@Override protected URI getRedirectURI(HttpServerExchange exchange) throws URISyntaxException { return getRedirectURI(exchange, redirectPort); }
private static HttpHandler addSecurity(final HttpHandler toWrap, IdentityManager identityManager) { List<AuthenticationMechanism> mechanisms = Collections.<AuthenticationMechanism>singletonList(new BasicAuthenticationMechanism("Syncany")); HttpHandler handler = toWrap; handler = new AuthenticationCallHandler(handler); handler = new AuthenticationConstraintHandler(handler); handler = new AuthenticationMechanismsHandler(handler, mechanisms); handler = new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, identityManager, handler); return handler; }
/** * @see io.undertow.server.HttpHandler#handleRequest(io.undertow.server.HttpServerExchange) */ @Override public void handleRequest(final HttpServerExchange exchange) throws Exception { SecurityActions.setSecurityContext(exchange, createSecurityContext(exchange)); next.handleRequest(exchange); }
private HttpHandler createAuthenticationHandlersChain(HttpHandler next, AuthenticationConfiguration authConfig) { HttpHandler authenticationCallHandler = new AuthenticationCallHandler(next); HttpHandler constraintHandler = new AuthenticationPredicateAwareConstraintHandler( authenticationCallHandler, authConfig.getIsAuthenticationRequiredPredicate()); HttpHandler mechanismsHandler = new AuthenticationMechanismsHandler(constraintHandler, authConfig.getAuthMechanisms()); AuthenticationMode authenticationMode = AuthenticationMode.valueOf( configFactory.getStringProperty(Configs.FRONTEND_AUTHENTICATION_MODE).toUpperCase()); return new SecurityInitialHandler(authenticationMode, authConfig.getIdentityManager(), mechanismsHandler); }
private static HttpHandler secureAccess(HttpHandler domainHandler, final HttpAuthenticationFactory httpAuthenticationFactory) { domainHandler = new AuthenticationCallHandler(domainHandler); domainHandler = new AuthenticationConstraintHandler(domainHandler); Supplier<List<HttpServerAuthenticationMechanism>> mechanismSupplier = () -> httpAuthenticationFactory.getMechanismNames().stream() .map(s -> { try { return httpAuthenticationFactory.createMechanism(s); } catch (Exception e) { return null; } }) .collect(Collectors.toList()); domainHandler = ElytronContextAssociationHandler.builder() .setNext(domainHandler) .setMechanismSupplier(mechanismSupplier) .setHttpExchangeSupplier(h -> new ElytronHttpExchange(h) { @Override public void authenticationComplete(SecurityIdentity securityIdentity, String mechanismName) { super.authenticationComplete(securityIdentity, mechanismName); h.putAttachment(ElytronIdentityHandler.IDENTITY_KEY, securityIdentity); } }) .build(); return domainHandler; }
@Override public void handleRequest(HttpServerExchange exchange) throws Exception { if (isConfidential(exchange) || !confidentialityRequired(exchange)) { next.handleRequest(exchange); } else { try { URI redirectUri = getRedirectURI(exchange); UndertowLogger.SECURITY_LOGGER.debugf("Redirecting request %s to %s to meet confidentiality requirements", exchange, redirectUri); exchange.setStatusCode(StatusCodes.FOUND); exchange.getResponseHeaders().put(Headers.LOCATION, redirectUri.toString()); } catch (Exception e) { UndertowLogger.REQUEST_LOGGER.exceptionProcessingRequest(e); exchange.setStatusCode(StatusCodes.INTERNAL_SERVER_ERROR); } exchange.endExchange(); } }
/** * @see io.undertow.server.HttpHandler#handleRequest(io.undertow.server.HttpServerExchange) */ @Override public void handleRequest(HttpServerExchange exchange) throws Exception { if (isAuthenticationRequired(exchange)) { SecurityContext context = exchange.getSecurityContext(); UndertowLogger.SECURITY_LOGGER.debugf("Setting authentication required for exchange %s", exchange); context.setAuthenticationRequired(); } next.handleRequest(exchange); }
/** * Use the HttpServerExchange supplied to check if this request is already 'sufficiently' confidential. * * Here we say 'sufficiently' as sub-classes can override this and maybe even go so far as querying the actual SSLSession. * * @param exchange - The {@link HttpServerExchange} for the request being processed. * @return true if the request is 'sufficiently' confidential, false otherwise. */ protected boolean isConfidential(final HttpServerExchange exchange) { ServletRequestContext src = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); if(src != null) { return src.getOriginalRequest().isSecure(); } return super.isConfidential(exchange); } }
private static HttpHandler addBasicSecurity(final HttpHandler toWrap, final IdentityManager identityManager) { HttpHandler handler = toWrap; handler = new AuthenticationCallHandler(handler); handler = new AuthenticationConstraintHandler(handler); final List<AuthenticationMechanism> mechanisms = Collections.singletonList(new BasicAuthenticationMechanism("oauth2")); handler = new AuthenticationMechanismsHandler(handler, mechanisms); handler = new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, identityManager, handler); return handler; }
/** * @see io.undertow.server.HttpHandler#handleRequest(io.undertow.server.HttpServerExchange) */ @Override public void handleRequest(final HttpServerExchange exchange) throws Exception { SecurityActions.setSecurityContext(exchange, createSecurityContext(exchange)); next.handleRequest(exchange); }
@Override protected URI getRedirectURI(HttpServerExchange exchange) throws URISyntaxException { return getRedirectURI(exchange, redirectPort); }
/** * @see io.undertow.server.HttpHandler#handleRequest(io.undertow.server.HttpServerExchange) */ @Override public void handleRequest(HttpServerExchange exchange) throws Exception { if (isAuthenticationRequired(exchange)) { SecurityContext context = exchange.getSecurityContext(); UndertowLogger.SECURITY_LOGGER.debugf("Setting authentication required for exchange %s", exchange); context.setAuthenticationRequired(); } next.handleRequest(exchange); }
private HttpHandler addGetSecurity(final HttpHandler toWrap, final IdentityManager identityManager) { HttpHandler handler = toWrap; handler = new AuthenticationCallHandler(handler); handler = new AuthenticationConstraintHandler(handler); List<AuthenticationMechanism> mechanisms = new ArrayList<>(); // bypass the SPNEGO if service password is not even configured. if(spnegoServicePassword != null) { mechanisms.add(new LightGSSAPIAuthenticationMechanism(new SubjectFactory())); } mechanisms.add(new LightBasicAuthenticationMechanism("OAuth")); handler = new AuthenticationMechanismsHandler(handler, mechanisms); handler = new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, identityManager, handler); return handler; }
/** * @see io.undertow.server.HttpHandler#handleRequest(io.undertow.server.HttpServerExchange) */ @Override public void handleRequest(final HttpServerExchange exchange) throws Exception { SecurityActions.setSecurityContext(exchange, createSecurityContext(exchange)); next.handleRequest(exchange); }
@Override protected URI getRedirectURI(HttpServerExchange exchange) throws URISyntaxException { return getRedirectURI(exchange, redirectPort); }
private void buildSecurityHandler() { HttpHandler handler = this.next; handler = new AuthenticationCallHandler(handler); handler = new AuthenticationConstraintHandler(handler); final List<AuthenticationMechanism> mechanisms = Collections.<AuthenticationMechanism>singletonList(new BasicAuthenticationMechanism("My Realm")); handler = new AuthenticationMechanismsHandler(handler, mechanisms); this.securityHandler = new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, identityManager, handler); }
@Override protected URI getRedirectURI(HttpServerExchange exchange) throws URISyntaxException { int port = portManager.getConfidentialPort(exchange); if (port < 0) { throw MESSAGES.noConfidentialPortAvailable(); } return super.getRedirectURI(exchange, port); }
private void buildSecurityHandler() { HttpHandler handler = this.next; handler = new AuthenticationCallHandler(handler); handler = new AuthenticationConstraintHandler(handler); final List<AuthenticationMechanism> mechanisms = Collections.<AuthenticationMechanism>singletonList( new DigestAuthenticationMechanism("WSRealm", "WSDomain", "DIGEST", this.identityManager)); handler = new AuthenticationMechanismsHandler(handler, mechanisms); this.securityHandler = new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, identityManager, handler); }
private HttpHandler addFormSecurity(final HttpHandler toWrap, final IdentityManager identityManager) { HttpHandler handler = toWrap; handler = new AuthenticationCallHandler(handler); handler = new AuthenticationConstraintHandler(handler); final List<AuthenticationMechanism> mechanisms = new ArrayList<>(); mechanisms.add(new CachedAuthenticatedSessionMechanism()); mechanisms.add(new FormAuthenticationMechanism("oauth2", "/login", "/error", "/oauth2/code")); handler = new AuthenticationMechanismsHandler(handler, mechanisms); handler = new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, identityManager, handler); handler = new SessionAttachmentHandler(handler, new InMemorySessionManager("oauth2"), new SessionCookieConfig()); return handler; }
private static HttpHandler addFormSecurity(final HttpHandler toWrap, final IdentityManager identityManager) { HttpHandler handler = toWrap; handler = new AuthenticationCallHandler(handler); handler = new AuthenticationConstraintHandler(handler); final List<AuthenticationMechanism> mechanisms = new ArrayList<>(); mechanisms.add(new CachedAuthenticatedSessionMechanism()); mechanisms.add(new FormAuthenticationMechanism("oauth2", "/login", "/error", "/oauth2/authorize")); handler = new AuthenticationMechanismsHandler(handler, mechanisms); handler = new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, identityManager, handler); handler = new SessionAttachmentHandler(handler, new InMemorySessionManager("oauth2"), new SessionCookieConfig()); return handler; } }