io.undertow.servlet.api.SecurityInfo.EmptyRoleSemantic Java Examples
The following examples show how to use
io.undertow.servlet.api.SecurityInfo.EmptyRoleSemantic.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ServletAuthenticationConstraintHandler.java From quarkus-http with Apache License 2.0 | 5 votes |
@Override protected boolean isAuthenticationRequired(final HttpServerExchange exchange) { //j_security_check always requires auth if (exchange.getRelativePath().endsWith(ServletFormAuthenticationMechanism.DEFAULT_POST_LOCATION)) { return true; } List<SingleConstraintMatch> constraints = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY).getRequiredConstrains(); /* * Even once this is set to true the reason we allow the loop to continue is in case an empty role with a semantic of * deny is found as that will override everything. */ boolean authenticationRequired = false; for (SingleConstraintMatch constraint : constraints) { if (constraint.getRequiredRoles().isEmpty()) { if (constraint.getEmptyRoleSemantic() == EmptyRoleSemantic.DENY) { /* * For this case we return false as we know it can never be satisfied. */ return false; } else if (constraint.getEmptyRoleSemantic() == EmptyRoleSemantic.AUTHENTICATE) { authenticationRequired = true; } } else { authenticationRequired = true; } } if(authenticationRequired) { UndertowLogger.SECURITY_LOGGER.debugf("Authenticating required for request %s", exchange); } return authenticationRequired; }
Example #2
Source File: ConfidentialityConstraintUrlMappingTestCase.java From quarkus-http with Apache License 2.0 | 5 votes |
@BeforeClass public static void setup() throws Exception { DefaultServer.startSSLServer(); final PathHandler root = new PathHandler(); final ServletContainer container = ServletContainer.Factory.newInstance(); ServletInfo s = new ServletInfo("servlet", SendSchemeServlet.class) .addMapping("/clear") .addMapping("/integral") .addMapping("/confidential"); DeploymentInfo info = new DeploymentInfo() .setClassLoader(SimpleServletTestCase.class.getClassLoader()) .setContextPath("/servletContext") .setClassIntrospecter(TestClassIntrospector.INSTANCE) .setDeploymentName("servletContext.war") .setConfidentialPortManager(TestConfidentialPortManager.INSTANCE) .addServlet(s); info.addSecurityConstraint(new SecurityConstraint() .addWebResourceCollection(new WebResourceCollection() .addUrlPattern("/integral")) .setTransportGuaranteeType(TransportGuaranteeType.INTEGRAL) .setEmptyRoleSemantic(EmptyRoleSemantic.PERMIT)); info.addSecurityConstraint(new SecurityConstraint() .addWebResourceCollection(new WebResourceCollection() .addUrlPattern("/confidential")) .setTransportGuaranteeType(TransportGuaranteeType.CONFIDENTIAL) .setEmptyRoleSemantic(EmptyRoleSemantic.PERMIT)); DeploymentManager manager = container.addDeployment(info); manager.deploy(); root.addPrefixPath(info.getContextPath(), manager.start()); DefaultServer.setRootHandler(root); }
Example #3
Source File: DigestAuthTestCase.java From quarkus-http with Apache License 2.0 | 5 votes |
@BeforeClass public static void setup() throws ServletException { final PathHandler path = new PathHandler(); final ServletContainer container = ServletContainer.Factory.newInstance(); ServletInfo usernameServlet = new ServletInfo("Username Servlet", SendUsernameServlet.class) .addMapping("/secured/username"); ServletInfo authTypeServlet = new ServletInfo("Auth Type Servlet", SendAuthTypeServlet.class) .addMapping("/secured/authType"); ServletIdentityManager identityManager = new ServletIdentityManager(); identityManager.addUser("user1", "password1", "role1"); DeploymentInfo builder = new DeploymentInfo() .setClassLoader(SimpleServletTestCase.class.getClassLoader()) .setContextPath("/servletContext") .setClassIntrospecter(TestClassIntrospector.INSTANCE) .setDeploymentName("servletContext.war") .setIdentityManager(identityManager) .setLoginConfig(new LoginConfig("DIGEST", REALM_NAME)) .addServlets(usernameServlet, authTypeServlet); builder.addSecurityConstraint(new SecurityConstraint() .addWebResourceCollection(new WebResourceCollection() .addUrlPattern("/secured/*")) .addRoleAllowed("role1") .setEmptyRoleSemantic(EmptyRoleSemantic.DENY)); DeploymentManager manager = container.addDeployment(builder); manager.deploy(); path.addPrefixPath(builder.getContextPath(), manager.start()); DefaultServer.setRootHandler(path); }
Example #4
Source File: ServletAuthenticationConstraintHandler.java From lams with GNU General Public License v2.0 | 5 votes |
@Override protected boolean isAuthenticationRequired(final HttpServerExchange exchange) { //j_security_check always requires auth if (exchange.getRelativePath().endsWith(ServletFormAuthenticationMechanism.DEFAULT_POST_LOCATION)) { return true; } List<SingleConstraintMatch> constraints = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY).getRequiredConstrains(); /* * Even once this is set to true the reason we allow the loop to continue is in case an empty role with a semantic of * deny is found as that will override everything. */ boolean authenticationRequired = false; for (SingleConstraintMatch constraint : constraints) { if (constraint.getRequiredRoles().isEmpty()) { if (constraint.getEmptyRoleSemantic() == EmptyRoleSemantic.DENY) { /* * For this case we return false as we know it can never be satisfied. */ return false; } else if (constraint.getEmptyRoleSemantic() == EmptyRoleSemantic.AUTHENTICATE) { authenticationRequired = true; } } else { authenticationRequired = true; } } if(authenticationRequired) { UndertowLogger.SECURITY_LOGGER.debugf("Authenticating required for request %s", exchange); } return authenticationRequired; }
Example #5
Source File: KeycloakBaseSpringBootConfiguration.java From keycloak with Apache License 2.0 | 5 votes |
public void customize(DeploymentInfo deploymentInfo) { io.undertow.servlet.api.LoginConfig loginConfig = new io.undertow.servlet.api.LoginConfig(keycloakProperties.getRealm()); loginConfig.addFirstAuthMethod("KEYCLOAK"); deploymentInfo.setLoginConfig(loginConfig); deploymentInfo.addInitParameter("keycloak.config.resolver", KeycloakSpringBootConfigResolverWrapper.class.getName()); /* Support for '*' as all roles allowed * We clear out the role in the SecurityConstraints * and set the EmptyRoleSemantic to Authenticate * But we will set EmptyRoleSemantic to DENY (default) * if roles are non existing or left empty */ Iterator<io.undertow.servlet.api.SecurityConstraint> it = this.getSecurityConstraints().iterator(); while (it.hasNext()) { io.undertow.servlet.api.SecurityConstraint securityConstraint = it.next(); Set<String> rolesAllowed = securityConstraint.getRolesAllowed(); if (rolesAllowed.contains("*") || rolesAllowed.contains("**") ) { io.undertow.servlet.api.SecurityConstraint allRolesAllowed = new io.undertow.servlet.api.SecurityConstraint(); allRolesAllowed.setEmptyRoleSemantic(EmptyRoleSemantic.AUTHENTICATE); allRolesAllowed.setTransportGuaranteeType(securityConstraint.getTransportGuaranteeType()); for (WebResourceCollection wr : securityConstraint.getWebResourceCollections()) { allRolesAllowed.addWebResourceCollection(wr); } deploymentInfo.addSecurityConstraint(allRolesAllowed); } else // left empty will fall back on default EmptyRoleSemantic.DENY deploymentInfo.addSecurityConstraint(securityConstraint); } deploymentInfo.addServletExtension(new KeycloakServletExtension()); }
Example #6
Source File: EmptyRoleSemanticTestCase.java From quarkus-http with Apache License 2.0 | 4 votes |
@BeforeClass public static void setup() throws ServletException { final PathHandler root = new PathHandler(); final ServletContainer container = ServletContainer.Factory.newInstance(); ServletInfo s = new ServletInfo("servlet", AuthenticationMessageServlet.class) .addInitParam(MessageServlet.MESSAGE, HELLO_WORLD) .addMapping("/permit") .addMapping("/deny") .addMapping("/authenticate"); ServletIdentityManager identityManager = new ServletIdentityManager(); identityManager.addUser("user1", "password1"); // Just one role less user. DeploymentInfo builder = new DeploymentInfo() .setClassLoader(SimpleServletTestCase.class.getClassLoader()) .setContextPath("/servletContext") .setClassIntrospecter(TestClassIntrospector.INSTANCE) .setDeploymentName("servletContext.war") .setIdentityManager(identityManager) .setLoginConfig(new LoginConfig("BASIC", "Test Realm")) .addServlet(s); builder.addSecurityConstraint(new SecurityConstraint() .addWebResourceCollection(new WebResourceCollection().addUrlPattern("/permit")) .setEmptyRoleSemantic(EmptyRoleSemantic.PERMIT)); builder.addSecurityConstraint(new SecurityConstraint() .addWebResourceCollection(new WebResourceCollection().addUrlPattern("/deny")) .setEmptyRoleSemantic(EmptyRoleSemantic.DENY)); builder.addSecurityConstraint(new SecurityConstraint() .addWebResourceCollection(new WebResourceCollection().addUrlPattern("/authenticate")) .setEmptyRoleSemantic(EmptyRoleSemantic.AUTHENTICATE)); DeploymentManager manager = container.addDeployment(builder); manager.deploy(); root.addPrefixPath(builder.getContextPath(), manager.start()); DefaultServer.setRootHandler(root); }