorization type String authtype = req.getAuthType().toString(); if (authtype != null) { request.setAuthType(authtype); } }
private void setUpApplication() throws Exception { context = tomcat.addContext(CONTEXT_PATH_LOGIN, System.getProperty("java.io.tmpdir")); context.setSessionTimeout(SHORT_SESSION_TIMEOUT_MINS); Tomcat.addServlet(context, SERVLET_NAME, new TesterServlet()); context.addServletMapping(URI_PROTECTED, SERVLET_NAME); FilterDef filterDef = new FilterDef(); filterDef.setFilterName(FILTER_NAME); filterDef.setFilterClass(RestCsrfPreventionFilter.class.getCanonicalName()); filterDef.addInitParameter(FILTER_INIT_PARAM, REMOVE_CUSTOMER + "," + ADD_CUSTOMER); context.addFilterDef(filterDef); FilterMap filterMap = new FilterMap(); filterMap.setFilterName(FILTER_NAME); filterMap.addURLPattern(URI_CSRF_PROTECTED); context.addFilterMap(filterMap); SecurityCollection collection = new SecurityCollection(); collection.addPattern(URI_PROTECTED); SecurityConstraint sc = new SecurityConstraint(); sc.addAuthRole(ROLE); sc.addCollection(collection); context.addConstraint(sc); LoginConfig lc = new LoginConfig(); lc.setAuthMethod(METHOD); context.setLoginConfig(lc); AuthenticatorBase basicAuthenticator = new BasicAuthenticator(); context.getPipeline().addValve(basicAuthenticator); }
private void doConnectorAuthenticationAuthorization(org.apache.coyote.Request req, Request request) { // Set the remote principal String username = req.getRemoteUser().toString(); if (username != null) { if (log.isDebugEnabled()) { log.debug(sm.getString("coyoteAdapter.authenticate", username)); } if (req.getRemoteUserNeedsAuthorization()) { Authenticator authenticator = request.getContext().getAuthenticator(); if (authenticator == null) { // No security constraints configured for the application so // no need to authorize the user. Use the CoyotePrincipal to // provide the authenticated user. request.setUserPrincipal(new CoyotePrincipal(username)); } else if (!(authenticator instanceof AuthenticatorBase)) { if (log.isDebugEnabled()) { log.debug(sm.getString("coyoteAdapter.authorize", username)); } // Custom authenticator that may not trigger authorization. // Do the authorization here to make sure it is done. request.setUserPrincipal(request.getContext().getRealm().authenticate(username)); } // If the Authenticator is an instance of AuthenticatorBase then // it will check req.getRemoteUserNeedsAuthorization() and // trigger authorization as necessary. It will also cache the // result preventing excessive calls to the Realm. } else { // The connector isn't configured for authorization. Create a // user without any roles using the supplied user name. request.setUserPrincipal(new CoyotePrincipal(username)); } } // Set the authorization type String authtype = req.getAuthType().toString(); if (authtype != null) { request.setAuthType(authtype); } }
