Hi Mark,

I have a partial answer. That is, I can get Resteasy with Undertow to recognize @RolesAllowed, but I don't know much about security in Undertow.


In the attached RollsAllowedTest, I have configured Undertow to impose identity constraints:

   @BeforeClass
   public static void init() throws Exception
   {
      server = new UndertowJaxrsServer().start();
      ResteasyDeployment deployment = new ResteasyDeployment();
deployment.setApplicationClass(TestApplication.class.getName());
      deployment.setSecurityEnabled(true);
      DeploymentInfo di = server.undertowDeployment(deployment, "/base");
      di.setContextPath("/di");
      di.setDeploymentName("DI");
      di.setClassLoader(TestApplication.class.getClassLoader());
      server.deploy(di);
   }

so that the test

   @Test
   public void testDeploymentInfo() throws Exception
   {
      Client client = ClientBuilder.newClient();
Invocation.Builder builder = client.target("http://localhost:8081/di/base/test";).request(); System.out.println("auth: " + getBasicAuthentication("bill", "pwd")); builder.header("Authorization", getBasicAuthentication("bill", "pwd"));
      String val = builder.get(String.class);
      Assert.assertEquals("hello world", val);
      client.close();
   }

fails with status 403.

In particular, org.jboss.resteasy.plugins.interceptors.RoleBasedSecurityFilter.filter() fails because it gets a null user principal. Can you see if you can set the user principal and let me know?

Thanks,
Ron


On 04/16/2015 11:33 AM, Mark Vinkx wrote:
Hi

I would like to enable basic authentication and @RolesAllowed for restEasy on 
UndertowJaxrsServer
Can someone help me out how to enable this

I found some references to set resteasy.role.based.security but I did not find 
a way how to set this in my DeploymentInfo
         <context-param>
           <param-name>resteasy.role.based.security</param-name>
           <param-value>true</param-value>
        </context-param>

Some of my code I have been trying is. But it is not working.

         webServer = new UndertowJaxrsServer();
         Undertow.Builder serverBuilder=Undertow.builder();
         serverBuilder = 
serverBuilder.addHttpListener(Integer.parseInt(properties.getProperty("port")), 
properties.getProperty("address"));
         webServer.start(serverBuilder);

         HashMap users = new HashMap(2);
         users.put("userOne", "passwordOne".toCharArray());
         users.put("userTwo", "passwordTwo".toCharArray());
         MapIdentityManager identityManager = new MapIdentityManager(users);

         DeploymentInfo di = webServer.undertowDeployment(MyApp.class) ;
         di.setClassLoader(GetRest.class.getClassLoader())  ;
         di.setDeploymentName("My Application");
         di.setContextPath("/di");
         LoginConfig loginConfig=new LoginConfig("BASIC","MyRealm");
         di.setLoginConfig(loginConfig);
         di.setIdentityManager(identityManager);
         webServer.deploy(di);
         webServer.deploy(MyApp.class);



class MapIdentityManager implements IdentityManager {
     private final Map<String, char[]> users;

     public MapIdentityManager(Map<String, char[]> users) {
         this.users = users;
     }

     @Override
     public Account verify(Account account) {
         return account;
     }

     @Override
     public Account verify(String id, Credential credential) {
         Account account = this.getAccount(id);
         return account != null && this.verifyCredential(account, 
credential)?account:null;
     }

     @Override
     public Account verify(Credential credential) {
         return null;
     }

     private boolean verifyCredential(Account account, Credential credential) {
         if(credential instanceof PasswordCredential) {
             char[] password = ((PasswordCredential)credential).getPassword();
             char[] expectedPassword = 
(char[])this.users.get(account.getPrincipal().getName());
             return Arrays.equals(password, expectedPassword);
         } else {
             return false;
         }
     }

     private Account getAccount(final String id) {
         return this.users.containsKey(id)?new Account() {
             private final Principal principal = new Principal() {
                 @Override
                 public String getName() {
                     return id;
                 }
             };
             @Override
             public Principal getPrincipal() {
                 return this.principal;
             }
             @Override
             public Set<String> getRoles() {
                 return Collections.emptySet();
             }
         }:null;
     }
}



------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Resteasy-users mailing list
Resteasy-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/resteasy-users

package org.jboss.resteasy.test.undertow;

import io.undertow.security.idm.Account;
import io.undertow.security.idm.Credential;
import io.undertow.security.idm.IdentityManager;
import io.undertow.security.idm.PasswordCredential;
import io.undertow.servlet.api.DeploymentInfo;
import io.undertow.servlet.api.LoginConfig;

import java.io.UnsupportedEncodingException;
import java.security.Principal;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

import javax.annotation.security.RolesAllowed;
import javax.ws.rs.ApplicationPath;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.Invocation;
import javax.ws.rs.core.Application;
import javax.xml.bind.DatatypeConverter;

import org.jboss.resteasy.plugins.server.undertow.UndertowJaxrsServer;
import org.jboss.resteasy.spi.ResteasyDeployment;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/**
 * 
 * @author <a href="ron.si...@jboss.com">Ron Sigal</a>
 * @version $Revision: 1.1 $
 *
 * Copyright May 11, 2015
 */
public class RolesAllowedTest
{
   private static UndertowJaxrsServer server;

   @Path("/test")
   @RolesAllowed("user")
   public static class TestResource
   {
      @GET
      @Produces("text/plain")
      public String get()
      {
         return "hello world";
      }
   }

   @ApplicationPath("/base")
   public static class TestApplication extends Application
   {
      @Override
      public Set<Class<?>> getClasses()
      {
         HashSet<Class<?>> classes = new HashSet<Class<?>>();
         classes.add(TestResource.class);
         return classes;
      }
   }

   @BeforeClass
   public static void init() throws Exception
   {
      server = new UndertowJaxrsServer().start();
      ResteasyDeployment deployment = new ResteasyDeployment();
      deployment.setApplicationClass(TestApplication.class.getName());
      deployment.setSecurityEnabled(true);
      DeploymentInfo di = server.undertowDeployment(deployment, "/base");
      di.setContextPath("/di");
      di.setDeploymentName("DI");
      di.setClassLoader(TestApplication.class.getClassLoader());
      server.deploy(di);
   }

   @AfterClass
   public static void stop() throws Exception
   {
      server.stop();
   }

   @Test
   public void testDeploymentInfo() throws Exception
   {
      Client client = ClientBuilder.newClient();
      Invocation.Builder builder = client.target("http://localhost:8081/di/base/test";).request();
      System.out.println("auth: " + getBasicAuthentication("bill", "pwd"));
      builder.header("Authorization", getBasicAuthentication("bill", "pwd"));
      String val = builder.get(String.class);
      Assert.assertEquals("hello world", val);
      client.close();
   }
   
   private String getBasicAuthentication(String user, String password)
   {
      String token = user + ":" + password;
      try
      {
          return "BASIC " + DatatypeConverter.printBase64Binary(token.getBytes("UTF-8"));
      } 
      catch (UnsupportedEncodingException ex)
      {
          throw new IllegalStateException("Cannot encode with UTF-8", ex);
      }
  }
}
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Resteasy-users mailing list
Resteasy-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/resteasy-users

Reply via email to