fractions/monitor/src/main/java/org/wildfly/swarm/monitor/runtime/SecureHttpContexts.java [89:163]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - private HttpHandler secureHandler(final HttpHandler toWrap, SecurityRealm securityRealm) { HttpHandler handler = toWrap; handler = new AuthenticationCallHandler(handler); handler = new AuthenticationConstraintHandler(handler); RealmIdentityManager idm = new RealmIdentityManager(securityRealm); Set mechanisms = securityRealm.getSupportedAuthenticationMechanisms(); List undertowMechanisms = new ArrayList(mechanisms.size()); undertowMechanisms.add(wrap(new CachedAuthenticatedSessionMechanism(), null)); for (AuthMechanism current : mechanisms) { switch (current) { case DIGEST: List digestAlgorithms = Collections.singletonList(DigestAlgorithm.MD5); List digestQops = Collections.singletonList(DigestQop.AUTH); undertowMechanisms.add(wrap(new DigestAuthenticationMechanism(digestAlgorithms, digestQops, securityRealm.getName(), "Monitor", new SimpleNonceManager()), current)); break; case PLAIN: undertowMechanisms.add(wrap(new BasicAuthenticationMechanism(securityRealm.getName()), current)); break; case LOCAL: break; default: } } handler = new AuthenticationMechanismsHandler(handler, undertowMechanisms); handler = new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, idm, handler); // the predicate handler takes care that all of the above // will only be enacted on relevant web contexts handler = new PredicateHandler(exchange -> { if (!monitor.getSecurityRealm().isPresent()) { return false; } if (Queries.isAggregatorEndpoint(monitor, exchange.getRelativePath())) { return true; } if (Queries.isDirectAccessToHealthEndpoint(monitor, exchange.getRelativePath())) { if (!hasTokenAuth(exchange)) { return true; } return false; } if (HttpContexts.getDefaultContextNames().contains(exchange.getRelativePath())) { return true; } return false; }, handler, toWrap); return handler; } private boolean hasTokenAuth(HttpServerExchange exchange) { String token = exchange.getAttachment(HttpContexts.TOKEN); return token != null && HttpContexts.EPHEMERAL_TOKEN.equals(token); } private static AuthenticationMechanism wrap(final AuthenticationMechanism toWrap, final AuthMechanism mechanism) { return new AuthenticationMechanismWrapper(toWrap, mechanism); } private final HttpHandler delegate; private final Monitor monitor; private final HttpHandler next; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - fractions/microprofile/microprofile-health/src/main/java/org/wildfly/swarm/microprofile/health/runtime/SecureHttpContexts.java [90:164]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - private HttpHandler secureHandler(final HttpHandler toWrap, SecurityRealm securityRealm) { HttpHandler handler = toWrap; handler = new AuthenticationCallHandler(handler); handler = new AuthenticationConstraintHandler(handler); RealmIdentityManager idm = new RealmIdentityManager(securityRealm); Set mechanisms = securityRealm.getSupportedAuthenticationMechanisms(); List undertowMechanisms = new ArrayList(mechanisms.size()); undertowMechanisms.add(wrap(new CachedAuthenticatedSessionMechanism(), null)); for (AuthMechanism current : mechanisms) { switch (current) { case DIGEST: List digestAlgorithms = Collections.singletonList(DigestAlgorithm.MD5); List digestQops = Collections.singletonList(DigestQop.AUTH); undertowMechanisms.add(wrap(new DigestAuthenticationMechanism(digestAlgorithms, digestQops, securityRealm.getName(), "Monitor", new SimpleNonceManager()), current)); break; case PLAIN: undertowMechanisms.add(wrap(new BasicAuthenticationMechanism(securityRealm.getName()), current)); break; case LOCAL: break; default: } } handler = new AuthenticationMechanismsHandler(handler, undertowMechanisms); handler = new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, idm, handler); // the predicate handler takes care that all of the above // will only be enacted on relevant web contexts handler = new PredicateHandler(exchange -> { if (!monitor.getSecurityRealm().isPresent()) { return false; } if (Queries.isAggregatorEndpoint(monitor, exchange.getRelativePath())) { return true; } if (Queries.isDirectAccessToHealthEndpoint(monitor, exchange.getRelativePath())) { if (!hasTokenAuth(exchange)) { return true; } return false; } if (HttpContexts.getDefaultContextNames().contains(exchange.getRelativePath())) { return true; } return false; }, handler, toWrap); return handler; } private boolean hasTokenAuth(HttpServerExchange exchange) { String token = exchange.getAttachment(HttpContexts.TOKEN); return token != null && HttpContexts.EPHEMERAL_TOKEN.equals(token); } private static AuthenticationMechanism wrap(final AuthenticationMechanism toWrap, final AuthMechanism mechanism) { return new AuthenticationMechanismWrapper(toWrap, mechanism); } private final HttpHandler delegate; private final Monitor monitor; private final HttpHandler next; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -