Java Code Examples for org.eclipse.jetty.security.ConstraintMapping#setMethod()

The following examples show how to use org.eclipse.jetty.security.ConstraintMapping#setMethod() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: BaleenWebApi.java    From baleen with Apache License 2.0 6 votes vote down vote up
private void addServlet(final Servlet servlet, final String path, WebPermission... permissions) {
  servletContextHandler.addServlet(new ServletHolder(servlet), path);
  if (permissions != null && permissions.length > 0) {
    for (WebPermission p : permissions) {
      Constraint constraint = getConstraintForPermission(p);
      ConstraintMapping mapping = new ConstraintMapping();
      mapping.setPathSpec(servletContextHandler.getContextPath() + path);
      mapping.setConstraint(constraint);
      if (p.hasMethod()) {
        mapping.setMethod(p.getMethod().name());
      }
      constraintMappings.add(mapping);
    }
  }

  LOGGER.info("Servlet added on path {}", path);
}
 
Example 2
Source File: HttpServerUtil.java    From hbase with Apache License 2.0 6 votes vote down vote up
/**
 * Add constraints to a Jetty Context to disallow undesirable Http methods.
 * @param ctxHandler The context to modify
 * @param allowOptionsMethod if true then OPTIONS method will not be set in constraint mapping
 */
public static void constrainHttpMethods(ServletContextHandler ctxHandler,
    boolean allowOptionsMethod) {
  Constraint c = new Constraint();
  c.setAuthenticate(true);

  ConstraintMapping cmt = new ConstraintMapping();
  cmt.setConstraint(c);
  cmt.setMethod("TRACE");
  cmt.setPathSpec("/*");

  ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();

  if (!allowOptionsMethod) {
    ConstraintMapping cmo = new ConstraintMapping();
    cmo.setConstraint(c);
    cmo.setMethod("OPTIONS");
    cmo.setPathSpec("/*");
    securityHandler.setConstraintMappings(new ConstraintMapping[] { cmt, cmo });
  } else {
    securityHandler.setConstraintMappings(new ConstraintMapping[] { cmt });
  }

  ctxHandler.setSecurityHandler(securityHandler);
}
 
Example 3
Source File: AuthUtil.java    From rest-utils with Apache License 2.0 6 votes vote down vote up
/**
 * Build a secure or unsecure constraint using standard RestConfig for a path.
 *
 * @param restConfig the rest app's config.
 * @param authenticate authentication flag.
 * @param pathSpec path for constraint.
 * @return the constraint mapping.
 */
private static ConstraintMapping createConstraint(
    final RestConfig restConfig,
    final boolean authenticate,
    final String pathSpec
) {
  final Constraint constraint = new Constraint();
  constraint.setAuthenticate(authenticate);
  if (authenticate) {
    final List<String> roles = restConfig.getList(RestConfig.AUTHENTICATION_ROLES_CONFIG);
    constraint.setRoles(roles.toArray(new String[0]));
  }

  final ConstraintMapping mapping = new ConstraintMapping();
  mapping.setConstraint(constraint);
  mapping.setMethod("*");
  if (authenticate && AuthUtil.isCorsEnabled(restConfig)) {
    mapping.setMethodOmissions(new String[]{"OPTIONS"});
  }
  mapping.setPathSpec(pathSpec);
  return mapping;
}
 
Example 4
Source File: CustomInitTest.java    From rest-utils with Apache License 2.0 6 votes vote down vote up
@Override
public void accept(final ServletContextHandler context) {
  final List<String> roles = config.getList(RestConfig.AUTHENTICATION_ROLES_CONFIG);
  final Constraint constraint = new Constraint();
  constraint.setAuthenticate(true);
  constraint.setRoles(roles.toArray(new String[0]));

  final ConstraintMapping constraintMapping = new ConstraintMapping();
  constraintMapping.setConstraint(constraint);
  constraintMapping.setMethod("*");
  constraintMapping.setPathSpec("/*");

  final ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
  securityHandler.addConstraintMapping(constraintMapping);
  securityHandler.setAuthenticator(new BasicAuthenticator());
  securityHandler.setLoginService(new TestLoginService());
  securityHandler.setRealmName("TestRealm");

 context.setSecurityHandler(securityHandler);
}
 
Example 5
Source File: AppEngineAuthenticationTest.java    From appengine-java-vm-runtime with Apache License 2.0 5 votes vote down vote up
private void addConstraint(
    ConstraintSecurityHandler handler, String path, String name, String... roles) {
  Constraint constraint = new Constraint();
  constraint.setName(name);
  constraint.setRoles(roles);
  constraint.setAuthenticate(true);
  ConstraintMapping mapping = new ConstraintMapping();
  mapping.setMethod("GET");
  mapping.setPathSpec(path);
  mapping.setConstraint(constraint);
  handler.addConstraintMapping(mapping);
}
 
Example 6
Source File: WebServerTask.java    From datacollector with Apache License 2.0 4 votes vote down vote up
private List<ConstraintMapping> createConstraintMappings() {
  // everything under /* public
  Constraint noAuthConstraint = new Constraint();
  noAuthConstraint.setName("auth");
  noAuthConstraint.setAuthenticate(false);
  noAuthConstraint.setRoles(new String[]{"user"});
  ConstraintMapping noAuthMapping = new ConstraintMapping();
  noAuthMapping.setPathSpec("/*");
  noAuthMapping.setConstraint(noAuthConstraint);

  // everything under /public-rest/* public
  Constraint publicRestConstraint = new Constraint();
  publicRestConstraint.setName("auth");
  publicRestConstraint.setAuthenticate(false);
  publicRestConstraint.setRoles(new String[] { "user"});
  ConstraintMapping publicRestMapping = new ConstraintMapping();
  publicRestMapping.setPathSpec("/public-rest/*");
  publicRestMapping.setConstraint(publicRestConstraint);


  // everything under /rest/* restricted
  Constraint restConstraint = new Constraint();
  restConstraint.setName("auth");
  restConstraint.setAuthenticate(true);
  restConstraint.setRoles(new String[] { "user"});
  ConstraintMapping restMapping = new ConstraintMapping();
  restMapping.setPathSpec("/rest/*");
  restMapping.setConstraint(restConstraint);

  // /logout is restricted
  Constraint logoutConstraint = new Constraint();
  logoutConstraint.setName("auth");
  logoutConstraint.setAuthenticate(true);
  logoutConstraint.setRoles(new String[] { "user"});
  ConstraintMapping logoutMapping = new ConstraintMapping();
  logoutMapping.setPathSpec("/logout");
  logoutMapping.setConstraint(logoutConstraint);

  // index page is restricted to trigger login correctly when using form authentication
  Constraint indexConstraint = new Constraint();
  indexConstraint.setName("auth");
  indexConstraint.setAuthenticate(true);
  indexConstraint.setRoles(new String[] { "user"});
  ConstraintMapping indexMapping = new ConstraintMapping();
  indexMapping.setPathSpec("");
  indexMapping.setConstraint(indexConstraint);

  // docs is restricted
  ConstraintMapping docMapping = new ConstraintMapping();
  docMapping.setPathSpec("/docs/*");
  docMapping.setConstraint(indexConstraint);

  // Disable TRACE method
  Constraint disableTraceConstraint = new Constraint();
  disableTraceConstraint.setName("Disable TRACE");
  disableTraceConstraint.setAuthenticate(true);
  ConstraintMapping disableTraceMapping = new ConstraintMapping();
  disableTraceMapping.setPathSpec("/*");
  disableTraceMapping.setMethod("TRACE");
  disableTraceMapping.setConstraint(disableTraceConstraint);

  return ImmutableList.of(
      disableTraceMapping,
      restMapping,
      indexMapping,
      docMapping,
      logoutMapping,
      noAuthMapping,
      publicRestMapping
  );
}
 
Example 7
Source File: JettyServer.java    From selenium with Apache License 2.0 4 votes vote down vote up
public JettyServer(BaseServerOptions options, HttpHandler handler) {
  this.handler = Require.nonNull("Handler", handler);
  int port = options.getPort() == 0 ? PortProber.findFreePort() : options.getPort();

  String host = options.getHostname().orElseGet(() -> {
    try {
      return new NetworkUtils().getNonLoopbackAddressOfThisMachine();
    } catch (WebDriverException ignored) {
      return "localhost";
    }
  });

  try {
    this.url = new URL("http", host, port, "");
  } catch (MalformedURLException e) {
    throw new UncheckedIOException(e);
  }

  Log.setLog(new JavaUtilLog());
  this.server = new org.eclipse.jetty.server.Server(
      new QueuedThreadPool(options.getMaxServerThreads()));

  this.servletContextHandler = new ServletContextHandler(ServletContextHandler.SECURITY);
  ConstraintSecurityHandler
      securityHandler =
      (ConstraintSecurityHandler) servletContextHandler.getSecurityHandler();

  Constraint disableTrace = new Constraint();
  disableTrace.setName("Disable TRACE");
  disableTrace.setAuthenticate(true);
  ConstraintMapping disableTraceMapping = new ConstraintMapping();
  disableTraceMapping.setConstraint(disableTrace);
  disableTraceMapping.setMethod("TRACE");
  disableTraceMapping.setPathSpec("/");
  securityHandler.addConstraintMapping(disableTraceMapping);

  Constraint enableOther = new Constraint();
  enableOther.setName("Enable everything but TRACE");
  ConstraintMapping enableOtherMapping = new ConstraintMapping();
  enableOtherMapping.setConstraint(enableOther);
  enableOtherMapping.setMethodOmissions(new String[]{"TRACE"});
  enableOtherMapping.setPathSpec("/");
  securityHandler.addConstraintMapping(enableOtherMapping);

  // Allow CORS: Whether the Selenium server should allow web browser connections from any host
  if (options.getAllowCORS()) {
    FilterHolder
        filterHolder = servletContextHandler.addFilter(CrossOriginFilter.class, "/*", EnumSet
        .of(DispatcherType.REQUEST));
    filterHolder.setInitParameter("allowedMethods", "GET,POST,PUT,DELETE,HEAD");

    // Warning user
    LOG.warning("You have enabled CORS requests from any host. "
                + "Be careful not to visit sites which could maliciously "
                + "try to start Selenium sessions on your machine");
  }

  server.setHandler(servletContextHandler);

  HttpConfiguration httpConfig = new HttpConfiguration();
  httpConfig.setSecureScheme("https");

  ServerConnector http = new ServerConnector(server, new HttpConnectionFactory(httpConfig));
  options.getHostname().ifPresent(http::setHost);
  http.setPort(getUrl().getPort());

  http.setIdleTimeout(500000);

  server.setConnectors(new Connector[]{http});
}