Example 6 with HttpConstraintElement
use of javax.servlet.HttpConstraintElement in project jetty.project by eclipse.
the class TestListener method contextInitialized.
@Override
public void contextInitialized(ServletContextEvent sce) {
// System.err.println("contextInitialized "+sce);
_called.put("contextInitialized", new Throwable());
//configure programmatic security
ServletRegistration.Dynamic rego = sce.getServletContext().addServlet("RegoTest", RegTest.class.getName());
rego.addMapping("/rego/*");
HttpConstraintElement constraintElement = new HttpConstraintElement(ServletSecurity.EmptyRoleSemantic.PERMIT, ServletSecurity.TransportGuarantee.NONE, new String[] { "admin" });
ServletSecurityElement securityElement = new ServletSecurityElement(constraintElement, null);
Set<String> unchanged = rego.setServletSecurity(securityElement);
//// System.err.println("Security constraints registered: "+unchanged.isEmpty());
//Test that a security constraint from web.xml can't be overridden programmatically
ServletRegistration.Dynamic rego2 = sce.getServletContext().addServlet("RegoTest2", RegTest.class.getName());
rego2.addMapping("/rego2/*");
securityElement = new ServletSecurityElement(constraintElement, null);
unchanged = rego2.setServletSecurity(securityElement);
//// System.err.println("Overridding web.xml constraints not possible:" +!unchanged.isEmpty());
/* For servlet 3.0 */
FilterRegistration registration = sce.getServletContext().addFilter("TestFilter", TestFilter.class.getName());
if (//otherwise defined in web.xml
registration != null) {
((FilterRegistration.Dynamic) registration).setAsyncSupported(true);
} else {
registration = sce.getServletContext().getFilterRegistration("TestFilter");
}
registration.setInitParameter("remote", "false");
registration.addMappingForUrlPatterns(EnumSet.of(DispatcherType.ERROR, DispatcherType.ASYNC, DispatcherType.FORWARD, DispatcherType.INCLUDE, DispatcherType.REQUEST), true, new String[] { "/*" });
}
Also used :
ServletRegistration(javax.servlet.ServletRegistration)
HttpConstraintElement(javax.servlet.HttpConstraintElement)
ServletSecurityElement(javax.servlet.ServletSecurityElement)
FilterRegistration(javax.servlet.FilterRegistration)
Example 7 with HttpConstraintElement
use of javax.servlet.HttpConstraintElement in project jetty.project by eclipse.
the class ConstraintTest method testSecurityElementExample13_4.
/**
* Equivalent of Servlet Spec 3.1 pg 132, sec 13.4.1.1, Example 13-4
* @ServletSecurity(@HttpConstraint(rolesAllowed = "R1"))
* @throws Exception if test fails
*/
@Test
public void testSecurityElementExample13_4() throws Exception {
HttpConstraintElement httpConstraintElement = new HttpConstraintElement(TransportGuarantee.NONE, "R1");
ServletSecurityElement element = new ServletSecurityElement(httpConstraintElement);
List<ConstraintMapping> mappings = ConstraintSecurityHandler.createConstraintsWithMappingsForPath("foo", "/foo/*", element);
Assert.assertTrue(!mappings.isEmpty());
Assert.assertEquals(1, mappings.size());
ConstraintMapping mapping = mappings.get(0);
Assert.assertTrue(mapping.getConstraint().getAuthenticate());
Assert.assertTrue(mapping.getConstraint().getRoles() != null);
Assert.assertEquals(1, mapping.getConstraint().getRoles().length);
Assert.assertEquals("R1", mapping.getConstraint().getRoles()[0]);
Assert.assertEquals(0, mapping.getConstraint().getDataConstraint());
}
Also used :
HttpConstraintElement(javax.servlet.HttpConstraintElement)
ServletSecurityElement(javax.servlet.ServletSecurityElement)
Test(org.junit.Test)
Example 8 with HttpConstraintElement
use of javax.servlet.HttpConstraintElement in project jetty.project by eclipse.
the class ConstraintTest method testSecurityElementExample13_2.
/**
* Equivalent of Servlet Spec 3.1 pg 132, sec 13.4.1.1, Example 13-2
* @ServletSecurity(@HttpConstraint(transportGuarantee = TransportGuarantee.CONFIDENTIAL))
*
* @throws Exception if test fails
*/
@Test
public void testSecurityElementExample13_2() throws Exception {
HttpConstraintElement httpConstraintElement = new HttpConstraintElement(TransportGuarantee.CONFIDENTIAL);
ServletSecurityElement element = new ServletSecurityElement(httpConstraintElement);
List<ConstraintMapping> mappings = ConstraintSecurityHandler.createConstraintsWithMappingsForPath("foo", "/foo/*", element);
Assert.assertTrue(!mappings.isEmpty());
Assert.assertEquals(1, mappings.size());
ConstraintMapping mapping = mappings.get(0);
Assert.assertEquals(2, mapping.getConstraint().getDataConstraint());
}
Also used :
HttpConstraintElement(javax.servlet.HttpConstraintElement)
ServletSecurityElement(javax.servlet.ServletSecurityElement)
Test(org.junit.Test)
Aggregations
HttpConstraintElement (javax.servlet.HttpConstraintElement)8
ServletSecurityElement (javax.servlet.ServletSecurityElement)8
Test (org.junit.Test)7
HttpMethodConstraintElement (javax.servlet.HttpMethodConstraintElement)4
ArrayList (java.util.ArrayList)3
HashSet (java.util.HashSet)1
FilterRegistration (javax.servlet.FilterRegistration)1
ServletRegistration (javax.servlet.ServletRegistration)1
