Search in sources :

Example 1 with WebResourceCollection

use of io.undertow.servlet.api.WebResourceCollection in project indy by Commonjava.

the class KeycloakDeploymentProvider method getDeploymentInfo.

@Override
public DeploymentInfo getDeploymentInfo(String contextRoot, Application application) {
    logger.debug("Keycloak deployment provider triggered.");
    final DeploymentInfo di = new DeploymentInfo();
    if (config.isEnabled()) {
        di.addAuthenticationMechanism(BASIC_LOGIN_MECHANISM, new ImmediateAuthenticationMechanismFactory(basicAuthInjector));
        logger.debug("Adding keycloak security constraints");
        final SecurityConstraint ui = new SecurityConstraint();
        ui.setEmptyRoleSemantic(EmptyRoleSemantic.PERMIT);
        final WebResourceCollection uiCollection = new WebResourceCollection();
        uiCollection.addUrlPatterns(UIServlet.PATHS);
        uiCollection.addHttpMethods(UIServlet.METHODS);
        ui.addWebResourceCollection(uiCollection);
        di.addSecurityConstraint(ui);
        for (final KeycloakSecurityConstraint constraint : bindings.getConstraints()) {
            final SecurityConstraint sc = new SecurityConstraint();
            sc.setEmptyRoleSemantic(EmptyRoleSemantic.PERMIT);
            final WebResourceCollection collection = new WebResourceCollection();
            collection.addUrlPattern(constraint.getUrlPattern());
            logger.debug("new constraint>>> URL pattern: {}", constraint.getUrlPattern());
            if (constraint.getMethods() != null) {
                logger.debug("methods: {}", constraint.getMethods());
                collection.addHttpMethods(constraint.getMethods());
            }
            sc.addWebResourceCollection(collection);
            if (constraint.getRole() != null) {
                logger.debug("role: {}", constraint.getRole());
                sc.addRoleAllowed(constraint.getRole());
            }
            logger.debug("Keycloak Security Constraint: {}", sc);
            di.addSecurityConstraint(sc);
        }
        logger.debug("Using keycloak.json: {} (exists? {})", config.getKeycloakJson(), new File(config.getKeycloakJson()).exists());
        di.addInitParameter(KEYCLOAK_CONFIG_FILE_PARAM, config.getKeycloakJson());
        logger.debug("login realm: {}", config.getRealm());
        final LoginConfig loginConfig = new LoginConfig(KEYCLOAK_LOGIN_MECHANISM, config.getRealm());
        loginConfig.addFirstAuthMethod(BASIC_LOGIN_MECHANISM);
        di.setLoginConfig(loginConfig);
    }
    return di;
}
Also used : WebResourceCollection(io.undertow.servlet.api.WebResourceCollection) KeycloakSecurityConstraint(org.commonjava.indy.subsys.keycloak.conf.KeycloakSecurityConstraint) ImmediateAuthenticationMechanismFactory(io.undertow.util.ImmediateAuthenticationMechanismFactory) LoginConfig(io.undertow.servlet.api.LoginConfig) DeploymentInfo(io.undertow.servlet.api.DeploymentInfo) File(java.io.File) SecurityConstraint(io.undertow.servlet.api.SecurityConstraint) KeycloakSecurityConstraint(org.commonjava.indy.subsys.keycloak.conf.KeycloakSecurityConstraint)

Example 2 with WebResourceCollection

use of io.undertow.servlet.api.WebResourceCollection in project undertow by undertow-io.

the class DeploymentManagerImpl method buildSecurityConstraints.

private SecurityPathMatches buildSecurityConstraints() {
    SecurityPathMatches.Builder builder = SecurityPathMatches.builder(deployment.getDeploymentInfo());
    final Set<String> urlPatterns = new HashSet<>();
    for (SecurityConstraint constraint : deployment.getDeploymentInfo().getSecurityConstraints()) {
        builder.addSecurityConstraint(constraint);
        for (WebResourceCollection webResources : constraint.getWebResourceCollections()) {
            urlPatterns.addAll(webResources.getUrlPatterns());
        }
    }
    for (final ServletInfo servlet : deployment.getDeploymentInfo().getServlets().values()) {
        final ServletSecurityInfo securityInfo = servlet.getServletSecurityInfo();
        if (securityInfo != null) {
            final Set<String> mappings = new HashSet<>(servlet.getMappings());
            mappings.removeAll(urlPatterns);
            if (!mappings.isEmpty()) {
                final Set<String> methods = new HashSet<>();
                for (HttpMethodSecurityInfo method : securityInfo.getHttpMethodSecurityInfo()) {
                    methods.add(method.getMethod());
                    if (method.getRolesAllowed().isEmpty() && method.getEmptyRoleSemantic() == EmptyRoleSemantic.PERMIT) {
                        // this is an implict allow
                        continue;
                    }
                    SecurityConstraint newConstraint = new SecurityConstraint().addRolesAllowed(method.getRolesAllowed()).setTransportGuaranteeType(method.getTransportGuaranteeType()).addWebResourceCollection(new WebResourceCollection().addUrlPatterns(mappings).addHttpMethod(method.getMethod()));
                    builder.addSecurityConstraint(newConstraint);
                }
                // now add the constraint, unless it has all default values and method constrains where specified
                if (!securityInfo.getRolesAllowed().isEmpty() || securityInfo.getEmptyRoleSemantic() != EmptyRoleSemantic.PERMIT || methods.isEmpty()) {
                    SecurityConstraint newConstraint = new SecurityConstraint().setEmptyRoleSemantic(securityInfo.getEmptyRoleSemantic()).addRolesAllowed(securityInfo.getRolesAllowed()).setTransportGuaranteeType(securityInfo.getTransportGuaranteeType()).addWebResourceCollection(new WebResourceCollection().addUrlPatterns(mappings).addHttpMethodOmissions(methods));
                    builder.addSecurityConstraint(newConstraint);
                }
            }
        }
    }
    return builder.build();
}
Also used : ServletInfo(io.undertow.servlet.api.ServletInfo) WebResourceCollection(io.undertow.servlet.api.WebResourceCollection) ServletSecurityInfo(io.undertow.servlet.api.ServletSecurityInfo) SecurityPathMatches(io.undertow.servlet.handlers.security.SecurityPathMatches) SecurityConstraint(io.undertow.servlet.api.SecurityConstraint) HashSet(java.util.HashSet) HttpMethodSecurityInfo(io.undertow.servlet.api.HttpMethodSecurityInfo)

Example 3 with WebResourceCollection

use of io.undertow.servlet.api.WebResourceCollection in project undertow by undertow-io.

the class ConfidentialityConstraintUrlMappingTestCase method setup.

@BeforeClass
public static void setup() throws Exception {
    DefaultServer.startSSLServer();
    final PathHandler root = new PathHandler();
    final ServletContainer container = ServletContainer.Factory.newInstance();
    ServletInfo s = new ServletInfo("servlet", SendSchemeServlet.class).addMapping("/clear").addMapping("/integral").addMapping("/confidential");
    DeploymentInfo info = new DeploymentInfo().setClassLoader(SimpleServletTestCase.class.getClassLoader()).setContextPath("/servletContext").setClassIntrospecter(TestClassIntrospector.INSTANCE).setDeploymentName("servletContext.war").setConfidentialPortManager(TestConfidentialPortManager.INSTANCE).addServlet(s);
    info.addSecurityConstraint(new SecurityConstraint().addWebResourceCollection(new WebResourceCollection().addUrlPattern("/integral")).setTransportGuaranteeType(TransportGuaranteeType.INTEGRAL).setEmptyRoleSemantic(EmptyRoleSemantic.PERMIT));
    info.addSecurityConstraint(new SecurityConstraint().addWebResourceCollection(new WebResourceCollection().addUrlPattern("/confidential")).setTransportGuaranteeType(TransportGuaranteeType.CONFIDENTIAL).setEmptyRoleSemantic(EmptyRoleSemantic.PERMIT));
    DeploymentManager manager = container.addDeployment(info);
    manager.deploy();
    root.addPrefixPath(info.getContextPath(), manager.start());
    DefaultServer.setRootHandler(root);
}
Also used : ServletInfo(io.undertow.servlet.api.ServletInfo) WebResourceCollection(io.undertow.servlet.api.WebResourceCollection) DeploymentManager(io.undertow.servlet.api.DeploymentManager) ServletContainer(io.undertow.servlet.api.ServletContainer) SendSchemeServlet(io.undertow.servlet.test.security.SendSchemeServlet) PathHandler(io.undertow.server.handlers.PathHandler) DeploymentInfo(io.undertow.servlet.api.DeploymentInfo) SecurityConstraint(io.undertow.servlet.api.SecurityConstraint) BeforeClass(org.junit.BeforeClass)

Example 4 with WebResourceCollection

use of io.undertow.servlet.api.WebResourceCollection in project undertow by undertow-io.

the class ServletBasicAuthTestCase method setup.

@BeforeClass
public static void setup() throws ServletException {
    final PathHandler path = new PathHandler();
    final ServletContainer container = ServletContainer.Factory.newInstance();
    ServletInfo usernameServlet = new ServletInfo("Username Servlet", SendUsernameServlet.class).addMapping("/secured/username");
    ServletInfo authTypeServlet = new ServletInfo("Auth Type Servlet", SendAuthTypeServlet.class).addMapping("/secured/authType");
    ServletIdentityManager identityManager = new ServletIdentityManager();
    identityManager.addUser("user1", "password1", "role1");
    identityManager.addUser("charsetUser", "password-ΓΌ", "role1");
    LoginConfig loginConfig = new LoginConfig(REALM_NAME);
    Map<String, String> props = new HashMap<>();
    props.put("charset", "ISO_8859_1");
    props.put("user-agent-charsets", "Chrome,UTF-8,OPR,UTF-8");
    loginConfig.addFirstAuthMethod(new AuthMethodConfig("BASIC", props));
    DeploymentInfo builder = new DeploymentInfo().setClassLoader(SimpleServletTestCase.class.getClassLoader()).setContextPath("/servletContext").setClassIntrospecter(TestClassIntrospector.INSTANCE).setDeploymentName("servletContext.war").setIdentityManager(identityManager).setLoginConfig(loginConfig).addServlets(usernameServlet, authTypeServlet);
    builder.addSecurityConstraint(new SecurityConstraint().addWebResourceCollection(new WebResourceCollection().addUrlPattern("/secured/*")).addRoleAllowed("role1").setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.DENY));
    DeploymentManager manager = container.addDeployment(builder);
    manager.deploy();
    path.addPrefixPath(builder.getContextPath(), manager.start());
    DefaultServer.setRootHandler(path);
}
Also used : WebResourceCollection(io.undertow.servlet.api.WebResourceCollection) HashMap(java.util.HashMap) DeploymentManager(io.undertow.servlet.api.DeploymentManager) PathHandler(io.undertow.server.handlers.PathHandler) ServletIdentityManager(io.undertow.servlet.test.security.constraint.ServletIdentityManager) SimpleServletTestCase(io.undertow.servlet.test.SimpleServletTestCase) SecurityConstraint(io.undertow.servlet.api.SecurityConstraint) ServletInfo(io.undertow.servlet.api.ServletInfo) AuthMethodConfig(io.undertow.servlet.api.AuthMethodConfig) ServletContainer(io.undertow.servlet.api.ServletContainer) LoginConfig(io.undertow.servlet.api.LoginConfig) SendUsernameServlet(io.undertow.servlet.test.security.SendUsernameServlet) DeploymentInfo(io.undertow.servlet.api.DeploymentInfo) SendAuthTypeServlet(io.undertow.servlet.test.security.SendAuthTypeServlet) BeforeClass(org.junit.BeforeClass)

Example 5 with WebResourceCollection

use of io.undertow.servlet.api.WebResourceCollection in project undertow by undertow-io.

the class ServletClientCertAuthTestCase method setup.

@BeforeClass
public static void setup() throws ServletException, IOException {
    DefaultServer.startSSLServer();
    clientSSLContext = DefaultServer.getClientSSLContext();
    final PathHandler path = new PathHandler();
    final ServletContainer container = ServletContainer.Factory.newInstance();
    ServletInfo usernameServlet = new ServletInfo("Username Servlet", SendUsernameServlet.class).addMapping("/secured/username");
    ServletInfo authTypeServlet = new ServletInfo("Auth Type Servlet", SendAuthTypeServlet.class).addMapping("/secured/authType");
    LoginConfig loginConfig = new LoginConfig(REALM_NAME);
    loginConfig.addFirstAuthMethod(new AuthMethodConfig("CLIENT_CERT"));
    DeploymentInfo builder = new DeploymentInfo().setClassLoader(SimpleServletTestCase.class.getClassLoader()).setContextPath("/servletContext").setClassIntrospecter(TestClassIntrospector.INSTANCE).setDeploymentName("servletContext.war").setIdentityManager(identityManager).setLoginConfig(loginConfig).addServlets(usernameServlet, authTypeServlet);
    builder.addSecurityConstraint(new SecurityConstraint().addWebResourceCollection(new WebResourceCollection().addUrlPattern("/secured/*")).addRoleAllowed("role1").setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.DENY));
    DeploymentManager manager = container.addDeployment(builder);
    manager.deploy();
    path.addPrefixPath(builder.getContextPath(), manager.start());
    DefaultServer.setRootHandler(path);
}
Also used : ServletInfo(io.undertow.servlet.api.ServletInfo) WebResourceCollection(io.undertow.servlet.api.WebResourceCollection) AuthMethodConfig(io.undertow.servlet.api.AuthMethodConfig) DeploymentManager(io.undertow.servlet.api.DeploymentManager) ServletContainer(io.undertow.servlet.api.ServletContainer) LoginConfig(io.undertow.servlet.api.LoginConfig) PathHandler(io.undertow.server.handlers.PathHandler) SendUsernameServlet(io.undertow.servlet.test.security.SendUsernameServlet) DeploymentInfo(io.undertow.servlet.api.DeploymentInfo) SendAuthTypeServlet(io.undertow.servlet.test.security.SendAuthTypeServlet) SimpleServletTestCase(io.undertow.servlet.test.SimpleServletTestCase) SecurityConstraint(io.undertow.servlet.api.SecurityConstraint) BeforeClass(org.junit.BeforeClass)

Aggregations

SecurityConstraint (io.undertow.servlet.api.SecurityConstraint)21 WebResourceCollection (io.undertow.servlet.api.WebResourceCollection)21 DeploymentInfo (io.undertow.servlet.api.DeploymentInfo)18 LoginConfig (io.undertow.servlet.api.LoginConfig)15 ServletInfo (io.undertow.servlet.api.ServletInfo)14 PathHandler (io.undertow.server.handlers.PathHandler)12 ServletContainer (io.undertow.servlet.api.ServletContainer)12 BeforeClass (org.junit.BeforeClass)12 DeploymentManager (io.undertow.servlet.api.DeploymentManager)11 ServletIdentityManager (io.undertow.servlet.test.security.constraint.ServletIdentityManager)8 SimpleServletTestCase (io.undertow.servlet.test.SimpleServletTestCase)7 AuthMethodConfig (io.undertow.servlet.api.AuthMethodConfig)6 ServletSecurityInfo (io.undertow.servlet.api.ServletSecurityInfo)5 HashMap (java.util.HashMap)5 HttpHandler (io.undertow.server.HttpHandler)3 HttpMethodSecurityInfo (io.undertow.servlet.api.HttpMethodSecurityInfo)3 SendAuthTypeServlet (io.undertow.servlet.test.security.SendAuthTypeServlet)3 SendUsernameServlet (io.undertow.servlet.test.security.SendUsernameServlet)3 TestResourceLoader (io.undertow.servlet.test.util.TestResourceLoader)3 WebSocketDeploymentInfo (io.undertow.websockets.jsr.WebSocketDeploymentInfo)3