Examples with ServletSecurityInfo io.undertow.servlet.api.ServletSecurityInfo used on opensource projects

Example 6 with ServletSecurityInfo

use of io.undertow.servlet.api.ServletSecurityInfo in project undertow by undertow-io.

the class ServletRegistrationImpl method setServletSecurity.

@Override
public Set<String> setServletSecurity(final ServletSecurityElement constraint) {
    if (constraint == null) {
        throw UndertowMessages.MESSAGES.argumentCannotBeNull("constraint");
    }
    DeploymentInfo deploymentInfo = deployment.getDeploymentInfo();
    //this is not super efficient, but it does not really matter
    final Set<String> urlPatterns = new HashSet<>();
    for (SecurityConstraint sc : deploymentInfo.getSecurityConstraints()) {
        for (WebResourceCollection webResources : sc.getWebResourceCollections()) {
            urlPatterns.addAll(webResources.getUrlPatterns());
        }
    }
    final Set<String> ret = new HashSet<>();
    for (String url : servletInfo.getMappings()) {
        if (urlPatterns.contains(url)) {
            ret.add(url);
        }
    }
    ServletSecurityInfo info = new ServletSecurityInfo();
    servletInfo.setServletSecurityInfo(info);
    info.setTransportGuaranteeType(constraint.getTransportGuarantee() == CONFIDENTIAL ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE).setEmptyRoleSemantic(emptyRoleSemantic(constraint.getEmptyRoleSemantic())).addRolesAllowed(constraint.getRolesAllowed());
    for (final HttpMethodConstraintElement methodConstraint : constraint.getHttpMethodConstraints()) {
        info.addHttpMethodSecurityInfo(new HttpMethodSecurityInfo().setTransportGuaranteeType(methodConstraint.getTransportGuarantee() == CONFIDENTIAL ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE).setMethod(methodConstraint.getMethodName()).setEmptyRoleSemantic(emptyRoleSemantic(methodConstraint.getEmptyRoleSemantic())).addRolesAllowed(methodConstraint.getRolesAllowed()));
    }
    return ret;
}

Example 7 with ServletSecurityInfo

use of io.undertow.servlet.api.ServletSecurityInfo in project undertow by undertow-io.

the class WelcomeFileSecurityTestCase method setup.

@BeforeClass
public static void setup() throws ServletException {
    final PathHandler root = new PathHandler();
    final ServletContainer container = ServletContainer.Factory.newInstance();
    ServletIdentityManager identityManager = new ServletIdentityManager();
    identityManager.addUser("user1", "password1", "role1");
    DeploymentInfo builder = new DeploymentInfo().setClassIntrospecter(TestClassIntrospector.INSTANCE).setClassLoader(ServletPathMappingTestCase.class.getClassLoader()).setContextPath("/servletContext").setDeploymentName("servletContext.war").setResourceManager(new TestResourceLoader(WelcomeFileSecurityTestCase.class)).addWelcomePages("doesnotexist.html", "index.html", "default").setIdentityManager(identityManager).setLoginConfig(new LoginConfig("BASIC", "Test Realm")).addServlet(new ServletInfo("DefaultTestServlet", PathTestServlet.class).setServletSecurityInfo(new ServletSecurityInfo().addRoleAllowed("role1")).addMapping("/path/default")).addSecurityConstraint(new SecurityConstraint().addRoleAllowed("role1").addWebResourceCollection(new WebResourceCollection().addUrlPattern("/index.html")));
    DeploymentManager manager = container.addDeployment(builder);
    manager.deploy();
    root.addPrefixPath(builder.getContextPath(), manager.start());
    DefaultServer.setRootHandler(root);
}

Example 8 with ServletSecurityInfo

use of io.undertow.servlet.api.ServletSecurityInfo in project undertow by undertow-io.

the class ServletFormAuthTestCase method setup.

@BeforeClass
public static void setup() throws ServletException {
    final PathHandler path = new PathHandler();
    final ServletContainer container = ServletContainer.Factory.newInstance();
    ServletInfo s = new ServletInfo("servlet", SendUsernameServlet.class).setServletSecurityInfo(new ServletSecurityInfo().addRoleAllowed("role1")).addMapping("/secured/*");
    ServletInfo echo = new ServletInfo("echo", EchoServlet.class).setServletSecurityInfo(new ServletSecurityInfo().addRoleAllowed("role1")).addMapping("/secured/echo");
    ServletInfo echoParam = new ServletInfo("echoParam", RequestParamEchoServlet.class).setServletSecurityInfo(new ServletSecurityInfo().addRoleAllowed("role1")).addMapping("/secured/echoParam");
    ServletInfo s1 = new ServletInfo("loginPage", FormLoginServlet.class).setServletSecurityInfo(new ServletSecurityInfo().addRoleAllowed("group1")).addMapping("/FormLoginServlet");
    ServletIdentityManager identityManager = new ServletIdentityManager();
    identityManager.addUser("user1", "password1", "role1");
    DeploymentInfo builder = new DeploymentInfo().setClassLoader(SimpleServletTestCase.class.getClassLoader()).setContextPath("/servletContext").setClassIntrospecter(TestClassIntrospector.INSTANCE).setDeploymentName("servletContext.war").setAuthenticationMode(AuthenticationMode.CONSTRAINT_DRIVEN).setIdentityManager(identityManager).setLoginConfig(new LoginConfig("FORM", "Test Realm", "/FormLoginServlet", "/error.html")).addServlets(s, s1, echo, echoParam);
    DeploymentManager manager = container.addDeployment(builder);
    manager.deploy();
    path.addPrefixPath(builder.getContextPath(), manager.start());
    DefaultServer.setRootHandler(path);
}