use of io.undertow.servlet.api.WebResourceCollection in project indy by Commonjava.
the class KeycloakDeploymentProvider method getDeploymentInfo.
@Override
public DeploymentInfo getDeploymentInfo(String contextRoot, Application application) {
logger.debug("Keycloak deployment provider triggered.");
final DeploymentInfo di = new DeploymentInfo();
if (config.isEnabled()) {
di.addAuthenticationMechanism(BASIC_LOGIN_MECHANISM, new ImmediateAuthenticationMechanismFactory(basicAuthInjector));
logger.debug("Adding keycloak security constraints");
final SecurityConstraint ui = new SecurityConstraint();
ui.setEmptyRoleSemantic(EmptyRoleSemantic.PERMIT);
final WebResourceCollection uiCollection = new WebResourceCollection();
uiCollection.addUrlPatterns(UIServlet.PATHS);
uiCollection.addHttpMethods(UIServlet.METHODS);
ui.addWebResourceCollection(uiCollection);
di.addSecurityConstraint(ui);
for (final KeycloakSecurityConstraint constraint : bindings.getConstraints()) {
final SecurityConstraint sc = new SecurityConstraint();
sc.setEmptyRoleSemantic(EmptyRoleSemantic.PERMIT);
final WebResourceCollection collection = new WebResourceCollection();
collection.addUrlPattern(constraint.getUrlPattern());
logger.debug("new constraint>>> URL pattern: {}", constraint.getUrlPattern());
if (constraint.getMethods() != null) {
logger.debug("methods: {}", constraint.getMethods());
collection.addHttpMethods(constraint.getMethods());
}
sc.addWebResourceCollection(collection);
if (constraint.getRole() != null) {
logger.debug("role: {}", constraint.getRole());
sc.addRoleAllowed(constraint.getRole());
}
logger.debug("Keycloak Security Constraint: {}", sc);
di.addSecurityConstraint(sc);
}
logger.debug("Using keycloak.json: {} (exists? {})", config.getKeycloakJson(), new File(config.getKeycloakJson()).exists());
di.addInitParameter(KEYCLOAK_CONFIG_FILE_PARAM, config.getKeycloakJson());
logger.debug("login realm: {}", config.getRealm());
final LoginConfig loginConfig = new LoginConfig(KEYCLOAK_LOGIN_MECHANISM, config.getRealm());
loginConfig.addFirstAuthMethod(BASIC_LOGIN_MECHANISM);
di.setLoginConfig(loginConfig);
}
return di;
}
use of io.undertow.servlet.api.WebResourceCollection in project undertow by undertow-io.
the class DeploymentManagerImpl method buildSecurityConstraints.
private SecurityPathMatches buildSecurityConstraints() {
SecurityPathMatches.Builder builder = SecurityPathMatches.builder(deployment.getDeploymentInfo());
final Set<String> urlPatterns = new HashSet<>();
for (SecurityConstraint constraint : deployment.getDeploymentInfo().getSecurityConstraints()) {
builder.addSecurityConstraint(constraint);
for (WebResourceCollection webResources : constraint.getWebResourceCollections()) {
urlPatterns.addAll(webResources.getUrlPatterns());
}
}
for (final ServletInfo servlet : deployment.getDeploymentInfo().getServlets().values()) {
final ServletSecurityInfo securityInfo = servlet.getServletSecurityInfo();
if (securityInfo != null) {
final Set<String> mappings = new HashSet<>(servlet.getMappings());
mappings.removeAll(urlPatterns);
if (!mappings.isEmpty()) {
final Set<String> methods = new HashSet<>();
for (HttpMethodSecurityInfo method : securityInfo.getHttpMethodSecurityInfo()) {
methods.add(method.getMethod());
if (method.getRolesAllowed().isEmpty() && method.getEmptyRoleSemantic() == EmptyRoleSemantic.PERMIT) {
// this is an implict allow
continue;
}
SecurityConstraint newConstraint = new SecurityConstraint().addRolesAllowed(method.getRolesAllowed()).setTransportGuaranteeType(method.getTransportGuaranteeType()).addWebResourceCollection(new WebResourceCollection().addUrlPatterns(mappings).addHttpMethod(method.getMethod()));
builder.addSecurityConstraint(newConstraint);
}
// now add the constraint, unless it has all default values and method constrains where specified
if (!securityInfo.getRolesAllowed().isEmpty() || securityInfo.getEmptyRoleSemantic() != EmptyRoleSemantic.PERMIT || methods.isEmpty()) {
SecurityConstraint newConstraint = new SecurityConstraint().setEmptyRoleSemantic(securityInfo.getEmptyRoleSemantic()).addRolesAllowed(securityInfo.getRolesAllowed()).setTransportGuaranteeType(securityInfo.getTransportGuaranteeType()).addWebResourceCollection(new WebResourceCollection().addUrlPatterns(mappings).addHttpMethodOmissions(methods));
builder.addSecurityConstraint(newConstraint);
}
}
}
}
return builder.build();
}
use of io.undertow.servlet.api.WebResourceCollection in project undertow by undertow-io.
the class ConfidentialityConstraintUrlMappingTestCase method setup.
@BeforeClass
public static void setup() throws Exception {
DefaultServer.startSSLServer();
final PathHandler root = new PathHandler();
final ServletContainer container = ServletContainer.Factory.newInstance();
ServletInfo s = new ServletInfo("servlet", SendSchemeServlet.class).addMapping("/clear").addMapping("/integral").addMapping("/confidential");
DeploymentInfo info = new DeploymentInfo().setClassLoader(SimpleServletTestCase.class.getClassLoader()).setContextPath("/servletContext").setClassIntrospecter(TestClassIntrospector.INSTANCE).setDeploymentName("servletContext.war").setConfidentialPortManager(TestConfidentialPortManager.INSTANCE).addServlet(s);
info.addSecurityConstraint(new SecurityConstraint().addWebResourceCollection(new WebResourceCollection().addUrlPattern("/integral")).setTransportGuaranteeType(TransportGuaranteeType.INTEGRAL).setEmptyRoleSemantic(EmptyRoleSemantic.PERMIT));
info.addSecurityConstraint(new SecurityConstraint().addWebResourceCollection(new WebResourceCollection().addUrlPattern("/confidential")).setTransportGuaranteeType(TransportGuaranteeType.CONFIDENTIAL).setEmptyRoleSemantic(EmptyRoleSemantic.PERMIT));
DeploymentManager manager = container.addDeployment(info);
manager.deploy();
root.addPrefixPath(info.getContextPath(), manager.start());
DefaultServer.setRootHandler(root);
}
use of io.undertow.servlet.api.WebResourceCollection in project undertow by undertow-io.
the class ServletBasicAuthTestCase method setup.
@BeforeClass
public static void setup() throws ServletException {
final PathHandler path = new PathHandler();
final ServletContainer container = ServletContainer.Factory.newInstance();
ServletInfo usernameServlet = new ServletInfo("Username Servlet", SendUsernameServlet.class).addMapping("/secured/username");
ServletInfo authTypeServlet = new ServletInfo("Auth Type Servlet", SendAuthTypeServlet.class).addMapping("/secured/authType");
ServletIdentityManager identityManager = new ServletIdentityManager();
identityManager.addUser("user1", "password1", "role1");
identityManager.addUser("charsetUser", "password-ΓΌ", "role1");
LoginConfig loginConfig = new LoginConfig(REALM_NAME);
Map<String, String> props = new HashMap<>();
props.put("charset", "ISO_8859_1");
props.put("user-agent-charsets", "Chrome,UTF-8,OPR,UTF-8");
loginConfig.addFirstAuthMethod(new AuthMethodConfig("BASIC", props));
DeploymentInfo builder = new DeploymentInfo().setClassLoader(SimpleServletTestCase.class.getClassLoader()).setContextPath("/servletContext").setClassIntrospecter(TestClassIntrospector.INSTANCE).setDeploymentName("servletContext.war").setIdentityManager(identityManager).setLoginConfig(loginConfig).addServlets(usernameServlet, authTypeServlet);
builder.addSecurityConstraint(new SecurityConstraint().addWebResourceCollection(new WebResourceCollection().addUrlPattern("/secured/*")).addRoleAllowed("role1").setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.DENY));
DeploymentManager manager = container.addDeployment(builder);
manager.deploy();
path.addPrefixPath(builder.getContextPath(), manager.start());
DefaultServer.setRootHandler(path);
}
use of io.undertow.servlet.api.WebResourceCollection in project undertow by undertow-io.
the class ServletClientCertAuthTestCase method setup.
@BeforeClass
public static void setup() throws ServletException, IOException {
DefaultServer.startSSLServer();
clientSSLContext = DefaultServer.getClientSSLContext();
final PathHandler path = new PathHandler();
final ServletContainer container = ServletContainer.Factory.newInstance();
ServletInfo usernameServlet = new ServletInfo("Username Servlet", SendUsernameServlet.class).addMapping("/secured/username");
ServletInfo authTypeServlet = new ServletInfo("Auth Type Servlet", SendAuthTypeServlet.class).addMapping("/secured/authType");
LoginConfig loginConfig = new LoginConfig(REALM_NAME);
loginConfig.addFirstAuthMethod(new AuthMethodConfig("CLIENT_CERT"));
DeploymentInfo builder = new DeploymentInfo().setClassLoader(SimpleServletTestCase.class.getClassLoader()).setContextPath("/servletContext").setClassIntrospecter(TestClassIntrospector.INSTANCE).setDeploymentName("servletContext.war").setIdentityManager(identityManager).setLoginConfig(loginConfig).addServlets(usernameServlet, authTypeServlet);
builder.addSecurityConstraint(new SecurityConstraint().addWebResourceCollection(new WebResourceCollection().addUrlPattern("/secured/*")).addRoleAllowed("role1").setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.DENY));
DeploymentManager manager = container.addDeployment(builder);
manager.deploy();
path.addPrefixPath(builder.getContextPath(), manager.start());
DefaultServer.setRootHandler(path);
}
Aggregations