Example 6 with SecurityConstraint
use of com.sun.enterprise.deployment.web.SecurityConstraint in project Payara by payara.
the class WebBundleDescriptorImpl method combineSecurityConstraints.
@Override
protected void combineSecurityConstraints(Set<SecurityConstraint> firstScSet, Set<SecurityConstraint> secondScSet) {
Set<String> allUrlPatterns = new HashSet<String>();
for (SecurityConstraint sc : firstScSet) {
for (WebResourceCollection wrc : sc.getWebResourceCollections()) {
allUrlPatterns.addAll(wrc.getUrlPatterns());
}
}
for (SecurityConstraint sc : secondScSet) {
SecurityConstraint newSc = new SecurityConstraintImpl((SecurityConstraintImpl) sc);
boolean addSc = false;
Iterator<WebResourceCollection> iter = newSc.getWebResourceCollections().iterator();
while (iter.hasNext()) {
WebResourceCollection wrc = iter.next();
Set<String> urlPatterns = wrc.getUrlPatterns();
urlPatterns.removeAll(allUrlPatterns);
boolean isEmpty = (urlPatterns.isEmpty());
addSc = (addSc || (!isEmpty));
if (isEmpty) {
iter.remove();
}
}
if (addSc) {
firstScSet.add(newSc);
}
}
}
Also used :
WebResourceCollection(com.sun.enterprise.deployment.web.WebResourceCollection)
SecurityConstraint(com.sun.enterprise.deployment.web.SecurityConstraint)
HashSet(java.util.HashSet)
Example 7 with SecurityConstraint
use of com.sun.enterprise.deployment.web.SecurityConstraint in project Payara by payara.
the class DynamicWebServletRegistrationImpl method processServletSecurityElement.
void processServletSecurityElement(ServletSecurityElement servletSecurityElement, WebBundleDescriptor wbd, WebComponentDescriptor wcd) {
Set<String> urlPatterns = ServletSecurityHandler.getUrlPatternsWithoutSecurityConstraint(wcd);
if (urlPatterns.size() > 0) {
SecurityConstraint securityConstraint = ServletSecurityHandler.createSecurityConstraint(wbd, urlPatterns, servletSecurityElement.getRolesAllowed(), servletSecurityElement.getEmptyRoleSemantic(), servletSecurityElement.getTransportGuarantee(), null);
// we know there is one WebResourceCollection there
WebResourceCollection webResColl = securityConstraint.getWebResourceCollections().iterator().next();
for (HttpMethodConstraintElement httpMethodConstraintElement : servletSecurityElement.getHttpMethodConstraints()) {
String httpMethod = httpMethodConstraintElement.getMethodName();
ServletSecurityHandler.createSecurityConstraint(wbd, urlPatterns, httpMethodConstraintElement.getRolesAllowed(), httpMethodConstraintElement.getEmptyRoleSemantic(), httpMethodConstraintElement.getTransportGuarantee(), httpMethod);
// exclude this from the top level constraint
webResColl.addHttpMethodOmission(httpMethod);
}
}
}
Also used :
WebResourceCollection(com.sun.enterprise.deployment.web.WebResourceCollection)
HttpMethodConstraintElement(javax.servlet.HttpMethodConstraintElement)
SecurityConstraint(com.sun.enterprise.deployment.web.SecurityConstraint)
Example 8 with SecurityConstraint
use of com.sun.enterprise.deployment.web.SecurityConstraint in project Payara by payara.
the class ServletSecurityHandler method getUrlPatternsWithoutSecurityConstraint.
/**
* Given a WebComponentDescriptor, find the set of urlPattern which does not have
* any existing url pattern in SecurityConstraint
* @param webCompDesc
* @return a list of url String
*/
public static Set<String> getUrlPatternsWithoutSecurityConstraint(WebComponentDescriptor webCompDesc) {
Set<String> urlPatternsWithoutSC = new HashSet<String>(webCompDesc.getUrlPatternsSet());
WebBundleDescriptor webBundleDesc = webCompDesc.getWebBundleDescriptor();
Enumeration<SecurityConstraint> eSecConstr = webBundleDesc.getSecurityConstraints();
while (eSecConstr.hasMoreElements()) {
SecurityConstraint sc = eSecConstr.nextElement();
for (WebResourceCollection wrc : sc.getWebResourceCollections()) {
urlPatternsWithoutSC.removeAll(wrc.getUrlPatterns());
}
}
return urlPatternsWithoutSC;
}
Also used :
WebResourceCollection(com.sun.enterprise.deployment.web.WebResourceCollection)
WebBundleDescriptor(com.sun.enterprise.deployment.WebBundleDescriptor)
SecurityConstraint(com.sun.enterprise.deployment.web.SecurityConstraint)
HashSet(java.util.HashSet)
Example 9 with SecurityConstraint
use of com.sun.enterprise.deployment.web.SecurityConstraint in project Payara by payara.
the class WsUtil method updateServletEndpointRuntime.
public void updateServletEndpointRuntime(WebServiceEndpoint endpoint) {
// Copy the value of the servlet impl bean class into
// the runtime information. This way, we'll still
// remember it after the servlet-class element has been
// replaced with the name of the container's servlet class.
endpoint.saveServletImplClass();
WebComponentDescriptor webComp = (WebComponentDescriptor) endpoint.getWebComponentImpl();
WebBundleDescriptor bundle = webComp.getWebBundleDescriptor();
WebServicesDescriptor webServices = bundle.getWebServices();
Collection endpoints = webServices.getEndpointsImplementedBy(webComp);
if (endpoints.size() > 1) {
String msg = "Servlet " + endpoint.getWebComponentLink() + " implements " + endpoints.size() + " web service endpoints " + " but must only implement 1";
throw new IllegalStateException(msg);
}
if (endpoint.getEndpointAddressUri() == null) {
Set urlPatterns = webComp.getUrlPatternsSet();
if (urlPatterns.size() == 1) {
// Set endpoint-address-uri runtime info to uri.
// Final endpoint address will still be relative to context roo
String uri = (String) urlPatterns.iterator().next();
endpoint.setEndpointAddressUri(uri);
// Set transport guarantee in runtime info if transport
// guarantee is INTEGRAL or CONDIFIDENTIAL for any
// security constraint with this url-pattern.
Collection constraints = bundle.getSecurityConstraintsForUrlPattern(uri);
for (Iterator i = constraints.iterator(); i.hasNext(); ) {
SecurityConstraint next = (SecurityConstraint) i.next();
UserDataConstraint dataConstraint = next.getUserDataConstraint();
String guarantee = (dataConstraint != null) ? dataConstraint.getTransportGuarantee() : null;
if ((guarantee != null) && (guarantee.equals(UserDataConstraint.INTEGRAL_TRANSPORT) || guarantee.equals(UserDataConstraint.CONFIDENTIAL_TRANSPORT))) {
endpoint.setTransportGuarantee(guarantee);
break;
}
}
} else {
String msg = "Endpoint " + endpoint.getEndpointName() + " has not been assigned an endpoint address " + " and is associated with servlet " + webComp.getCanonicalName() + " , which has " + urlPatterns.size() + " url patterns";
throw new IllegalStateException(msg);
}
}
}
Also used :
UserDataConstraint(com.sun.enterprise.deployment.web.UserDataConstraint)
SecurityConstraint(com.sun.enterprise.deployment.web.SecurityConstraint)
Aggregations
SecurityConstraint (com.sun.enterprise.deployment.web.SecurityConstraint)9
WebResourceCollection (com.sun.enterprise.deployment.web.WebResourceCollection)6
UserDataConstraint (com.sun.enterprise.deployment.web.UserDataConstraint)5
WebBundleDescriptor (com.sun.enterprise.deployment.WebBundleDescriptor)3
Role (org.glassfish.security.common.Role)3
LoginConfiguration (com.sun.enterprise.deployment.web.LoginConfiguration)2
HashSet (java.util.HashSet)2
EjbBundleDescriptor (com.sun.enterprise.deployment.EjbBundleDescriptor)1
EjbDescriptor (com.sun.enterprise.deployment.EjbDescriptor)1
EjbIORConfigurationDescriptor (com.sun.enterprise.deployment.EjbIORConfigurationDescriptor)1
MethodDescriptor (com.sun.enterprise.deployment.MethodDescriptor)1
MethodPermission (com.sun.enterprise.deployment.MethodPermission)1
RunAsIdentityDescriptor (com.sun.enterprise.deployment.RunAsIdentityDescriptor)1
WebComponentDescriptor (com.sun.enterprise.deployment.WebComponentDescriptor)1
AuthorizationConstraint (com.sun.enterprise.deployment.web.AuthorizationConstraint)1
SecurityRole (com.sun.enterprise.deployment.web.SecurityRole)1
RealmInitializer (com.sun.enterprise.security.integration.RealmInitializer)1
LoginConfigDecorator (com.sun.enterprise.web.deploy.LoginConfigDecorator)1
Collection (java.util.Collection)1
Iterator (java.util.Iterator)1
