javax.servlet.HttpConstraintElement Java Examples

The following examples show how to use javax.servlet.HttpConstraintElement. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: TestStandardContext.java    From Tomcat8-Source-Read with MIT License 6 votes vote down vote up
@Override
public void onStartup(Set<Class<?>> c, ServletContext ctx)
        throws ServletException {
    // Register and map servlet
    Servlet s = new TesterServlet();
    ServletRegistration.Dynamic sr = ctx.addServlet("test", s);
    sr.addMapping("/test");

    // Add a constraint with uncovered methods
    HttpConstraintElement hce = new HttpConstraintElement(
            TransportGuarantee.NONE, "tomcat");
    HttpMethodConstraintElement hmce =
            new HttpMethodConstraintElement("POST", hce);
    Set<HttpMethodConstraintElement> hmces = new HashSet<>();
    hmces.add(hmce);
    ServletSecurityElement sse = new ServletSecurityElement(hmces);
    sr.setServletSecurity(sse);
}
 
Example #2
Source File: SecurityConstraint.java    From Tomcat8-Source-Read with MIT License 5 votes vote down vote up
private static SecurityConstraint createConstraint(
        HttpConstraintElement element, String urlPattern, boolean alwaysCreate) {

    SecurityConstraint constraint = new SecurityConstraint();
    SecurityCollection collection = new SecurityCollection();
    boolean create = alwaysCreate;

    if (element.getTransportGuarantee() !=
            ServletSecurity.TransportGuarantee.NONE) {
        constraint.setUserConstraint(element.getTransportGuarantee().name());
        create = true;
    }
    if (element.getRolesAllowed().length > 0) {
        String[] roles = element.getRolesAllowed();
        for (String role : roles) {
            constraint.addAuthRole(role);
        }
        create = true;
    }
    if (element.getEmptyRoleSemantic() != EmptyRoleSemantic.PERMIT) {
        constraint.setAuthConstraint(true);
        create = true;
    }

    if (create) {
        collection.addPattern(urlPattern);
        constraint.addCollection(collection);
        return constraint;
    }

    return null;
}
 
Example #3
Source File: TestStandardContext.java    From Tomcat8-Source-Read with MIT License 5 votes vote down vote up
@Override
public void onStartup(Set<Class<?>> c, ServletContext ctx)
        throws ServletException {
    // Register and map servlet
    Servlet s = new TesterServlet();
    ServletRegistration.Dynamic sr = ctx.addServlet("bug50015", s);
    sr.addMapping("/bug50015");

    // Limit access to users in the Tomcat role
    HttpConstraintElement hce = new HttpConstraintElement(
            TransportGuarantee.NONE, "tomcat");
    ServletSecurityElement sse = new ServletSecurityElement(hce);
    sr.setServletSecurity(sse);
}
 
Example #4
Source File: SecurityConstraint.java    From Tomcat7.0.67 with Apache License 2.0 5 votes vote down vote up
private static SecurityConstraint createConstraint(
        HttpConstraintElement element, String urlPattern, boolean alwaysCreate) {

    SecurityConstraint constraint = new SecurityConstraint();
    SecurityCollection collection = new SecurityCollection();
    boolean create = alwaysCreate;
    
    if (element.getTransportGuarantee() !=
            ServletSecurity.TransportGuarantee.NONE) {
        constraint.setUserConstraint(element.getTransportGuarantee().name());
        create = true;
    }
    if (element.getRolesAllowed().length > 0) {
        String[] roles = element.getRolesAllowed();
        for (String role : roles) {
            constraint.addAuthRole(role);
        }
        create = true;
    }
    if (element.getEmptyRoleSemantic() != EmptyRoleSemantic.PERMIT) {
        constraint.setAuthConstraint(true);
        create = true;
    }
    
    if (create) {
        collection.addPattern(urlPattern);
        constraint.addCollection(collection);
        return constraint;
    }
    
    return null;
}
 
Example #5
Source File: TestStandardContext.java    From Tomcat7.0.67 with Apache License 2.0 5 votes vote down vote up
@Override
public void onStartup(Set<Class<?>> c, ServletContext ctx)
        throws ServletException {
    // Register and map servlet
    Servlet s = new Bug50015Servlet();
    ServletRegistration.Dynamic sr = ctx.addServlet("bug50015", s);
    sr.addMapping("/bug50015");

    // Limit access to users in the Tomcat role
    HttpConstraintElement hce = new HttpConstraintElement(
            TransportGuarantee.NONE, "tomcat");
    ServletSecurityElement sse = new ServletSecurityElement(hce);
    sr.setServletSecurity(sse);
}
 
Example #6
Source File: RpcWebInitializer.java    From Brutusin-RPC with Apache License 2.0 5 votes vote down vote up
private RpcServlet registerRpcServlet(ServletContext ctx) {
    LOGGER.info("Starting HTTP RPC runtime");
    RpcServlet servlet = new RpcServlet();
    ServletRegistration.Dynamic regInfo = ctx.addServlet(RpcServlet.class.getName(), servlet);
    ServletSecurityElement sec = new ServletSecurityElement(new HttpConstraintElement());
    regInfo.setServletSecurity(sec);
    regInfo.setLoadOnStartup(1);
    regInfo.addMapping(RpcConfig.getInstance().getPath() + "/http");
    return servlet;
}
 
Example #7
Source File: SecurityConstraint.java    From tomcatsrc with Apache License 2.0 5 votes vote down vote up
private static SecurityConstraint createConstraint(
        HttpConstraintElement element, String urlPattern, boolean alwaysCreate) {

    SecurityConstraint constraint = new SecurityConstraint();
    SecurityCollection collection = new SecurityCollection();
    boolean create = alwaysCreate;
    
    if (element.getTransportGuarantee() !=
            ServletSecurity.TransportGuarantee.NONE) {
        constraint.setUserConstraint(element.getTransportGuarantee().name());
        create = true;
    }
    if (element.getRolesAllowed().length > 0) {
        String[] roles = element.getRolesAllowed();
        for (String role : roles) {
            constraint.addAuthRole(role);
        }
        create = true;
    }
    if (element.getEmptyRoleSemantic() != EmptyRoleSemantic.PERMIT) {
        constraint.setAuthConstraint(true);
        create = true;
    }
    
    if (create) {
        collection.addPattern(urlPattern);
        constraint.addCollection(collection);
        return constraint;
    }
    
    return null;
}
 
Example #8
Source File: TestStandardContext.java    From tomcatsrc with Apache License 2.0 5 votes vote down vote up
@Override
public void onStartup(Set<Class<?>> c, ServletContext ctx)
        throws ServletException {
    // Register and map servlet
    Servlet s = new Bug50015Servlet();
    ServletRegistration.Dynamic sr = ctx.addServlet("bug50015", s);
    sr.addMapping("/bug50015");

    // Limit access to users in the Tomcat role
    HttpConstraintElement hce = new HttpConstraintElement(
            TransportGuarantee.NONE, "tomcat");
    ServletSecurityElement sse = new ServletSecurityElement(hce);
    sr.setServletSecurity(sse);
}
 
Example #9
Source File: ServletManager.java    From iaf with Apache License 2.0 4 votes vote down vote up
public void registerServlet(String servletName, Servlet servletClass, String urlMapping, String[] roles, int loadOnStartup, Map<String, String> initParameters) {
	log.info("instantiating IbisInitializer servlet name ["+servletName+"] servletClass ["+servletClass+"] loadOnStartup ["+loadOnStartup+"]");
	getServletContext().log("instantiating IbisInitializer servlet ["+servletName+"]");


	AppConstants appConstants = AppConstants.getInstance();
	String propertyPrefix = "servlet."+servletName+".";

	if(!appConstants.getBoolean(propertyPrefix+"enabled", true))
		return;

	ServletRegistration.Dynamic serv = getServletContext().addServlet(servletName, servletClass);
	ServletSecurity.TransportGuarantee transportGuarantee = getTransportGuarantee(propertyPrefix+"transportGuarantee");

	String stage = appConstants.getString("dtap.stage", null);
	String[] rolesCopy = new String[0];
	if(roles != null && !stage.equalsIgnoreCase("LOC"))
		rolesCopy = roles;
	String roleNames = appConstants.getString(propertyPrefix+"securityroles", null);
	if(StringUtils.isNotEmpty(roleNames))
		rolesCopy = roleNames.split(",");
	declareRoles(rolesCopy);

	HttpConstraintElement httpConstraintElement = new HttpConstraintElement(transportGuarantee, rolesCopy);
	ServletSecurityElement constraint = new ServletSecurityElement(httpConstraintElement);

	String urlMappingCopy = appConstants.getString(propertyPrefix+"urlMapping", urlMapping);
	if(!urlMappingCopy.startsWith("/") && !urlMappingCopy.startsWith("*")) {
		urlMappingCopy = "/"+urlMappingCopy;
	}
	serv.addMapping(urlMappingCopy);

	int loadOnStartupCopy = appConstants.getInt(propertyPrefix+"loadOnStartup", loadOnStartup);
	serv.setLoadOnStartup(loadOnStartupCopy);
	serv.setServletSecurity(constraint);

	if(initParameters != null && !initParameters.isEmpty()) {
		//Manually loop through the map as serv.setInitParameters will fail all parameters even if only 1 fails...
		for (String key : initParameters.keySet()) {
			String value = initParameters.get(key);
			if(!serv.setInitParameter(key, value)) {
				log("unable to set init-parameter ["+key+"] with value ["+value+"] for servlet ["+servletName+"]", Level.ERROR);
			}
		}
	}

	if(log.isDebugEnabled()) log.debug("registered servlet ["+servletName+"] class ["+servletClass+"] url ["+urlMapping+"] loadOnStartup ["+loadOnStartup+"]");
}