From 7e91d34177a880ecbe70009e8f200d02e3a0c5dd Mon Sep 17 00:00:00 2001 From: Lachlan Roberts Date: Thu, 2 Sep 2021 12:12:51 +1000 Subject: [PATCH] Issue #6554 - create the DefaultIdentityService even if no realmName is provided Signed-off-by: Lachlan Roberts --- .../security/DefaultAuthenticatorFactory.java | 2 +- .../jetty/security/SecurityHandler.java | 13 +-- .../security/DefaultIdentityServiceTest.java | 94 +++++++++++++++++++ 3 files changed, 98 insertions(+), 11 deletions(-) create mode 100644 jetty-security/src/test/java/org/eclipse/jetty/security/DefaultIdentityServiceTest.java diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultAuthenticatorFactory.java b/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultAuthenticatorFactory.java index 858dee57e71..c53e1b9a7cb 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultAuthenticatorFactory.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultAuthenticatorFactory.java @@ -58,7 +58,7 @@ public class DefaultAuthenticatorFactory implements Authenticator.Factory String auth = configuration.getAuthMethod(); Authenticator authenticator = null; - if (auth == null || Constraint.__BASIC_AUTH.equalsIgnoreCase(auth)) + if (Constraint.__BASIC_AUTH.equalsIgnoreCase(auth)) authenticator = new BasicAuthenticator(); else if (Constraint.__DIGEST_AUTH.equalsIgnoreCase(auth)) authenticator = new DigestAuthenticator(); diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java index 5a8d2b9d3d9..1e42f293a1b 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java @@ -312,9 +312,6 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti return getServer().getBean(IdentityService.class); } - /** - * - */ @Override protected void doStart() throws Exception @@ -353,11 +350,8 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti if (_identityService == null) { - if (_realmName != null) - { - setIdentityService(new DefaultIdentityService()); - manage(_identityService); - } + setIdentityService(new DefaultIdentityService()); + manage(_identityService); } else unmanage(_identityService); @@ -371,7 +365,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti throw new IllegalStateException("LoginService has different IdentityService to " + this); } - if (_authenticator == null && _identityService != null) + if (_authenticator == null) { // If someone has set an authenticator factory only use that, otherwise try the list of discovered factories. if (_authenticatorFactory != null) @@ -418,7 +412,6 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti } @Override - protected void doStop() throws Exception { //if we discovered the services (rather than had them explicitly configured), remove them. diff --git a/jetty-security/src/test/java/org/eclipse/jetty/security/DefaultIdentityServiceTest.java b/jetty-security/src/test/java/org/eclipse/jetty/security/DefaultIdentityServiceTest.java new file mode 100644 index 00000000000..f9555c7697f --- /dev/null +++ b/jetty-security/src/test/java/org/eclipse/jetty/security/DefaultIdentityServiceTest.java @@ -0,0 +1,94 @@ +// +// ======================================================================== +// Copyright (c) 1995-2021 Mort Bay Consulting Pty Ltd and others. +// ------------------------------------------------------------------------ +// All rights reserved. This program and the accompanying materials +// are made available under the terms of the Eclipse Public License v1.0 +// and Apache License v2.0 which accompanies this distribution. +// +// The Eclipse Public License is available at +// http://www.eclipse.org/legal/epl-v10.html +// +// The Apache License v2.0 is available at +// http://www.opensource.org/licenses/apache2.0.php +// +// You may elect to redistribute this code under either of these licenses. +// ======================================================================== +// + +package org.eclipse.jetty.security; + +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; + +import org.eclipse.jetty.server.Authentication; +import org.eclipse.jetty.server.Server; +import org.junit.jupiter.api.Test; + +import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.Matchers.instanceOf; + +public class DefaultIdentityServiceTest +{ + @Test + public void testDefaultIdentityService() throws Exception + { + Server server = new Server(); + ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler(); + TestAuthenticator authenticator = new TestAuthenticator(); + securityHandler.setAuthenticator(authenticator); + + try + { + server.setHandler(securityHandler); + server.start(); + + // The DefaultIdentityService should have been created by default. + assertThat(securityHandler.getIdentityService(), instanceOf(DefaultIdentityService.class)); + assertThat(authenticator.getIdentityService(), instanceOf(DefaultIdentityService.class)); + } + finally + { + server.stop(); + } + } + + public static class TestAuthenticator implements Authenticator + { + private IdentityService _identityService; + + public IdentityService getIdentityService() + { + return _identityService; + } + + @Override + public void setConfiguration(AuthConfiguration configuration) + { + _identityService = configuration.getIdentityService(); + } + + @Override + public String getAuthMethod() + { + return getClass().getSimpleName(); + } + + @Override + public void prepareRequest(ServletRequest request) + { + } + + @Override + public Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException + { + return null; + } + + @Override + public boolean secureResponse(ServletRequest request, ServletResponse response, boolean mandatory, Authentication.User validatedUser) throws ServerAuthException + { + return false; + } + } +}