private void makeContext(Tomcat tomcat, Path noSuchBaseDir) throws IOException { Path contextPath = noSuchBaseDir.resolve("context"); Files.createDirectories(contextPath); context = tomcat.addContext(contextPathURIBase, contextPath.toAbsolutePath().toString()); context.setWebappVersion("3.1"); context.setName("Oryx"); context.addWelcomeFile("index.html"); addErrorPages(context); // OryxApplication only needs one config value, so just pass it context.addParameter(OryxApplication.class.getName() + ".packages", appResourcesPackages); // ModelManagerListener will need whole config String serializedConfig = ConfigUtils.serialize(config); context.addParameter(ConfigUtils.class.getName() + ".serialized", serializedConfig); Wrapper wrapper = Tomcat.addServlet(context, "Jersey", "org.glassfish.jersey.servlet.ServletContainer"); wrapper.addInitParameter("javax.ws.rs.Application", OryxApplication.class.getName()); //wrapper.addInitParameter(OryxApplication.class.getName() + ".packages", appResourcesPackage); wrapper.addMapping("/*"); wrapper.setLoadOnStartup(1); wrapper.setMultipartConfigElement(new MultipartConfigElement("")); if (!doNotInitTopics) { // Only for tests context.addApplicationListener(ModelManagerListener.class.getName()); } // Better way to configure JASPIC? AuthConfigFactory.setFactory(new AuthConfigFactoryImpl()); boolean needHTTPS = keystoreFile != null; boolean needAuthentication = userName != null; if (needHTTPS || needAuthentication) { SecurityCollection securityCollection = new SecurityCollection(); securityCollection.addPattern("/*"); SecurityConstraint securityConstraint = new SecurityConstraint(); securityConstraint.addCollection(securityCollection); if (needHTTPS) { securityConstraint.setUserConstraint("CONFIDENTIAL"); } if (needAuthentication) { LoginConfig loginConfig = new LoginConfig(); loginConfig.setAuthMethod("DIGEST"); loginConfig.setRealmName(InMemoryRealm.NAME); context.setLoginConfig(loginConfig); securityConstraint.addAuthRole(InMemoryRealm.AUTH_ROLE); context.addSecurityRole(InMemoryRealm.AUTH_ROLE); DigestAuthenticator authenticator = new DigestAuthenticator(); authenticator.setNonceValidity(10 * 1000L); // Shorten from 5 minutes to 10 seconds authenticator.setNonceCacheSize(20000); // Increase from 1000 to 20000 context.getPipeline().addValve(authenticator); } context.addConstraint(securityConstraint); } context.setCookies(false); }
private static Context createNewContext(final ClassLoader classLoader, String authMethod, String transportGuarantee, final String realmName, final String name) { String path = name; if (path == null) { path = "/"; } if (!path.startsWith("/")) { path = "/" + path; } final StandardContext context = new IgnoredStandardContext(); context.setPath(path); context.setDocBase(""); context.setParentClassLoader(classLoader); context.setDelegate(true); context.setName(name); ((TomcatWebAppBuilder) SystemInstance.get().getComponent(WebAppBuilder.class)).initJ2EEInfo(context); // Configure security if (authMethod != null) { authMethod = authMethod.toUpperCase(); } if (transportGuarantee != null) { transportGuarantee = transportGuarantee.toUpperCase(); } if (authMethod == null || "NONE".equals(authMethod)) { //NOPMD // ignore none for now as the NonLoginAuthenticator seems to be completely hosed } else if ("BASIC".equals(authMethod) || "DIGEST".equals(authMethod) || "CLIENT-CERT".equals(authMethod)) { //Setup a login configuration final LoginConfig loginConfig = new LoginConfig(); loginConfig.setAuthMethod(authMethod); loginConfig.setRealmName(realmName); context.setLoginConfig(loginConfig); //Setup a default Security Constraint final String securityRole = SystemInstance.get().getProperty(TOMEE_JAXWS_SECURITY_ROLE_PREFIX + name, "default"); for (final String role : securityRole.split(",")) { final SecurityCollection collection = new SecurityCollection(); collection.addMethod("GET"); collection.addMethod("POST"); collection.addPattern("/*"); collection.setName(role); final SecurityConstraint sc = new SecurityConstraint(); sc.addAuthRole("*"); sc.addCollection(collection); sc.setAuthConstraint(true); sc.setUserConstraint(transportGuarantee); context.addConstraint(sc); context.addSecurityRole(role); } //Set the proper authenticator if ("BASIC".equals(authMethod)) { context.addValve(new BasicAuthenticator()); } else if ("DIGEST".equals(authMethod)) { context.addValve(new DigestAuthenticator()); } else if ("CLIENT-CERT".equals(authMethod)) { context.addValve(new SSLAuthenticator()); } else if ("NONE".equals(authMethod)) { context.addValve(new NonLoginAuthenticator()); } context.getPipeline().addValve(new OpenEJBValve()); } else { throw new IllegalArgumentException("Invalid authMethod: " + authMethod); } return context; }
private static Context createNewContext(final ClassLoader classLoader, final String rAuthMethod, final String rTransportGuarantee, final String realmName, final String name) { String path = name; if (path == null) { path = "/"; } if (!path.startsWith("/")) { path = "/" + path; } final StandardContext context = new IgnoredStandardContext(); context.setPath(path); context.setDocBase(""); context.setParentClassLoader(classLoader); context.setDelegate(true); context.setName(name); TomcatWebAppBuilder.class.cast(SystemInstance.get().getComponent(WebAppBuilder.class)).initJ2EEInfo(context); // Configure security String authMethod = rAuthMethod; if (authMethod != null) { authMethod = authMethod.toUpperCase(); } String transportGuarantee = rTransportGuarantee; if (transportGuarantee != null) { transportGuarantee = transportGuarantee.toUpperCase(); } if (authMethod != null & !"NONE".equals(authMethod)) { if ("BASIC".equals(authMethod) || "DIGEST".equals(authMethod) || "CLIENT-CERT".equals(authMethod)) { //Setup a login configuration final LoginConfig loginConfig = new LoginConfig(); loginConfig.setAuthMethod(authMethod); loginConfig.setRealmName(realmName); context.setLoginConfig(loginConfig); //Setup a default Security Constraint final String securityRole = SystemInstance.get().getProperty(TOMEE_HESSIAN_SECURITY_ROLE_PREFIX + name, "default"); for (final String role : securityRole.split(",")) { final SecurityCollection collection = new SecurityCollection(); collection.addMethod("GET"); collection.addMethod("POST"); collection.addPattern("/*"); collection.setName(role); final SecurityConstraint sc = new SecurityConstraint(); sc.addAuthRole("*"); sc.addCollection(collection); sc.setAuthConstraint(true); sc.setUserConstraint(transportGuarantee); context.addConstraint(sc); context.addSecurityRole(role); } } //Set the proper authenticator switch (authMethod) { case "BASIC": context.addValve(new BasicAuthenticator()); break; case "DIGEST": context.addValve(new DigestAuthenticator()); break; case "CLIENT-CERT": context.addValve(new SSLAuthenticator()); break; case "NONE": context.addValve(new NonLoginAuthenticator()); break; } context.getPipeline().addValve(new OpenEJBValve()); } else { throw new IllegalArgumentException("Invalid authMethod: " + authMethod); } return context; }
private Context makeContext(Tomcat tomcat, File noSuchBaseDir) throws IOException { File contextPath = new File(noSuchBaseDir, "context"); IOUtils.mkdirs(contextPath); Context context = tomcat.addContext("", contextPath.getAbsolutePath()); context.setWebappVersion("3.0"); context.addWelcomeFile("index.jspx"); addErrorPages(context); APISettings apiSettings = APISettings.create(config.getConfig("computation-layer.api")); boolean needHTTPS = apiSettings.isSecure(); boolean needAuthentication = apiSettings.getUserName() != null; if (needHTTPS || needAuthentication) { SecurityCollection securityCollection = new SecurityCollection("Protected Resources"); securityCollection.addPattern("/*"); SecurityConstraint securityConstraint = new SecurityConstraint(); securityConstraint.addCollection(securityCollection); if (needHTTPS) { securityConstraint.setUserConstraint("CONFIDENTIAL"); } if (needAuthentication) { LoginConfig loginConfig = new LoginConfig(); loginConfig.setAuthMethod("DIGEST"); loginConfig.setRealmName(InMemoryRealm.NAME); context.setLoginConfig(loginConfig); securityConstraint.addAuthRole(InMemoryRealm.AUTH_ROLE); context.addSecurityRole(InMemoryRealm.AUTH_ROLE); context.getPipeline().addValve(new DigestAuthenticator()); } context.addConstraint(securityConstraint); } context.setCookies(false); return context; }
private Context makeContext(Tomcat tomcat, File noSuchBaseDir) throws IOException { File contextPath = new File(noSuchBaseDir, "context"); IOUtils.mkdirs(contextPath); APISettings apiSettings = APISettings.create(config.getConfig("serving-layer.api")); String contextPathURIBase = config.getString("serving-layer.api.context-path"); if (contextPathURIBase == null || contextPathURIBase.isEmpty() || "/".equals(contextPathURIBase)) { contextPathURIBase = ""; } Context context = tomcat.addContext(contextPathURIBase, contextPath.getAbsolutePath()); context.setWebappVersion("3.0"); context.addWelcomeFile("index.jspx"); addErrorPages(context); boolean needHTTPS = apiSettings.isSecure(); boolean needAuthentication = apiSettings.getUserName() != null; if (needHTTPS || needAuthentication) { SecurityCollection securityCollection = new SecurityCollection("Protected Resources"); securityCollection.addPattern("/*"); SecurityConstraint securityConstraint = new SecurityConstraint(); securityConstraint.addCollection(securityCollection); if (needHTTPS) { securityConstraint.setUserConstraint("CONFIDENTIAL"); } if (needAuthentication) { LoginConfig loginConfig = new LoginConfig(); loginConfig.setAuthMethod("DIGEST"); loginConfig.setRealmName(InMemoryRealm.NAME); context.setLoginConfig(loginConfig); securityConstraint.addAuthRole(InMemoryRealm.AUTH_ROLE); context.addSecurityRole(InMemoryRealm.AUTH_ROLE); DigestAuthenticator authenticator = new DigestAuthenticator(); authenticator.setNonceValidity(10 * 1000L); // Shorten from 5 minutes to 10 seconds authenticator.setNonceCacheSize(20000); // Increase from 1000 to 20000 context.getPipeline().addValve(authenticator); } context.addConstraint(securityConstraint); } context.setCookies(false); return context; }
private Context makeContext(Tomcat tomcat, File noSuchBaseDir, int port) throws IOException { File contextPath = new File(noSuchBaseDir, "context"); if (!contextPath.mkdirs()) { throw new IOException("Could not create " + contextPath); } String contextPathURIBase = config.getContextPath(); Context context = tomcat.addContext(contextPathURIBase == null ? "" : contextPathURIBase, contextPath.getAbsolutePath()); context.addApplicationListener(new ApplicationListener(InitListener.class.getName(), false)); context.setWebappVersion("3.0"); context.addWelcomeFile("index.jspx"); addErrorPages(context); ServletContext servletContext = context.getServletContext(); servletContext.setAttribute(InitListener.INSTANCE_ID_KEY, config.getInstanceID()); servletContext.setAttribute(InitListener.BUCKET_KEY, config.getBucket()); servletContext.setAttribute(InitListener.RESCORER_PROVIDER_CLASS_KEY, config.getRescorerProviderClassName()); servletContext.setAttribute(InitListener.CLIENT_THREAD_CLASS_KEY, config.getClientThreadClassName()); servletContext.setAttribute(InitListener.LOCAL_INPUT_DIR_KEY, config.getLocalInputDir()); servletContext.setAttribute(InitListener.PORT_KEY, port); servletContext.setAttribute(InitListener.READ_ONLY_KEY, config.isReadOnly()); servletContext.setAttribute(InitListener.ALL_PARTITIONS_SPEC_KEY, config.getAllPartitionsSpecification()); servletContext.setAttribute(InitListener.PARTITION_KEY, config.getPartition()); boolean needHTTPS = config.getKeystoreFile() != null; boolean needAuthentication = config.getUserName() != null; if (needHTTPS || needAuthentication) { SecurityCollection securityCollection = new SecurityCollection("Protected Resources"); if (config.isConsoleOnlyPassword()) { securityCollection.addPattern("/index.jspx"); } else { securityCollection.addPattern("/*"); } SecurityConstraint securityConstraint = new SecurityConstraint(); securityConstraint.addCollection(securityCollection); if (needHTTPS) { securityConstraint.setUserConstraint("CONFIDENTIAL"); } if (needAuthentication) { LoginConfig loginConfig = new LoginConfig(); loginConfig.setAuthMethod("DIGEST"); loginConfig.setRealmName(InMemoryRealm.NAME); context.setLoginConfig(loginConfig); securityConstraint.addAuthRole(InMemoryRealm.AUTH_ROLE); context.addSecurityRole(InMemoryRealm.AUTH_ROLE); DigestAuthenticator authenticator = new DigestAuthenticator(); authenticator.setNonceValidity(10 * 1000L); // Shorten from 5 minutes to 10 seconds authenticator.setNonceCacheSize(20000); // Increase from 1000 to 20000 context.getPipeline().addValve(authenticator); } context.addConstraint(securityConstraint); } context.setCookies(false); return context; }
