Example 1 with SecurityConstraint
use of org.apache.tomcat.util.descriptor.web.SecurityConstraint in project fru-paqx-parent by dellemc-symphony.
the class ContextConfig method servletContainer.
@Bean
public /**
* This container is required in order to implement the redirect from http 8080 to https 18443 in spring boot.
* This means that http can continue to be used but will automatically redirect to https
* The responses from FRU will be https regardless of the protocol/port used by the cli.
*/
EmbeddedServletContainerFactory servletContainer() {
TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
@Override
protected /**
* This is the method where ssl is configured in the tomcat container.
* We want to override this in order to be able to take an encrypted-base64-encoded password from
* application.properties and to decode+decrypt it and provide it to the Ssl object before ssl configuration begins.
*/
void configureSsl(AbstractHttp11JsseProtocol<?> protocol, Ssl ssl) {
if (LOG.isDebugEnabled()) {
LOG.debug("ContextConfig: servletContainer: encoded password = " + ssl.getKeyStorePassword());
}
byte[] decodedBytes = Base64.getDecoder().decode(ssl.getKeyStorePassword());
ssl.setKeyStorePassword(new String(decodedBytes));
super.configureSsl(protocol, ssl);
}
};
//Setup the redirection
tomcat.addAdditionalTomcatConnectors(initiateHttpConnector());
//Setup the custom realm, which sets the custom redirect code.
//By default the redirect is 302. But if the request to be redirected is a post,
//then the post is converted to a get and therefore the post's body is removed in the redirect. (e.g. using CURL)
//We need to set the redirection with code 307 so that the origin method is used in the redirect
//e.g. get uses get on redirect and post uses post on redirect.
//This conforms to standard RFC 2616
tomcat.addContextCustomizers((TomcatContextCustomizer) context -> {
RealmBase base = new CombinedRealm();
base.setTransportGuaranteeRedirectStatus(307);
context.setRealm(base);
});
return tomcat;
}
Also used :
Context(org.apache.catalina.Context)
CombinedRealm(org.apache.catalina.realm.CombinedRealm)
Logger(org.slf4j.Logger)
TomcatContextCustomizer(org.springframework.boot.context.embedded.tomcat.TomcatContextCustomizer)
SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection)
LoggerFactory(org.slf4j.LoggerFactory)
Connector(org.apache.catalina.connector.Connector)
Context(org.apache.catalina.Context)
EmbeddedServletContainerFactory(org.springframework.boot.context.embedded.EmbeddedServletContainerFactory)
RealmBase(org.apache.catalina.realm.RealmBase)
Configuration(org.springframework.context.annotation.Configuration)
Ssl(org.springframework.boot.context.embedded.Ssl)
TomcatEmbeddedServletContainerFactory(org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory)
Base64(java.util.Base64)
ConsumerContextConfig(com.dell.cpsd.service.common.client.context.ConsumerContextConfig)
AbstractHttp11JsseProtocol(org.apache.coyote.http11.AbstractHttp11JsseProtocol)
SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint)
Bean(org.springframework.context.annotation.Bean)
AbstractHttp11JsseProtocol(org.apache.coyote.http11.AbstractHttp11JsseProtocol)
CombinedRealm(org.apache.catalina.realm.CombinedRealm)
TomcatEmbeddedServletContainerFactory(org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory)
RealmBase(org.apache.catalina.realm.RealmBase)
Ssl(org.springframework.boot.context.embedded.Ssl)
SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint)
SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection)
Bean(org.springframework.context.annotation.Bean)
Example 2 with SecurityConstraint
use of org.apache.tomcat.util.descriptor.web.SecurityConstraint in project danyuan-application by 514840279.
the class App method servletContainer.
// @Bean
public EmbeddedServletContainerFactory servletContainer() {
TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint constraint = new SecurityConstraint();
constraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
constraint.addCollection(collection);
context.addConstraint(constraint);
}
};
tomcat.addAdditionalTomcatConnectors(httpConnector());
return tomcat;
}
Also used :
Context(org.apache.catalina.Context)
TomcatEmbeddedServletContainerFactory(org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory)
SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint)
SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection)
Example 3 with SecurityConstraint
use of org.apache.tomcat.util.descriptor.web.SecurityConstraint in project jaggery by wso2.
the class TomcatJaggeryWebappsDeployer method handleWebappDeployment.
/**
* Deployment procedure of Jaggery apps
*
* @param webappFile The Jaggery app file to be deployed
* @param contextStr jaggery app context string
* @param webContextParams context-params for this Jaggery app
* @param applicationEventListeners Application event listeners
* @throws CarbonException If a deployment error occurs
*/
protected void handleWebappDeployment(File webappFile, String contextStr, List<WebContextParameter> webContextParams, List<Object> applicationEventListeners) throws CarbonException {
String filename = webappFile.getName();
ArrayList<Object> listeners = new ArrayList<Object>(1);
// listeners.add(new CarbonServletRequestListener());
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setAuthConstraint(true);
SecurityCollection securityCollection = new SecurityCollection();
securityCollection.setName("ConfigDir");
securityCollection.setDescription("Jaggery Configuration Dir");
securityCollection.addPattern("/" + JaggeryCoreConstants.JAGGERY_CONF_FILE);
securityConstraint.addCollection(securityCollection);
WebApplicationsHolder webApplicationsHolder = WebAppUtils.getWebappHolder(webappFile.getAbsolutePath(), configurationContext);
try {
JSONObject jaggeryConfigObj = readJaggeryConfig(webappFile);
Tomcat tomcat = DataHolder.getCarbonTomcatService().getTomcat();
Context context = DataHolder.getCarbonTomcatService().addWebApp(contextStr, webappFile.getAbsolutePath(), new JaggeryDeployerManager.JaggeryConfListener(jaggeryConfigObj, securityConstraint));
// deploying web app for url mapping inside virtual host
if (DataHolder.getHotUpdateService() != null) {
List<String> hostNames = DataHolder.getHotUpdateService().getMappigsPerWebapp(contextStr);
for (String hostName : hostNames) {
Host host = DataHolder.getHotUpdateService().addHost(hostName);
/* ApplicationContext.getCurrentApplicationContext().putUrlMappingForApplication(hostName, contextStr);
*/
Context contextForHost = DataHolder.getCarbonTomcatService().addWebApp(host, "/", webappFile.getAbsolutePath(), new JaggeryDeployerManager.JaggeryConfListener(jaggeryConfigObj, securityConstraint));
log.info("Deployed JaggeryApp on host: " + contextForHost);
}
}
Manager manager = context.getManager();
if (isDistributable(context, jaggeryConfigObj)) {
// Clusterable manager implementation as DeltaManager
context.setDistributable(true);
// Using clusterable manager
CarbonTomcatClusterableSessionManager sessionManager;
if (manager instanceof CarbonTomcatClusterableSessionManager) {
sessionManager = (CarbonTomcatClusterableSessionManager) manager;
sessionManager.setOwnerTenantId(tenantId);
} else {
sessionManager = new CarbonTomcatClusterableSessionManager(tenantId);
context.setManager(sessionManager);
}
Object alreadyinsertedSMMap = configurationContext.getProperty(CarbonConstants.TOMCAT_SESSION_MANAGER_MAP);
if (alreadyinsertedSMMap != null) {
((Map<String, CarbonTomcatClusterableSessionManager>) alreadyinsertedSMMap).put(context.getName(), sessionManager);
} else {
sessionManagerMap.put(context.getName(), sessionManager);
configurationContext.setProperty(CarbonConstants.TOMCAT_SESSION_MANAGER_MAP, sessionManagerMap);
}
} else {
if (manager instanceof CarbonTomcatSessionManager) {
((CarbonTomcatSessionManager) manager).setOwnerTenantId(tenantId);
} else if (manager instanceof CarbonTomcatSessionPersistentManager) {
((CarbonTomcatSessionPersistentManager) manager).setOwnerTenantId(tenantId);
log.debug(manager.getInfo() + " enabled Tomcat HTTP Session Persistent mode using " + ((CarbonTomcatSessionPersistentManager) manager).getStore().getInfo());
} else {
context.setManager(new CarbonTomcatSessionManager(tenantId));
}
}
context.setReloadable(false);
JaggeryApplication webapp = new JaggeryApplication(this, context, webappFile);
webapp.setServletContextParameters(webContextParams);
webapp.setState("Started");
webApplicationsHolder.getStartedWebapps().put(filename, webapp);
webApplicationsHolder.getFaultyWebapps().remove(filename);
registerApplicationEventListeners(applicationEventListeners, context);
log.info("Deployed webapp: " + webapp);
} catch (Throwable e) {
// catching a Throwable here to avoid web-apps crashing the server during startup
StandardContext context = new StandardContext();
context.setName(webappFile.getName());
context.addParameter(WebappsConstants.FAULTY_WEBAPP, "true");
JaggeryApplication webapp = new JaggeryApplication(this, context, webappFile);
webapp.setProperty(WebappsConstants.WEBAPP_FILTER, JaggeryConstants.JAGGERY_WEBAPP_FILTER_PROP);
String msg = "Error while deploying webapp: " + webapp;
log.error(msg, e);
webapp.setFaultReason(new Exception(msg, e));
webApplicationsHolder.getFaultyWebapps().put(filename, webapp);
webApplicationsHolder.getStartedWebapps().remove(filename);
throw new CarbonException(msg, e);
}
}
Also used :
ConfigurationContext(org.apache.axis2.context.ConfigurationContext)
PrivilegedCarbonContext(org.wso2.carbon.context.PrivilegedCarbonContext)
Context(org.apache.catalina.Context)
StandardContext(org.apache.catalina.core.StandardContext)
Tomcat(org.apache.catalina.startup.Tomcat)
JaggeryDeployerManager(org.jaggeryjs.jaggery.core.manager.JaggeryDeployerManager)
ArrayList(java.util.ArrayList)
CarbonException(org.wso2.carbon.CarbonException)
Host(org.apache.catalina.Host)
CarbonTomcatClusterableSessionManager(org.wso2.carbon.core.session.CarbonTomcatClusterableSessionManager)
Manager(org.apache.catalina.Manager)
JaggeryDeployerManager(org.jaggeryjs.jaggery.core.manager.JaggeryDeployerManager)
SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint)
CarbonException(org.wso2.carbon.CarbonException)
JSONObject(org.json.simple.JSONObject)
CarbonTomcatClusterableSessionManager(org.wso2.carbon.core.session.CarbonTomcatClusterableSessionManager)
StandardContext(org.apache.catalina.core.StandardContext)
JSONObject(org.json.simple.JSONObject)
Map(java.util.Map)
SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection)
Example 4 with SecurityConstraint
use of org.apache.tomcat.util.descriptor.web.SecurityConstraint in project tomee by apache.
the class TomcatSecurityConstaintsToJaccPermissionsTransformer method analyzeSecurityConstraints.
private void analyzeSecurityConstraints() {
for (SecurityConstraint securityConstraint : constraints) {
Map<String, URLPattern> currentPatterns = null;
Set<String> roleNames = null;
if (securityConstraint.getAuthConstraint()) {
if (securityConstraint.findAuthRoles().length == 0) {
currentPatterns = excludedPatterns;
} else {
roleNames = new HashSet<String>(Arrays.asList(securityConstraint.findAuthRoles()));
if (roleNames.remove("*")) {
roleNames.addAll(securityRoles);
}
}
} else {
currentPatterns = uncheckedPatterns;
}
String transport = securityConstraint.getUserConstraint() == null ? "NONE" : securityConstraint.getUserConstraint();
boolean isRoleBasedPattern = (currentPatterns == null);
if (securityConstraint.findCollections() != null) {
for (SecurityCollection webResourceCollection : securityConstraint.findCollections()) {
// Calculate HTTP methods list
for (String urlPattern : webResourceCollection.findPatterns()) {
if (isRoleBasedPattern) {
for (String roleName : roleNames) {
Map<String, URLPattern> currentRolePatterns = rolesPatterns.get(roleName);
if (currentRolePatterns == null) {
currentRolePatterns = new HashMap<>();
rolesPatterns.put(roleName, currentRolePatterns);
}
boolean omission = false;
String[] httpMethods = webResourceCollection.findMethods();
if (httpMethods.length == 0) {
omission = true;
httpMethods = webResourceCollection.findOmittedMethods();
}
analyzeURLPattern(urlPattern, new HashSet<>(Arrays.asList(httpMethods)), omission, transport, currentRolePatterns);
}
} else {
boolean omission = false;
String[] httpMethods = webResourceCollection.findMethods();
if (httpMethods.length == 0) {
omission = true;
httpMethods = webResourceCollection.findOmittedMethods();
}
analyzeURLPattern(urlPattern, new HashSet<>(Arrays.asList(httpMethods)), omission, transport, currentPatterns);
}
URLPattern allPattern = allMap.get(urlPattern);
if (allPattern == null) {
boolean omission = false;
String[] httpMethods = webResourceCollection.findMethods();
if (httpMethods.length == 0) {
omission = true;
httpMethods = webResourceCollection.findOmittedMethods();
}
allPattern = new URLPattern(urlPattern, new HashSet<>(Arrays.asList(httpMethods)), omission);
allSet.add(allPattern);
allMap.put(urlPattern, allPattern);
} else {
boolean omission = false;
String[] httpMethods = webResourceCollection.findMethods();
if (httpMethods.length == 0) {
omission = true;
httpMethods = webResourceCollection.findOmittedMethods();
}
allPattern.addMethods(new HashSet<>(Arrays.asList(httpMethods)), omission);
}
}
}
}
}
}
Also used :
SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint)
SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection)
HashSet(java.util.HashSet)
Example 5 with SecurityConstraint
use of org.apache.tomcat.util.descriptor.web.SecurityConstraint in project tomee by apache.
the class CdiEventRealm method findSecurityConstraints.
@Override
public SecurityConstraint[] findSecurityConstraints(final Request request, final Context context) {
final SecurityConstraint[] sc = super.findSecurityConstraints(request, context);
if (beanManager() == null) {
return sc;
}
final FindSecurityConstraintsEvent event = new FindSecurityConstraintsEvent(request.getRequest(), context.getPath());
beanManager().fireEvent(event);
if (!event.getRoles().isEmpty()) {
final SecurityConstraint s = new SecurityConstraint();
final SecurityCollection collection = new SecurityCollection();
// only for the current request
collection.addPattern("/*");
collection.addMethod(request.getMethod());
s.addCollection(collection);
if (event.getUserConstraint() != null) {
s.setUserConstraint(event.getUserConstraint());
}
for (final String r : event.getRoles()) {
s.addAuthRole(r);
}
return new SecurityConstraint[] { s };
}
return sc;
}
Also used :
FindSecurityConstraintsEvent(org.apache.tomee.catalina.realm.event.FindSecurityConstraintsEvent)
SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint)
SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection)
Aggregations
SecurityConstraint (org.apache.tomcat.util.descriptor.web.SecurityConstraint)41
SecurityCollection (org.apache.tomcat.util.descriptor.web.SecurityCollection)31
Context (org.apache.catalina.Context)18
LoginConfig (org.apache.tomcat.util.descriptor.web.LoginConfig)18
Tomcat (org.apache.catalina.startup.Tomcat)8
Test (org.junit.Test)7
TesterServlet (org.apache.catalina.startup.TesterServlet)6
TesterMapRealm (org.apache.catalina.startup.TesterMapRealm)5
ArrayList (java.util.ArrayList)4
BasicAuthenticator (org.apache.catalina.authenticator.BasicAuthenticator)4
AuthenticatorBase (org.apache.catalina.authenticator.AuthenticatorBase)3
SSLAuthenticator (org.apache.catalina.authenticator.SSLAuthenticator)3
StandardContext (org.apache.catalina.core.StandardContext)3
DefaultServlet (org.apache.catalina.servlets.DefaultServlet)3
FilterDef (org.apache.tomcat.util.descriptor.web.FilterDef)3
FilterMap (org.apache.tomcat.util.descriptor.web.FilterMap)3
TomcatEmbeddedServletContainerFactory (org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory)3
ClientEndpointConfig (jakarta.websocket.ClientEndpointConfig)2
File (java.io.File)2
Principal (java.security.Principal)2
