Java Code Examples for org.apache.catalina.Wrapper#findSecurityReference()
The following examples show how to use
org.apache.catalina.Wrapper#findSecurityReference() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ContextConfig.java From Tomcat8-Source-Read with MIT License | 5 votes |
/** * Validate the usage of security role names in the web application * deployment descriptor. If any problems are found, issue warning * messages (for backwards compatibility) and add the missing roles. * (To make these problems fatal instead, simply set the <code>ok</code> * instance variable to <code>false</code> as well). */ protected void validateSecurityRoles() { // Check role names used in <security-constraint> elements SecurityConstraint constraints[] = context.findConstraints(); for (int i = 0; i < constraints.length; i++) { String roles[] = constraints[i].findAuthRoles(); for (int j = 0; j < roles.length; j++) { if (!"*".equals(roles[j]) && !context.findSecurityRole(roles[j])) { log.warn(sm.getString("contextConfig.role.auth", roles[j])); context.addSecurityRole(roles[j]); } } } // Check role names used in <servlet> elements Container wrappers[] = context.findChildren(); for (int i = 0; i < wrappers.length; i++) { Wrapper wrapper = (Wrapper) wrappers[i]; String runAs = wrapper.getRunAs(); if ((runAs != null) && !context.findSecurityRole(runAs)) { log.warn(sm.getString("contextConfig.role.runas", runAs)); context.addSecurityRole(runAs); } String names[] = wrapper.findSecurityReferences(); for (int j = 0; j < names.length; j++) { String link = wrapper.findSecurityReference(names[j]); if ((link != null) && !context.findSecurityRole(link)) { log.warn(sm.getString("contextConfig.role.link", link)); context.addSecurityRole(link); } } } }
Example 2
Source File: RealmBase.java From Tomcat8-Source-Read with MIT License | 5 votes |
/** * {@inheritDoc} * * This method or {@link #hasRoleInternal(Principal, * String)} can be overridden by Realm implementations, but the default is * adequate when an instance of <code>GenericPrincipal</code> is used to * represent authenticated Principals from this Realm. */ @Override public boolean hasRole(Wrapper wrapper, Principal principal, String role) { // Check for a role alias if (wrapper != null) { String realRole = wrapper.findSecurityReference(role); if (realRole != null) { role = realRole; } } // Should be overridden in JAASRealm - to avoid pretty inefficient conversions if (principal == null || role == null) { return false; } boolean result = hasRoleInternal(principal, role); if (log.isDebugEnabled()) { String name = principal.getName(); if (result) log.debug(sm.getString("realmBase.hasRoleSuccess", name, role)); else log.debug(sm.getString("realmBase.hasRoleFailure", name, role)); } return result; }
Example 3
Source File: ContextConfig.java From Tomcat7.0.67 with Apache License 2.0 | 5 votes |
/** * Validate the usage of security role names in the web application * deployment descriptor. If any problems are found, issue warning * messages (for backwards compatibility) and add the missing roles. * (To make these problems fatal instead, simply set the <code>ok</code> * instance variable to <code>false</code> as well). */ protected void validateSecurityRoles() { // Check role names used in <security-constraint> elements SecurityConstraint constraints[] = context.findConstraints(); for (int i = 0; i < constraints.length; i++) { String roles[] = constraints[i].findAuthRoles(); for (int j = 0; j < roles.length; j++) { if (!"*".equals(roles[j]) && !context.findSecurityRole(roles[j])) { log.warn(sm.getString("contextConfig.role.auth", roles[j])); context.addSecurityRole(roles[j]); } } } // Check role names used in <servlet> elements Container wrappers[] = context.findChildren(); for (int i = 0; i < wrappers.length; i++) { Wrapper wrapper = (Wrapper) wrappers[i]; String runAs = wrapper.getRunAs(); if ((runAs != null) && !context.findSecurityRole(runAs)) { log.warn(sm.getString("contextConfig.role.runas", runAs)); context.addSecurityRole(runAs); } String names[] = wrapper.findSecurityReferences(); for (int j = 0; j < names.length; j++) { String link = wrapper.findSecurityReference(names[j]); if ((link != null) && !context.findSecurityRole(link)) { log.warn(sm.getString("contextConfig.role.link", link)); context.addSecurityRole(link); } } } }
Example 4
Source File: RealmBase.java From Tomcat7.0.67 with Apache License 2.0 | 5 votes |
/** * Return <code>true</code> if the specified Principal has the specified * security role, within the context of this Realm; otherwise return * <code>false</code>. This method can be overridden by Realm * implementations, but the default is adequate when an instance of * <code>GenericPrincipal</code> is used to represent authenticated * Principals from this Realm. * * @param principal Principal for whom the role is to be checked * @param role Security role to be checked */ @Override public boolean hasRole(Wrapper wrapper, Principal principal, String role) { // Check for a role alias defined in a <security-role-ref> element if (wrapper != null) { String realRole = wrapper.findSecurityReference(role); if (realRole != null) role = realRole; } // Should be overridden in JAASRealm - to avoid pretty inefficient conversions if ((principal == null) || (role == null) || !(principal instanceof GenericPrincipal)) return (false); GenericPrincipal gp = (GenericPrincipal) principal; boolean result = gp.hasRole(role); if (log.isDebugEnabled()) { String name = principal.getName(); if (result) log.debug(sm.getString("realmBase.hasRoleSuccess", name, role)); else log.debug(sm.getString("realmBase.hasRoleFailure", name, role)); } return (result); }
Example 5
Source File: RealmBase.java From tomcatsrc with Apache License 2.0 | 5 votes |
/** * Return <code>true</code> if the specified Principal has the specified * security role, within the context of this Realm; otherwise return * <code>false</code>. This method can be overridden by Realm * implementations, but the default is adequate when an instance of * <code>GenericPrincipal</code> is used to represent authenticated * Principals from this Realm. * * @param principal Principal for whom the role is to be checked * @param role Security role to be checked */ @Override public boolean hasRole(Wrapper wrapper, Principal principal, String role) { // Check for a role alias defined in a <security-role-ref> element if (wrapper != null) { String realRole = wrapper.findSecurityReference(role); if (realRole != null) role = realRole; } // Should be overridden in JAASRealm - to avoid pretty inefficient conversions if ((principal == null) || (role == null) || !(principal instanceof GenericPrincipal)) return (false); GenericPrincipal gp = (GenericPrincipal) principal; boolean result = gp.hasRole(role); if (log.isDebugEnabled()) { String name = principal.getName(); if (result) log.debug(sm.getString("realmBase.hasRoleSuccess", name, role)); else log.debug(sm.getString("realmBase.hasRoleFailure", name, role)); } return (result); }
Example 6
Source File: TomEERealm.java From tomee with Apache License 2.0 | 5 votes |
@Override public boolean hasRole(final Wrapper wrapper, final Principal principal, final String rawRole) { String role = rawRole; // Check for a role alias defined in a <security-role-ref> element if (wrapper != null) { final String realRole = wrapper.findSecurityReference(role); if (realRole != null) { role = realRole; } } if (principal == null || role == null) { return false; } if (principal instanceof GenericPrincipal) { return ((GenericPrincipal) principal).hasRole(role); } for (final Realm realm : realms) { // when used implicitely (always?) realms.size == 1 so no need of a strategy if (realm.hasRole(wrapper, principal, rawRole)) { return true; } } return false; }
Example 7
Source File: UserDatabaseRealm.java From Tomcat8-Source-Read with MIT License | 4 votes |
/** * Return <code>true</code> if the specified Principal has the specified * security role, within the context of this Realm; otherwise return * <code>false</code>. This implementation returns <code>true</code> if the * <code>User</code> has the role, or if any <code>Group</code> that the * <code>User</code> is a member of has the role. * * @param principal Principal for whom the role is to be checked * @param role Security role to be checked */ @Override public boolean hasRole(Wrapper wrapper, Principal principal, String role) { // Check for a role alias defined in a <security-role-ref> element if (wrapper != null) { String realRole = wrapper.findSecurityReference(role); if (realRole != null) role = realRole; } if (principal instanceof GenericPrincipal) { GenericPrincipal gp = (GenericPrincipal) principal; if (gp.getUserPrincipal() instanceof User) { principal = gp.getUserPrincipal(); } } if (!(principal instanceof User)) { // Play nice with SSO and mixed Realms // No need to pass the wrapper here because role mapping has been // performed already a few lines above return super.hasRole(null, principal, role); } if ("*".equals(role)) { return true; } else if (role == null) { return false; } User user = (User) principal; Role dbrole = database.findRole(role); if (dbrole == null) { return false; } if (user.isInRole(dbrole)) { return true; } Iterator<Group> groups = user.getGroups(); while (groups.hasNext()) { Group group = groups.next(); if (group.isInRole(dbrole)) { return true; } } return false; }
Example 8
Source File: UserDatabaseRealm.java From Tomcat7.0.67 with Apache License 2.0 | 4 votes |
/** * Return <code>true</code> if the specified Principal has the specified * security role, within the context of this Realm; otherwise return * <code>false</code>. This implementation returns <code>true</code> * if the <code>User</code> has the role, or if any <code>Group</code> * that the <code>User</code> is a member of has the role. * * @param principal Principal for whom the role is to be checked * @param role Security role to be checked */ @Override public boolean hasRole(Wrapper wrapper, Principal principal, String role) { // Check for a role alias defined in a <security-role-ref> element if (wrapper != null) { String realRole = wrapper.findSecurityReference(role); if (realRole != null) role = realRole; } if( principal instanceof GenericPrincipal) { GenericPrincipal gp = (GenericPrincipal)principal; if(gp.getUserPrincipal() instanceof User) { principal = gp.getUserPrincipal(); } } if(! (principal instanceof User) ) { //Play nice with SSO and mixed Realms return super.hasRole(null, principal, role); } if("*".equals(role)) { return true; } else if(role == null) { return false; } User user = (User)principal; Role dbrole = database.findRole(role); if(dbrole == null) { return false; } if(user.isInRole(dbrole)) { return true; } Iterator<Group> groups = user.getGroups(); while(groups.hasNext()) { Group group = groups.next(); if(group.isInRole(dbrole)) { return true; } } return false; }
Example 9
Source File: UserDatabaseRealm.java From tomcatsrc with Apache License 2.0 | 4 votes |
/** * Return <code>true</code> if the specified Principal has the specified * security role, within the context of this Realm; otherwise return * <code>false</code>. This implementation returns <code>true</code> * if the <code>User</code> has the role, or if any <code>Group</code> * that the <code>User</code> is a member of has the role. * * @param principal Principal for whom the role is to be checked * @param role Security role to be checked */ @Override public boolean hasRole(Wrapper wrapper, Principal principal, String role) { // Check for a role alias defined in a <security-role-ref> element if (wrapper != null) { String realRole = wrapper.findSecurityReference(role); if (realRole != null) role = realRole; } if( principal instanceof GenericPrincipal) { GenericPrincipal gp = (GenericPrincipal)principal; if(gp.getUserPrincipal() instanceof User) { principal = gp.getUserPrincipal(); } } if(! (principal instanceof User) ) { //Play nice with SSO and mixed Realms return super.hasRole(null, principal, role); } if("*".equals(role)) { return true; } else if(role == null) { return false; } User user = (User)principal; Role dbrole = database.findRole(role); if(dbrole == null) { return false; } if(user.isInRole(dbrole)) { return true; } Iterator<Group> groups = user.getGroups(); while(groups.hasNext()) { Group group = groups.next(); if(group.isInRole(dbrole)) { return true; } } return false; }