Examples with SecurityConstraint io.undertow.servlet.api.SecurityConstraint used on opensource projects

Example 11 with SecurityConstraint

use of io.undertow.servlet.api.SecurityConstraint in project undertow by undertow-io.

the class ServletRegistrationImpl method setServletSecurity.

@Override
public Set<String> setServletSecurity(final ServletSecurityElement constraint) {
    if (constraint == null) {
        throw UndertowMessages.MESSAGES.argumentCannotBeNull("constraint");
    }
    DeploymentInfo deploymentInfo = deployment.getDeploymentInfo();
    //this is not super efficient, but it does not really matter
    final Set<String> urlPatterns = new HashSet<>();
    for (SecurityConstraint sc : deploymentInfo.getSecurityConstraints()) {
        for (WebResourceCollection webResources : sc.getWebResourceCollections()) {
            urlPatterns.addAll(webResources.getUrlPatterns());
        }
    }
    final Set<String> ret = new HashSet<>();
    for (String url : servletInfo.getMappings()) {
        if (urlPatterns.contains(url)) {
            ret.add(url);
        }
    }
    ServletSecurityInfo info = new ServletSecurityInfo();
    servletInfo.setServletSecurityInfo(info);
    info.setTransportGuaranteeType(constraint.getTransportGuarantee() == CONFIDENTIAL ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE).setEmptyRoleSemantic(emptyRoleSemantic(constraint.getEmptyRoleSemantic())).addRolesAllowed(constraint.getRolesAllowed());
    for (final HttpMethodConstraintElement methodConstraint : constraint.getHttpMethodConstraints()) {
        info.addHttpMethodSecurityInfo(new HttpMethodSecurityInfo().setTransportGuaranteeType(methodConstraint.getTransportGuarantee() == CONFIDENTIAL ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE).setMethod(methodConstraint.getMethodName()).setEmptyRoleSemantic(emptyRoleSemantic(methodConstraint.getEmptyRoleSemantic())).addRolesAllowed(methodConstraint.getRolesAllowed()));
    }
    return ret;
}

Example 12 with SecurityConstraint

use of io.undertow.servlet.api.SecurityConstraint in project undertow by undertow-io.

the class WelcomeFileSecurityTestCase method setup.

@BeforeClass
public static void setup() throws ServletException {
    final PathHandler root = new PathHandler();
    final ServletContainer container = ServletContainer.Factory.newInstance();
    ServletIdentityManager identityManager = new ServletIdentityManager();
    identityManager.addUser("user1", "password1", "role1");
    DeploymentInfo builder = new DeploymentInfo().setClassIntrospecter(TestClassIntrospector.INSTANCE).setClassLoader(ServletPathMappingTestCase.class.getClassLoader()).setContextPath("/servletContext").setDeploymentName("servletContext.war").setResourceManager(new TestResourceLoader(WelcomeFileSecurityTestCase.class)).addWelcomePages("doesnotexist.html", "index.html", "default").setIdentityManager(identityManager).setLoginConfig(new LoginConfig("BASIC", "Test Realm")).addServlet(new ServletInfo("DefaultTestServlet", PathTestServlet.class).setServletSecurityInfo(new ServletSecurityInfo().addRoleAllowed("role1")).addMapping("/path/default")).addSecurityConstraint(new SecurityConstraint().addRoleAllowed("role1").addWebResourceCollection(new WebResourceCollection().addUrlPattern("/index.html")));
    DeploymentManager manager = container.addDeployment(builder);
    manager.deploy();
    root.addPrefixPath(builder.getContextPath(), manager.start());
    DefaultServer.setRootHandler(root);
}

Example 13 with SecurityConstraint

use of io.undertow.servlet.api.SecurityConstraint in project indy by Commonjava.

the class KeycloakDeploymentProvider method getDeploymentInfo.

@Override
public DeploymentInfo getDeploymentInfo() {
    logger.debug("Keycloak deployment provider triggered.");
    final DeploymentInfo di = new DeploymentInfo();
    if (config.isEnabled()) {
        di.addAuthenticationMechanism(BASIC_LOGIN_MECHANISM, new ImmediateAuthenticationMechanismFactory(basicAuthInjector));
        logger.debug("Adding keycloak security constraints");
        final SecurityConstraint ui = new SecurityConstraint();
        ui.setEmptyRoleSemantic(EmptyRoleSemantic.PERMIT);
        final WebResourceCollection uiCollection = new WebResourceCollection();
        uiCollection.addUrlPatterns(UIServlet.PATHS);
        uiCollection.addHttpMethods(UIServlet.METHODS);
        ui.addWebResourceCollection(uiCollection);
        di.addSecurityConstraint(ui);
        for (final KeycloakSecurityConstraint constraint : bindings.getConstraints()) {
            final SecurityConstraint sc = new SecurityConstraint();
            sc.setEmptyRoleSemantic(EmptyRoleSemantic.PERMIT);
            final WebResourceCollection collection = new WebResourceCollection();
            collection.addUrlPattern(constraint.getUrlPattern());
            logger.debug("new constraint>>> URL pattern: {}", constraint.getUrlPattern());
            if (constraint.getMethods() != null) {
                logger.debug("methods: {}", constraint.getMethods());
                collection.addHttpMethods(constraint.getMethods());
            }
            sc.addWebResourceCollection(collection);
            if (constraint.getRole() != null) {
                logger.debug("role: {}", constraint.getRole());
                sc.addRoleAllowed(constraint.getRole());
            }
            logger.debug("Keycloak Security Constraint: {}", sc);
            di.addSecurityConstraint(sc);
        }
        logger.debug("Using keycloak.json: {} (exists? {})", config.getKeycloakJson(), new File(config.getKeycloakJson()).exists());
        di.addInitParameter(KEYCLOAK_CONFIG_FILE_PARAM, config.getKeycloakJson());
        logger.debug("login realm: {}", config.getRealm());
        final LoginConfig loginConfig = new LoginConfig(KEYCLOAK_LOGIN_MECHANISM, config.getRealm());
        loginConfig.addFirstAuthMethod(BASIC_LOGIN_MECHANISM);
        di.setLoginConfig(loginConfig);
    }
    return di;
}