@Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, final FilterChain servletChain) throws IOException, ServletException { FilterChain chainWithAdditive = (request, response) -> { try { AddonsManager addonsManager = ContextHelper.get().beanForType(AddonsManager.class); addonsManager.addonByType(PluginsWebAddon.class).executeAdditiveRealmPlugins(); servletChain.doFilter(request, response); } catch (AuthenticationException e) { ContextHelper.get().beanForType(BasicAuthenticationEntryPoint.class).commence( (HttpServletRequest) request, (HttpServletResponse) response, e); } }; // First one that accepts for (ArtifactoryAuthenticationFilter filter : this.authenticationFilters) { if (filter.acceptFilter(servletRequest)) { filter.doFilter(servletRequest, servletResponse, chainWithAdditive); // TODO: May be check that the response was done return; } } }
@Override protected void configure(HttpSecurity http) throws Exception { final BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint(); basicAuthenticationEntryPoint.setRealmName(securityProperties.getBasic().getRealm()); basicAuthenticationEntryPoint.afterPropertiesSet(); final Filter oauthFilter = oauthFilter(); final BasicAuthenticationFilter basicAuthenticationFilter = new BasicAuthenticationFilter( providerManager(), basicAuthenticationEntryPoint); http.addFilterAfter(oauthFilter, basicAuthenticationFilter.getClass()); http.addFilterBefore(basicAuthenticationFilter, oauthFilter.getClass()); http.addFilterBefore(oAuth2AuthenticationProcessingFilter(), basicAuthenticationFilter.getClass()); this.authorizationProperties.getAuthenticatedPaths().add(dashboard("/**")); this.authorizationProperties.getAuthenticatedPaths().add(dashboard("")); ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry security = http.authorizeRequests() .antMatchers(this.authorizationProperties.getPermitAllPaths().toArray(new String[0])) .permitAll() .antMatchers(this.authorizationProperties.getAuthenticatedPaths().toArray(new String[0])) .authenticated(); security = SecurityConfigUtils.configureSimpleSecurity(security, this.authorizationProperties); security.anyRequest().denyAll(); this.securityStateBean.setAuthorizationEnabled(true); http.httpBasic().and() .logout() .logoutSuccessUrl(dashboard("/logout-success-oauth.html")) .and().csrf().disable() .exceptionHandling() .defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint, new AntPathRequestMatcher("/api/**")) .defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint, new AntPathRequestMatcher("/actuator/**")) .defaultAuthenticationEntryPointFor( new LoginUrlAuthenticationEntryPoint(this.authorizationProperties.getLoginProcessingUrl()), AnyRequestMatcher.INSTANCE); this.securityStateBean.setAuthenticationEnabled(true); }
@Override public void configure(HttpSecurity http) throws Exception { http .headers() .cacheControl().disable() .and() .csrf().disable() .authorizeRequests() .antMatchers(HttpMethod.GET).permitAll() .antMatchers("/api/users").permitAll() // .antMatchers("/**").permitAll().and() .anyRequest().authenticated() .and() .exceptionHandling().authenticationEntryPoint(new BasicAuthenticationEntryPoint() { @Override public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException authException) throws IOException, ServletException { if (HttpMethod.OPTIONS.matches(request.getMethod())) { response.setStatus(HttpServletResponse.SC_OK); response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, request.getHeader(HttpHeaders.ORIGIN)); response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, request.getHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS)); response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, request.getHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD)); response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); } else { response.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.getMessage()); } } }); }
@Override protected void configure(final HttpSecurity http) throws Exception { final BasicAuthenticationEntryPoint basicAuthEntryPoint = new BasicAuthenticationEntryPoint(); basicAuthEntryPoint.setRealmName(springSecurityProperties.getBasic().getRealm()); HttpSecurity httpSec = http.regexMatcher("\\/rest.*|\\/system/admin.*").csrf().disable(); if (springSecurityProperties.isRequireSsl()) { httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and(); } httpSec.addFilterBefore(new Filter() { @Override public void init(final FilterConfig filterConfig) throws ServletException { userAuthenticationFilter.init(filterConfig); } @Override public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException { userAuthenticationFilter.doFilter(request, response, chain); } @Override public void destroy() { userAuthenticationFilter.destroy(); } }, RequestHeaderAuthenticationFilter.class) .addFilterAfter(new AuthenticationSuccessTenantMetadataCreationFilter(systemManagement, systemSecurityContext), SessionManagementFilter.class) .authorizeRequests().anyRequest().authenticated() .antMatchers(MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**") .hasAnyAuthority(SpPermission.SYSTEM_ADMIN); httpSec.httpBasic().and().exceptionHandling().authenticationEntryPoint(basicAuthEntryPoint); httpSec.anonymous().disable(); httpSec.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); }
/** * send Challenge Message To Anonymous If List Node is empty due to Missing Permission * * @param repoPath - repo path * @param rootNodesFilterResult - object hold empty list canRead flag * @param items - list of Items * @throws IOException */ private void sendChallengeMessage(RepoPath repoPath, RootNodesFilterResult rootNodesFilterResult, List<? extends BaseBrowsableItem> items, HttpServletResponse response) throws IOException { ContextHelper.get().beanForType(BasicAuthenticationEntryPoint.class); if (isItemListEmptyDueAnonymousMissingPermission(rootNodesFilterResult, items)) { ArtifactoryResponse artifactoryResponse = new HttpArtifactoryResponse(response); artifactoryResponse.sendAuthorizationRequired("Browse request for repo:path " + repoPath + " is forbidden " + "for user 'anonymous'.", REALM); } }
@Override public void init(FilterConfig filterConfig) throws ServletException { ServletContext servletContext = filterConfig.getServletContext(); ArtifactoryContext context = RequestUtils.getArtifactoryContext(servletContext); springBasicAuthenticationFilter = context.beanForType(BasicAuthenticationFilter.class); authenticationEntryPoint = context.beanForType(BasicAuthenticationEntryPoint.class); springBasicAuthenticationFilter.init(filterConfig); }
/** * send Challenge Message To Anonymous If List Node is empty due to Missing Permission * @param repoPath - repo path * @param rootNodesFilterResult - object hold empty list canRead flag * @param items - list of Items * @throws IOException */ private void sendChallengeMessageIfListNodeIsEmptyDueToAnonymousPermissionIssue(RepoPath repoPath, RootNodesFilterResult rootNodesFilterResult, List<? extends BaseBrowsableItem> items) throws IOException { ArtifactoryBasicAuthenticationEntryPoint authenticationEntryPoint=(ArtifactoryBasicAuthenticationEntryPoint) ContextHelper.get().beanForType(BasicAuthenticationEntryPoint.class); if (isItemListEmptyDueAnonymousMissingPermission(rootNodesFilterResult, items)){ HttpServletResponse servletResponse = WicketUtils.getHttpServletResponse(); ArtifactoryResponse artifactoryResponse = new HttpArtifactoryResponse(servletResponse); artifactoryResponse.sendAuthorizationRequired("Browse request for repo:path " +repoPath+" is forbidden " + "for user 'anonymous'.",authenticationEntryPoint.getRealmName()); } }
@Bean public BasicAuthenticationEntryPoint basicAuthenticationEntryPoint() { IRISBasicAuthEntryPoint authEntryPoint = new IRISBasicAuthEntryPoint(); authEntryPoint.setRealmName("IRIS API"); return authEntryPoint; }
@Bean @Autowired public DelegatingAuthenticationEntryPoint delegatingAuthenticationEntryPoint(BasicAuthenticationEntryPoint basic, LoginUrlAuthenticationEntryPoint login) { LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> entryPoints = new LinkedHashMap<>(); entryPoints.put(new RequestHeaderRequestMatcher("Content-Type", "application/json"), basic); entryPoints.put(new NegatedRequestMatcher(new RequestContainingAcceptTextHeaderRequestMatcher()), basic); DelegatingAuthenticationEntryPoint delegate = new DelegatingAuthenticationEntryPoint(entryPoints); delegate.setDefaultEntryPoint(login); return delegate; }
@Bean public BasicAuthenticationEntryPoint entryPoint () { BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint(); basicAuthenticationEntryPoint.setRealmName("Basic WF Realm"); return basicAuthenticationEntryPoint; }
@Bean BasicAuthenticationFilter basicAuthFilter(AuthenticationManager authenticationManager, BasicAuthenticationEntryPoint basicAuthEntryPoint) { return new BasicAuthenticationFilter(authenticationManager, basicAuthEntryPoint()); }
@Bean BasicAuthenticationEntryPoint basicAuthEntryPoint() { BasicAuthenticationEntryPoint bauth = new BasicAuthenticationEntryPoint(); bauth.setRealmName("GAURAVBYTES"); return bauth; }
@Override protected void configure(HttpSecurity http) throws Exception { final RequestMatcher textHtmlMatcher = new MediaTypeRequestMatcher( contentNegotiationStrategy, MediaType.TEXT_HTML); final String loginPage = dashboard("/#/login"); final BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint(); basicAuthenticationEntryPoint.setRealmName(securityProperties.getBasic().getRealm()); basicAuthenticationEntryPoint.afterPropertiesSet(); http .csrf() .disable() .authorizeRequests() .antMatchers("/") .authenticated() .antMatchers( dashboard("/**"), "/authenticate", "/security/info", "/features", "/assets/**").permitAll() .and() .formLogin().loginPage(loginPage) .loginProcessingUrl(dashboard("/login")) .defaultSuccessUrl(dashboard("/")).permitAll() .and() .logout().logoutUrl(dashboard("/logout")) .logoutSuccessUrl(dashboard("/logout-success.html")) .logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()).permitAll() .and().httpBasic() .and().exceptionHandling() .defaultAuthenticationEntryPointFor( new LoginUrlAuthenticationEntryPoint(loginPage), textHtmlMatcher) .defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint, AnyRequestMatcher.INSTANCE) .and() .authorizeRequests() .anyRequest().authenticated(); final SessionRepositoryFilter<ExpiringSession> sessionRepositoryFilter = new SessionRepositoryFilter<ExpiringSession>( sessionRepository()); sessionRepositoryFilter .setHttpSessionStrategy(new HeaderHttpSessionStrategy()); http.addFilterBefore(sessionRepositoryFilter, ChannelProcessingFilter.class).csrf().disable(); http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED); }
public void setBasicAuthenticationEntryPoint( BasicAuthenticationEntryPoint basicAuthenticationEntryPoint) { this.basicAuthenticationEntryPoint = basicAuthenticationEntryPoint; }
public BasicAuthenticationEntryPoint getAuthenticationEntryPoint() { BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint(); basicAuthenticationEntryPoint.setRealmName("atlas.com"); return basicAuthenticationEntryPoint; }
@Bean public BasicAuthenticationEntryPoint basicEntryPoint() { BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint(); basicAuthenticationEntryPoint.setRealmName("Location Store - Web Service"); return basicAuthenticationEntryPoint; }
@Before public void setUp() throws Exception { authenticationEntryPoint = new BasicAuthenticationEntryPoint(); authenticationEntryPoint.setRealmName("FOO_REALM"); mockAuthenticationManager = mock(AuthenticationManager.class); }