Java Code Examples for org.apache.tomcat.util.descriptor.web.SecurityCollection#addPattern()

The following examples show how to use org.apache.tomcat.util.descriptor.web.SecurityCollection#addPattern() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: TomcatHttpConfig.java    From Java-API-Test-Examples with Apache License 2.0 7 votes vote down vote up
/**
 * 配置内置的Servlet容器工厂为Tomcat
 * @return
 */
@Bean
public ServletWebServerFactory servletContainer() {
	TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
		@Override
		protected void postProcessContext(Context context) {
			SecurityConstraint securityConstraint = new SecurityConstraint();
			securityConstraint.setUserConstraint("CONFIDENTIAL");
			SecurityCollection collection = new SecurityCollection();
			collection.addPattern("/*");
			securityConstraint.addCollection(collection);
			context.addConstraint(securityConstraint);
		}
	};
	//添加配置信息,主要是Http的配置信息
	tomcat.addAdditionalTomcatConnectors(redirectConnector());
	return tomcat;
}
 
Example 2
Source File: HttpsConfiguration.java    From nbp with Apache License 2.0 7 votes vote down vote up
@Bean
public ServletWebServerFactory servletContainer() {
    TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
        @Override
        protected void postProcessContext(Context context) {
            SecurityConstraint securityConstraint = new SecurityConstraint();
            securityConstraint.setUserConstraint("CONFIDENTIAL");
            SecurityCollection collection = new SecurityCollection();
            collection.addPattern("/*");
            securityConstraint.addCollection(collection);
            context.addConstraint(securityConstraint);
        }
    };
    tomcat.addAdditionalTomcatConnectors(redirectConnector());
    return tomcat;
}
 
Example 3
Source File: CustomConfig.java    From spring-boot-tutorial with Creative Commons Attribution Share Alike 4.0 International 6 votes vote down vote up
@Bean
TomcatServletWebServerFactory tomcatServletWebServerFactory() {
    TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory() {
        @Override
        protected void postProcessContext(Context context) {
            SecurityConstraint constraint = new SecurityConstraint();
            constraint.setUserConstraint("CONFIDENTIAL");
            SecurityCollection collection = new SecurityCollection();
            collection.addPattern("/*");
            constraint.addCollection(collection);
            context.addConstraint(constraint);
        }
    };
    factory.addAdditionalTomcatConnectors(createTomcatConnector());
    return factory;
}
 
Example 4
Source File: SSLConfig.java    From NoteBlog with MIT License 6 votes vote down vote up
@Bean
public EmbeddedServletContainerFactory servletContainer() {
    TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {

        @Override
        protected void postProcessContext(Context context) {
            if (environment.getProperty("server.ssl.enabled", Boolean.class, Boolean.FALSE)) {
                SecurityConstraint constraint = new SecurityConstraint();
                constraint.setUserConstraint("CONFIDENTIAL");
                SecurityCollection collection = new SecurityCollection();
                collection.addPattern("/*");
                constraint.addCollection(collection);
                context.addConstraint(constraint);
            } else {
                super.postProcessContext(context);
            }
        }
    };
    if (environment.getProperty("server.ssl.enabled", Boolean.class, Boolean.FALSE)) {
        tomcat.addAdditionalTomcatConnectors(httpConnector());
    }
    return tomcat;
}
 
Example 5
Source File: WebConfig.java    From jcart with MIT License 6 votes vote down vote up
@Bean
public EmbeddedServletContainerFactory servletContainer() {
	TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
		@Override
		protected void postProcessContext(Context context) {
			SecurityConstraint securityConstraint = new SecurityConstraint();
			securityConstraint.setUserConstraint("CONFIDENTIAL");
			SecurityCollection collection = new SecurityCollection();
			collection.addPattern("/*");
			securityConstraint.addCollection(collection);
			context.addConstraint(securityConstraint);
		}
	};

	tomcat.addAdditionalTomcatConnectors(initiateHttpConnector());
	return tomcat;
}
 
Example 6
Source File: WebConfig.java    From jcart with MIT License 6 votes vote down vote up
@Bean
public EmbeddedServletContainerFactory servletContainer()
{
	TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory()
	{
		@Override
		protected void postProcessContext(Context context)
		{
			SecurityConstraint securityConstraint = new SecurityConstraint();
			securityConstraint.setUserConstraint("CONFIDENTIAL");
			SecurityCollection collection = new SecurityCollection();
			collection.addPattern("/*");
			securityConstraint.addCollection(collection);
			context.addConstraint(securityConstraint);
		}
	};

	tomcat.addAdditionalTomcatConnectors(initiateHttpConnector());
	return tomcat;
}
 
Example 7
Source File: HttpsConfig.java    From spring-boot-demo with MIT License 6 votes vote down vote up
@Bean
public TomcatServletWebServerFactory tomcatServletWebServerFactory(Connector connector) {
    TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
        @Override
        protected void postProcessContext(Context context) {
            SecurityConstraint securityConstraint = new SecurityConstraint();
            securityConstraint.setUserConstraint("CONFIDENTIAL");
            SecurityCollection collection = new SecurityCollection();
            collection.addPattern("/*");
            securityConstraint.addCollection(collection);
            context.addConstraint(securityConstraint);
        }
    };
    tomcat.addAdditionalTomcatConnectors(connector);
    return tomcat;
}
 
Example 8
Source File: MaxKeySslConfig.java    From MaxKey with Apache License 2.0 6 votes vote down vote up
@Bean
public TomcatServletWebServerFactory tomcatServletWebServerFactory(Connector connector) {
    TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
        @Override
        protected void postProcessContext(Context context) {
            SecurityConstraint securityConstraint = new SecurityConstraint();
            securityConstraint.setUserConstraint("CONFIDENTIAL");
            SecurityCollection collection = new SecurityCollection();
            collection.addPattern("/*");
            securityConstraint.addCollection(collection);
            context.addConstraint(securityConstraint);
        }
    };
    tomcat.addAdditionalTomcatConnectors(connector);
    return tomcat;
}
 
Example 9
Source File: SslConfig.java    From spring-boot-cookbook with Apache License 2.0 6 votes vote down vote up
@Bean
public EmbeddedServletContainerFactory servletContainer() {
    TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
        @Override
        protected void postProcessContext(Context context) {
            // SecurityConstraint必须存在,可以通过其为不同的URL设置不同的重定向策略。
            SecurityConstraint constraint = new SecurityConstraint();
            constraint.setUserConstraint("CONFIDENTIAL");
            SecurityCollection collection = new SecurityCollection();
            collection.addPattern("/*");
            constraint.addCollection(collection);
            context.addConstraint(constraint);
        }
    };
    tomcat.addAdditionalTomcatConnectors(httpConnector());
    return tomcat;
}
 
Example 10
Source File: HttpsServerConfig.java    From micro-service with MIT License 6 votes vote down vote up
private void addSecurityConstraint(Context context) {
    SecurityConstraint securityConstraint = new SecurityConstraint();
    securityConstraint.setUserConstraint("CONFIDENTIAL");
    SecurityCollection collection = new SecurityCollection();
    collection.addPattern("/*");
    collection.addMethod("HEAD");
    collection.addMethod("PUT");
    collection.addMethod("DELETE");
    collection.addMethod("OPTIONS");
    collection.addMethod("TRACE");
    collection.addMethod("COPY");
    collection.addMethod("SEARCH");
    collection.addMethod("PROPFIND");
    securityConstraint.addCollection(collection);
    context.addConstraint(securityConstraint);
}
 
Example 11
Source File: SystemConfiguration.java    From NFVO with Apache License 2.0 6 votes vote down vote up
@Bean
public EmbeddedServletContainerFactory servletContainer() {
  if (https) {
    TomcatEmbeddedServletContainerFactory tomcat =
        new TomcatEmbeddedServletContainerFactory() {
          @Override
          protected void postProcessContext(Context context) {
            SecurityConstraint securityConstraint = new SecurityConstraint();
            securityConstraint.setUserConstraint("CONFIDENTIAL");
            SecurityCollection collection = new SecurityCollection();
            collection.addPattern("/*");
            securityConstraint.addCollection(collection);
            context.addConstraint(securityConstraint);
          }
        };

    tomcat.addAdditionalTomcatConnectors(initiateHttpConnector());
    return tomcat;
  }
  return new TomcatEmbeddedServletContainerFactory();
}
 
Example 12
Source File: CdiEventRealm.java    From tomee with Apache License 2.0 5 votes vote down vote up
@Override
public SecurityConstraint[] findSecurityConstraints(final Request request, final Context context) {
    final SecurityConstraint[] sc = super.findSecurityConstraints(request, context);

    if (beanManager() == null) {
        return sc;
    }

    final FindSecurityConstraintsEvent event = new FindSecurityConstraintsEvent(request.getRequest(), context.getPath());
    beanManager().fireEvent(event);

    if (!event.getRoles().isEmpty()) {
        final SecurityConstraint s = new SecurityConstraint();
        final SecurityCollection collection = new SecurityCollection();

        collection.addPattern("/*"); // only for the current request
        collection.addMethod(request.getMethod());
        s.addCollection(collection);

        if (event.getUserConstraint() != null) {
            s.setUserConstraint(event.getUserConstraint());
        }

        for(final String r: event.getRoles()) {
            s.addAuthRole(r);
        }

        return new SecurityConstraint[] { s };
    }

    return sc;
}
 
Example 13
Source File: SecurityConstaintBuilder.java    From tomee with Apache License 2.0 5 votes vote down vote up
public SecurityConstaintBuilder addCollection(final String name, final String pattern, final String... methods) {
    final SecurityCollection collection = new SecurityCollection();
    collection.setName(name);
    collection.addPattern(pattern);
    for (final String httpMethod : methods) {
        collection.addMethod(httpMethod);
    }
    securityConstraint.addCollection(collection);
    return this;
}
 
Example 14
Source File: Meecrowave.java    From openwebbeans-meecrowave with Apache License 2.0 5 votes vote down vote up
public SecurityConstaintBuilder addCollection(final String name, final String pattern, final String... methods) {
    final SecurityCollection collection = new SecurityCollection();
    collection.setName(name);
    collection.addPattern(pattern);
    for (final String httpMethod : methods) {
        collection.addMethod(httpMethod);
    }
    securityConstraint.addCollection(collection);
    return this;
}
 
Example 15
Source File: App.java    From danyuan-application with Apache License 2.0 5 votes vote down vote up
public ServletWebServerFactory servletContainer() {
	TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
		@Override
		protected void postProcessContext(org.apache.catalina.Context context) {
			SecurityConstraint constraint = new SecurityConstraint();
			constraint.setUserConstraint("CONFIDENTIAL");
			SecurityCollection collection = new SecurityCollection();
			collection.addPattern("/*");
			constraint.addCollection(collection);
			context.addConstraint(constraint);
		}
	};
	tomcat.addAdditionalTomcatConnectors(createHTTPConnector());
	return tomcat;
}
 
Example 16
Source File: Http2Https.java    From springBoot with MIT License 5 votes vote down vote up
@Bean
public TomcatServletWebServerFactory servletContainerFactory() {
    TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
        @Override
        protected void postProcessContext(Context context) {
            //设置安全性约束
            SecurityConstraint securityConstraint = new SecurityConstraint();
            securityConstraint.setUserConstraint("CONFIDENTIAL");
            //设置约束条件
            SecurityCollection collection = new SecurityCollection();
            //拦截所有请求
            collection.addPattern("/*");
            securityConstraint.addCollection(collection);
            context.addConstraint(securityConstraint);
        }
    };
    Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
    //设置将分配给通过此连接器接收到的请求的方案
    connector.setScheme("http");

    //true: http使用http, https使用https;
    //false: http重定向到https;
    connector.setSecure(false);

    //设置监听请求的端口号,这个端口不能其他已经在使用的端口重复,否则会报错
    connector.setPort(httpPort);

    //重定向端口号(非SSL到SSL)
    connector.setRedirectPort(sslPort);

    tomcat.addAdditionalTomcatConnectors(connector);
    return tomcat;
}
 
Example 17
Source File: HttpServer.java    From guardedbox with GNU Affero General Public License v3.0 4 votes vote down vote up
/**
 * Bean: ServletWebServerFactory.
 * Creates a dual port Tomcat, listening both in an http port and an https port. The http port simply redirects to the https one.
 *
 * @return TomcatServletWebServerFactory.
 */
@Bean
public ServletWebServerFactory servletWebServerFactory() {

    // Check if there is dual port configuration.
    if (serverProperties.getInternalHttpPort() == null
            || serverProperties.getExternalHttpPort() == null
            || serverProperties.getInternalHttpsPort() == null
            || serverProperties.getExternalHttpsPort() == null
            || serverProperties.getPort().equals(serverProperties.getInternalHttpPort())
            || !serverProperties.getPort().equals(serverProperties.getInternalHttpsPort())) {
        return new TomcatServletWebServerFactory();
    }

    // Set TLS ECDH offered curves.
    if (!StringUtils.isEmpty(sslProperties.getEcdhCurves()))
        System.setProperty(JdkProperty.TLS_ECDH_CURVES.getPropertyName(), sslProperties.getEcdhCurves());

    // Enable TLS OCSP stapling.
    if (sslProperties.getEnableOcspStapling() != null)
        System.setProperty(JdkProperty.TLS_ENABLE_OCSP_STAPLING.getPropertyName(), sslProperties.getEnableOcspStapling().toString());

    // Create the https Tomcat.
    TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {

        @Override
        protected void postProcessContext(
                Context context) {

            SecurityConstraint securityConstraint = new SecurityConstraint();
            securityConstraint.setUserConstraint("CONFIDENTIAL");
            SecurityCollection collection = new SecurityCollection();
            collection.addPattern("/*");
            securityConstraint.addCollection(collection);
            context.addConstraint(securityConstraint);

        }

    };

    // Customize the https connector.
    tomcat.addConnectorCustomizers(new TomcatConnectorCustomizer() {

        @Override
        public void customize(
                Connector connector) {

            SSLHostConfig sslHostConfig = connector.findSslHostConfigs()[0];
            sslHostConfig.setHonorCipherOrder(true);

        }

    });

    // Add the http connector with a redirection to the https port.
    Connector httpConnector = new Connector(TomcatServletWebServerFactory.DEFAULT_PROTOCOL);
    httpConnector.setScheme("http");
    httpConnector.setPort(serverProperties.getInternalHttpPort());
    httpConnector.setSecure(false);
    httpConnector.setRedirectPort(serverProperties.getExternalHttpsPort());
    tomcat.addAdditionalTomcatConnectors(httpConnector);

    return tomcat;

}
 
Example 18
Source File: ServingLayer.java    From oryx with Apache License 2.0 4 votes vote down vote up
private void makeContext(Tomcat tomcat, Path noSuchBaseDir) throws IOException {
  Path contextPath = noSuchBaseDir.resolve("context");
  Files.createDirectories(contextPath);

  context = tomcat.addContext(contextPathURIBase, contextPath.toAbsolutePath().toString());

  context.setWebappVersion("3.1");
  context.setName("Oryx");

  context.addWelcomeFile("index.html");
  addErrorPages(context);

  // OryxApplication only needs one config value, so just pass it
  context.addParameter(OryxApplication.class.getName() + ".packages", appResourcesPackages);
  // ModelManagerListener will need whole config
  String serializedConfig = ConfigUtils.serialize(config);
  context.addParameter(ConfigUtils.class.getName() + ".serialized", serializedConfig);

  Wrapper wrapper =
      Tomcat.addServlet(context, "Jersey", "org.glassfish.jersey.servlet.ServletContainer");
  wrapper.addInitParameter("javax.ws.rs.Application", OryxApplication.class.getName());
  //wrapper.addInitParameter(OryxApplication.class.getName() + ".packages", appResourcesPackage);
  wrapper.addMapping("/*");
  wrapper.setLoadOnStartup(1);
  wrapper.setMultipartConfigElement(new MultipartConfigElement(""));

  if (!doNotInitTopics) { // Only for tests
    context.addApplicationListener(ModelManagerListener.class.getName());
  }

  // Better way to configure JASPIC?
  AuthConfigFactory.setFactory(new AuthConfigFactoryImpl());

  boolean needHTTPS = keystoreFile != null;
  boolean needAuthentication = userName != null;

  if (needHTTPS || needAuthentication) {

    SecurityCollection securityCollection = new SecurityCollection();
    securityCollection.addPattern("/*");
    SecurityConstraint securityConstraint = new SecurityConstraint();
    securityConstraint.addCollection(securityCollection);

    if (needHTTPS) {
      securityConstraint.setUserConstraint("CONFIDENTIAL");
    }

    if (needAuthentication) {

      LoginConfig loginConfig = new LoginConfig();
      loginConfig.setAuthMethod("DIGEST");
      loginConfig.setRealmName(InMemoryRealm.NAME);
      context.setLoginConfig(loginConfig);

      securityConstraint.addAuthRole(InMemoryRealm.AUTH_ROLE);

      context.addSecurityRole(InMemoryRealm.AUTH_ROLE);
      DigestAuthenticator authenticator = new DigestAuthenticator();
      authenticator.setNonceValidity(10 * 1000L); // Shorten from 5 minutes to 10 seconds
      authenticator.setNonceCacheSize(20000); // Increase from 1000 to 20000
      context.getPipeline().addValve(authenticator);
    }

    context.addConstraint(securityConstraint);
  }

  context.setCookies(false);
}
 
Example 19
Source File: TomcatWsRegistry.java    From tomee with Apache License 2.0 4 votes vote down vote up
private static Context createNewContext(final ClassLoader classLoader, String authMethod, String transportGuarantee, final String realmName, final String name) {
    String path = name;
    if (path == null) {
        path = "/";
    }
    if (!path.startsWith("/")) {
        path = "/" + path;
    }

    final StandardContext context = new IgnoredStandardContext();
    context.setPath(path);
    context.setDocBase("");
    context.setParentClassLoader(classLoader);
    context.setDelegate(true);
    context.setName(name);
    ((TomcatWebAppBuilder) SystemInstance.get().getComponent(WebAppBuilder.class)).initJ2EEInfo(context);

    // Configure security
    if (authMethod != null) {
        authMethod = authMethod.toUpperCase();
    }
    if (transportGuarantee != null) {
        transportGuarantee = transportGuarantee.toUpperCase();
    }
    if (authMethod == null || "NONE".equals(authMethod)) { //NOPMD
        // ignore none for now as the  NonLoginAuthenticator seems to be completely hosed
    } else if ("BASIC".equals(authMethod) || "DIGEST".equals(authMethod) || "CLIENT-CERT".equals(authMethod)) {

        //Setup a login configuration
        final LoginConfig loginConfig = new LoginConfig();
        loginConfig.setAuthMethod(authMethod);
        loginConfig.setRealmName(realmName);
        context.setLoginConfig(loginConfig);

        //Setup a default Security Constraint
        final String securityRole = SystemInstance.get().getProperty(TOMEE_JAXWS_SECURITY_ROLE_PREFIX + name, "default");
        for (final String role : securityRole.split(",")) {
            final SecurityCollection collection = new SecurityCollection();
            collection.addMethod("GET");
            collection.addMethod("POST");
            collection.addPattern("/*");
            collection.setName(role);

            final SecurityConstraint sc = new SecurityConstraint();
            sc.addAuthRole("*");
            sc.addCollection(collection);
            sc.setAuthConstraint(true);
            sc.setUserConstraint(transportGuarantee);

            context.addConstraint(sc);
            context.addSecurityRole(role);
        }

        //Set the proper authenticator
        if ("BASIC".equals(authMethod)) {
            context.addValve(new BasicAuthenticator());
        } else if ("DIGEST".equals(authMethod)) {
            context.addValve(new DigestAuthenticator());
        } else if ("CLIENT-CERT".equals(authMethod)) {
            context.addValve(new SSLAuthenticator());
        } else if ("NONE".equals(authMethod)) {
            context.addValve(new NonLoginAuthenticator());
        }

        context.getPipeline().addValve(new OpenEJBValve());

    } else {
        throw new IllegalArgumentException("Invalid authMethod: " + authMethod);
    }

    return context;
}
 
Example 20
Source File: TomcatHessianRegistry.java    From tomee with Apache License 2.0 4 votes vote down vote up
private static Context createNewContext(final ClassLoader classLoader, final String rAuthMethod, final String rTransportGuarantee, final String realmName, final String name) {
    String path = name;
    if (path == null) {
        path = "/";
    }
    if (!path.startsWith("/")) {
        path = "/" + path;
    }

    final StandardContext context = new IgnoredStandardContext();
    context.setPath(path);
    context.setDocBase("");
    context.setParentClassLoader(classLoader);
    context.setDelegate(true);
    context.setName(name);
    TomcatWebAppBuilder.class.cast(SystemInstance.get().getComponent(WebAppBuilder.class)).initJ2EEInfo(context);

    // Configure security
    String authMethod = rAuthMethod;
    if (authMethod != null) {
        authMethod = authMethod.toUpperCase();
    }
    String transportGuarantee = rTransportGuarantee;
    if (transportGuarantee != null) {
        transportGuarantee = transportGuarantee.toUpperCase();
    }
    if (authMethod != null & !"NONE".equals(authMethod)) {
        if ("BASIC".equals(authMethod) || "DIGEST".equals(authMethod) || "CLIENT-CERT".equals(authMethod)) {

            //Setup a login configuration
            final LoginConfig loginConfig = new LoginConfig();
            loginConfig.setAuthMethod(authMethod);
            loginConfig.setRealmName(realmName);
            context.setLoginConfig(loginConfig);

            //Setup a default Security Constraint
            final String securityRole = SystemInstance.get().getProperty(TOMEE_HESSIAN_SECURITY_ROLE_PREFIX + name, "default");
            for (final String role : securityRole.split(",")) {
                final SecurityCollection collection = new SecurityCollection();
                collection.addMethod("GET");
                collection.addMethod("POST");
                collection.addPattern("/*");
                collection.setName(role);

                final SecurityConstraint sc = new SecurityConstraint();
                sc.addAuthRole("*");
                sc.addCollection(collection);
                sc.setAuthConstraint(true);
                sc.setUserConstraint(transportGuarantee);

                context.addConstraint(sc);
                context.addSecurityRole(role);
            }
        }

        //Set the proper authenticator
        switch (authMethod) {
            case "BASIC":
                context.addValve(new BasicAuthenticator());
                break;
            case "DIGEST":
                context.addValve(new DigestAuthenticator());
                break;
            case "CLIENT-CERT":
                context.addValve(new SSLAuthenticator());
                break;
            case "NONE":
                context.addValve(new NonLoginAuthenticator());
                break;
        }

        context.getPipeline().addValve(new OpenEJBValve());
    } else {
        throw new IllegalArgumentException("Invalid authMethod: " + authMethod);
    }

    return context;
}