368773 process data constraints without realm

This commit is contained in:
Greg Wilkins 2012-01-17 22:53:53 +11:00
parent 50fe23882a
commit c1b2eedadc
4 changed files with 215 additions and 13 deletions

View File

@ -358,7 +358,7 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
{ {
if (connector.isIntegral(request)) if (connector.isIntegral(request))
return true; return true;
if (connector.getConfidentialPort() > 0) if (connector.getIntegralPort() > 0)
{ {
String url = connector.getIntegralScheme() + "://" + request.getServerName() + ":" + connector.getIntegralPort() + request.getRequestURI(); String url = connector.getIntegralScheme() + "://" + request.getServerName() + ":" + connector.getIntegralPort() + request.getRequestURI();
if (request.getQueryString() != null) if (request.getQueryString() != null)
@ -440,6 +440,13 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
public void dump(Appendable out,String indent) throws IOException public void dump(Appendable out,String indent) throws IOException
{ {
dumpThis(out); dumpThis(out);
dump(out,indent,TypeUtil.asList(getHandlers()),getBeans(),Collections.singleton(_roles),_constraintMap.entrySet()); dump(out,indent,
Collections.singleton(getLoginService()),
Collections.singleton(getIdentityService()),
Collections.singleton(getAuthenticator()),
Collections.singleton(_roles),
_constraintMap.entrySet(),
getBeans(),
TypeUtil.asList(getHandlers()));
} }
} }

View File

@ -244,16 +244,19 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
return _initParameters.put(key,value); return _initParameters.put(key,value);
} }
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
protected LoginService findLoginService() protected LoginService findLoginService()
{ {
List<LoginService> list = getServer().getBeans(LoginService.class); List<LoginService> list = getServer().getBeans(LoginService.class);
String realm=getRealmName();
if (realm!=null)
{
for (LoginService service : list) for (LoginService service : list)
if (service.getName()!=null && service.getName().equals(getRealmName())) if (service.getName()!=null && service.getName().equals(realm))
return service; return service;
if (list.size()>0) }
else if (list.size()==1)
return list.get(0); return list.get(0);
return null; return null;
} }
@ -414,7 +417,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
final Authenticator authenticator = _authenticator; final Authenticator authenticator = _authenticator;
if (authenticator!=null && checkSecurity(baseRequest)) if (checkSecurity(baseRequest))
{ {
Object constraintInfo = prepareConstraintInfo(pathInContext, baseRequest); Object constraintInfo = prepareConstraintInfo(pathInContext, baseRequest);
@ -433,13 +436,24 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
boolean isAuthMandatory = boolean isAuthMandatory =
isAuthMandatory(baseRequest, base_response, constraintInfo); isAuthMandatory(baseRequest, base_response, constraintInfo);
if (isAuthMandatory && authenticator==null)
{
LOG.warn("No authenticator for: "+constraintInfo);
if (!baseRequest.isHandled())
{
response.sendError(Response.SC_FORBIDDEN);
baseRequest.setHandled(true);
}
return;
}
// check authentication // check authentication
Object previousIdentity = null; Object previousIdentity = null;
try try
{ {
Authentication authentication = baseRequest.getAuthentication(); Authentication authentication = baseRequest.getAuthentication();
if (authentication==null || authentication==Authentication.NOT_CHECKED) if (authentication==null || authentication==Authentication.NOT_CHECKED)
authentication=authenticator.validateRequest(request, response, isAuthMandatory); authentication=authenticator==null?Authentication.UNAUTHENTICATED:authenticator.validateRequest(request, response, isAuthMandatory);
if (authentication instanceof Authentication.Wrapped) if (authentication instanceof Authentication.Wrapped)
{ {
@ -500,8 +514,10 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
else else
{ {
baseRequest.setAuthentication(authentication); baseRequest.setAuthentication(authentication);
if (_identityService!=null)
previousIdentity = _identityService.associate(null); previousIdentity = _identityService.associate(null);
handler.handle(pathInContext, baseRequest, request, response); handler.handle(pathInContext, baseRequest, request, response);
if (authenticator!=null)
authenticator.secureResponse(request, response, isAuthMandatory, null); authenticator.secureResponse(request, response, isAuthMandatory, null);
} }
} }
@ -513,6 +529,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
} }
finally finally
{ {
if (_identityService!=null)
_identityService.disassociate(previousIdentity); _identityService.disassociate(previousIdentity);
} }
} }

View File

@ -0,0 +1,178 @@
// ========================================================================
// Copyright (c) 2004-2009 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
package org.eclipse.jetty.security;
import static org.junit.Assert.assertThat;
import static org.junit.matchers.JUnitMatchers.containsString;
import java.io.IOException;
import java.util.Arrays;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.http.HttpSchemes;
import org.eclipse.jetty.io.EndPoint;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.LocalConnector;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.handler.AbstractHandler;
import org.eclipse.jetty.server.handler.ContextHandler;
import org.eclipse.jetty.server.session.SessionHandler;
import org.eclipse.jetty.util.security.Constraint;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
/**
* @version $Revision: 1441 $ $Date: 2010-04-02 12:28:17 +0200 (Fri, 02 Apr 2010) $
*/
public class DataConstraintsTest
{
private Server _server;
private LocalConnector _connector;
private LocalConnector _connectorS;
private SessionHandler _session;
private ConstraintSecurityHandler _security;
@Before
public void startServer()
{
_server = new Server();
_connector = new LocalConnector();
_connector.setIntegralPort(9998);
_connector.setIntegralScheme("FTP");
_connector.setConfidentialPort(9999);
_connector.setConfidentialScheme("SPDY");
_connectorS = new LocalConnector()
{
@Override
public void customize(EndPoint endpoint, Request request) throws IOException
{
super.customize(endpoint,request);
request.setScheme(HttpSchemes.HTTPS);
}
@Override
public boolean isIntegral(Request request)
{
return true;
}
@Override
public boolean isConfidential(Request request)
{
return true;
}
};
_server.setConnectors(new Connector[]{_connector,_connectorS});
ContextHandler _context = new ContextHandler();
_session = new SessionHandler();
_context.setContextPath("/ctx");
_server.setHandler(_context);
_context.setHandler(_session);
_security = new ConstraintSecurityHandler();
_session.setHandler(_security);
_security.setHandler(new AbstractHandler()
{
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
{
baseRequest.setHandled(true);
response.sendError(404);
}
});
}
@After
public void stopServer() throws Exception
{
if (_server.isRunning())
{
_server.stop();
_server.join();
}
}
@Test
public void testIntegral() throws Exception
{
Constraint constraint0 = new Constraint();
constraint0.setAuthenticate(false);
constraint0.setName("integral");
constraint0.setDataConstraint(Constraint.DC_INTEGRAL);
ConstraintMapping mapping0 = new ConstraintMapping();
mapping0.setPathSpec("/integral/*");
mapping0.setConstraint(constraint0);
_security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
{
mapping0
}));
_server.start();
String response;
response = _connector.getResponses("GET /ctx/some/thing HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
response = _connector.getResponses("GET /ctx/integral/info HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 302 Found"));
assertThat(response, containsString("Location: FTP://"));
assertThat(response, containsString(":9998"));
response = _connectorS.getResponses("GET /ctx/integral/info HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
}
@Test
public void testConfidential() throws Exception
{
Constraint constraint0 = new Constraint();
constraint0.setAuthenticate(false);
constraint0.setName("confid");
constraint0.setDataConstraint(Constraint.DC_CONFIDENTIAL);
ConstraintMapping mapping0 = new ConstraintMapping();
mapping0.setPathSpec("/confid/*");
mapping0.setConstraint(constraint0);
_security.setConstraintMappings(Arrays.asList(new ConstraintMapping[]
{
mapping0
}));
_server.start();
String response;
response = _connector.getResponses("GET /ctx/some/thing HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
response = _connector.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 302 Found"));
assertThat(response, containsString("Location: SPDY://"));
assertThat(response, containsString(":9999"));
response = _connectorS.getResponses("GET /ctx/confid/info HTTP/1.0\r\n\r\n");
assertThat(response, containsString("HTTP/1.1 404 Not Found"));
}
}

View File

@ -113,6 +113,6 @@ public abstract class AbstractHandlerContainer extends AbstractHandler implement
public void dump(Appendable out,String indent) throws IOException public void dump(Appendable out,String indent) throws IOException
{ {
dumpThis(out); dumpThis(out);
dump(out,indent,TypeUtil.asList(getHandlers()),getBeans()); dump(out,indent,getBeans(),TypeUtil.asList(getHandlers()));
} }
} }