Example 1 with SecurityConstraint
use of io.undertow.servlet.api.SecurityConstraint in project indy by Commonjava.
the class DeploymentInfoUtils method merge.
public static void merge(final DeploymentInfo into, final DeploymentInfo from) {
final Map<String, AuthenticationMechanismFactory> authMechs = from.getAuthenticationMechanisms();
if (authMechs != null) {
for (final Map.Entry<String, AuthenticationMechanismFactory> entry : authMechs.entrySet()) {
logger.debug("Found authentication mechanism: {}", entry.getKey());
into.addAuthenticationMechanism(entry.getKey(), entry.getValue());
}
}
if (from.getAuthorizationManager() != null) {
logger.debug("Found authorization manager: {}", from.getAuthorizationManager());
into.setAuthorizationManager(from.getAuthorizationManager());
}
if (from.getConfidentialPortManager() != null) {
logger.debug("Found confidential port manager: {}", from.getConfidentialPortManager());
into.setConfidentialPortManager(from.getConfidentialPortManager());
}
final List<ErrorPage> errorPages = from.getErrorPages();
if (errorPages != null) {
logger.debug("Found error pages: {}", errorPages);
into.addErrorPages(errorPages);
}
if (from.getExceptionHandler() != null) {
logger.debug("Found exception handler: {}", from.getExceptionHandler());
into.setExceptionHandler(from.getExceptionHandler());
}
final List<FilterMappingInfo> filterMappings = from.getFilterMappings();
if (filterMappings != null) {
for (final FilterMappingInfo fmi : filterMappings) {
switch(fmi.getMappingType()) {
case SERVLET:
{
logger.debug("Found servlet-name filter mapping: {} -> {}({})", fmi.getFilterName(), fmi.getMapping(), fmi.getDispatcher());
into.addFilterServletNameMapping(fmi.getFilterName(), fmi.getMapping(), fmi.getDispatcher());
break;
}
default:
{
logger.debug("Found URL filter mapping: {} -> {}({})", fmi.getFilterName(), fmi.getMapping(), fmi.getDispatcher());
into.addFilterUrlMapping(fmi.getFilterName(), fmi.getMapping(), fmi.getDispatcher());
}
}
}
}
final Map<String, FilterInfo> filterInfos = from.getFilters();
if (filterInfos != null) {
logger.debug("Found filters: {}", filterInfos.keySet());
into.addFilters(filterInfos.values());
}
if (from.getIdentityManager() != null) {
logger.debug("Found identity manager: {}", from.getIdentityManager());
into.setIdentityManager(from.getIdentityManager());
}
final Map<String, String> initParameters = from.getInitParameters();
if (initParameters != null) {
for (final Map.Entry<String, String> entry : initParameters.entrySet()) {
logger.debug("Init-Param: {} = {} from: {}", entry.getKey(), entry.getValue(), from);
into.addInitParameter(entry.getKey(), entry.getValue());
}
}
final List<LifecycleInterceptor> lifecycleInterceptors = from.getLifecycleInterceptors();
if (lifecycleInterceptors != null) {
for (final LifecycleInterceptor lifecycleInterceptor : lifecycleInterceptors) {
logger.debug("Found lifecycle interceptor: {}", lifecycleInterceptor);
into.addLifecycleInterceptor(lifecycleInterceptor);
}
}
final List<ListenerInfo> listeners = from.getListeners();
if (listeners != null) {
logger.debug("Found listeners: {}", listeners.stream().map(li -> li.getListenerClass().getName()).collect(Collectors.toList()));
into.addListeners(listeners);
}
if (from.getMetricsCollector() != null) {
logger.debug("Found metrics collector: {}", from.getMetricsCollector());
into.setMetricsCollector(from.getMetricsCollector());
}
final List<MimeMapping> mimeMappings = from.getMimeMappings();
if (mimeMappings != null) {
logger.debug("Found mime mappings: {}", mimeMappings.stream().map(mm -> mm.getMimeType() + " -> " + mm.getExtension()).collect(Collectors.toList()));
into.addMimeMappings(mimeMappings);
}
final List<NotificationReceiver> notificationReceivers = from.getNotificationReceivers();
if (notificationReceivers != null) {
logger.debug("Found notification receivers: {}", notificationReceivers);
into.addNotificationReceivers(notificationReceivers);
}
final Map<String, Set<String>> principalVersusRolesMap = from.getPrincipalVersusRolesMap();
if (principalVersusRolesMap != null) {
for (final Map.Entry<String, Set<String>> entry : principalVersusRolesMap.entrySet()) {
logger.debug("Found principle-roles mapping: {} -> {}", entry.getKey(), entry.getValue());
into.addPrincipalVsRoleMappings(entry.getKey(), entry.getValue());
}
}
final List<SecurityConstraint> securityConstraints = from.getSecurityConstraints();
if (securityConstraints != null) {
if (logger.isDebugEnabled()) {
for (final SecurityConstraint sc : securityConstraints) {
logger.debug("Security Constraint: {} from: {}", sc, from);
}
}
into.addSecurityConstraints(securityConstraints);
}
final LoginConfig loginConfig = from.getLoginConfig();
if (loginConfig != null) {
logger.debug("Login Config with realm: {} and mechanism: {} from: {}", loginConfig.getRealmName(), loginConfig.getAuthMethods(), from);
if (into.getLoginConfig() != null) {
throw new IllegalStateException("Two or more deployment providers are attempting to provide login configurations! Enable debug logging to see more.");
}
into.setLoginConfig(loginConfig);
}
if (from.getSecurityContextFactory() != null) {
logger.debug("Found security context factory: {}", from.getSecurityContextFactory());
into.setSecurityContextFactory(from.getSecurityContextFactory());
}
final Set<String> securityRoles = from.getSecurityRoles();
if (securityRoles != null) {
logger.debug("Found security roles: {}", securityRoles);
into.addSecurityRoles(securityRoles);
}
final List<ServletContainerInitializerInfo> servletContainerInitializers = from.getServletContainerInitializers();
if (servletContainerInitializers != null) {
logger.debug("Found servlet container initializers: {}", servletContainerInitializers.stream().map(sci -> sci.getServletContainerInitializerClass().getName()).collect(Collectors.toList()));
into.addServletContainerInitalizers(servletContainerInitializers);
}
final Map<String, Object> servletContextAttributes = from.getServletContextAttributes();
if (servletContextAttributes != null) {
for (final Map.Entry<String, Object> entry : servletContextAttributes.entrySet()) {
logger.debug("Found servlet context attribute: {} -> {}", entry.getKey(), entry.getValue());
into.addServletContextAttribute(entry.getKey(), entry.getValue());
}
}
final List<ServletExtension> servletExtensions = from.getServletExtensions();
if (servletExtensions != null) {
for (final ServletExtension servletExtension : servletExtensions) {
logger.debug("Found servlet extension: {}", servletExtension);
into.addServletExtension(servletExtension);
}
}
final Map<String, ServletInfo> servletInfos = from.getServlets();
if (servletInfos != null) {
logger.debug("Found servlets: {}", servletInfos.values().stream().map(si -> si.getName() + " => " + si.getMappings()).collect(Collectors.toList()));
into.addServlets(servletInfos.values());
}
final List<SessionListener> sessionListeners = from.getSessionListeners();
if (sessionListeners != null) {
for (final SessionListener sessionListener : sessionListeners) {
logger.debug("Found session listener: {}", sessionListener);
into.addSessionListener(sessionListener);
}
}
if (from.getSessionManagerFactory() != null) {
logger.debug("Found session manager factory: {}", from.getSessionManagerFactory());
into.setSessionManagerFactory(from.getSessionManagerFactory());
}
if (from.getSessionPersistenceManager() != null) {
logger.debug("Found session persistence manager: {}", from.getSessionPersistenceManager());
into.setSessionPersistenceManager(from.getSessionPersistenceManager());
}
if (from.getTempDir() != null) {
logger.debug("Found temp dir: {}", from.getTempDir());
into.setTempDir(from.getTempDir());
}
final List<String> welcomePages = from.getWelcomePages();
if (welcomePages != null) {
logger.debug("Found welcome pages: {}", welcomePages);
into.addWelcomePages(welcomePages);
}
final List<HandlerWrapper> initWrappers = from.getInitialHandlerChainWrappers();
if (initWrappers != null) {
for (final HandlerWrapper wrapper : initWrappers) {
logger.debug("Found initial handler chain wrapper: {}", wrapper);
into.addInitialHandlerChainWrapper(wrapper);
}
}
final List<HandlerWrapper> outerWrappers = from.getOuterHandlerChainWrappers();
if (outerWrappers != null) {
for (final HandlerWrapper wrapper : outerWrappers) {
logger.debug("Found outer handler chain wrapper: {}", wrapper);
into.addOuterHandlerChainWrapper(wrapper);
}
}
final List<HandlerWrapper> innerWrappers = from.getInnerHandlerChainWrappers();
if (innerWrappers != null) {
for (final HandlerWrapper wrapper : innerWrappers) {
logger.debug("Found inner handler chain wrapper: {}", wrapper);
into.addInnerHandlerChainWrapper(wrapper);
}
}
}
Also used :
ErrorPage(io.undertow.servlet.api.ErrorPage)
FilterMappingInfo(io.undertow.servlet.api.FilterMappingInfo)
Set(java.util.Set)
HandlerWrapper(io.undertow.server.HandlerWrapper)
SecurityConstraint(io.undertow.servlet.api.SecurityConstraint)
LifecycleInterceptor(io.undertow.servlet.api.LifecycleInterceptor)
ServletInfo(io.undertow.servlet.api.ServletInfo)
LoginConfig(io.undertow.servlet.api.LoginConfig)
FilterInfo(io.undertow.servlet.api.FilterInfo)
MimeMapping(io.undertow.servlet.api.MimeMapping)
ServletContainerInitializerInfo(io.undertow.servlet.api.ServletContainerInitializerInfo)
ListenerInfo(io.undertow.servlet.api.ListenerInfo)
NotificationReceiver(io.undertow.security.api.NotificationReceiver)
SessionListener(io.undertow.server.session.SessionListener)
AuthenticationMechanismFactory(io.undertow.security.api.AuthenticationMechanismFactory)
Map(java.util.Map)
ServletExtension(io.undertow.servlet.ServletExtension)
Example 2 with SecurityConstraint
use of io.undertow.servlet.api.SecurityConstraint in project indy by Commonjava.
the class KeycloakDeploymentProvider method getDeploymentInfo.
@Override
public DeploymentInfo getDeploymentInfo(String contextRoot, Application application) {
logger.debug("Keycloak deployment provider triggered.");
final DeploymentInfo di = new DeploymentInfo();
if (config.isEnabled()) {
di.addAuthenticationMechanism(BASIC_LOGIN_MECHANISM, new ImmediateAuthenticationMechanismFactory(basicAuthInjector));
logger.debug("Adding keycloak security constraints");
final SecurityConstraint ui = new SecurityConstraint();
ui.setEmptyRoleSemantic(EmptyRoleSemantic.PERMIT);
final WebResourceCollection uiCollection = new WebResourceCollection();
uiCollection.addUrlPatterns(UIServlet.PATHS);
uiCollection.addHttpMethods(UIServlet.METHODS);
ui.addWebResourceCollection(uiCollection);
di.addSecurityConstraint(ui);
for (final KeycloakSecurityConstraint constraint : bindings.getConstraints()) {
final SecurityConstraint sc = new SecurityConstraint();
sc.setEmptyRoleSemantic(EmptyRoleSemantic.PERMIT);
final WebResourceCollection collection = new WebResourceCollection();
collection.addUrlPattern(constraint.getUrlPattern());
logger.debug("new constraint>>> URL pattern: {}", constraint.getUrlPattern());
if (constraint.getMethods() != null) {
logger.debug("methods: {}", constraint.getMethods());
collection.addHttpMethods(constraint.getMethods());
}
sc.addWebResourceCollection(collection);
if (constraint.getRole() != null) {
logger.debug("role: {}", constraint.getRole());
sc.addRoleAllowed(constraint.getRole());
}
logger.debug("Keycloak Security Constraint: {}", sc);
di.addSecurityConstraint(sc);
}
logger.debug("Using keycloak.json: {} (exists? {})", config.getKeycloakJson(), new File(config.getKeycloakJson()).exists());
di.addInitParameter(KEYCLOAK_CONFIG_FILE_PARAM, config.getKeycloakJson());
logger.debug("login realm: {}", config.getRealm());
final LoginConfig loginConfig = new LoginConfig(KEYCLOAK_LOGIN_MECHANISM, config.getRealm());
loginConfig.addFirstAuthMethod(BASIC_LOGIN_MECHANISM);
di.setLoginConfig(loginConfig);
}
return di;
}
Also used :
WebResourceCollection(io.undertow.servlet.api.WebResourceCollection)
KeycloakSecurityConstraint(org.commonjava.indy.subsys.keycloak.conf.KeycloakSecurityConstraint)
ImmediateAuthenticationMechanismFactory(io.undertow.util.ImmediateAuthenticationMechanismFactory)
LoginConfig(io.undertow.servlet.api.LoginConfig)
DeploymentInfo(io.undertow.servlet.api.DeploymentInfo)
File(java.io.File)
SecurityConstraint(io.undertow.servlet.api.SecurityConstraint)
KeycloakSecurityConstraint(org.commonjava.indy.subsys.keycloak.conf.KeycloakSecurityConstraint)
Example 3 with SecurityConstraint
use of io.undertow.servlet.api.SecurityConstraint in project undertow by undertow-io.
the class DeploymentManagerImpl method buildSecurityConstraints.
private SecurityPathMatches buildSecurityConstraints() {
SecurityPathMatches.Builder builder = SecurityPathMatches.builder(deployment.getDeploymentInfo());
final Set<String> urlPatterns = new HashSet<>();
for (SecurityConstraint constraint : deployment.getDeploymentInfo().getSecurityConstraints()) {
builder.addSecurityConstraint(constraint);
for (WebResourceCollection webResources : constraint.getWebResourceCollections()) {
urlPatterns.addAll(webResources.getUrlPatterns());
}
}
for (final ServletInfo servlet : deployment.getDeploymentInfo().getServlets().values()) {
final ServletSecurityInfo securityInfo = servlet.getServletSecurityInfo();
if (securityInfo != null) {
final Set<String> mappings = new HashSet<>(servlet.getMappings());
mappings.removeAll(urlPatterns);
if (!mappings.isEmpty()) {
final Set<String> methods = new HashSet<>();
for (HttpMethodSecurityInfo method : securityInfo.getHttpMethodSecurityInfo()) {
methods.add(method.getMethod());
if (method.getRolesAllowed().isEmpty() && method.getEmptyRoleSemantic() == EmptyRoleSemantic.PERMIT) {
// this is an implict allow
continue;
}
SecurityConstraint newConstraint = new SecurityConstraint().addRolesAllowed(method.getRolesAllowed()).setTransportGuaranteeType(method.getTransportGuaranteeType()).addWebResourceCollection(new WebResourceCollection().addUrlPatterns(mappings).addHttpMethod(method.getMethod()));
builder.addSecurityConstraint(newConstraint);
}
// now add the constraint, unless it has all default values and method constrains where specified
if (!securityInfo.getRolesAllowed().isEmpty() || securityInfo.getEmptyRoleSemantic() != EmptyRoleSemantic.PERMIT || methods.isEmpty()) {
SecurityConstraint newConstraint = new SecurityConstraint().setEmptyRoleSemantic(securityInfo.getEmptyRoleSemantic()).addRolesAllowed(securityInfo.getRolesAllowed()).setTransportGuaranteeType(securityInfo.getTransportGuaranteeType()).addWebResourceCollection(new WebResourceCollection().addUrlPatterns(mappings).addHttpMethodOmissions(methods));
builder.addSecurityConstraint(newConstraint);
}
}
}
}
return builder.build();
}
Also used :
ServletInfo(io.undertow.servlet.api.ServletInfo)
WebResourceCollection(io.undertow.servlet.api.WebResourceCollection)
ServletSecurityInfo(io.undertow.servlet.api.ServletSecurityInfo)
SecurityPathMatches(io.undertow.servlet.handlers.security.SecurityPathMatches)
SecurityConstraint(io.undertow.servlet.api.SecurityConstraint)
HashSet(java.util.HashSet)
HttpMethodSecurityInfo(io.undertow.servlet.api.HttpMethodSecurityInfo)
Example 4 with SecurityConstraint
use of io.undertow.servlet.api.SecurityConstraint in project undertow by undertow-io.
the class ConfidentialityConstraintUrlMappingTestCase method setup.
@BeforeClass
public static void setup() throws Exception {
DefaultServer.startSSLServer();
final PathHandler root = new PathHandler();
final ServletContainer container = ServletContainer.Factory.newInstance();
ServletInfo s = new ServletInfo("servlet", SendSchemeServlet.class).addMapping("/clear").addMapping("/integral").addMapping("/confidential");
DeploymentInfo info = new DeploymentInfo().setClassLoader(SimpleServletTestCase.class.getClassLoader()).setContextPath("/servletContext").setClassIntrospecter(TestClassIntrospector.INSTANCE).setDeploymentName("servletContext.war").setConfidentialPortManager(TestConfidentialPortManager.INSTANCE).addServlet(s);
info.addSecurityConstraint(new SecurityConstraint().addWebResourceCollection(new WebResourceCollection().addUrlPattern("/integral")).setTransportGuaranteeType(TransportGuaranteeType.INTEGRAL).setEmptyRoleSemantic(EmptyRoleSemantic.PERMIT));
info.addSecurityConstraint(new SecurityConstraint().addWebResourceCollection(new WebResourceCollection().addUrlPattern("/confidential")).setTransportGuaranteeType(TransportGuaranteeType.CONFIDENTIAL).setEmptyRoleSemantic(EmptyRoleSemantic.PERMIT));
DeploymentManager manager = container.addDeployment(info);
manager.deploy();
root.addPrefixPath(info.getContextPath(), manager.start());
DefaultServer.setRootHandler(root);
}
Also used :
ServletInfo(io.undertow.servlet.api.ServletInfo)
WebResourceCollection(io.undertow.servlet.api.WebResourceCollection)
DeploymentManager(io.undertow.servlet.api.DeploymentManager)
ServletContainer(io.undertow.servlet.api.ServletContainer)
SendSchemeServlet(io.undertow.servlet.test.security.SendSchemeServlet)
PathHandler(io.undertow.server.handlers.PathHandler)
DeploymentInfo(io.undertow.servlet.api.DeploymentInfo)
SecurityConstraint(io.undertow.servlet.api.SecurityConstraint)
BeforeClass(org.junit.BeforeClass)
Example 5 with SecurityConstraint
use of io.undertow.servlet.api.SecurityConstraint in project undertow by undertow-io.
the class ServletBasicAuthTestCase method setup.
@BeforeClass
public static void setup() throws ServletException {
final PathHandler path = new PathHandler();
final ServletContainer container = ServletContainer.Factory.newInstance();
ServletInfo usernameServlet = new ServletInfo("Username Servlet", SendUsernameServlet.class).addMapping("/secured/username");
ServletInfo authTypeServlet = new ServletInfo("Auth Type Servlet", SendAuthTypeServlet.class).addMapping("/secured/authType");
ServletIdentityManager identityManager = new ServletIdentityManager();
identityManager.addUser("user1", "password1", "role1");
identityManager.addUser("charsetUser", "password-ΓΌ", "role1");
LoginConfig loginConfig = new LoginConfig(REALM_NAME);
Map<String, String> props = new HashMap<>();
props.put("charset", "ISO_8859_1");
props.put("user-agent-charsets", "Chrome,UTF-8,OPR,UTF-8");
loginConfig.addFirstAuthMethod(new AuthMethodConfig("BASIC", props));
DeploymentInfo builder = new DeploymentInfo().setClassLoader(SimpleServletTestCase.class.getClassLoader()).setContextPath("/servletContext").setClassIntrospecter(TestClassIntrospector.INSTANCE).setDeploymentName("servletContext.war").setIdentityManager(identityManager).setLoginConfig(loginConfig).addServlets(usernameServlet, authTypeServlet);
builder.addSecurityConstraint(new SecurityConstraint().addWebResourceCollection(new WebResourceCollection().addUrlPattern("/secured/*")).addRoleAllowed("role1").setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.DENY));
DeploymentManager manager = container.addDeployment(builder);
manager.deploy();
path.addPrefixPath(builder.getContextPath(), manager.start());
DefaultServer.setRootHandler(path);
}
Also used :
WebResourceCollection(io.undertow.servlet.api.WebResourceCollection)
HashMap(java.util.HashMap)
DeploymentManager(io.undertow.servlet.api.DeploymentManager)
PathHandler(io.undertow.server.handlers.PathHandler)
ServletIdentityManager(io.undertow.servlet.test.security.constraint.ServletIdentityManager)
SimpleServletTestCase(io.undertow.servlet.test.SimpleServletTestCase)
SecurityConstraint(io.undertow.servlet.api.SecurityConstraint)
ServletInfo(io.undertow.servlet.api.ServletInfo)
AuthMethodConfig(io.undertow.servlet.api.AuthMethodConfig)
ServletContainer(io.undertow.servlet.api.ServletContainer)
LoginConfig(io.undertow.servlet.api.LoginConfig)
SendUsernameServlet(io.undertow.servlet.test.security.SendUsernameServlet)
DeploymentInfo(io.undertow.servlet.api.DeploymentInfo)
SendAuthTypeServlet(io.undertow.servlet.test.security.SendAuthTypeServlet)
BeforeClass(org.junit.BeforeClass)
Aggregations
SecurityConstraint (io.undertow.servlet.api.SecurityConstraint)20
WebResourceCollection (io.undertow.servlet.api.WebResourceCollection)19
DeploymentInfo (io.undertow.servlet.api.DeploymentInfo)18
LoginConfig (io.undertow.servlet.api.LoginConfig)15
ServletInfo (io.undertow.servlet.api.ServletInfo)14
PathHandler (io.undertow.server.handlers.PathHandler)12
ServletContainer (io.undertow.servlet.api.ServletContainer)12
BeforeClass (org.junit.BeforeClass)12
DeploymentManager (io.undertow.servlet.api.DeploymentManager)11
ServletIdentityManager (io.undertow.servlet.test.security.constraint.ServletIdentityManager)8
SimpleServletTestCase (io.undertow.servlet.test.SimpleServletTestCase)7
AuthMethodConfig (io.undertow.servlet.api.AuthMethodConfig)6
ServletSecurityInfo (io.undertow.servlet.api.ServletSecurityInfo)5
HashMap (java.util.HashMap)4
HttpHandler (io.undertow.server.HttpHandler)3
HttpMethodSecurityInfo (io.undertow.servlet.api.HttpMethodSecurityInfo)3
ListenerInfo (io.undertow.servlet.api.ListenerInfo)3
SendAuthTypeServlet (io.undertow.servlet.test.security.SendAuthTypeServlet)3
SendUsernameServlet (io.undertow.servlet.test.security.SendUsernameServlet)3
TestResourceLoader (io.undertow.servlet.test.util.TestResourceLoader)3
