Search in sources :

Example 1 with WebResourcePermission

use of javax.security.jacc.WebResourcePermission in project Payara by payara.

the class MapValue method handleNoAuth.

static void handleNoAuth(Permissions collection, MapValue m, String name) {
    String actions = null;
    BitSet noAuthMethods = m.getNoAuthMethods();
    if (!m.otherConstraint.isAuthConstrained()) {
        BitSet methods = m.getMethodSet();
        methods.andNot(noAuthMethods);
        if (!methods.isEmpty()) {
            actions = "!" + MethodValue.getActions(methods);
        }
    } else if (!noAuthMethods.isEmpty()) {
        actions = MethodValue.getActions(noAuthMethods);
    } else {
        return;
    }
    collection.add(new WebResourcePermission(name, actions));
    if (logger.isLoggable(Level.FINE)) {
        logger.log(Level.FINE, "JACC: constraint capture: adding unchecked (for authorization) methods: " + actions);
    }
}
Also used : WebResourcePermission(javax.security.jacc.WebResourcePermission)

Example 2 with WebResourcePermission

use of javax.security.jacc.WebResourcePermission in project Payara by payara.

the class MapValue method processConstraints.

public static void processConstraints(WebBundleDescriptor wbd, PolicyConfiguration pc) throws javax.security.jacc.PolicyContextException {
    if (logger.isLoggable(Level.FINE)) {
        logger.entering("WebPermissionUtil", "processConstraints");
        logger.log(Level.FINE, "JACC: constraint translation: CODEBASE = " + pc.getContextID());
    }
    HashMap qpMap = parseConstraints(wbd);
    HashMap<String, Permissions> roleMap = new HashMap<String, Permissions>();
    Permissions excluded = new Permissions();
    Permissions unchecked = new Permissions();
    boolean deny = wbd.isDenyUncoveredHttpMethods();
    if (logger.isLoggable(Level.FINE)) {
        logger.log(Level.FINE, "JACC: constraint capture: begin processing qualified url patterns" + " - uncovered http methods will be " + (deny ? "denied" : "permitted"));
    }
    // for each urlPatternSpec in the map
    Iterator it = qpMap.values().iterator();
    while (it.hasNext()) {
        MapValue m = (MapValue) it.next();
        if (!m.irrelevantByQualifier) {
            String name = m.urlPatternSpec.toString();
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, "JACC: constraint capture: urlPattern: " + name);
            }
            // handle Uncovered Methods
            m.handleUncoveredMethods(deny);
            // handle excluded methods
            handleExcluded(excluded, m, name);
            // handle methods requiring role
            handleRoles(roleMap, m, name);
            // handle methods that are not auth constrained
            handleNoAuth(unchecked, m, name);
            // handle transport constraints
            handleConnections(unchecked, m, name);
        }
    }
    if (logger.isLoggable(Level.FINE)) {
        logger.log(Level.FINE, "JACC: constraint capture: end processing qualified url patterns");
        Enumeration e = excluded.elements();
        while (e.hasMoreElements()) {
            Permission p = (Permission) e.nextElement();
            String ptype = (p instanceof WebResourcePermission) ? "WRP  " : "WUDP ";
            logger.log(Level.FINE, "JACC: permission(excluded) type: " + ptype + " name: " + p.getName() + " actions: " + p.getActions());
        }
        e = unchecked.elements();
        while (e.hasMoreElements()) {
            Permission p = (Permission) e.nextElement();
            String ptype = (p instanceof WebResourcePermission) ? "WRP  " : "WUDP ";
            logger.log(Level.FINE, "JACC: permission(unchecked) type: " + ptype + " name: " + p.getName() + " actions: " + p.getActions());
        }
    }
    pc.addToExcludedPolicy(excluded);
    pc.addToUncheckedPolicy(unchecked);
    for (Map.Entry<String, Permissions> rVal : roleMap.entrySet()) {
        String role = rVal.getKey();
        Permissions pCollection = rVal.getValue();
        pc.addToRole(role, pCollection);
        if (logger.isLoggable(Level.FINE)) {
            Enumeration e = pCollection.elements();
            while (e.hasMoreElements()) {
                Permission p = (Permission) e.nextElement();
                String ptype = (p instanceof WebResourcePermission) ? "WRP  " : "WUDP ";
                logger.log(Level.FINE, "JACC: permission(" + role + ") type: " + ptype + " name: " + p.getName() + " actions: " + p.getActions());
            }
        }
    }
    if (logger.isLoggable(Level.FINE)) {
        logger.exiting("WebPermissionUtil", "processConstraints");
    }
}
Also used : WebResourcePermission(javax.security.jacc.WebResourcePermission) Permissions(java.security.Permissions) WebRoleRefPermission(javax.security.jacc.WebRoleRefPermission) WebUserDataPermission(javax.security.jacc.WebUserDataPermission) Permission(java.security.Permission) WebResourcePermission(javax.security.jacc.WebResourcePermission)

Example 3 with WebResourcePermission

use of javax.security.jacc.WebResourcePermission in project Payara by payara.

the class MapValue method handleExcluded.

static void handleExcluded(Permissions collection, MapValue m, String name) {
    String actions = null;
    BitSet excludedMethods = m.getExcludedMethods();
    if (m.otherConstraint.isExcluded()) {
        BitSet methods = m.getMethodSet();
        methods.andNot(excludedMethods);
        if (!methods.isEmpty()) {
            actions = "!" + MethodValue.getActions(methods);
        }
    } else if (!excludedMethods.isEmpty()) {
        actions = MethodValue.getActions(excludedMethods);
    } else {
        return;
    }
    collection.add(new WebResourcePermission(name, actions));
    collection.add(new WebUserDataPermission(name, actions));
    if (logger.isLoggable(Level.FINE)) {
        logger.log(Level.FINE, "JACC: constraint capture: adding excluded methods: " + actions);
    }
}
Also used : WebResourcePermission(javax.security.jacc.WebResourcePermission) WebUserDataPermission(javax.security.jacc.WebUserDataPermission)

Example 4 with WebResourcePermission

use of javax.security.jacc.WebResourcePermission in project wildfly by wildfly.

the class WarJACCService method createPermissions.

/**
 * {@inheritDoc}
 */
@Override
public void createPermissions(WarMetaData metaData, PolicyConfiguration pc) throws PolicyContextException {
    JBossWebMetaData jbossWebMetaData = metaData.getMergedJBossWebMetaData();
    HashMap<String, PatternInfo> patternMap = qualifyURLPatterns(jbossWebMetaData);
    List<SecurityConstraintMetaData> secConstraints = jbossWebMetaData.getSecurityConstraints();
    if (secConstraints != null) {
        for (SecurityConstraintMetaData secConstraint : secConstraints) {
            WebResourceCollectionsMetaData resourceCollectionsMetaData = secConstraint.getResourceCollections();
            UserDataConstraintMetaData userDataConstraintMetaData = secConstraint.getUserDataConstraint();
            if (resourceCollectionsMetaData != null) {
                if (secConstraint.isExcluded() || secConstraint.isUnchecked()) {
                    // Process the permissions for the excluded/unchecked resources
                    for (WebResourceCollectionMetaData resourceCollectionMetaData : resourceCollectionsMetaData) {
                        List<String> httpMethods = new ArrayList<>(resourceCollectionMetaData.getHttpMethods());
                        List<String> ommisions = resourceCollectionMetaData.getHttpMethodOmissions();
                        if (httpMethods.isEmpty() && !ommisions.isEmpty()) {
                            httpMethods.addAll(WebResourceCollectionMetaData.ALL_HTTP_METHODS);
                            httpMethods.removeAll(ommisions);
                        }
                        List<String> urlPatterns = resourceCollectionMetaData.getUrlPatterns();
                        for (String urlPattern : urlPatterns) {
                            PatternInfo info = patternMap.get(urlPattern);
                            info.descriptor = true;
                            // Add the excluded methods
                            if (secConstraint.isExcluded()) {
                                info.addExcludedMethods(httpMethods);
                            }
                            // SECURITY-63: Missing auth-constraint needs unchecked policy
                            if (secConstraint.isUnchecked() && httpMethods.isEmpty()) {
                                info.isMissingAuthConstraint = true;
                            } else {
                                info.missingAuthConstraintMethods.addAll(httpMethods);
                            }
                        }
                    }
                } else {
                    // Process the permission for the resources x roles
                    for (WebResourceCollectionMetaData resourceCollectionMetaData : resourceCollectionsMetaData) {
                        List<String> httpMethods = new ArrayList<>(resourceCollectionMetaData.getHttpMethods());
                        List<String> methodOmissions = resourceCollectionMetaData.getHttpMethodOmissions();
                        if (httpMethods.isEmpty() && !methodOmissions.isEmpty()) {
                            httpMethods.addAll(WebResourceCollectionMetaData.ALL_HTTP_METHODS);
                            httpMethods.removeAll(methodOmissions);
                        }
                        List<String> urlPatterns = resourceCollectionMetaData.getUrlPatterns();
                        for (String urlPattern : urlPatterns) {
                            // Get the qualified url pattern
                            PatternInfo info = patternMap.get(urlPattern);
                            info.descriptor = true;
                            HashSet<String> mappedRoles = new HashSet<String>();
                            secConstraint.getAuthConstraint().getRoleNames();
                            List<String> authRoles = secConstraint.getAuthConstraint().getRoleNames();
                            for (String role : authRoles) {
                                if ("*".equals(role)) {
                                    // The wildcard ref maps to all declared security-role names
                                    mappedRoles.addAll(jbossWebMetaData.getSecurityRoleNames());
                                } else {
                                    mappedRoles.add(role);
                                }
                            }
                            info.addRoles(mappedRoles, httpMethods);
                            // Add the transport to methods
                            if (userDataConstraintMetaData != null && userDataConstraintMetaData.getTransportGuarantee() != null)
                                info.addTransport(userDataConstraintMetaData.getTransportGuarantee().name(), httpMethods);
                        }
                    }
                }
            }
        }
    }
    JBossServletsMetaData servlets = jbossWebMetaData.getServlets();
    List<ServletMappingMetaData> mappings = jbossWebMetaData.getServletMappings();
    if (servlets != null && mappings != null) {
        Map<String, List<String>> servletMappingMap = new HashMap<>();
        for (ServletMappingMetaData mapping : mappings) {
            List<String> list = servletMappingMap.get(mapping.getServletName());
            if (list == null) {
                servletMappingMap.put(mapping.getServletName(), list = new ArrayList<>());
            }
            list.addAll(mapping.getUrlPatterns());
        }
        if (!jbossWebMetaData.isMetadataComplete()) {
            for (JBossServletMetaData servlet : servlets) {
                ServletSecurityMetaData security = servlet.getServletSecurity();
                if (security != null) {
                    List<String> servletMappings = servletMappingMap.get(servlet.getServletName());
                    if (servletMappings != null) {
                        if (security.getHttpMethodConstraints() != null) {
                            for (HttpMethodConstraintMetaData s : security.getHttpMethodConstraints()) {
                                if (s.getRolesAllowed() == null || s.getRolesAllowed().isEmpty()) {
                                    for (String urlPattern : servletMappings) {
                                        // Get the qualified url pattern
                                        PatternInfo info = patternMap.get(urlPattern);
                                        if (info.descriptor) {
                                            continue;
                                        }
                                        // Add the excluded methods
                                        if (s.getEmptyRoleSemantic() == null || s.getEmptyRoleSemantic() == EmptyRoleSemanticType.PERMIT) {
                                            info.missingAuthConstraintMethods.add(s.getMethod());
                                        } else {
                                            info.addExcludedMethods(Collections.singletonList(s.getMethod()));
                                        }
                                        // Add the transport to methods
                                        if (s.getTransportGuarantee() != null)
                                            info.addTransport(s.getTransportGuarantee().name(), Collections.singletonList(s.getMethod()));
                                    }
                                } else {
                                    for (String urlPattern : servletMappings) {
                                        // Get the qualified url pattern
                                        PatternInfo info = patternMap.get(urlPattern);
                                        if (info.descriptor) {
                                            continue;
                                        }
                                        HashSet<String> mappedRoles = new HashSet<String>();
                                        List<String> authRoles = s.getRolesAllowed();
                                        for (String role : authRoles) {
                                            if ("*".equals(role)) {
                                                // The wildcard ref maps to all declared security-role names
                                                mappedRoles.addAll(jbossWebMetaData.getSecurityRoleNames());
                                            } else {
                                                mappedRoles.add(role);
                                            }
                                        }
                                        info.addRoles(mappedRoles, Collections.singletonList(s.getMethod()));
                                        // Add the transport to methods
                                        if (s.getTransportGuarantee() != null)
                                            info.addTransport(s.getTransportGuarantee().name(), Collections.singletonList(s.getMethod()));
                                    }
                                }
                            }
                        }
                        if (security.getRolesAllowed() == null || security.getRolesAllowed().isEmpty()) {
                            for (String urlPattern : servletMappings) {
                                // Get the qualified url pattern
                                PatternInfo info = patternMap.get(urlPattern);
                                if (info.descriptor) {
                                    continue;
                                }
                                // Add the excluded methods
                                if (security.getEmptyRoleSemantic() == null || security.getEmptyRoleSemantic() == EmptyRoleSemanticType.PERMIT) {
                                    info.isMissingAuthConstraint = true;
                                } else {
                                    Set<String> methods = new HashSet<>(WebResourceCollectionMetaData.ALL_HTTP_METHODS);
                                    if (security.getHttpMethodConstraints() != null) {
                                        for (HttpMethodConstraintMetaData method : security.getHttpMethodConstraints()) {
                                            methods.remove(method.getMethod());
                                        }
                                    }
                                    info.addExcludedMethods(new ArrayList<>(methods));
                                }
                                // Add the transport to methods
                                if (security.getTransportGuarantee() != null)
                                    info.addTransport(security.getTransportGuarantee().name(), Collections.emptyList());
                            }
                        } else {
                            for (String urlPattern : servletMappings) {
                                // Get the qualified url pattern
                                PatternInfo info = patternMap.get(urlPattern);
                                if (info.descriptor) {
                                    continue;
                                }
                                HashSet<String> mappedRoles = new HashSet<String>();
                                List<String> authRoles = security.getRolesAllowed();
                                for (String role : authRoles) {
                                    if ("*".equals(role)) {
                                        // The wildcard ref maps to all declared security-role names
                                        mappedRoles.addAll(jbossWebMetaData.getSecurityRoleNames());
                                    } else {
                                        mappedRoles.add(role);
                                    }
                                }
                                info.addRoles(mappedRoles, Collections.emptyList());
                                // Add the transport to methods
                                if (security.getTransportGuarantee() != null)
                                    info.addTransport(security.getTransportGuarantee().name(), Collections.emptyList());
                            }
                        }
                    }
                }
            }
        }
    }
    // Create the permissions
    for (PatternInfo info : patternMap.values()) {
        String qurl = info.getQualifiedPattern();
        if (info.isOverridden) {
            continue;
        }
        // Create the excluded permissions
        String[] httpMethods = info.getExcludedMethods();
        if (httpMethods != null) {
            // There were excluded security-constraints
            WebResourcePermission wrp = new WebResourcePermission(qurl, httpMethods);
            WebUserDataPermission wudp = new WebUserDataPermission(qurl, httpMethods, null);
            pc.addToExcludedPolicy(wrp);
            pc.addToExcludedPolicy(wudp);
        }
        // Create the role permissions
        Iterator<Map.Entry<String, Set<String>>> roles = info.getRoleMethods();
        Set<String> seenMethods = new HashSet<>();
        while (roles.hasNext()) {
            Map.Entry<String, Set<String>> roleMethods = roles.next();
            String role = roleMethods.getKey();
            Set<String> methods = roleMethods.getValue();
            seenMethods.addAll(methods);
            httpMethods = methods.toArray(new String[methods.size()]);
            pc.addToRole(role, new WebResourcePermission(qurl, httpMethods));
        }
        // there are totally 7 http methods from the jacc spec (See WebResourceCollectionMetaData.ALL_HTTP_METHOD_NAMES)
        final int NUMBER_OF_HTTP_METHODS = 7;
        // JACC 1.1: create !(httpmethods) in unchecked perms
        if (jbossWebMetaData.getDenyUncoveredHttpMethods() == null && seenMethods.size() != NUMBER_OF_HTTP_METHODS) {
            WebResourcePermission wrpUnchecked = seenMethods.isEmpty() ? new WebResourcePermission(qurl, (String) null) : new WebResourcePermission(qurl, "!" + getCommaSeparatedString(seenMethods.toArray(new String[seenMethods.size()])));
            pc.addToUncheckedPolicy(wrpUnchecked);
        }
        if (jbossWebMetaData.getDenyUncoveredHttpMethods() == null) {
            // Create the unchecked permissions
            String[] missingHttpMethods = info.getMissingMethods();
            int length = missingHttpMethods.length;
            roles = info.getRoleMethods();
            if (length > 0 && !roles.hasNext()) {
                // Create the unchecked permissions WebResourcePermissions
                WebResourcePermission wrp = new WebResourcePermission(qurl, missingHttpMethods);
                pc.addToUncheckedPolicy(wrp);
            } else if (!roles.hasNext()) {
                pc.addToUncheckedPolicy(new WebResourcePermission(qurl, (String) null));
            }
            // SECURITY-63: Missing auth-constraint needs unchecked policy
            if (info.isMissingAuthConstraint) {
                pc.addToUncheckedPolicy(new WebResourcePermission(qurl, (String) null));
            } else if (!info.allMethods.containsAll(WebResourceCollectionMetaData.ALL_HTTP_METHODS)) {
                List<String> methods = new ArrayList<>(WebResourceCollectionMetaData.ALL_HTTP_METHODS);
                methods.removeAll(info.allMethods);
                pc.addToUncheckedPolicy(new WebResourcePermission(qurl, methods.toArray(new String[methods.size()])));
            }
            if (!info.missingAuthConstraintMethods.isEmpty()) {
                pc.addToUncheckedPolicy(new WebResourcePermission(qurl, info.missingAuthConstraintMethods.toArray(new String[info.missingAuthConstraintMethods.size()])));
            }
        }
        // Create the unchecked permissions WebUserDataPermissions
        Iterator<Map.Entry<String, Set<String>>> transportConstraints = info.getTransportMethods();
        while (transportConstraints.hasNext()) {
            Map.Entry<String, Set<String>> transportMethods = transportConstraints.next();
            String transport = transportMethods.getKey();
            Set<String> methods = transportMethods.getValue();
            httpMethods = new String[methods.size()];
            methods.toArray(httpMethods);
            WebUserDataPermission wudp = new WebUserDataPermission(qurl, httpMethods, transport);
            pc.addToUncheckedPolicy(wudp);
            // with the url pattern and null
            if ("NONE".equals(transport)) {
                WebUserDataPermission wudp1 = new WebUserDataPermission(qurl, null);
                pc.addToUncheckedPolicy(wudp1);
            } else {
                // JACC 1.1: Transport is CONFIDENTIAL/INTEGRAL, add a !(http methods)
                WebUserDataPermission wudpNonNull = new WebUserDataPermission(qurl, "!" + getCommaSeparatedString(httpMethods));
                pc.addToUncheckedPolicy(wudpNonNull);
            }
        }
    }
    Set<String> declaredRoles = jbossWebMetaData.getSecurityRoleNames();
    declaredRoles.add(ANY_AUTHENTICATED_USER_ROLE);
    /*
         * Create WebRoleRefPermissions for all servlet/security-role-refs along with all the cross product of servlets and
         * security-role elements that are not referenced via a security-role-ref as described in JACC section 3.1.3.2
         */
    JBossServletsMetaData servletsMetaData = jbossWebMetaData.getServlets();
    for (JBossServletMetaData servletMetaData : servletsMetaData) {
        Set<String> unrefRoles = new HashSet<String>(declaredRoles);
        String servletName = servletMetaData.getName();
        SecurityRoleRefsMetaData roleRefsMetaData = servletMetaData.getSecurityRoleRefs();
        // Perform the unreferenced roles processing for every servlet name
        if (roleRefsMetaData != null) {
            for (SecurityRoleRefMetaData roleRefMetaData : roleRefsMetaData) {
                String roleRef = roleRefMetaData.getRoleLink();
                String roleName = roleRefMetaData.getRoleName();
                WebRoleRefPermission wrrp = new WebRoleRefPermission(servletName, roleName);
                pc.addToRole(roleRef, wrrp);
                // Remove the role from the unreferencedRoles
                unrefRoles.remove(roleName);
            }
        }
        // in a security-role-ref within the servlet element.
        for (String unrefRole : unrefRoles) {
            WebRoleRefPermission unrefP = new WebRoleRefPermission(servletName, unrefRole);
            pc.addToRole(unrefRole, unrefP);
        }
    }
    // such permission must be the role-name of the corresponding role.
    for (String role : declaredRoles) {
        WebRoleRefPermission wrrep = new WebRoleRefPermission("", role);
        pc.addToRole(role, wrrep);
    }
}
Also used : JBossWebMetaData(org.jboss.metadata.web.jboss.JBossWebMetaData) SecurityRoleRefsMetaData(org.jboss.metadata.javaee.spec.SecurityRoleRefsMetaData) WebResourcePermission(javax.security.jacc.WebResourcePermission) HashSet(java.util.HashSet) Set(java.util.Set) HashMap(java.util.HashMap) JBossServletMetaData(org.jboss.metadata.web.jboss.JBossServletMetaData) ArrayList(java.util.ArrayList) ServletSecurityMetaData(org.jboss.metadata.web.spec.ServletSecurityMetaData) SecurityConstraintMetaData(org.jboss.metadata.web.spec.SecurityConstraintMetaData) WebResourceCollectionsMetaData(org.jboss.metadata.web.spec.WebResourceCollectionsMetaData) ArrayList(java.util.ArrayList) List(java.util.List) HashSet(java.util.HashSet) UserDataConstraintMetaData(org.jboss.metadata.web.spec.UserDataConstraintMetaData) JBossServletsMetaData(org.jboss.metadata.web.jboss.JBossServletsMetaData) WebUserDataPermission(javax.security.jacc.WebUserDataPermission) HttpMethodConstraintMetaData(org.jboss.metadata.web.spec.HttpMethodConstraintMetaData) ServletMappingMetaData(org.jboss.metadata.web.spec.ServletMappingMetaData) SecurityRoleRefMetaData(org.jboss.metadata.javaee.spec.SecurityRoleRefMetaData) WebRoleRefPermission(javax.security.jacc.WebRoleRefPermission) HashMap(java.util.HashMap) Map(java.util.Map) WebResourceCollectionMetaData(org.jboss.metadata.web.spec.WebResourceCollectionMetaData)

Example 5 with WebResourcePermission

use of javax.security.jacc.WebResourcePermission in project Payara by payara.

the class MapValue method handleRoles.

static void handleRoles(HashMap<String, Permissions> map, MapValue m, String name) {
    HashMap<String, BitSet> rMap = m.getRoleMap();
    List<String> roleList = null;
    // handle the roles for the omitted methods
    if (!m.otherConstraint.isExcluded() && m.otherConstraint.isAuthConstrained()) {
        roleList = m.otherConstraint.roleList;
        for (String roleName : roleList) {
            BitSet methods = m.getMethodSet();
            // reduce ommissions for explicit methods granted to role
            BitSet roleMethods = rMap.get(roleName);
            if (roleMethods != null) {
                methods.andNot(roleMethods);
            }
            String actions = null;
            if (!methods.isEmpty()) {
                actions = "!" + MethodValue.getActions(methods);
            }
            addToRoleMap(map, roleName, new WebResourcePermission(name, actions));
        }
    }
    // handle explicit methods, skip roles that were handled above
    BitSet methods = m.getMethodSet();
    if (!methods.isEmpty()) {
        for (Map.Entry<String, BitSet> rval : rMap.entrySet()) {
            String roleName = rval.getKey();
            if (roleList == null || !roleList.contains(roleName)) {
                BitSet roleMethods = rval.getValue();
                if (!roleMethods.isEmpty()) {
                    String actions = MethodValue.getActions(roleMethods);
                    addToRoleMap(map, roleName, new WebResourcePermission(name, actions));
                }
            }
        }
    }
}
Also used : WebResourcePermission(javax.security.jacc.WebResourcePermission)

Aggregations

WebResourcePermission (javax.security.jacc.WebResourcePermission)6 WebUserDataPermission (javax.security.jacc.WebUserDataPermission)4 HashMap (java.util.HashMap)2 HashSet (java.util.HashSet)2 Map (java.util.Map)2 WebRoleRefPermission (javax.security.jacc.WebRoleRefPermission)2 Permission (java.security.Permission)1 Permissions (java.security.Permissions)1 ArrayList (java.util.ArrayList)1 List (java.util.List)1 Set (java.util.Set)1 SecurityConstraint (org.apache.tomcat.util.descriptor.web.SecurityConstraint)1 SecurityRoleRefMetaData (org.jboss.metadata.javaee.spec.SecurityRoleRefMetaData)1 SecurityRoleRefsMetaData (org.jboss.metadata.javaee.spec.SecurityRoleRefsMetaData)1 JBossServletMetaData (org.jboss.metadata.web.jboss.JBossServletMetaData)1 JBossServletsMetaData (org.jboss.metadata.web.jboss.JBossServletsMetaData)1 JBossWebMetaData (org.jboss.metadata.web.jboss.JBossWebMetaData)1 HttpMethodConstraintMetaData (org.jboss.metadata.web.spec.HttpMethodConstraintMetaData)1 SecurityConstraintMetaData (org.jboss.metadata.web.spec.SecurityConstraintMetaData)1 ServletMappingMetaData (org.jboss.metadata.web.spec.ServletMappingMetaData)1