Example 21 with ServletRequestContext
use of io.undertow.servlet.handlers.ServletRequestContext in project undertow by undertow-io.
the class ServletSecurityConstraintHandler method handleRequest.
@Override
public void handleRequest(final HttpServerExchange exchange) throws Exception {
final String path = exchange.getRelativePath();
SecurityPathMatch securityMatch = securityPathMatches.getSecurityInfo(path, exchange.getRequestMethod().toString());
final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
List<SingleConstraintMatch> list = servletRequestContext.getRequiredConstrains();
if (list == null) {
servletRequestContext.setRequiredConstrains(list = new ArrayList<>());
}
list.add(securityMatch.getMergedConstraint());
TransportGuaranteeType type = servletRequestContext.getTransportGuarenteeType();
if (type == null || type.ordinal() < securityMatch.getTransportGuaranteeType().ordinal()) {
servletRequestContext.setTransportGuarenteeType(securityMatch.getTransportGuaranteeType());
}
UndertowLogger.SECURITY_LOGGER.debugf("Security constraints for request %s are %s", exchange.getRequestURI(), list);
next.handleRequest(exchange);
}
Also used :
SingleConstraintMatch(io.undertow.servlet.api.SingleConstraintMatch)
TransportGuaranteeType(io.undertow.servlet.api.TransportGuaranteeType)
ArrayList(java.util.ArrayList)
ServletRequestContext(io.undertow.servlet.handlers.ServletRequestContext)
Example 22 with ServletRequestContext
use of io.undertow.servlet.handlers.ServletRequestContext in project undertow by undertow-io.
the class ServletSecurityRoleHandler method handleRequest.
@Override
public void handleRequest(final HttpServerExchange exchange) throws Exception {
final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
ServletRequest request = servletRequestContext.getServletRequest();
if (request.getDispatcherType() == DispatcherType.REQUEST) {
List<SingleConstraintMatch> constraints = servletRequestContext.getRequiredConstrains();
SecurityContext sc = exchange.getSecurityContext();
if (!authorizationManager.canAccessResource(constraints, sc.getAuthenticatedAccount(), servletRequestContext.getCurrentServlet().getManagedServlet().getServletInfo(), servletRequestContext.getOriginalRequest(), servletRequestContext.getDeployment())) {
HttpServletResponse response = (HttpServletResponse) servletRequestContext.getServletResponse();
response.sendError(StatusCodes.FORBIDDEN);
return;
}
}
next.handleRequest(exchange);
}
Also used :
ServletRequest(javax.servlet.ServletRequest)
SingleConstraintMatch(io.undertow.servlet.api.SingleConstraintMatch)
SecurityContext(io.undertow.security.api.SecurityContext)
ServletRequestContext(io.undertow.servlet.handlers.ServletRequestContext)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Example 23 with ServletRequestContext
use of io.undertow.servlet.handlers.ServletRequestContext in project undertow by undertow-io.
the class DirectoryPredicate method resolve.
@Override
public boolean resolve(final HttpServerExchange value) {
String location = this.location.readAttribute(value);
ServletRequestContext src = value.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
if (src == null) {
return false;
}
ResourceManager manager = src.getDeployment().getDeploymentInfo().getResourceManager();
if (manager == null) {
return false;
}
try {
Resource resource = manager.getResource(location);
if (resource == null) {
return false;
}
return resource.isDirectory();
} catch (IOException e) {
throw new RuntimeException(e);
}
}
Also used :
Resource(io.undertow.server.handlers.resource.Resource)
ServletRequestContext(io.undertow.servlet.handlers.ServletRequestContext)
ResourceManager(io.undertow.server.handlers.resource.ResourceManager)
IOException(java.io.IOException)
Example 24 with ServletRequestContext
use of io.undertow.servlet.handlers.ServletRequestContext in project undertow by undertow-io.
the class SessionListenerBridge method sessionDestroyed.
@Override
public void sessionDestroyed(final Session session, final HttpServerExchange exchange, final SessionDestroyedReason reason) {
if (reason == SessionDestroyedReason.TIMEOUT) {
try {
//we need to perform thread setup actions
destroyedAction.call(exchange, session);
} catch (Exception e) {
throw new RuntimeException(e);
}
} else {
doDestroy(session);
}
ServletRequestContext current = SecurityActions.currentServletRequestContext();
Session underlying = null;
if (current != null && current.getSession() != null) {
if (System.getSecurityManager() == null) {
underlying = current.getSession().getSession();
} else {
underlying = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(current.getSession()));
}
}
if (current != null && underlying == session) {
current.setSession(null);
}
}
Also used :
ServletRequestContext(io.undertow.servlet.handlers.ServletRequestContext)
ServletException(javax.servlet.ServletException)
Session(io.undertow.server.session.Session)
Example 25 with ServletRequestContext
use of io.undertow.servlet.handlers.ServletRequestContext in project undertow by undertow-io.
the class ServletRelativePathAttribute method readAttribute.
@Override
public String readAttribute(final HttpServerExchange exchange) {
ServletRequestContext src = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
if (src == null) {
return RequestURLAttribute.INSTANCE.readAttribute(exchange);
}
String path = (String) src.getServletRequest().getAttribute(RequestDispatcher.FORWARD_PATH_INFO);
String sp = (String) src.getServletRequest().getAttribute(RequestDispatcher.FORWARD_SERVLET_PATH);
if (path == null && sp == null) {
return RequestURLAttribute.INSTANCE.readAttribute(exchange);
}
if (sp == null) {
return path;
} else if (path == null) {
return sp;
} else {
return sp + path;
}
}
Also used :
ServletRequestContext(io.undertow.servlet.handlers.ServletRequestContext)
Aggregations
ServletRequestContext (io.undertow.servlet.handlers.ServletRequestContext)40
IOException (java.io.IOException)8
Session (io.undertow.server.session.Session)5
HttpSessionImpl (io.undertow.servlet.spec.HttpSessionImpl)5
ServletException (javax.servlet.ServletException)5
SecurityContext (io.undertow.security.api.SecurityContext)4
Account (io.undertow.security.idm.Account)4
HttpServerExchange (io.undertow.server.HttpServerExchange)4
HttpString (io.undertow.util.HttpString)4
ServletRequest (javax.servlet.ServletRequest)4
HttpServletResponse (javax.servlet.http.HttpServletResponse)4
ArrayList (java.util.ArrayList)3
HashMap (java.util.HashMap)3
Subject (javax.security.auth.Subject)3
GenericMessageInfo (org.jboss.security.auth.message.GenericMessageInfo)3
AuthenticatedSessionManager (io.undertow.security.api.AuthenticatedSessionManager)2
Resource (io.undertow.server.handlers.resource.Resource)2
ResourceManager (io.undertow.server.handlers.resource.ResourceManager)2
AuthorizationManager (io.undertow.servlet.api.AuthorizationManager)2
SingleConstraintMatch (io.undertow.servlet.api.SingleConstraintMatch)2
