Example 1 with AuthorizationManager
use of io.undertow.servlet.api.AuthorizationManager in project undertow by undertow-io.
the class HttpServletRequestImpl method isUserInRole.
@Override
public boolean isUserInRole(final String role) {
if (role == null) {
return false;
}
// according to the servlet spec this aways returns false
if (role.equals("*")) {
return false;
}
SecurityContext sc = exchange.getSecurityContext();
Account account = sc != null ? sc.getAuthenticatedAccount() : null;
if (account == null) {
return false;
}
ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
if (role.equals("**")) {
Set<String> roles = servletRequestContext.getDeployment().getDeploymentInfo().getSecurityRoles();
if (!roles.contains("**")) {
return true;
}
}
final ServletChain servlet = servletRequestContext.getCurrentServlet();
final Deployment deployment = servletContext.getDeployment();
final AuthorizationManager authorizationManager = deployment.getDeploymentInfo().getAuthorizationManager();
return authorizationManager.isUserInRole(role, account, servlet.getManagedServlet().getServletInfo(), this, deployment);
}
Also used :
Account(io.undertow.security.idm.Account)
ServletChain(io.undertow.servlet.handlers.ServletChain)
SecurityContext(io.undertow.security.api.SecurityContext)
ServletRequestContext(io.undertow.servlet.handlers.ServletRequestContext)
Deployment(io.undertow.servlet.api.Deployment)
HttpString(io.undertow.util.HttpString)
AuthorizationManager(io.undertow.servlet.api.AuthorizationManager)
Example 2 with AuthorizationManager
use of io.undertow.servlet.api.AuthorizationManager in project undertow by undertow-io.
the class ServletConfidentialityConstraintHandler method handleRequest.
@Override
public void handleRequest(HttpServerExchange exchange) throws Exception {
final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
final AuthorizationManager authorizationManager = servletRequestContext.getDeployment().getDeploymentInfo().getAuthorizationManager();
TransportGuaranteeType connectionGuarantee = servletRequestContext.getOriginalRequest().isSecure() ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE;
TransportGuaranteeType transportGuarantee = authorizationManager.transportGuarantee(connectionGuarantee, servletRequestContext.getTransportGuarenteeType(), servletRequestContext.getOriginalRequest());
servletRequestContext.setTransportGuarenteeType(transportGuarantee);
if (TransportGuaranteeType.REJECTED == transportGuarantee) {
HttpServletResponse response = (HttpServletResponse) servletRequestContext.getServletResponse();
response.sendError(StatusCodes.FORBIDDEN);
return;
}
super.handleRequest(exchange);
}
Also used :
TransportGuaranteeType(io.undertow.servlet.api.TransportGuaranteeType)
ServletRequestContext(io.undertow.servlet.handlers.ServletRequestContext)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
AuthorizationManager(io.undertow.servlet.api.AuthorizationManager)
Aggregations
AuthorizationManager (io.undertow.servlet.api.AuthorizationManager)2
ServletRequestContext (io.undertow.servlet.handlers.ServletRequestContext)2
SecurityContext (io.undertow.security.api.SecurityContext)1
Account (io.undertow.security.idm.Account)1
Deployment (io.undertow.servlet.api.Deployment)1
TransportGuaranteeType (io.undertow.servlet.api.TransportGuaranteeType)1
ServletChain (io.undertow.servlet.handlers.ServletChain)1
HttpString (io.undertow.util.HttpString)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
