@Override public Set<String> setServletSecurity(ServletSecurityElement constraint) { if (constraint == null) { throw new IllegalArgumentException(sm.getString( "applicationServletRegistration.setServletSecurity.iae", getName(), context.getName())); } if (!context.getState().equals(LifecycleState.STARTING_PREP)) { throw new IllegalStateException(sm.getString( "applicationServletRegistration.setServletSecurity.ise", getName(), context.getName())); } return context.addServletSecurity(this, constraint); }
private void processServletSecurityAnnotation(Class<?> clazz) { // Calling this twice isn't harmful so no syncs servletSecurityAnnotationScanRequired = false; Context ctxt = (Context) getParent(); if (ctxt.getIgnoreAnnotations()) { return; } ServletSecurity secAnnotation = clazz.getAnnotation(ServletSecurity.class); if (secAnnotation != null) { ctxt.addServletSecurity( new ApplicationServletRegistration(this, ctxt), new ServletSecurityElement(secAnnotation)); } }
/** * Delegate for ServletRegistration.Dynamic.setServletSecurity method * @param registration ServletRegistration.Dynamic instance that setServletSecurity was called on * @param servletSecurityElement new security info * @return the set of exact URL mappings currently associated with the registration that are also present in the web.xml * security constraints and thus will be unaffected by this call. */ public Set<String> setServletSecurity(ServletRegistration.Dynamic registration, ServletSecurityElement servletSecurityElement) { //Default implementation is to just accept them all. If using a webapp, then this behaviour is overridden in WebAppContext.setServletSecurity Collection<String> pathSpecs = registration.getMappings(); if (pathSpecs != null) { for (String pathSpec:pathSpecs) { List<ConstraintMapping> mappings = ConstraintSecurityHandler.createConstraintsWithMappingsForPath(registration.getName(), pathSpec, servletSecurityElement); for (ConstraintMapping m:mappings) ((ConstraintAware)getSecurityHandler()).addConstraintMapping(m); } } return Collections.emptySet(); }
private void processServletSecurityAnnotation(Class<?> clazz) { // Calling this twice isn't harmful so no syncs servletSecurityAnnotationScanRequired = false; Context ctxt = (Context) getParent(); if (ctxt.getIgnoreAnnotations()) { return; } ServletSecurity secAnnotation = clazz.getAnnotation(ServletSecurity.class); if (secAnnotation != null) { ctxt.addServletSecurity(new ApplicationServletRegistration(this, ctxt), new ServletSecurityElement(secAnnotation)); } }
@Override public void onStartup(Set<Class<?>> c, ServletContext ctx) throws ServletException { // Register and map servlet Servlet s = new Bug50015Servlet(); ServletRegistration.Dynamic sr = ctx.addServlet("bug50015", s); sr.addMapping("/bug50015"); // Limit access to users in the Tomcat role HttpConstraintElement hce = new HttpConstraintElement( TransportGuarantee.NONE, "tomcat"); ServletSecurityElement sse = new ServletSecurityElement(hce); sr.setServletSecurity(sse); }
@Override public Set<String> setServletSecurity(final ServletSecurityElement constraint) { if (constraint == null) { throw UndertowMessages.MESSAGES.argumentCannotBeNull("constraint"); } DeploymentInfo deploymentInfo = deployment.getDeploymentInfo(); //this is not super efficient, but it does not really matter final Set<String> urlPatterns = new HashSet<>(); for (SecurityConstraint sc : deploymentInfo.getSecurityConstraints()) { for (WebResourceCollection webResources : sc.getWebResourceCollections()) { urlPatterns.addAll(webResources.getUrlPatterns()); } } final Set<String> ret = new HashSet<>(); for (String url : servletInfo.getMappings()) { if (urlPatterns.contains(url)) { ret.add(url); } } ServletSecurityInfo info = new ServletSecurityInfo(); servletInfo.setServletSecurityInfo(info); info.setTransportGuaranteeType(constraint.getTransportGuarantee() == CONFIDENTIAL ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE) .setEmptyRoleSemantic(emptyRoleSemantic(constraint.getEmptyRoleSemantic())) .addRolesAllowed(constraint.getRolesAllowed()); for (final HttpMethodConstraintElement methodConstraint : constraint.getHttpMethodConstraints()) { info.addHttpMethodSecurityInfo(new HttpMethodSecurityInfo() .setTransportGuaranteeType(methodConstraint.getTransportGuarantee() == CONFIDENTIAL ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE) .setMethod(methodConstraint.getMethodName()) .setEmptyRoleSemantic(emptyRoleSemantic(methodConstraint.getEmptyRoleSemantic())) .addRolesAllowed(methodConstraint.getRolesAllowed())); } return ret; }
@Override public Set<String> setServletSecurity(ServletSecurityElement constraint) { if (constraint == null) { throw new IllegalArgumentException(sm.getString("applicationServletRegistration.setServletSecurity.iae", getName(), context.getName())); } if (!context.getState().equals(LifecycleState.STARTING_PREP)) { throw new IllegalStateException(sm.getString("applicationServletRegistration.setServletSecurity.ise", getName(), context.getName())); } return context.addServletSecurity(this, constraint); }
private RpcServlet registerRpcServlet(ServletContext ctx) { LOGGER.info("Starting HTTP RPC runtime"); RpcServlet servlet = new RpcServlet(); ServletRegistration.Dynamic regInfo = ctx.addServlet(RpcServlet.class.getName(), servlet); ServletSecurityElement sec = new ServletSecurityElement(new HttpConstraintElement()); regInfo.setServletSecurity(sec); regInfo.setLoadOnStartup(1); regInfo.addMapping(RpcConfig.getInstance().getPath() + "/http"); return servlet; }
@Override public SecurityConstraint[] findSecurityConstraints(final Request request, final Context context) { final Map<String, ServletSecurityElement> map = (Map<String, ServletSecurityElement>) invoke(findSecurityConstraintsMethod, request.getRequest(), context.getPath()); final List<SecurityConstraint> constraints = new ArrayList<SecurityConstraint>(); for (final Map.Entry<String, ServletSecurityElement> entry : map.entrySet()) { constraints.addAll(Arrays.asList(SecurityConstraint.createConstraints(entry.getValue(), entry.getKey()))); } return constraints.toArray(new SecurityConstraint[constraints.size()]); }
public ServletHolder(Servlet servlet, String name, Map<String, String> initParameters, boolean asyncSupported, boolean isMatchAfter, int loadOnStartup, ServletSecurityElement securityElement, String... urlPatterns) { super(); this.servlet = servlet; this.name = name; this.initParameters = initParameters; this.asyncSupported = asyncSupported; this.isMatchAfter = isMatchAfter; this.loadOnStartup = loadOnStartup; this.securityElement = securityElement; this.urlPatterns = Arrays.copyOf(urlPatterns, urlPatterns.length); }
@Override public Set<String> addServletSecurity( ApplicationServletRegistration registration, ServletSecurityElement servletSecurityElement) { return null; }
@Override public Set<String> setServletSecurity(ServletSecurityElement constraint) { return null; }
@Override public Set<String> addServletSecurity(ApplicationServletRegistration registration, ServletSecurityElement servletSecurityElement) { return null; }
@Override public Set<String> setServletSecurity(ServletSecurityElement constraint) { throw new UnsupportedOperationException(NOT_SUPPORTED_YET); //To change body of generated methods, choose Tools | Templates. }
@Override public Set<String> setServletSecurity(ServletSecurityElement elem) { return new HashSet<>(); }