protected static void configureClientCertContext(Tomcat tomcat) { TesterSupport.initSsl(tomcat); // Need a web application with a protected and unprotected URL // No file system docBase required Context ctx = tomcat.addContext("", null); Tomcat.addServlet(ctx, "simple", new SimpleServlet()); ctx.addServletMapping("/unprotected", "simple"); ctx.addServletMapping("/protected", "simple"); // Security constraints SecurityCollection collection = new SecurityCollection(); collection.addPattern("/protected"); SecurityConstraint sc = new SecurityConstraint(); sc.addAuthRole(ROLE); sc.addCollection(collection); ctx.addConstraint(sc); // Configure the Realm MapRealm realm = new MapRealm(); realm.addUser("CN=user1, C=US", "not used"); realm.addUserRole("CN=user1, C=US", ROLE); ctx.setRealm(realm); // Configure the authenticator LoginConfig lc = new LoginConfig(); lc.setAuthMethod("CLIENT-CERT"); ctx.setLoginConfig(lc); ctx.getPipeline().addValve(new SSLAuthenticator()); }
protected static void configureClientCertContext(Tomcat tomcat) { TesterSupport.initSsl(tomcat); // Need a web application with a protected and unprotected URL // Must have a real docBase - just use temp Context ctx = tomcat.addContext("", System.getProperty("java.io.tmpdir")); Tomcat.addServlet(ctx, "simple", new SimpleServlet()); ctx.addServletMapping("/unprotected", "simple"); ctx.addServletMapping("/protected", "simple"); // Security constraints SecurityCollection collection = new SecurityCollection(); collection.addPattern("/protected"); SecurityConstraint sc = new SecurityConstraint(); sc.addAuthRole("testrole"); sc.addCollection(collection); ctx.addConstraint(sc); // Configure the Realm MapRealm realm = new MapRealm(); realm.addUser("CN=user1, C=US", "not used"); realm.addUserRole("CN=user1, C=US", "testrole"); ctx.setRealm(realm); // Configure the authenticator LoginConfig lc = new LoginConfig(); lc.setAuthMethod("CLIENT-CERT"); ctx.setLoginConfig(lc); ctx.getPipeline().addValve(new SSLAuthenticator()); }
protected static void configureClientCertContext(Tomcat tomcat) { TesterSupport.initSsl(tomcat); // Need a web application with a protected and unprotected URL // Must have a real docBase - just use temp Context ctx = tomcat.addContext("", System.getProperty("java.io.tmpdir")); Tomcat.addServlet(ctx, "simple", new SimpleServlet()); ctx.addServletMapping("/unprotected", "simple"); ctx.addServletMapping("/protected", "simple"); // Security constraints SecurityCollection collection = new SecurityCollection(); collection.addPattern("/protected"); SecurityConstraint sc = new SecurityConstraint(); sc.addAuthRole(ROLE); sc.addCollection(collection); ctx.addConstraint(sc); // Configure the Realm MapRealm realm = new MapRealm(); realm.addUser("CN=user1, C=US", "not used"); realm.addUserRole("CN=user1, C=US", ROLE); ctx.setRealm(realm); // Configure the authenticator LoginConfig lc = new LoginConfig(); lc.setAuthMethod("CLIENT-CERT"); ctx.setLoginConfig(lc); ctx.getPipeline().addValve(new SSLAuthenticator()); }
private static Context createNewContext(final ClassLoader classLoader, String authMethod, String transportGuarantee, final String realmName, final String name) { String path = name; if (path == null) { path = "/"; } if (!path.startsWith("/")) { path = "/" + path; } final StandardContext context = new IgnoredStandardContext(); context.setPath(path); context.setDocBase(""); context.setParentClassLoader(classLoader); context.setDelegate(true); context.setName(name); ((TomcatWebAppBuilder) SystemInstance.get().getComponent(WebAppBuilder.class)).initJ2EEInfo(context); // Configure security if (authMethod != null) { authMethod = authMethod.toUpperCase(); } if (transportGuarantee != null) { transportGuarantee = transportGuarantee.toUpperCase(); } if (authMethod == null || "NONE".equals(authMethod)) { //NOPMD // ignore none for now as the NonLoginAuthenticator seems to be completely hosed } else if ("BASIC".equals(authMethod) || "DIGEST".equals(authMethod) || "CLIENT-CERT".equals(authMethod)) { //Setup a login configuration final LoginConfig loginConfig = new LoginConfig(); loginConfig.setAuthMethod(authMethod); loginConfig.setRealmName(realmName); context.setLoginConfig(loginConfig); //Setup a default Security Constraint final String securityRole = SystemInstance.get().getProperty(TOMEE_JAXWS_SECURITY_ROLE_PREFIX + name, "default"); for (final String role : securityRole.split(",")) { final SecurityCollection collection = new SecurityCollection(); collection.addMethod("GET"); collection.addMethod("POST"); collection.addPattern("/*"); collection.setName(role); final SecurityConstraint sc = new SecurityConstraint(); sc.addAuthRole("*"); sc.addCollection(collection); sc.setAuthConstraint(true); sc.setUserConstraint(transportGuarantee); context.addConstraint(sc); context.addSecurityRole(role); } //Set the proper authenticator if ("BASIC".equals(authMethod)) { context.addValve(new BasicAuthenticator()); } else if ("DIGEST".equals(authMethod)) { context.addValve(new DigestAuthenticator()); } else if ("CLIENT-CERT".equals(authMethod)) { context.addValve(new SSLAuthenticator()); } else if ("NONE".equals(authMethod)) { context.addValve(new NonLoginAuthenticator()); } context.getPipeline().addValve(new OpenEJBValve()); } else { throw new IllegalArgumentException("Invalid authMethod: " + authMethod); } return context; }
private static Context createNewContext(final ClassLoader classLoader, final String rAuthMethod, final String rTransportGuarantee, final String realmName, final String name) { String path = name; if (path == null) { path = "/"; } if (!path.startsWith("/")) { path = "/" + path; } final StandardContext context = new IgnoredStandardContext(); context.setPath(path); context.setDocBase(""); context.setParentClassLoader(classLoader); context.setDelegate(true); context.setName(name); TomcatWebAppBuilder.class.cast(SystemInstance.get().getComponent(WebAppBuilder.class)).initJ2EEInfo(context); // Configure security String authMethod = rAuthMethod; if (authMethod != null) { authMethod = authMethod.toUpperCase(); } String transportGuarantee = rTransportGuarantee; if (transportGuarantee != null) { transportGuarantee = transportGuarantee.toUpperCase(); } if (authMethod != null & !"NONE".equals(authMethod)) { if ("BASIC".equals(authMethod) || "DIGEST".equals(authMethod) || "CLIENT-CERT".equals(authMethod)) { //Setup a login configuration final LoginConfig loginConfig = new LoginConfig(); loginConfig.setAuthMethod(authMethod); loginConfig.setRealmName(realmName); context.setLoginConfig(loginConfig); //Setup a default Security Constraint final String securityRole = SystemInstance.get().getProperty(TOMEE_HESSIAN_SECURITY_ROLE_PREFIX + name, "default"); for (final String role : securityRole.split(",")) { final SecurityCollection collection = new SecurityCollection(); collection.addMethod("GET"); collection.addMethod("POST"); collection.addPattern("/*"); collection.setName(role); final SecurityConstraint sc = new SecurityConstraint(); sc.addAuthRole("*"); sc.addCollection(collection); sc.setAuthConstraint(true); sc.setUserConstraint(transportGuarantee); context.addConstraint(sc); context.addSecurityRole(role); } } //Set the proper authenticator switch (authMethod) { case "BASIC": context.addValve(new BasicAuthenticator()); break; case "DIGEST": context.addValve(new DigestAuthenticator()); break; case "CLIENT-CERT": context.addValve(new SSLAuthenticator()); break; case "NONE": context.addValve(new NonLoginAuthenticator()); break; } context.getPipeline().addValve(new OpenEJBValve()); } else { throw new IllegalArgumentException("Invalid authMethod: " + authMethod); } return context; }
