javax.servlet.ServletSecurityElement Java Examples
The following examples show how to use
javax.servlet.ServletSecurityElement.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: StandardWrapper.java From Tomcat7.0.67 with Apache License 2.0 | 6 votes |
|
private void processServletSecurityAnnotation(Class<?> clazz) {
// Calling this twice isn't harmful so no syncs
servletSecurityAnnotationScanRequired = false;
Context ctxt = (Context) getParent();
if (ctxt.getIgnoreAnnotations()) {
return;
}
ServletSecurity secAnnotation =
clazz.getAnnotation(ServletSecurity.class);
if (secAnnotation != null) {
ctxt.addServletSecurity(
new ApplicationServletRegistration(this, ctxt),
new ServletSecurityElement(secAnnotation));
}
}
Example #2
| Source File: ApplicationServletRegistration.java From Tomcat7.0.67 with Apache License 2.0 | 6 votes |
|
@Override
public Set<String> setServletSecurity(ServletSecurityElement constraint) {
if (constraint == null) {
throw new IllegalArgumentException(sm.getString(
"applicationServletRegistration.setServletSecurity.iae",
getName(), context.getName()));
}
if (!context.getState().equals(LifecycleState.STARTING_PREP)) {
throw new IllegalStateException(sm.getString(
"applicationServletRegistration.setServletSecurity.ise",
getName(), context.getName()));
}
return context.addServletSecurity(this, constraint);
}
Example #3
| Source File: ApplicationServletRegistration.java From Tomcat8-Source-Read with MIT License | 6 votes |
|
@Override
public Set<String> setServletSecurity(ServletSecurityElement constraint) {
if (constraint == null) {
throw new IllegalArgumentException(sm.getString(
"applicationServletRegistration.setServletSecurity.iae",
getName(), context.getName()));
}
if (!context.getState().equals(LifecycleState.STARTING_PREP)) {
throw new IllegalStateException(sm.getString(
"applicationServletRegistration.setServletSecurity.ise",
getName(), context.getName()));
}
this.constraint = constraint;
return context.addServletSecurity(this, constraint);
}
Example #4
| Source File: TestStandardContext.java From Tomcat8-Source-Read with MIT License | 6 votes |
|
@Override
public void onStartup(Set<Class<?>> c, ServletContext ctx)
throws ServletException {
// Register and map servlet
Servlet s = new TesterServlet();
ServletRegistration.Dynamic sr = ctx.addServlet("test", s);
sr.addMapping("/test");
// Add a constraint with uncovered methods
HttpConstraintElement hce = new HttpConstraintElement(
TransportGuarantee.NONE, "tomcat");
HttpMethodConstraintElement hmce =
new HttpMethodConstraintElement("POST", hce);
Set<HttpMethodConstraintElement> hmces = new HashSet<>();
hmces.add(hmce);
ServletSecurityElement sse = new ServletSecurityElement(hmces);
sr.setServletSecurity(sse);
}
Example #5
| Source File: AuthorizationPreInitializer.java From piranha with BSD 3-Clause "New" or "Revised" License | 6 votes |
|
public List<SecurityConstraint> getConstraintsFromSecurityElements(ServletContext servletContext, AuthorizationService authorizationService) throws ServletException {
List<Entry<List<String>, ServletSecurityElement>> elements = getOptionalAttribute(servletContext, SECURITY_ELEMENTS);
if (elements == null) {
return null;
}
List<SecurityConstraint> constraints = new ArrayList<>();
for (Entry<List<String>, ServletSecurityElement> elementEntry : elements) {
constraints.addAll(ElementsToConstraintsTransformer.createConstraints(
new HashSet<>(elementEntry.getKey()),
elementEntry.getValue()));
}
return constraints;
}
Example #6
| Source File: ApplicationServletRegistration.java From tomcatsrc with Apache License 2.0 | 6 votes |
|
@Override
public Set<String> setServletSecurity(ServletSecurityElement constraint) {
if (constraint == null) {
throw new IllegalArgumentException(sm.getString(
"applicationServletRegistration.setServletSecurity.iae",
getName(), context.getName()));
}
if (!context.getState().equals(LifecycleState.STARTING_PREP)) {
throw new IllegalStateException(sm.getString(
"applicationServletRegistration.setServletSecurity.ise",
getName(), context.getName()));
}
return context.addServletSecurity(this, constraint);
}
Example #7
| Source File: LowTypedRealm.java From tomee with Apache License 2.0 | 5 votes |
|
@Override
public SecurityConstraint[] findSecurityConstraints(final Request request, final Context context) {
final Map<String, ServletSecurityElement> map = (Map<String, ServletSecurityElement>) invoke(findSecurityConstraintsMethod, request.getRequest(), context.getPath());
final List<SecurityConstraint> constraints = new ArrayList<SecurityConstraint>();
for (final Map.Entry<String, ServletSecurityElement> entry : map.entrySet()) {
constraints.addAll(Arrays.asList(SecurityConstraint.createConstraints(entry.getValue(), entry.getKey())));
}
return constraints.toArray(new SecurityConstraint[constraints.size()]);
}
Example #8
| Source File: TestStandardContext.java From Tomcat7.0.67 with Apache License 2.0 | 5 votes |
|
@Override
public void onStartup(Set<Class<?>> c, ServletContext ctx)
throws ServletException {
// Register and map servlet
Servlet s = new Bug50015Servlet();
ServletRegistration.Dynamic sr = ctx.addServlet("bug50015", s);
sr.addMapping("/bug50015");
// Limit access to users in the Tomcat role
HttpConstraintElement hce = new HttpConstraintElement(
TransportGuarantee.NONE, "tomcat");
ServletSecurityElement sse = new ServletSecurityElement(hce);
sr.setServletSecurity(sse);
}
Example #9
| Source File: WebAnnotationSet.java From Tomcat8-Source-Read with MIT License | 5 votes |
|
/**
* Process the annotations for the servlets.
*
* @param context The context which will have its annotations processed
*/
protected static void loadApplicationServletAnnotations(Context context) {
Container[] children = context.findChildren();
for (Container child : children) {
if (child instanceof Wrapper) {
Wrapper wrapper = (Wrapper) child;
if (wrapper.getServletClass() == null) {
continue;
}
Class<?> clazz = Introspection.loadClass(context, wrapper.getServletClass());
if (clazz == null) {
continue;
}
loadClassAnnotation(context, clazz);
loadFieldsAnnotation(context, clazz);
loadMethodsAnnotation(context, clazz);
/* Process RunAs annotation which can be only on servlets.
* Ref JSR 250, equivalent to the run-as element in
* the deployment descriptor
*/
RunAs runAs = clazz.getAnnotation(RunAs.class);
if (runAs != null) {
wrapper.setRunAs(runAs.value());
}
// Process ServletSecurity annotation
ServletSecurity servletSecurity = clazz.getAnnotation(ServletSecurity.class);
if (servletSecurity != null) {
context.addServletSecurity(
new ApplicationServletRegistration(wrapper, context),
new ServletSecurityElement(servletSecurity));
}
}
}
}
Example #10
| Source File: ServletRegistrationImpl.java From lams with GNU General Public License v2.0 | 5 votes |
|
@Override
public Set<String> setServletSecurity(final ServletSecurityElement constraint) {
if (constraint == null) {
throw UndertowMessages.MESSAGES.argumentCannotBeNull("constraint");
}
DeploymentInfo deploymentInfo = deployment.getDeploymentInfo();
//this is not super efficient, but it does not really matter
final Set<String> urlPatterns = new HashSet<>();
for (SecurityConstraint sc : deploymentInfo.getSecurityConstraints()) {
for (WebResourceCollection webResources : sc.getWebResourceCollections()) {
urlPatterns.addAll(webResources.getUrlPatterns());
}
}
final Set<String> ret = new HashSet<>();
for (String url : servletInfo.getMappings()) {
if (urlPatterns.contains(url)) {
ret.add(url);
}
}
ServletSecurityInfo info = new ServletSecurityInfo();
servletInfo.setServletSecurityInfo(info);
info.setTransportGuaranteeType(constraint.getTransportGuarantee() == CONFIDENTIAL ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE)
.setEmptyRoleSemantic(emptyRoleSemantic(constraint.getEmptyRoleSemantic()))
.addRolesAllowed(constraint.getRolesAllowed());
for (final HttpMethodConstraintElement methodConstraint : constraint.getHttpMethodConstraints()) {
info.addHttpMethodSecurityInfo(new HttpMethodSecurityInfo()
.setTransportGuaranteeType(methodConstraint.getTransportGuarantee() == CONFIDENTIAL ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE)
.setMethod(methodConstraint.getMethodName())
.setEmptyRoleSemantic(emptyRoleSemantic(methodConstraint.getEmptyRoleSemantic()))
.addRolesAllowed(methodConstraint.getRolesAllowed()));
}
return ret;
}
Example #11
| Source File: RpcWebInitializer.java From Brutusin-RPC with Apache License 2.0 | 5 votes |
|
private RpcServlet registerRpcServlet(ServletContext ctx) {
LOGGER.info("Starting HTTP RPC runtime");
RpcServlet servlet = new RpcServlet();
ServletRegistration.Dynamic regInfo = ctx.addServlet(RpcServlet.class.getName(), servlet);
ServletSecurityElement sec = new ServletSecurityElement(new HttpConstraintElement());
regInfo.setServletSecurity(sec);
regInfo.setLoadOnStartup(1);
regInfo.addMapping(RpcConfig.getInstance().getPath() + "/http");
return servlet;
}
Example #12
| Source File: ServletRegistrationImpl.java From quarkus-http with Apache License 2.0 | 5 votes |
|
@Override
public Set<String> setServletSecurity(final ServletSecurityElement constraint) {
if (constraint == null) {
throw UndertowMessages.MESSAGES.argumentCannotBeNull("constraint");
}
DeploymentInfo deploymentInfo = deployment.getDeploymentInfo();
//this is not super efficient, but it does not really matter
final Set<String> urlPatterns = new HashSet<>();
for (SecurityConstraint sc : deploymentInfo.getSecurityConstraints()) {
for (WebResourceCollection webResources : sc.getWebResourceCollections()) {
urlPatterns.addAll(webResources.getUrlPatterns());
}
}
final Set<String> ret = new HashSet<>();
for (String url : servletInfo.getMappings()) {
if (urlPatterns.contains(url)) {
ret.add(url);
}
}
ServletSecurityInfo info = new ServletSecurityInfo();
servletInfo.setServletSecurityInfo(info);
info.setTransportGuaranteeType(constraint.getTransportGuarantee() == CONFIDENTIAL ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE)
.setEmptyRoleSemantic(emptyRoleSemantic(constraint.getEmptyRoleSemantic()))
.addRolesAllowed(constraint.getRolesAllowed());
for (final HttpMethodConstraintElement methodConstraint : constraint.getHttpMethodConstraints()) {
info.addHttpMethodSecurityInfo(new HttpMethodSecurityInfo()
.setTransportGuaranteeType(methodConstraint.getTransportGuarantee() == CONFIDENTIAL ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE)
.setMethod(methodConstraint.getMethodName())
.setEmptyRoleSemantic(emptyRoleSemantic(methodConstraint.getEmptyRoleSemantic()))
.addRolesAllowed(methodConstraint.getRolesAllowed()));
}
return ret;
}
Example #13
| Source File: TestStandardContext.java From tomcatsrc with Apache License 2.0 | 5 votes |
|
@Override
public void onStartup(Set<Class<?>> c, ServletContext ctx)
throws ServletException {
// Register and map servlet
Servlet s = new Bug50015Servlet();
ServletRegistration.Dynamic sr = ctx.addServlet("bug50015", s);
sr.addMapping("/bug50015");
// Limit access to users in the Tomcat role
HttpConstraintElement hce = new HttpConstraintElement(
TransportGuarantee.NONE, "tomcat");
ServletSecurityElement sse = new ServletSecurityElement(hce);
sr.setServletSecurity(sse);
}
Example #14
| Source File: TestStandardContext.java From Tomcat8-Source-Read with MIT License | 5 votes |
|
@Override
public void onStartup(Set<Class<?>> c, ServletContext ctx)
throws ServletException {
// Register and map servlet
Servlet s = new TesterServlet();
ServletRegistration.Dynamic sr = ctx.addServlet("bug50015", s);
sr.addMapping("/bug50015");
// Limit access to users in the Tomcat role
HttpConstraintElement hce = new HttpConstraintElement(
TransportGuarantee.NONE, "tomcat");
ServletSecurityElement sse = new ServletSecurityElement(hce);
sr.setServletSecurity(sse);
}
Example #15
| Source File: MockServletRegistrationDynamic.java From joinfaces with Apache License 2.0 | 4 votes |
|
@Override
public Set<String> setServletSecurity(ServletSecurityElement constraint) {
throw new UnsupportedOperationException(NOT_SUPPORTED_YET); //To change body of generated methods, choose Tools | Templates.
}
Example #16
| Source File: MockServletRegistration.java From spring4-understanding with Apache License 2.0 | 4 votes |
|
@Override
public Set<String> setServletSecurity(ServletSecurityElement constraint) {
return null;
}
Example #17
| Source File: FailedContext.java From tomcatsrc with Apache License 2.0 | 4 votes |
|
@Override
public Set<String> addServletSecurity(
ApplicationServletRegistration registration,
ServletSecurityElement servletSecurityElement) { return null; }
Example #18
| Source File: TesterContext.java From Tomcat7.0.67 with Apache License 2.0 | 4 votes |
|
@Override
public Set<String> addServletSecurity(
ApplicationServletRegistration registration,
ServletSecurityElement servletSecurityElement) {
return null;
}
Example #19
| Source File: TesterContext.java From tomcatsrc with Apache License 2.0 | 4 votes |
|
@Override
public Set<String> addServletSecurity(
ApplicationServletRegistration registration,
ServletSecurityElement servletSecurityElement) {
return null;
}
Example #20
| Source File: ServletManager.java From iaf with Apache License 2.0 | 4 votes |
|
public void registerServlet(String servletName, Servlet servletClass, String urlMapping, String[] roles, int loadOnStartup, Map<String, String> initParameters) {
log.info("instantiating IbisInitializer servlet name ["+servletName+"] servletClass ["+servletClass+"] loadOnStartup ["+loadOnStartup+"]");
getServletContext().log("instantiating IbisInitializer servlet ["+servletName+"]");
AppConstants appConstants = AppConstants.getInstance();
String propertyPrefix = "servlet."+servletName+".";
if(!appConstants.getBoolean(propertyPrefix+"enabled", true))
return;
ServletRegistration.Dynamic serv = getServletContext().addServlet(servletName, servletClass);
ServletSecurity.TransportGuarantee transportGuarantee = getTransportGuarantee(propertyPrefix+"transportGuarantee");
String stage = appConstants.getString("dtap.stage", null);
String[] rolesCopy = new String[0];
if(roles != null && !stage.equalsIgnoreCase("LOC"))
rolesCopy = roles;
String roleNames = appConstants.getString(propertyPrefix+"securityroles", null);
if(StringUtils.isNotEmpty(roleNames))
rolesCopy = roleNames.split(",");
declareRoles(rolesCopy);
HttpConstraintElement httpConstraintElement = new HttpConstraintElement(transportGuarantee, rolesCopy);
ServletSecurityElement constraint = new ServletSecurityElement(httpConstraintElement);
String urlMappingCopy = appConstants.getString(propertyPrefix+"urlMapping", urlMapping);
if(!urlMappingCopy.startsWith("/") && !urlMappingCopy.startsWith("*")) {
urlMappingCopy = "/"+urlMappingCopy;
}
serv.addMapping(urlMappingCopy);
int loadOnStartupCopy = appConstants.getInt(propertyPrefix+"loadOnStartup", loadOnStartup);
serv.setLoadOnStartup(loadOnStartupCopy);
serv.setServletSecurity(constraint);
if(initParameters != null && !initParameters.isEmpty()) {
//Manually loop through the map as serv.setInitParameters will fail all parameters even if only 1 fails...
for (String key : initParameters.keySet()) {
String value = initParameters.get(key);
if(!serv.setInitParameter(key, value)) {
log("unable to set init-parameter ["+key+"] with value ["+value+"] for servlet ["+servletName+"]", Level.ERROR);
}
}
}
if(log.isDebugEnabled()) log.debug("registered servlet ["+servletName+"] class ["+servletClass+"] url ["+urlMapping+"] loadOnStartup ["+loadOnStartup+"]");
}
Example #21
| Source File: FailedContext.java From Tomcat7.0.67 with Apache License 2.0 | 4 votes |
|
@Override
public Set<String> addServletSecurity(
ApplicationServletRegistration registration,
ServletSecurityElement servletSecurityElement) { return null; }
Example #22
| Source File: NettyServletRegistration.java From Jinx with Apache License 2.0 | 4 votes |
|
@Override
public Set<String> setServletSecurity(ServletSecurityElement constraint) {
return null;
}
Example #23
| Source File: ServletRegistration.java From spring-boot-protocol with Apache License 2.0 | 4 votes |
|
@Override
public Set<String> setServletSecurity(ServletSecurityElement constraint) {
this.servletSecurityElement = constraint;
servletSecuritys.addAll(servletSecurityElement.getMethodNames());
return servletSecuritys;
}
Example #24
| Source File: ServletRegistration.java From spring-boot-protocol with Apache License 2.0 | 4 votes |
|
public ServletSecurityElement getServletSecurityElement() {
return servletSecurityElement;
}
Example #25
| Source File: MockServletRegistration.java From java-technology-stack with MIT License | 4 votes |
|
@Override
public Set<String> setServletSecurity(ServletSecurityElement constraint) {
return null;
}
Example #26
| Source File: WebConfigurerTest.java From flair-engine with Apache License 2.0 | 4 votes |
|
@Override
public Set<String> setServletSecurity(ServletSecurityElement constraint) {
return null;
}
Example #27
| Source File: MockServletRegistration.java From spring-analysis-note with MIT License | 4 votes |
|
@Override
public Set<String> setServletSecurity(ServletSecurityElement constraint) {
return null;
}
Example #28
| Source File: TesterContext.java From Tomcat8-Source-Read with MIT License | 4 votes |
|
@Override
public Set<String> addServletSecurity(Dynamic registration,
ServletSecurityElement servletSecurityElement) {
return null;
}
Example #29
| Source File: ApplicationContext.java From Tomcat8-Source-Read with MIT License | 4 votes |
|
private ServletRegistration.Dynamic addServlet(String servletName, String servletClass,
Servlet servlet, Map<String,String> initParams) throws IllegalStateException {
if (servletName == null || servletName.equals("")) {
throw new IllegalArgumentException(sm.getString(
"applicationContext.invalidServletName", servletName));
}
if (!context.getState().equals(LifecycleState.STARTING_PREP)) {
//TODO Spec breaking enhancement to ignore this restriction
throw new IllegalStateException(
sm.getString("applicationContext.addServlet.ise",
getContextPath()));
}
Wrapper wrapper = (Wrapper) context.findChild(servletName);
// Assume a 'complete' ServletRegistration is one that has a class and
// a name
if (wrapper == null) {
wrapper = context.createWrapper();
wrapper.setName(servletName);
context.addChild(wrapper);
} else {
if (wrapper.getName() != null &&
wrapper.getServletClass() != null) {
if (wrapper.isOverridable()) {
wrapper.setOverridable(false);
} else {
return null;
}
}
}
ServletSecurity annotation = null;
if (servlet == null) {
wrapper.setServletClass(servletClass);
Class<?> clazz = Introspection.loadClass(context, servletClass);
if (clazz != null) {
annotation = clazz.getAnnotation(ServletSecurity.class);
}
} else {
wrapper.setServletClass(servlet.getClass().getName());
wrapper.setServlet(servlet);
if (context.wasCreatedDynamicServlet(servlet)) {
annotation = servlet.getClass().getAnnotation(ServletSecurity.class);
}
}
if (initParams != null) {
for (Map.Entry<String, String> initParam: initParams.entrySet()) {
wrapper.addInitParameter(initParam.getKey(), initParam.getValue());
}
}
ServletRegistration.Dynamic registration =
new ApplicationServletRegistration(wrapper, context);
if (annotation != null) {
registration.setServletSecurity(new ServletSecurityElement(annotation));
}
return registration;
}
Example #30
| Source File: FailedContext.java From Tomcat8-Source-Read with MIT License | 4 votes |
|
@Override
public Set<String> addServletSecurity(
ServletRegistration.Dynamic registration,
ServletSecurityElement servletSecurityElement) { return null; }
