use of io.undertow.servlet.api.WebResourceCollection in project undertow by undertow-io.
the class ServletContextRolesTestCase method setup.
@BeforeClass
public static void setup() throws ServletException {
final PathHandler root = new PathHandler();
final ServletContainer container = ServletContainer.Factory.newInstance();
final ServletIdentityManager identityManager = new ServletIdentityManager();
identityManager.addUser("user1", "password1", "unspecified-role");
LoginConfig loginConfig = new LoginConfig(REALM_NAME);
Map<String, String> props = new HashMap<>();
props.put("charset", "ISO_8859_1");
props.put("user-agent-charsets", "Chrome,UTF-8,OPR,UTF-8");
loginConfig.addFirstAuthMethod(new AuthMethodConfig("BASIC", props));
DeploymentInfo builder = new DeploymentInfo().setClassLoader(ServletContextRolesTestCase.class.getClassLoader()).setContextPath("/servletContext").setClassIntrospecter(TestClassIntrospector.INSTANCE).setDeploymentName("servletContext.war").addServlet(new ServletInfo("servlet", CheckRolesServlet.class).addMapping("/aa")).addListener(new ListenerInfo(DeclareRolesServletContextListener.class)).setIdentityManager(identityManager).setLoginConfig(loginConfig);
builder.addPrincipalVsRoleMappings("user1", DeclareRolesServletContextListener.ROLES);
builder.addSecurityConstraint(new SecurityConstraint().addWebResourceCollection(new WebResourceCollection().addUrlPattern("/*")).addRolesAllowed(DeclareRolesServletContextListener.ROLES).setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.DENY));
manager = container.addDeployment(builder);
manager.deploy();
root.addPrefixPath(builder.getContextPath(), manager.start());
DefaultServer.setRootHandler(root);
}
use of io.undertow.servlet.api.WebResourceCollection in project undertow by undertow-io.
the class SecurityRedirectTestCase method setup.
@BeforeClass
public static void setup() throws ServletException {
final PathHandler root = new PathHandler();
final ServletContainer container = ServletContainer.Factory.newInstance();
ServletIdentityManager identityManager = new ServletIdentityManager();
identityManager.addUser("user1", "password1", "role1");
DeploymentInfo builder = new DeploymentInfo().setClassIntrospecter(TestClassIntrospector.INSTANCE).setClassLoader(ServletPathMappingTestCase.class.getClassLoader()).setContextPath("/servletContext").setDeploymentName("servletContext.war").setResourceManager(new TestResourceLoader(SecurityRedirectTestCase.class)).addWelcomePages("index.html").setIdentityManager(identityManager).setLoginConfig(new LoginConfig("BASIC", "Test Realm")).addSecurityConstraint(new SecurityConstraint().addRoleAllowed("role1").addWebResourceCollection(new WebResourceCollection().addUrlPatterns("/index.html", "/filterpath/*")));
DeploymentManager manager = container.addDeployment(builder);
manager.deploy();
root.addPrefixPath(builder.getContextPath(), manager.start());
DefaultServer.setRootHandler(root);
}
use of io.undertow.servlet.api.WebResourceCollection in project undertow by undertow-io.
the class WelcomeFileSecurityTestCase method setup.
@BeforeClass
public static void setup() throws ServletException {
final PathHandler root = new PathHandler();
final ServletContainer container = ServletContainer.Factory.newInstance();
ServletIdentityManager identityManager = new ServletIdentityManager();
identityManager.addUser("user1", "password1", "role1");
DeploymentInfo builder = new DeploymentInfo().setClassIntrospecter(TestClassIntrospector.INSTANCE).setClassLoader(ServletPathMappingTestCase.class.getClassLoader()).setContextPath("/servletContext").setDeploymentName("servletContext.war").setResourceManager(new TestResourceLoader(WelcomeFileSecurityTestCase.class)).addWelcomePages("doesnotexist.html", "index.html", "default").setIdentityManager(identityManager).setLoginConfig(new LoginConfig("BASIC", "Test Realm")).addServlet(new ServletInfo("DefaultTestServlet", PathTestServlet.class).setServletSecurityInfo(new ServletSecurityInfo().addRoleAllowed("role1")).addMapping("/path/default")).addSecurityConstraint(new SecurityConstraint().addRoleAllowed("role1").addWebResourceCollection(new WebResourceCollection().addUrlPattern("/index.html")));
DeploymentManager manager = container.addDeployment(builder);
manager.deploy();
root.addPrefixPath(builder.getContextPath(), manager.start());
DefaultServer.setRootHandler(root);
}
use of io.undertow.servlet.api.WebResourceCollection in project undertow by undertow-io.
the class ServletRegistrationImpl method setServletSecurity.
@Override
public Set<String> setServletSecurity(final ServletSecurityElement constraint) {
if (constraint == null) {
throw UndertowMessages.MESSAGES.argumentCannotBeNull("constraint");
}
DeploymentInfo deploymentInfo = deployment.getDeploymentInfo();
// this is not super efficient, but it does not really matter
final Set<String> urlPatterns = new HashSet<>();
for (SecurityConstraint sc : deploymentInfo.getSecurityConstraints()) {
for (WebResourceCollection webResources : sc.getWebResourceCollections()) {
urlPatterns.addAll(webResources.getUrlPatterns());
}
}
final Set<String> ret = new HashSet<>();
for (String url : servletInfo.getMappings()) {
if (urlPatterns.contains(url)) {
ret.add(url);
}
}
ServletSecurityInfo info = new ServletSecurityInfo();
servletInfo.setServletSecurityInfo(info);
info.setTransportGuaranteeType(constraint.getTransportGuarantee() == CONFIDENTIAL ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE).setEmptyRoleSemantic(emptyRoleSemantic(constraint.getEmptyRoleSemantic())).addRolesAllowed(constraint.getRolesAllowed());
for (final HttpMethodConstraintElement methodConstraint : constraint.getHttpMethodConstraints()) {
info.addHttpMethodSecurityInfo(new HttpMethodSecurityInfo().setTransportGuaranteeType(methodConstraint.getTransportGuarantee() == CONFIDENTIAL ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE).setMethod(methodConstraint.getMethodName()).setEmptyRoleSemantic(emptyRoleSemantic(methodConstraint.getEmptyRoleSemantic())).addRolesAllowed(methodConstraint.getRolesAllowed()));
}
return ret;
}
use of io.undertow.servlet.api.WebResourceCollection in project keycloak by keycloak.
the class SamlServletExtension method addEndpointConstraint.
/**
* add security constraint to /saml so that the endpoint can be called and auth mechanism pinged.
* @param deploymentInfo
*/
protected void addEndpointConstraint(DeploymentInfo deploymentInfo) {
SecurityConstraint constraint = new SecurityConstraint();
WebResourceCollection collection = new WebResourceCollection();
collection.addUrlPattern("/saml");
constraint.addWebResourceCollection(collection);
deploymentInfo.addSecurityConstraint(constraint);
}
Aggregations