Example 6 with WebResourceCollection
use of com.sun.enterprise.deployment.web.WebResourceCollection in project Payara by payara.
the class DynamicWebServletRegistrationImpl method processServletSecurityElement.
void processServletSecurityElement(ServletSecurityElement servletSecurityElement, WebBundleDescriptor wbd, WebComponentDescriptor wcd) {
Set<String> urlPatterns = ServletSecurityHandler.getUrlPatternsWithoutSecurityConstraint(wcd);
if (urlPatterns.size() > 0) {
SecurityConstraint securityConstraint = ServletSecurityHandler.createSecurityConstraint(wbd, urlPatterns, servletSecurityElement.getRolesAllowed(), servletSecurityElement.getEmptyRoleSemantic(), servletSecurityElement.getTransportGuarantee(), null);
// we know there is one WebResourceCollection there
WebResourceCollection webResColl = securityConstraint.getWebResourceCollections().iterator().next();
for (HttpMethodConstraintElement httpMethodConstraintElement : servletSecurityElement.getHttpMethodConstraints()) {
String httpMethod = httpMethodConstraintElement.getMethodName();
ServletSecurityHandler.createSecurityConstraint(wbd, urlPatterns, httpMethodConstraintElement.getRolesAllowed(), httpMethodConstraintElement.getEmptyRoleSemantic(), httpMethodConstraintElement.getTransportGuarantee(), httpMethod);
// exclude this from the top level constraint
webResColl.addHttpMethodOmission(httpMethod);
}
}
}
Also used :
WebResourceCollection(com.sun.enterprise.deployment.web.WebResourceCollection)
HttpMethodConstraintElement(javax.servlet.HttpMethodConstraintElement)
SecurityConstraint(com.sun.enterprise.deployment.web.SecurityConstraint)
Example 7 with WebResourceCollection
use of com.sun.enterprise.deployment.web.WebResourceCollection in project Payara by payara.
the class ServletSecurityHandler method getUrlPatternsWithoutSecurityConstraint.
/**
* Given a WebComponentDescriptor, find the set of urlPattern which does not have
* any existing url pattern in SecurityConstraint
* @param webCompDesc
* @return a list of url String
*/
public static Set<String> getUrlPatternsWithoutSecurityConstraint(WebComponentDescriptor webCompDesc) {
Set<String> urlPatternsWithoutSC = new HashSet<String>(webCompDesc.getUrlPatternsSet());
WebBundleDescriptor webBundleDesc = webCompDesc.getWebBundleDescriptor();
Enumeration<SecurityConstraint> eSecConstr = webBundleDesc.getSecurityConstraints();
while (eSecConstr.hasMoreElements()) {
SecurityConstraint sc = eSecConstr.nextElement();
for (WebResourceCollection wrc : sc.getWebResourceCollections()) {
urlPatternsWithoutSC.removeAll(wrc.getUrlPatterns());
}
}
return urlPatternsWithoutSC;
}
Also used :
WebResourceCollection(com.sun.enterprise.deployment.web.WebResourceCollection)
WebBundleDescriptor(com.sun.enterprise.deployment.WebBundleDescriptor)
SecurityConstraint(com.sun.enterprise.deployment.web.SecurityConstraint)
HashSet(java.util.HashSet)
Example 8 with WebResourceCollection
use of com.sun.enterprise.deployment.web.WebResourceCollection in project Payara by payara.
the class WebBundleDescriptorImpl method combineSecurityConstraints.
@Override
protected void combineSecurityConstraints(Set<SecurityConstraint> firstScSet, Set<SecurityConstraint> secondScSet) {
Set<String> allUrlPatterns = new HashSet<String>();
for (SecurityConstraint sc : firstScSet) {
for (WebResourceCollection wrc : sc.getWebResourceCollections()) {
allUrlPatterns.addAll(wrc.getUrlPatterns());
}
}
for (SecurityConstraint sc : secondScSet) {
SecurityConstraint newSc = new SecurityConstraintImpl((SecurityConstraintImpl) sc);
boolean addSc = false;
Iterator<WebResourceCollection> iter = newSc.getWebResourceCollections().iterator();
while (iter.hasNext()) {
WebResourceCollection wrc = iter.next();
Set<String> urlPatterns = wrc.getUrlPatterns();
urlPatterns.removeAll(allUrlPatterns);
boolean isEmpty = (urlPatterns.isEmpty());
addSc = (addSc || (!isEmpty));
if (isEmpty) {
iter.remove();
}
}
if (addSc) {
firstScSet.add(newSc);
}
}
}
Also used :
WebResourceCollection(com.sun.enterprise.deployment.web.WebResourceCollection)
SecurityConstraint(com.sun.enterprise.deployment.web.SecurityConstraint)
HashSet(java.util.HashSet)
Aggregations
WebResourceCollection (com.sun.enterprise.deployment.web.WebResourceCollection)8
SecurityConstraint (com.sun.enterprise.deployment.web.SecurityConstraint)5
WebBundleDescriptor (com.sun.enterprise.deployment.WebBundleDescriptor)3
Result (com.sun.enterprise.tools.verifier.Result)2
ComponentNameConstructor (com.sun.enterprise.tools.verifier.tests.ComponentNameConstructor)2
Enumeration (java.util.Enumeration)2
HashSet (java.util.HashSet)2
SecurityConstraintImpl (org.glassfish.web.deployment.descriptor.SecurityConstraintImpl)2
EjbBundleDescriptor (com.sun.enterprise.deployment.EjbBundleDescriptor)1
EjbDescriptor (com.sun.enterprise.deployment.EjbDescriptor)1
EjbIORConfigurationDescriptor (com.sun.enterprise.deployment.EjbIORConfigurationDescriptor)1
MethodDescriptor (com.sun.enterprise.deployment.MethodDescriptor)1
MethodPermission (com.sun.enterprise.deployment.MethodPermission)1
RunAsIdentityDescriptor (com.sun.enterprise.deployment.RunAsIdentityDescriptor)1
WebComponentDescriptor (com.sun.enterprise.deployment.WebComponentDescriptor)1
DeploymentDescriptorNode (com.sun.enterprise.deployment.node.DeploymentDescriptorNode)1
AuthorizationConstraint (com.sun.enterprise.deployment.web.AuthorizationConstraint)1
LoginConfiguration (com.sun.enterprise.deployment.web.LoginConfiguration)1
SecurityRole (com.sun.enterprise.deployment.web.SecurityRole)1
UserDataConstraint (com.sun.enterprise.deployment.web.UserDataConstraint)1
