io.undertow.servlet.api.SingleConstraintMatch Java Examples
The following examples show how to use
io.undertow.servlet.api.SingleConstraintMatch.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: ServletSecurityConstraintHandler.java From quarkus-http with Apache License 2.0 | 6 votes |
|
@Override
public void handleRequest(final HttpServerExchange exchange) throws Exception {
final String path = exchange.getRelativePath();
SecurityPathMatch securityMatch = securityPathMatches.getSecurityInfo(path, exchange.getRequestMethod());
final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
List<SingleConstraintMatch> list = servletRequestContext.getRequiredConstrains();
if (list == null) {
servletRequestContext.setRequiredConstrains(list = new ArrayList<>());
}
list.add(securityMatch.getMergedConstraint());
TransportGuaranteeType type = servletRequestContext.getTransportGuarenteeType();
if (type == null || type.ordinal() < securityMatch.getTransportGuaranteeType().ordinal()) {
servletRequestContext.setTransportGuarenteeType(securityMatch.getTransportGuaranteeType());
}
UndertowLogger.SECURITY_LOGGER.debugf("Security constraints for request %s are %s", exchange.getRequestURI(), list);
next.handleRequest(exchange);
}
Example #2
| Source File: ServletSecurityRoleHandler.java From quarkus-http with Apache License 2.0 | 6 votes |
|
@Override
public void handleRequest(final HttpServerExchange exchange) throws Exception {
final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
ServletRequest request = servletRequestContext.getServletRequest();
if (request.getDispatcherType() == DispatcherType.REQUEST) {
List<SingleConstraintMatch> constraints = servletRequestContext.getRequiredConstrains();
SecurityContext sc = exchange.getSecurityContext();
if (!authorizationManager.canAccessResource(constraints, sc.getAuthenticatedAccount(), servletRequestContext.getCurrentServlet().getManagedServlet().getServletInfo(), servletRequestContext.getOriginalRequest(), servletRequestContext.getDeployment())) {
HttpServletResponse response = (HttpServletResponse) servletRequestContext.getServletResponse();
response.sendError(StatusCodes.FORBIDDEN);
return;
}
}
next.handleRequest(exchange);
}
Example #3
| Source File: ServletSecurityRoleHandler.java From lams with GNU General Public License v2.0 | 6 votes |
|
@Override
public void handleRequest(final HttpServerExchange exchange) throws Exception {
final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
ServletRequest request = servletRequestContext.getServletRequest();
if (request.getDispatcherType() == DispatcherType.REQUEST) {
List<SingleConstraintMatch> constraints = servletRequestContext.getRequiredConstrains();
SecurityContext sc = exchange.getSecurityContext();
if (!authorizationManager.canAccessResource(constraints, sc.getAuthenticatedAccount(), servletRequestContext.getCurrentServlet().getManagedServlet().getServletInfo(), servletRequestContext.getOriginalRequest(), servletRequestContext.getDeployment())) {
HttpServletResponse response = (HttpServletResponse) servletRequestContext.getServletResponse();
response.sendError(StatusCodes.FORBIDDEN);
return;
}
}
next.handleRequest(exchange);
}
Example #4
| Source File: ServletSecurityConstraintHandler.java From lams with GNU General Public License v2.0 | 6 votes |
|
@Override
public void handleRequest(final HttpServerExchange exchange) throws Exception {
final String path = exchange.getRelativePath();
SecurityPathMatch securityMatch = securityPathMatches.getSecurityInfo(path, exchange.getRequestMethod().toString());
final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
List<SingleConstraintMatch> list = servletRequestContext.getRequiredConstrains();
if (list == null) {
servletRequestContext.setRequiredConstrains(list = new ArrayList<>());
}
list.add(securityMatch.getMergedConstraint());
TransportGuaranteeType type = servletRequestContext.getTransportGuarenteeType();
if (type == null || type.ordinal() < securityMatch.getTransportGuaranteeType().ordinal()) {
servletRequestContext.setTransportGuarenteeType(securityMatch.getTransportGuaranteeType());
}
UndertowLogger.SECURITY_LOGGER.debugf("Security constraints for request %s are %s", exchange.getRequestURI(), list);
next.handleRequest(exchange);
}
Example #5
| Source File: ServletAuthenticationConstraintHandler.java From quarkus-http with Apache License 2.0 | 5 votes |
|
@Override
protected boolean isAuthenticationRequired(final HttpServerExchange exchange) {
//j_security_check always requires auth
if (exchange.getRelativePath().endsWith(ServletFormAuthenticationMechanism.DEFAULT_POST_LOCATION)) {
return true;
}
List<SingleConstraintMatch> constraints = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY).getRequiredConstrains();
/*
* Even once this is set to true the reason we allow the loop to continue is in case an empty role with a semantic of
* deny is found as that will override everything.
*/
boolean authenticationRequired = false;
for (SingleConstraintMatch constraint : constraints) {
if (constraint.getRequiredRoles().isEmpty()) {
if (constraint.getEmptyRoleSemantic() == EmptyRoleSemantic.DENY) {
/*
* For this case we return false as we know it can never be satisfied.
*/
return false;
} else if (constraint.getEmptyRoleSemantic() == EmptyRoleSemantic.AUTHENTICATE) {
authenticationRequired = true;
}
} else {
authenticationRequired = true;
}
}
if(authenticationRequired) {
UndertowLogger.SECURITY_LOGGER.debugf("Authenticating required for request %s", exchange);
}
return authenticationRequired;
}
Example #6
| Source File: SecurityPathMatches.java From quarkus-http with Apache License 2.0 | 5 votes |
|
/**
* merge all constraints, as per 13.8.1 Combining Constraints
*/
private SingleConstraintMatch mergeConstraints(final RuntimeMatch currentMatch) {
if (currentMatch.uncovered && denyUncoveredHttpMethods) {
return new SingleConstraintMatch(SecurityInfo.EmptyRoleSemantic.DENY, Collections.<String>emptySet());
}
final Set<String> allowedRoles = new HashSet<>();
for (SingleConstraintMatch match : currentMatch.constraints) {
if (match.getRequiredRoles().isEmpty()) {
return new SingleConstraintMatch(match.getEmptyRoleSemantic(), Collections.<String>emptySet());
} else {
allowedRoles.addAll(match.getRequiredRoles());
}
}
return new SingleConstraintMatch(SecurityInfo.EmptyRoleSemantic.PERMIT, allowedRoles);
}
Example #7
| Source File: SecurityPathMatches.java From lams with GNU General Public License v2.0 | 5 votes |
|
/**
* merge all constraints, as per 13.8.1 Combining Constraints
*/
private SingleConstraintMatch mergeConstraints(final RuntimeMatch currentMatch) {
if (currentMatch.uncovered && denyUncoveredHttpMethods) {
return new SingleConstraintMatch(SecurityInfo.EmptyRoleSemantic.DENY, Collections.<String>emptySet());
}
final Set<String> allowedRoles = new HashSet<>();
for (SingleConstraintMatch match : currentMatch.constraints) {
if (match.getRequiredRoles().isEmpty()) {
return new SingleConstraintMatch(match.getEmptyRoleSemantic(), Collections.<String>emptySet());
} else {
allowedRoles.addAll(match.getRequiredRoles());
}
}
return new SingleConstraintMatch(SecurityInfo.EmptyRoleSemantic.PERMIT, allowedRoles);
}
Example #8
| Source File: ServletAuthenticationConstraintHandler.java From lams with GNU General Public License v2.0 | 5 votes |
|
@Override
protected boolean isAuthenticationRequired(final HttpServerExchange exchange) {
//j_security_check always requires auth
if (exchange.getRelativePath().endsWith(ServletFormAuthenticationMechanism.DEFAULT_POST_LOCATION)) {
return true;
}
List<SingleConstraintMatch> constraints = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY).getRequiredConstrains();
/*
* Even once this is set to true the reason we allow the loop to continue is in case an empty role with a semantic of
* deny is found as that will override everything.
*/
boolean authenticationRequired = false;
for (SingleConstraintMatch constraint : constraints) {
if (constraint.getRequiredRoles().isEmpty()) {
if (constraint.getEmptyRoleSemantic() == EmptyRoleSemantic.DENY) {
/*
* For this case we return false as we know it can never be satisfied.
*/
return false;
} else if (constraint.getEmptyRoleSemantic() == EmptyRoleSemantic.AUTHENTICATE) {
authenticationRequired = true;
}
} else {
authenticationRequired = true;
}
}
if(authenticationRequired) {
UndertowLogger.SECURITY_LOGGER.debugf("Authenticating required for request %s", exchange);
}
return authenticationRequired;
}
Example #9
| Source File: SecurityPathMatch.java From lams with GNU General Public License v2.0 | 4 votes |
|
SecurityPathMatch(final TransportGuaranteeType transportGuaranteeType, final SingleConstraintMatch mergedConstraint) {
this.transportGuaranteeType = transportGuaranteeType;
this.mergedConstraint = mergedConstraint;
}
Example #10
| Source File: DefaultAuthorizationManager.java From lams with GNU General Public License v2.0 | 4 votes |
|
@Override
public boolean canAccessResource(List<SingleConstraintMatch> constraints, Account account, ServletInfo servletInfo, HttpServletRequest request, Deployment deployment) {
if (constraints == null || constraints.isEmpty()) {
return true;
}
for (final SingleConstraintMatch constraint : constraints) {
boolean found = false;
Set<String> roleSet = constraint.getRequiredRoles();
if (roleSet.isEmpty() && constraint.getEmptyRoleSemantic() != SecurityInfo.EmptyRoleSemantic.DENY) {
/*
* The EmptyRoleSemantic was either PERMIT or AUTHENTICATE, either way a roles check is not needed.
*/
found = true;
} else if (account != null) {
if(roleSet.contains("**") && !deployment.getDeploymentInfo().getSecurityRoles().contains("**")) {
found = true;
} else {
final Set<String> roles = deployment.getDeploymentInfo().getPrincipalVersusRolesMap().get(account.getPrincipal().getName());
for (String role : roleSet) {
if (roles != null) {
if (roles.contains(role)) {
found = true;
break;
}
}
if (account.getRoles().contains(role)) {
found = true;
break;
}
}
}
}
if (!found) {
return false;
}
}
return true;
}
Example #11
| Source File: ServletRequestContext.java From lams with GNU General Public License v2.0 | 4 votes |
|
public void setRequiredConstrains(List<SingleConstraintMatch> requiredConstrains) {
this.requiredConstrains = requiredConstrains;
}
Example #12
| Source File: ServletRequestContext.java From lams with GNU General Public License v2.0 | 4 votes |
|
public List<SingleConstraintMatch> getRequiredConstrains() {
return requiredConstrains;
}
Example #13
| Source File: SecurityPathMatch.java From lams with GNU General Public License v2.0 | 4 votes |
|
SingleConstraintMatch getMergedConstraint() {
return mergedConstraint;
}
Example #14
| Source File: SecurityPathMatch.java From quarkus-http with Apache License 2.0 | 4 votes |
|
SecurityPathMatch(final TransportGuaranteeType transportGuaranteeType, final SingleConstraintMatch mergedConstraint) {
this.transportGuaranteeType = transportGuaranteeType;
this.mergedConstraint = mergedConstraint;
}
Example #15
| Source File: DefaultAuthorizationManager.java From quarkus-http with Apache License 2.0 | 4 votes |
|
@Override
public boolean canAccessResource(List<SingleConstraintMatch> constraints, Account account, ServletInfo servletInfo, HttpServletRequest request, Deployment deployment) {
if (constraints == null || constraints.isEmpty()) {
return true;
}
for (final SingleConstraintMatch constraint : constraints) {
boolean found = false;
Set<String> roleSet = constraint.getRequiredRoles();
if (roleSet.isEmpty() && constraint.getEmptyRoleSemantic() != SecurityInfo.EmptyRoleSemantic.DENY) {
/*
* The EmptyRoleSemantic was either PERMIT or AUTHENTICATE, either way a roles check is not needed.
*/
found = true;
} else if (account != null) {
if(roleSet.contains("**") && !deployment.getDeploymentInfo().getSecurityRoles().contains("**")) {
found = true;
} else {
final Set<String> roles = deployment.getDeploymentInfo().getPrincipalVersusRolesMap().get(account.getPrincipal().getName());
for (String role : roleSet) {
if (roles != null) {
if (roles.contains(role)) {
found = true;
break;
}
}
if (account.getRoles().contains(role)) {
found = true;
break;
}
}
}
}
if (!found) {
return false;
}
}
return true;
}
Example #16
| Source File: ServletRequestContext.java From quarkus-http with Apache License 2.0 | 4 votes |
|
public void setRequiredConstrains(List<SingleConstraintMatch> requiredConstrains) {
this.requiredConstrains = requiredConstrains;
}
Example #17
| Source File: ServletRequestContext.java From quarkus-http with Apache License 2.0 | 4 votes |
|
public List<SingleConstraintMatch> getRequiredConstrains() {
return requiredConstrains;
}
Example #18
| Source File: SecurityPathMatch.java From quarkus-http with Apache License 2.0 | 4 votes |
|
public SingleConstraintMatch getMergedConstraint() {
return mergedConstraint;
}
