353627 Basic Auth checks that Basic method has been send
This commit is contained in:
parent
57bd9f3bce
commit
b7b567d86d
|
@ -23,7 +23,6 @@ import org.eclipse.jetty.security.ConstraintSecurityHandler;
|
|||
import org.eclipse.jetty.security.HashLoginService;
|
||||
import org.eclipse.jetty.security.LoginService;
|
||||
import org.eclipse.jetty.security.authentication.BasicAuthenticator;
|
||||
import org.eclipse.jetty.security.authentication.DigestAuthenticator;
|
||||
import org.eclipse.jetty.server.Server;
|
||||
|
||||
public class SecuredHelloHandler
|
||||
|
@ -52,7 +51,7 @@ public class SecuredHelloHandler
|
|||
knownRoles.add("admin");
|
||||
|
||||
security.setConstraintMappings(Collections.singletonList(mapping), knownRoles);
|
||||
security.setAuthenticator(new DigestAuthenticator());
|
||||
security.setAuthenticator(new BasicAuthenticator());
|
||||
security.setLoginService(loginService);
|
||||
security.setStrict(false);
|
||||
|
||||
|
|
|
@ -65,20 +65,28 @@ public class BasicAuthenticator extends LoginAuthenticator
|
|||
return _deferred;
|
||||
|
||||
if (credentials != null)
|
||||
{
|
||||
credentials = credentials.substring(credentials.indexOf(' ')+1);
|
||||
credentials = B64Code.decode(credentials,StringUtil.__ISO_8859_1);
|
||||
int i = credentials.indexOf(':');
|
||||
if (i>0)
|
||||
{
|
||||
int space=credentials.indexOf(' ');
|
||||
if (space>0)
|
||||
{
|
||||
String username = credentials.substring(0,i);
|
||||
String password = credentials.substring(i+1);
|
||||
|
||||
UserIdentity user = _loginService.login(username,password);
|
||||
if (user!=null)
|
||||
String method=credentials.substring(0,space);
|
||||
if ("basic".equalsIgnoreCase(method))
|
||||
{
|
||||
renewSessionOnAuthentication(request,response);
|
||||
return new UserAuthentication(getAuthMethod(),user);
|
||||
credentials = credentials.substring(space+1);
|
||||
credentials = B64Code.decode(credentials,StringUtil.__ISO_8859_1);
|
||||
int i = credentials.indexOf(':');
|
||||
if (i>0)
|
||||
{
|
||||
String username = credentials.substring(0,i);
|
||||
String password = credentials.substring(i+1);
|
||||
|
||||
UserIdentity user = _loginService.login(username,password);
|
||||
if (user!=null)
|
||||
{
|
||||
renewSessionOnAuthentication(request,response);
|
||||
return new UserAuthentication(getAuthMethod(),user);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -275,7 +275,7 @@ public class DigestAuthenticator extends LoginAuthenticator
|
|||
private static class Digest extends Credential
|
||||
{
|
||||
private static final long serialVersionUID = -2484639019549527724L;
|
||||
String method = "";
|
||||
final String method;
|
||||
String username = "";
|
||||
String realm = "";
|
||||
String nonce = "";
|
||||
|
|
|
@ -201,13 +201,13 @@ public class ConstraintTest
|
|||
assertTrue(response.indexOf("WWW-Authenticate: basic realm=\"TestRealm\"") > 0);
|
||||
|
||||
response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" +
|
||||
"Authorization: " + B64Code.encode("user:wrong") + "\r\n" +
|
||||
"Authorization: Basic " + B64Code.encode("user:wrong") + "\r\n" +
|
||||
"\r\n");
|
||||
assertTrue(response.startsWith("HTTP/1.1 401 Unauthorized"));
|
||||
assertTrue(response.indexOf("WWW-Authenticate: basic realm=\"TestRealm\"") > 0);
|
||||
|
||||
response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" +
|
||||
"Authorization: " + B64Code.encode("user:password") + "\r\n" +
|
||||
"Authorization: Basic " + B64Code.encode("user:password") + "\r\n" +
|
||||
"\r\n");
|
||||
assertTrue(response.startsWith("HTTP/1.1 200 OK"));
|
||||
|
||||
|
@ -218,20 +218,20 @@ public class ConstraintTest
|
|||
assertTrue(response.indexOf("WWW-Authenticate: basic realm=\"TestRealm\"") > 0);
|
||||
|
||||
response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n" +
|
||||
"Authorization: " + B64Code.encode("admin:wrong") + "\r\n" +
|
||||
"Authorization: Basic " + B64Code.encode("admin:wrong") + "\r\n" +
|
||||
"\r\n");
|
||||
assertTrue(response.startsWith("HTTP/1.1 401 Unauthorized"));
|
||||
assertTrue(response.indexOf("WWW-Authenticate: basic realm=\"TestRealm\"") > 0);
|
||||
|
||||
response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n" +
|
||||
"Authorization: " + B64Code.encode("user:password") + "\r\n" +
|
||||
"Authorization: Basic " + B64Code.encode("user:password") + "\r\n" +
|
||||
"\r\n");
|
||||
|
||||
assertTrue(response.startsWith("HTTP/1.1 403 "));
|
||||
assertTrue(response.indexOf("!role") > 0);
|
||||
|
||||
response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n" +
|
||||
"Authorization: " + B64Code.encode("admin:password") + "\r\n" +
|
||||
"Authorization: Basic " + B64Code.encode("admin:password") + "\r\n" +
|
||||
"\r\n");
|
||||
assertTrue(response.startsWith("HTTP/1.1 200 OK"));
|
||||
|
||||
|
@ -490,18 +490,18 @@ public class ConstraintTest
|
|||
assertTrue(response.indexOf("WWW-Authenticate: basic realm=\"TestRealm\"") > 0);
|
||||
|
||||
response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" +
|
||||
"Authorization: " + B64Code.encode("user:wrong") + "\r\n" +
|
||||
"Authorization: Basic " + B64Code.encode("user:wrong") + "\r\n" +
|
||||
"\r\n");
|
||||
assertTrue(response.startsWith("HTTP/1.1 401 Unauthorized"));
|
||||
assertTrue(response.indexOf("WWW-Authenticate: basic realm=\"TestRealm\"") > 0);
|
||||
|
||||
response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" +
|
||||
"Authorization: " + B64Code.encode("user:password") + "\r\n" +
|
||||
"Authorization: Basic " + B64Code.encode("user:password") + "\r\n" +
|
||||
"\r\n");
|
||||
assertTrue(response.startsWith("HTTP/1.1 403"));
|
||||
|
||||
response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" +
|
||||
"Authorization: " + B64Code.encode("user2:password") + "\r\n" +
|
||||
"Authorization: Basic " + B64Code.encode("user2:password") + "\r\n" +
|
||||
"\r\n");
|
||||
assertTrue(response.startsWith("HTTP/1.1 200 OK"));
|
||||
|
||||
|
@ -512,20 +512,20 @@ public class ConstraintTest
|
|||
assertTrue(response.indexOf("WWW-Authenticate: basic realm=\"TestRealm\"") > 0);
|
||||
|
||||
response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n" +
|
||||
"Authorization: " + B64Code.encode("admin:wrong") + "\r\n" +
|
||||
"Authorization: Basic " + B64Code.encode("admin:wrong") + "\r\n" +
|
||||
"\r\n");
|
||||
assertTrue(response.startsWith("HTTP/1.1 401 Unauthorized"));
|
||||
assertTrue(response.indexOf("WWW-Authenticate: basic realm=\"TestRealm\"") > 0);
|
||||
|
||||
response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n" +
|
||||
"Authorization: " + B64Code.encode("user:password") + "\r\n" +
|
||||
"Authorization: Basic " + B64Code.encode("user:password") + "\r\n" +
|
||||
"\r\n");
|
||||
|
||||
assertTrue(response.startsWith("HTTP/1.1 403 "));
|
||||
assertTrue(response.indexOf("!role") > 0);
|
||||
|
||||
response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n" +
|
||||
"Authorization: " + B64Code.encode("admin:password") + "\r\n" +
|
||||
"Authorization: Basic " + B64Code.encode("admin:password") + "\r\n" +
|
||||
"\r\n");
|
||||
assertTrue(response.startsWith("HTTP/1.1 200 OK"));
|
||||
|
||||
|
@ -776,7 +776,7 @@ public class ConstraintTest
|
|||
assertTrue(response.startsWith("HTTP/1.1 200 OK"));
|
||||
|
||||
response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" +
|
||||
"Authorization: " + B64Code.encode("user2:password") + "\r\n" +
|
||||
"Authorization: Basic " + B64Code.encode("user2:password") + "\r\n" +
|
||||
"\r\n");
|
||||
assertTrue(response.startsWith("HTTP/1.1 500 "));
|
||||
|
||||
|
@ -789,7 +789,7 @@ public class ConstraintTest
|
|||
_server.start();
|
||||
|
||||
response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" +
|
||||
"Authorization: " + B64Code.encode("user2:password") + "\r\n" +
|
||||
"Authorization: Basic " + B64Code.encode("user2:password") + "\r\n" +
|
||||
"\r\n");
|
||||
assertTrue(response.startsWith("HTTP/1.1 200 OK"));
|
||||
}
|
||||
|
@ -809,13 +809,13 @@ public class ConstraintTest
|
|||
assertTrue(response.indexOf("user=null") > 0);
|
||||
|
||||
response = _connector.getResponses("GET /ctx/noauth/info HTTP/1.0\r\n"+
|
||||
"Authorization: " + B64Code.encode("admin:wrong") + "\r\n" +
|
||||
"Authorization: Basic " + B64Code.encode("admin:wrong") + "\r\n" +
|
||||
"\r\n");
|
||||
assertTrue(response.startsWith("HTTP/1.1 200 OK"));
|
||||
assertTrue(response.indexOf("user=null") > 0);
|
||||
|
||||
response = _connector.getResponses("GET /ctx/noauth/info HTTP/1.0\r\n"+
|
||||
"Authorization: " + B64Code.encode("admin:password") + "\r\n" +
|
||||
"Authorization: Basic " + B64Code.encode("admin:password") + "\r\n" +
|
||||
"\r\n");
|
||||
assertTrue(response.startsWith("HTTP/1.1 200 OK"));
|
||||
assertTrue(response.indexOf("user=admin") > 0);
|
||||
|
|
Loading…
Reference in New Issue