org.eclipse.jetty.security.UserAuthentication Java Examples

@Override public RemoteUserExtractor getRemoteUserExtractor() {
  return new RemoteUserExtractor() {
    @Override public String extract(HttpServletRequest request)
        throws RemoteUserExtractionException {
      methodCallCounter3++;
      if (request instanceof Request) {
        Authentication authentication = ((Request) request).getAuthentication();
        if (authentication instanceof UserAuthentication) {
          UserIdentity userIdentity = ((UserAuthentication) authentication).getUserIdentity();
          return userIdentity.getUserPrincipal().getName();
        }
      }
      throw new RemoteUserExtractionException("Request doesn't contain user credentials.");
    }
  };
}
 

/**
 * Certain aspects of the container, such as logging, need the authentication information to behave properly.
 * This method updates the request with the necessary objects to recognize the authenticated user.
 */
private void setJettyAuthentication(Subject subject) {
    // In unit test environments there may not be a current connection.  If any nulls are encountered
    // then, by definition, there is no container to update.
    HttpConnection connection = HttpConnection.getCurrentConnection();
    if (connection == null) {
        return;
    }
    Request jettyRequest = connection.getHttpChannel().getRequest();
    if (jettyRequest == null) {
        return;
    }

    // This cast down is safe; subject is always created with this type of principal
    PrincipalWithRoles principal = (PrincipalWithRoles) subject.getPrincipal();
    UserIdentity identity = principal.toUserIdentity();

    jettyRequest.setAuthentication(new UserAuthentication(SecurityContext.BASIC_AUTH, identity));
}
 

private Authentication createAuthentication(TokenAuthenticationResult tokenAuthentication) {
	Principal principal = tokenAuthentication.getPrincipal();
	Set<Principal> principals = new HashSet<>();
	principals.add(principal);
	Subject subject = new Subject(true, principals, new HashSet<>(), new HashSet<>());
	String[] scopes = tokenAuthentication.getScopes().toArray(new String[0]);
	return new UserAuthentication(getAuthMethod(), new DefaultUserIdentity(subject, principal, scopes));
}
 

private Authentication createAuthentication(TokenAuthenticationResult tokenAuthentication) {
	Principal principal = tokenAuthentication.getPrincipal();
	Set<Principal> principals = new HashSet<>();
	principals.add(principal);
	Subject subject = new Subject(true, principals, new HashSet<>(), new HashSet<>());
	String[] scopes = tokenAuthentication.getScopes().toArray(new String[0]);
	return new UserAuthentication(getAuthMethod(), new DefaultUserIdentity(subject, principal, scopes));
}
 

@Test
public void testSuccessfulLogin() throws Exception {
  UserStore testUserStore = new UserStore();
  testUserStore.addUser(TEST_USER, SecurityUtils.NO_CREDENTIAL, new String[]{USER_ROLE});
  TokenGenerator.TokenAndKeys tokenAndKeys = TokenGenerator.generateToken(TEST_USER);
  JwtLoginService loginService = new JwtLoginService(new UserStoreAuthorizationService(testUserStore), tokenAndKeys.publicKey(), null);

  Authenticator.AuthConfiguration configuration = mock(Authenticator.AuthConfiguration.class);
  expect(configuration.getLoginService()).andReturn(loginService);
  expect(configuration.getIdentityService()).andReturn(new DefaultIdentityService());
  expect(configuration.isSessionRenewedOnAuthentication()).andReturn(true);

  Request request = niceMock(Request.class);
  expect(request.getMethod()).andReturn(HttpMethod.GET.asString());
  expect(request.getHeader(HttpHeader.AUTHORIZATION.asString())).andReturn(null);
  request.setAttribute(JwtAuthenticator.JWT_TOKEN_REQUEST_ATTRIBUTE, tokenAndKeys.token());
  expectLastCall().andVoid();
  expect(request.getCookies()).andReturn(new Cookie[] {new Cookie(JWT_TOKEN, tokenAndKeys.token())});
  expect(request.getAttribute(JwtAuthenticator.JWT_TOKEN_REQUEST_ATTRIBUTE)).andReturn(tokenAndKeys.token());

  HttpServletResponse response = mock(HttpServletResponse.class);

  replay(configuration, request, response);
  JwtAuthenticator authenticator = new JwtAuthenticator(TOKEN_PROVIDER, JWT_TOKEN);
  authenticator.setConfiguration(configuration);
  UserAuthentication authentication = (UserAuthentication) authenticator.validateRequest(request, response, true);
  verify(configuration, request, response);

  assertNotNull(authentication);
  assertTrue(authentication.getUserIdentity().getUserPrincipal() instanceof JwtUserPrincipal);
  JwtUserPrincipal userPrincipal = (JwtUserPrincipal) authentication.getUserIdentity().getUserPrincipal();
  assertEquals(TEST_USER, userPrincipal.getName());
  assertEquals(tokenAndKeys.token(), userPrincipal.getSerializedToken());
}
 

@Override public void handle(String target, Request baseRequest, HttpServletRequest request,
    HttpServletResponse response) throws IOException, ServletException {
  Authentication auth = baseRequest.getAuthentication();
  if (Authentication.UNAUTHENTICATED == auth) {
    throw new AssertionError("Unauthenticated users should not reach here!");
  }

  baseRequest.setHandled(true);
  UserAuthentication userAuth = (UserAuthentication) auth;
  UserIdentity userIdentity = userAuth.getUserIdentity();
  Principal userPrincipal = userIdentity.getUserPrincipal();

  response.getWriter().print("OK " + userPrincipal.getName());
  response.setStatus(200);
}