Re: [Resteasy-users] Basic authentication and @RolesAllowed on UndertowJaxrsServer

[Ron S. <rs...@re...>]

Hi Mark,

I have a partial answer. That is, I can get Resteasy with Undertow to 
recognize @RolesAllowed, but I don't know much about security in Undertow.

In the attached RollsAllowedTest, I have configured Undertow to impose 
identity constraints:

>    @BeforeClass
>    public static void init() throws Exception
>    {
>       server = new UndertowJaxrsServer().start();
>       ResteasyDeployment deployment = new ResteasyDeployment();
> deployment.setApplicationClass(TestApplication.class.getName());
>       deployment.setSecurityEnabled(true);
>       DeploymentInfo di = server.undertowDeployment(deployment, "/base");
>       di.setContextPath("/di");
>       di.setDeploymentName("DI");
>       di.setClassLoader(TestApplication.class.getClassLoader());
>       server.deploy(di);
>    }

so that the test

>    @Test
>    public void testDeploymentInfo() throws Exception
>    {
>       Client client = ClientBuilder.newClient();
>       Invocation.Builder builder = 
> client.target("http://localhost:8081/di/base/test").request();
>       System.out.println("auth: " + getBasicAuthentication("bill", 
> "pwd"));
>       builder.header("Authorization", getBasicAuthentication("bill", 
> "pwd"));
>       String val = builder.get(String.class);
>       Assert.assertEquals("hello world", val);
>       client.close();
>    }

fails with status 403.

In particular, 
org.jboss.resteasy.plugins.interceptors.RoleBasedSecurityFilter.filter() 
fails because it gets a null user principal. Can you see if you can set 
the user principal and let me know?

Thanks,
Ron


On 04/16/2015 11:33 AM, Mark Vinkx wrote:
> Hi
>
> I would like to enable basic authentication and @RolesAllowed for restEasy on UndertowJaxrsServer
> Can someone help me out how to enable this
>
> I found some references to set resteasy.role.based.security but I did not find a way how to set this in my DeploymentInfo
>          <context-param>
>            <param-name>resteasy.role.based.security</param-name>
>            <param-value>true</param-value>
>         </context-param>
>
> Some of my code I have been trying is. But it is not working.
>
>          webServer = new UndertowJaxrsServer();
>          Undertow.Builder serverBuilder=Undertow.builder();
>          serverBuilder = serverBuilder.addHttpListener(Integer.parseInt(properties.getProperty("port")), properties.getProperty("address"));
>          webServer.start(serverBuilder);
>
>          HashMap users = new HashMap(2);
>          users.put("userOne", "passwordOne".toCharArray());
>          users.put("userTwo", "passwordTwo".toCharArray());
>          MapIdentityManager identityManager = new MapIdentityManager(users);
>
>          DeploymentInfo di = webServer.undertowDeployment(MyApp.class) ;
>          di.setClassLoader(GetRest.class.getClassLoader())  ;
>          di.setDeploymentName("My Application");
>          di.setContextPath("/di");
>          LoginConfig loginConfig=new LoginConfig("BASIC","MyRealm");
>          di.setLoginConfig(loginConfig);
>          di.setIdentityManager(identityManager);
>          webServer.deploy(di);
>          webServer.deploy(MyApp.class);
>
>
>
> class MapIdentityManager implements IdentityManager {
>      private final Map<String, char[]> users;
>
>      public MapIdentityManager(Map<String, char[]> users) {
>          this.users = users;
>      }
>
>      @Override
>      public Account verify(Account account) {
>          return account;
>      }
>
>      @Override
>      public Account verify(String id, Credential credential) {
>          Account account = this.getAccount(id);
>          return account != null && this.verifyCredential(account, credential)?account:null;
>      }
>
>      @Override
>      public Account verify(Credential credential) {
>          return null;
>      }
>
>      private boolean verifyCredential(Account account, Credential credential) {
>          if(credential instanceof PasswordCredential) {
>              char[] password = ((PasswordCredential)credential).getPassword();
>              char[] expectedPassword = (char[])this.users.get(account.getPrincipal().getName());
>              return Arrays.equals(password, expectedPassword);
>          } else {
>              return false;
>          }
>      }
>
>      private Account getAccount(final String id) {
>          return this.users.containsKey(id)?new Account() {
>              private final Principal principal = new Principal() {
>                  @Override
>                  public String getName() {
>                      return id;
>                  }
>              };
>              @Override
>              public Principal getPrincipal() {
>                  return this.principal;
>              }
>              @Override
>              public Set<String> getRoles() {
>                  return Collections.emptySet();
>              }
>          }:null;
>      }
> }
>
>
>
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> Develop your own process in accordance with the BPMN 2 standard
> Learn Process modeling best practices with Bonita BPM through live exercises
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> _______________________________________________
> Resteasy-users mailing list
> Res...@li...
> https://lists.sourceforge.net/lists/listinfo/resteasy-users