org.eclipse.jetty.security.ConstraintMapping Java Examples

The following examples show how to use org.eclipse.jetty.security.ConstraintMapping. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: HttpServer.java    From calcite-avatica with Apache License 2.0 6 votes vote down vote up
protected ConstraintSecurityHandler configureCommonAuthentication(String constraintName,
    String[] allowedRoles, Authenticator authenticator, String realm,
    LoginService loginService) {

  Constraint constraint = new Constraint();
  constraint.setName(constraintName);
  constraint.setRoles(allowedRoles);
  // This is telling Jetty to not allow unauthenticated requests through (very important!)
  constraint.setAuthenticate(true);

  ConstraintMapping cm = new ConstraintMapping();
  cm.setConstraint(constraint);
  cm.setPathSpec("/*");

  ConstraintSecurityHandler sh = new ConstraintSecurityHandler();
  sh.setAuthenticator(authenticator);
  sh.setLoginService(loginService);
  sh.setConstraintMappings(new ConstraintMapping[]{cm});
  sh.setRealmName(realm);

  return sh;
}
 
Example #2
Source File: SecureJettyMixin.java    From attic-polygene-java with Apache License 2.0 6 votes vote down vote up
@Override
protected SecurityHandler buildSecurityHandler()
{
    if( constraintServices != null )
    {
        ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
        for( ConstraintService eachConstraintService : constraintServices )
        {
            ConstraintMapping csMapping = eachConstraintService.buildConstraintMapping();
            if( csMapping != null )
            {
                securityHandler.addConstraintMapping( csMapping );
            }
        }
        if( !securityHandler.getConstraintMappings().isEmpty() )
        {
            return securityHandler;
        }
    }
    return super.buildSecurityHandler();
}
 
Example #3
Source File: BaleenWebApi.java    From baleen with Apache License 2.0 6 votes vote down vote up
private void addServlet(final Servlet servlet, final String path, WebPermission... permissions) {
  servletContextHandler.addServlet(new ServletHolder(servlet), path);
  if (permissions != null && permissions.length > 0) {
    for (WebPermission p : permissions) {
      Constraint constraint = getConstraintForPermission(p);
      ConstraintMapping mapping = new ConstraintMapping();
      mapping.setPathSpec(servletContextHandler.getContextPath() + path);
      mapping.setConstraint(constraint);
      if (p.hasMethod()) {
        mapping.setMethod(p.getMethod().name());
      }
      constraintMappings.add(mapping);
    }
  }

  LOGGER.info("Servlet added on path {}", path);
}
 
Example #4
Source File: AuthUtilTest.java    From rest-utils with Apache License 2.0 6 votes vote down vote up
@Test
public void shouldCreateUnsecuredPathConstraints() {
  // Given:
  config = restConfigWith(ImmutableMap.of(
      RestConfig.AUTHENTICATION_SKIP_PATHS, "/path/1,/path/2"));

  // When:
  final List<ConstraintMapping> mappings = AuthUtil.createUnsecuredConstraints(config);

  // Then:
  assertThat(mappings.size(), is(2));
  assertThat(mappings.get(0).getMethod(), is("*"));
  assertThat(mappings.get(0).getPathSpec(), is("/path/1"));
  assertThat(mappings.get(0).getConstraint().getAuthenticate(), is(false));
  assertThat(mappings.get(1).getMethod(), is("*"));
  assertThat(mappings.get(1).getPathSpec(), is("/path/2"));
  assertThat(mappings.get(1).getConstraint().getAuthenticate(), is(false));
}
 
Example #5
Source File: JettySecurity.java    From camelinaction2 with Apache License 2.0 6 votes vote down vote up
@Produces
@Named("securityHandler")
public static ConstraintSecurityHandler createSecurityHandler() {
    Constraint constraint = new Constraint("BASIC", "customer");
    constraint.setAuthenticate(true);

    ConstraintMapping mapping = new ConstraintMapping();
    mapping.setConstraint(constraint);
    mapping.setPathSpec("/*");

    ConstraintSecurityHandler handler = new ConstraintSecurityHandler();
    handler.addConstraintMapping(mapping);
    handler.setAuthenticator(new BasicAuthenticator());
    handler.setLoginService(new HashLoginService("RiderAutoParts", "src/main/resources/users.properties"));

    return handler;
}
 
Example #6
Source File: ApplicationTest.java    From rest-utils with Apache License 2.0 6 votes vote down vote up
@Test
public void testSetUnsecurePathConstraintsWithUnSecure() {
  final Map<String, Object> config = ImmutableMap.of(
      RestConfig.AUTHENTICATION_SKIP_PATHS, "/path/1,/path/2");

  ConstraintSecurityHandler securityHandler = new TestApp(config).createBasicSecurityHandler();

  final List<ConstraintMapping> mappings = securityHandler.getConstraintMappings();
  assertThat(mappings.size(), is(3));
  assertThat(mappings.get(0).getPathSpec(), is("/*"));
  assertThat(mappings.get(0).getConstraint().getAuthenticate(), is(true));
  assertThat(mappings.get(1).getPathSpec(), is("/path/1"));
  assertThat(mappings.get(1).getConstraint().getAuthenticate(), is(false));
  assertThat(mappings.get(2).getPathSpec(), is("/path/2"));
  assertThat(mappings.get(2).getConstraint().getAuthenticate(), is(false));
}
 
Example #7
Source File: HttpServerUtil.java    From hbase with Apache License 2.0 6 votes vote down vote up
/**
 * Add constraints to a Jetty Context to disallow undesirable Http methods.
 * @param ctxHandler The context to modify
 * @param allowOptionsMethod if true then OPTIONS method will not be set in constraint mapping
 */
public static void constrainHttpMethods(ServletContextHandler ctxHandler,
    boolean allowOptionsMethod) {
  Constraint c = new Constraint();
  c.setAuthenticate(true);

  ConstraintMapping cmt = new ConstraintMapping();
  cmt.setConstraint(c);
  cmt.setMethod("TRACE");
  cmt.setPathSpec("/*");

  ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();

  if (!allowOptionsMethod) {
    ConstraintMapping cmo = new ConstraintMapping();
    cmo.setConstraint(c);
    cmo.setMethod("OPTIONS");
    cmo.setPathSpec("/*");
    securityHandler.setConstraintMappings(new ConstraintMapping[] { cmt, cmo });
  } else {
    securityHandler.setConstraintMappings(new ConstraintMapping[] { cmt });
  }

  ctxHandler.setSecurityHandler(securityHandler);
}
 
Example #8
Source File: HttpProtocolServer.java    From gitflow-incremental-builder with MIT License 6 votes vote down vote up
private void addBasicAuth(Server server) {
    
    ConstraintSecurityHandler security = new ConstraintSecurityHandler();
    security.setAuthenticator(new BasicAuthenticator());

    Constraint constraint = new Constraint();
    constraint.setAuthenticate(true);
    constraint.setRoles(ROLES);
    ConstraintMapping mapping = new ConstraintMapping();
    mapping.setPathSpec("/*");
    mapping.setConstraint(constraint);
    security.setConstraintMappings(Collections.singletonList(mapping));

    HashLoginService loginService = new HashLoginService();
    loginService.setUserStore(buildUserStore());
    server.addBean(loginService);
    security.setLoginService(loginService);

    security.setHandler(server.getHandler());
    server.setHandler(security);
}
 
Example #9
Source File: InMemoryIdentityManager.java    From crnk-framework with Apache License 2.0 6 votes vote down vote up
public InMemoryIdentityManager() {
	loginService = new HashLoginService();
	loginService.setName(realm);

	securityHandler = new ConstraintSecurityHandler();
	securityHandler.setAuthenticator(new BasicAuthenticator());
	securityHandler.setRealmName(realm);
	securityHandler.setLoginService(loginService);

	Constraint constraint = new Constraint();
	constraint.setName(Constraint.__BASIC_AUTH);
	//		constraint.setRoles(new String[] { "getRole", "postRole", "allRole" });
	constraint.setRoles(new String[]{Constraint.ANY_AUTH, "getRole", "postRole", "allRole"});
	constraint.setAuthenticate(true);

	ConstraintMapping cm = new ConstraintMapping();
	cm.setConstraint(constraint);
	cm.setPathSpec("/*");
	securityHandler.addConstraintMapping(cm);
}
 
Example #10
Source File: CustomInitTest.java    From rest-utils with Apache License 2.0 6 votes vote down vote up
@Override
public void accept(final ServletContextHandler context) {
  final List<String> roles = config.getList(RestConfig.AUTHENTICATION_ROLES_CONFIG);
  final Constraint constraint = new Constraint();
  constraint.setAuthenticate(true);
  constraint.setRoles(roles.toArray(new String[0]));

  final ConstraintMapping constraintMapping = new ConstraintMapping();
  constraintMapping.setConstraint(constraint);
  constraintMapping.setMethod("*");
  constraintMapping.setPathSpec("/*");

  final ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
  securityHandler.addConstraintMapping(constraintMapping);
  securityHandler.setAuthenticator(new BasicAuthenticator());
  securityHandler.setLoginService(new TestLoginService());
  securityHandler.setRealmName("TestRealm");

 context.setSecurityHandler(securityHandler);
}
 
Example #11
Source File: AuthUtil.java    From rest-utils with Apache License 2.0 6 votes vote down vote up
/**
 * Build a secure or unsecure constraint using standard RestConfig for a path.
 *
 * @param restConfig the rest app's config.
 * @param authenticate authentication flag.
 * @param pathSpec path for constraint.
 * @return the constraint mapping.
 */
private static ConstraintMapping createConstraint(
    final RestConfig restConfig,
    final boolean authenticate,
    final String pathSpec
) {
  final Constraint constraint = new Constraint();
  constraint.setAuthenticate(authenticate);
  if (authenticate) {
    final List<String> roles = restConfig.getList(RestConfig.AUTHENTICATION_ROLES_CONFIG);
    constraint.setRoles(roles.toArray(new String[0]));
  }

  final ConstraintMapping mapping = new ConstraintMapping();
  mapping.setConstraint(constraint);
  mapping.setMethod("*");
  if (authenticate && AuthUtil.isCorsEnabled(restConfig)) {
    mapping.setMethodOmissions(new String[]{"OPTIONS"});
  }
  mapping.setPathSpec(pathSpec);
  return mapping;
}
 
Example #12
Source File: PaxWebIntegrationService.java    From keycloak with Apache License 2.0 6 votes vote down vote up
protected void addConstraintMapping(WebContainer service, ConstraintMapping constraintMapping) {
    Constraint constraint = constraintMapping.getConstraint();
    String[] roles = constraint.getRoles();
    // name property is unavailable on constraint object :/

    String name = "Constraint-" + new SecureRandom().nextInt(Integer.MAX_VALUE);

    int dataConstraint = constraint.getDataConstraint();
    String dataConstraintStr;
    switch (dataConstraint) {
        case Constraint.DC_UNSET: dataConstraintStr = null; break;
        case Constraint.DC_NONE: dataConstraintStr = "NONE"; break;
        case Constraint.DC_CONFIDENTIAL: dataConstraintStr = "CONFIDENTIAL"; break;
        case Constraint.DC_INTEGRAL: dataConstraintStr = "INTEGRAL"; break;
        default:
            log.warnv("Unknown data constraint: " + dataConstraint);
            dataConstraintStr = "CONFIDENTIAL";
    }
    List<String> rolesList = Arrays.asList(roles);

    log.debug("Adding security constraint name=" + name + ", url=" + constraintMapping.getPathSpec() + ", dataConstraint=" + dataConstraintStr + ", canAuthenticate="
    + constraint.getAuthenticate() + ", roles=" + rolesList);
    service.registerConstraintMapping(name, constraintMapping.getPathSpec(), null, dataConstraintStr, constraint.getAuthenticate(), rolesList, httpContext);
}
 
Example #13
Source File: GerritRestClientTest.java    From gerrit-rest-java-client with Apache License 2.0 6 votes vote down vote up
private static SecurityHandler basicAuth(String username, String password, String realm) {
    HashLoginService loginService = new HashLoginService();
    loginService.putUser(username, Credential.getCredential(password), new String[]{"user"});
    loginService.setName(realm);

    Constraint constraint = new Constraint();
    constraint.setName(Constraint.__DIGEST_AUTH);
    constraint.setRoles(new String[]{"user"});
    constraint.setAuthenticate(true);

    ConstraintMapping constraintMapping = new ConstraintMapping();
    constraintMapping.setConstraint(constraint);
    constraintMapping.setPathSpec("/*");

    ConstraintSecurityHandler csh = new ConstraintSecurityHandler();
    csh.setAuthenticator(new BasicAuthenticator());
    csh.setRealmName("realm");
    csh.addConstraintMapping(constraintMapping);
    csh.setLoginService(loginService);
    return csh;
}
 
Example #14
Source File: PaxWebIntegrationService.java    From keycloak with Apache License 2.0 6 votes vote down vote up
protected void addConstraintMapping(WebContainer service, ConstraintMapping constraintMapping) {
    Constraint constraint = constraintMapping.getConstraint();
    String[] roles = constraint.getRoles();
    // name property is unavailable on constraint object :/

    String name = "Constraint-" + new SecureRandom().nextInt(Integer.MAX_VALUE);

    int dataConstraint = constraint.getDataConstraint();
    String dataConstraintStr;
    switch (dataConstraint) {
        case Constraint.DC_UNSET: dataConstraintStr = null; break;
        case Constraint.DC_NONE: dataConstraintStr = "NONE"; break;
        case Constraint.DC_CONFIDENTIAL: dataConstraintStr = "CONFIDENTIAL"; break;
        case Constraint.DC_INTEGRAL: dataConstraintStr = "INTEGRAL"; break;
        default:
            log.warnv("Unknown data constraint: " + dataConstraint);
            dataConstraintStr = "CONFIDENTIAL";
    }
    List<String> rolesList = Arrays.asList(roles);

    log.debug("Adding security constraint name=" + name + ", url=" + constraintMapping.getPathSpec() + ", dataConstraint=" + dataConstraintStr + ", canAuthenticate="
    + constraint.getAuthenticate() + ", roles=" + rolesList);
    service.registerConstraintMapping(name, constraintMapping.getPathSpec(), null, dataConstraintStr, constraint.getAuthenticate(), rolesList, httpContext);
}
 
Example #15
Source File: AuthUtilTest.java    From rest-utils with Apache License 2.0 5 votes vote down vote up
@Test
public void shouldCreateGlobalConstraintWithOptionsOmittedForCor() {
  // Given:
  config = restConfigWith(ImmutableMap.of(
      RestConfig.ACCESS_CONTROL_ALLOW_ORIGIN_CONFIG, "something"));

  // When:
  final ConstraintMapping mapping = AuthUtil.createGlobalAuthConstraint(config);

  // Then:
  assertThat(mapping.getMethodOmissions(), is(new String[]{"OPTIONS"}));
}
 
Example #16
Source File: AuthUtilTest.java    From rest-utils with Apache License 2.0 5 votes vote down vote up
@Test
public void shouldCreateGlobalConstraintWithNoMethodsOmittedForNonCor() {
  // Given:
  config = restConfigWith(ImmutableMap.of(
      RestConfig.ACCESS_CONTROL_ALLOW_ORIGIN_CONFIG, ""));

  // When:
  final ConstraintMapping mapping = AuthUtil.createGlobalAuthConstraint(config);

  // Then:
  assertThat(mapping.getMethodOmissions(), is(nullValue()));
}
 
Example #17
Source File: AuthUtil.java    From rest-utils with Apache License 2.0 5 votes vote down vote up
/**
 * Build constraints for any unsecured paths defined in standard RestConfig.
 *
 * @param restConfig the rest app's config.
 * @return the list of constraint mappings.
 */
public static List<ConstraintMapping> createUnsecuredConstraints(final RestConfig restConfig) {
  final List<String> unsecuredPaths = restConfig.getList(RestConfig.AUTHENTICATION_SKIP_PATHS);

  return unsecuredPaths.stream()
      .map(p -> createConstraint(restConfig, false, p))
      .collect(Collectors.toList());
}
 
Example #18
Source File: AuthUtilTest.java    From rest-utils with Apache License 2.0 5 votes vote down vote up
@Test
public void shouldCreateGlobalConstraintToCoverAllMethods() {
  // When:
  final ConstraintMapping mapping = AuthUtil.createGlobalAuthConstraint(config);

  // Then:
  assertThat(mapping.getMethod(), is("*"));
}
 
Example #19
Source File: AuthUtilTest.java    From rest-utils with Apache License 2.0 5 votes vote down vote up
@Test
public void shouldCreateGlobalConstraintToCoverAllPaths() {
  // When:
  final ConstraintMapping mapping = AuthUtil.createGlobalAuthConstraint(config);

  // Then:
  assertThat(mapping.getPathSpec(), is("/*"));
}
 
Example #20
Source File: DigestAuthSupplierJettyTest.java    From cxf with Apache License 2.0 5 votes vote down vote up
@Override
protected void run() {
    server = new Server(PORT);

    HashLoginService loginService = new HashLoginService();
    loginService.setName("My Realm");
    UserStore userStore = new UserStore();
    String[] roles = new String[] {"user"};
    userStore.addUser(USER, Credential.getCredential(PWD), roles);
    loginService.setUserStore(userStore);

    Constraint constraint = new Constraint();
    constraint.setName(Constraint.__DIGEST_AUTH);
    constraint.setRoles(roles);
    constraint.setAuthenticate(true);

    ConstraintMapping cm = new ConstraintMapping();
    cm.setConstraint(constraint);
    cm.setPathSpec("/*");

    ConstraintSecurityHandler csh = new ConstraintSecurityHandler();
    csh.setAuthenticator(new DigestAuthenticator());
    csh.addConstraintMapping(cm);
    csh.setLoginService(loginService);

    ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS);
    context.setSecurityHandler(csh);
    context.setContextPath("/");
    server.setHandler(context);
    context.addServlet(new ServletHolder(new TestServlet()), "/*");

    try {
        server.start();
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}
 
Example #21
Source File: AuthUtilTest.java    From rest-utils with Apache License 2.0 5 votes vote down vote up
@Test
public void shouldCreateGlobalConstraintWithAuthRequired() {
  // When:
  final ConstraintMapping mapping = AuthUtil.createGlobalAuthConstraint(config);

  // Then:
  assertThat(mapping.getConstraint().getAuthenticate(), is(true));
}
 
Example #22
Source File: AuthUtilTest.java    From rest-utils with Apache License 2.0 5 votes vote down vote up
@Test
public void shouldDefaultToCreatingGlobalConstraintWithAnyRole() {
  // When:
  final ConstraintMapping mapping = AuthUtil.createGlobalAuthConstraint(config);

  // Then:
  assertThat(mapping.getConstraint().isAnyRole(), is(true));
  assertThat(mapping.getConstraint().isAnyAuth(), is(false));
  assertThat(mapping.getConstraint().getRoles(), is(new String[]{"*"}));
}
 
Example #23
Source File: AuthUtilTest.java    From rest-utils with Apache License 2.0 5 votes vote down vote up
@Test
public void shouldCreateGlobalConstraintWithRoles() {
  // Given:
  config = restConfigWith(ImmutableMap.of(
      RestConfig.AUTHENTICATION_ROLES_CONFIG, " r1 , r2 "));

  // When:
  final ConstraintMapping mapping = AuthUtil.createGlobalAuthConstraint(config);

  // Then:
  assertThat(mapping.getConstraint().isAnyRole(), is(false));
  assertThat(mapping.getConstraint().getRoles(), is(new String[]{"r1","r2"}));
}
 
Example #24
Source File: AuthUtilTest.java    From rest-utils with Apache License 2.0 5 votes vote down vote up
@Test
public void shouldCreateGlobalConstraintWithNoRoles() {
  // Given:
  config = restConfigWith(ImmutableMap.of(
      RestConfig.AUTHENTICATION_ROLES_CONFIG, "*"));

  // When:
  final ConstraintMapping mapping = AuthUtil.createGlobalAuthConstraint(config);

  // Then:
  assertThat(mapping.getConstraint().isAnyRole(), is(true));
  assertThat(mapping.getConstraint().getRoles(), is(new String[]{"*"}));
}
 
Example #25
Source File: AuthUtilTest.java    From rest-utils with Apache License 2.0 5 votes vote down vote up
@Test
public void shouldCreateNoUnsecuredPathConstraints() {
  // Given:
  config = restConfigWith(ImmutableMap.of(
      RestConfig.AUTHENTICATION_SKIP_PATHS, ""));

  // When:
  final List<ConstraintMapping> mappings = AuthUtil.createUnsecuredConstraints(config);

  // Then:
  assertThat(mappings.size(), is(0));
}
 
Example #26
Source File: AuthUtilTest.java    From rest-utils with Apache License 2.0 5 votes vote down vote up
@Test
public void shouldCreateUnsecuredPathConstraint() {
  // Given:
  config = restConfigWith(ImmutableMap.of());

  // When:
  final ConstraintMapping mappings =
      AuthUtil.createUnsecuredConstraint(config, "/path/*");

  // Then:
  assertThat(mappings.getMethod(), is("*"));
  assertThat(mappings.getPathSpec(), is("/path/*"));
  assertThat(mappings.getConstraint().getAuthenticate(), is(false));
}
 
Example #27
Source File: AuthUtilTest.java    From rest-utils with Apache License 2.0 5 votes vote down vote up
@Test
public void shouldCreateSecuredPathConstraint() {
  // Given:
  config = restConfigWith(ImmutableMap.of());

  // When:
  final ConstraintMapping mappings =
      AuthUtil.createSecuredConstraint(config, "/path/*");

  // Then:
  assertThat(mappings.getMethod(), is("*"));
  assertThat(mappings.getPathSpec(), is("/path/*"));
  assertThat(mappings.getConstraint().getAuthenticate(), is(true));
}
 
Example #28
Source File: StandaloneAdminWeb.java    From chipster with MIT License 5 votes vote down vote up
public static void main(String args[]) throws Exception {
	org.eclipse.jetty.server.Server adminServer = new org.eclipse.jetty.server.Server();
	ServerConnector connector = new ServerConnector(adminServer);
	connector.setPort(8083);
	adminServer.setConnectors(new Connector[]{ connector });
	
	Constraint constraint = new Constraint();
	constraint.setName(Constraint.__BASIC_AUTH);
	constraint.setRoles(new String[] {"admin_role"});
	constraint.setAuthenticate(true);
	
	ConstraintMapping cm = new ConstraintMapping();
	cm.setConstraint(constraint);
	cm.setPathSpec("/*");
	
	HashLoginService loginService = new HashLoginService("Please enter Chipster Admin username and password");
	loginService.update("chipster", 
			new Password("chipster"), 
			new String[] {"admin_role"});
	
	ConstraintSecurityHandler sh = new ConstraintSecurityHandler();
	sh.setLoginService(loginService);
	sh.addConstraintMapping(cm);
	
	WebAppContext context = new WebAppContext();
	File war = new File("../chipster/dist/admin-web.war");
	//File war = new File("webapps/admin-web.war");
	context.setWar(war.getAbsolutePath());
	System.out.println(war.getAbsolutePath());
       context.setContextPath("/");
			
       context.setHandler(sh);
	HandlerCollection handlers = new HandlerCollection();
	handlers.setHandlers(new Handler[] {context, new DefaultHandler()});
			
	adminServer.setHandler(handlers);
       adminServer.start();
}
 
Example #29
Source File: PaxWebIntegrationService.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Override
public boolean addConstraintMapping(HttpContext httpContext, WebContainer service, Object cm) {
    if (cm instanceof ConstraintMapping) {
        ConstraintMapping constraintMapping = (ConstraintMapping) cm;
        Constraint constraint = constraintMapping.getConstraint();
        String[] roles = constraint.getRoles();
        // name property is unavailable on constraint object :/

        String name = "Constraint-" + new SecureRandom().nextInt(Integer.MAX_VALUE);

        int dataConstraint = constraint.getDataConstraint();
        String dataConstraintStr;
        switch (dataConstraint) {
            case Constraint.DC_UNSET:
                dataConstraintStr = null;
                break;
            case Constraint.DC_NONE:
                dataConstraintStr = "NONE";
                break;
            case Constraint.DC_CONFIDENTIAL:
                dataConstraintStr = "CONFIDENTIAL";
                break;
            case Constraint.DC_INTEGRAL:
                dataConstraintStr = "INTEGRAL";
                break;
            default:
                log.warnv("Unknown data constraint: " + dataConstraint);
                dataConstraintStr = "CONFIDENTIAL";
        }
        List<String> rolesList = Arrays.asList(roles);

        log.debug("Adding security constraint name=" + name + ", url=" + constraintMapping.getPathSpec() + ", dataConstraint=" + dataConstraintStr + ", canAuthenticate="
                + constraint.getAuthenticate() + ", roles=" + rolesList);
        service.registerConstraintMapping(name, constraintMapping.getPathSpec(), null, dataConstraintStr, constraint.getAuthenticate(), rolesList, httpContext);
        return true;
    }
    return false;
}
 
Example #30
Source File: PaxWebIntegrationService.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public boolean addConstraintMapping(HttpContext httpContext, WebContainer service, Object cm) {
    if (cm instanceof ConstraintMapping) {
        ConstraintMapping constraintMapping = (ConstraintMapping) cm;
        Constraint constraint = constraintMapping.getConstraint();
        String[] roles = constraint.getRoles();
        // name property is unavailable on constraint object :/

        String name = "Constraint-" + new SecureRandom().nextInt(Integer.MAX_VALUE);

        int dataConstraint = constraint.getDataConstraint();
        String dataConstraintStr;
        switch (dataConstraint) {
            case Constraint.DC_UNSET:
                dataConstraintStr = null;
                break;
            case Constraint.DC_NONE:
                dataConstraintStr = "NONE";
                break;
            case Constraint.DC_CONFIDENTIAL:
                dataConstraintStr = "CONFIDENTIAL";
                break;
            case Constraint.DC_INTEGRAL:
                dataConstraintStr = "INTEGRAL";
                break;
            default:
                log.warnv("Unknown data constraint: " + dataConstraint);
                dataConstraintStr = "CONFIDENTIAL";
        }
        List<String> rolesList = Arrays.asList(roles);

        log.debug("Adding security constraint name=" + name + ", url=" + constraintMapping.getPathSpec() + ", dataConstraint=" + dataConstraintStr + ", canAuthenticate="
                + constraint.getAuthenticate() + ", roles=" + rolesList);
        service.registerConstraintMapping(name, constraintMapping.getPathSpec(), null, dataConstraintStr, constraint.getAuthenticate(), rolesList, httpContext);
        return true;
    }
    return false;
}