Example 16 with SecurityCollection
use of org.apache.catalina.deploy.SecurityCollection in project tomcat70 by apache.
the class TestWebSocketFrameClient method testConnectToBasicEndpoint.
@Test
public void testConnectToBasicEndpoint() throws Exception {
Tomcat tomcat = getTomcatInstance();
Context ctx = tomcat.addContext(URI_PROTECTED, null);
ctx.addApplicationListener(TesterEchoServer.Config.class.getName());
Tomcat.addServlet(ctx, "default", new DefaultServlet());
ctx.addServletMapping("/", "default");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/");
String utf8User = "test";
// pound sign
String utf8Pass = "123\u00A3";
tomcat.addUser(utf8User, utf8Pass);
tomcat.addRole(utf8User, ROLE);
SecurityConstraint sc = new SecurityConstraint();
sc.addAuthRole(ROLE);
sc.addCollection(collection);
ctx.addConstraint(sc);
LoginConfig lc = new LoginConfig();
lc.setAuthMethod("BASIC");
ctx.setLoginConfig(lc);
AuthenticatorBase basicAuthenticator = new org.apache.catalina.authenticator.BasicAuthenticator();
ctx.getPipeline().addValve(basicAuthenticator);
tomcat.start();
ClientEndpointConfig clientEndpointConfig = ClientEndpointConfig.Builder.create().build();
clientEndpointConfig.getUserProperties().put(Constants.WS_AUTHENTICATION_USER_NAME, utf8User);
clientEndpointConfig.getUserProperties().put(Constants.WS_AUTHENTICATION_PASSWORD, utf8Pass);
echoTester(URI_PROTECTED, clientEndpointConfig);
}
Also used :
Context(org.apache.catalina.Context)
AuthenticatorBase(org.apache.catalina.authenticator.AuthenticatorBase)
Tomcat(org.apache.catalina.startup.Tomcat)
ClientEndpointConfig(javax.websocket.ClientEndpointConfig)
LoginConfig(org.apache.catalina.deploy.LoginConfig)
SecurityConstraint(org.apache.catalina.deploy.SecurityConstraint)
LoginConfig(org.apache.catalina.deploy.LoginConfig)
DefaultServlet(org.apache.catalina.servlets.DefaultServlet)
ClientEndpointConfig(javax.websocket.ClientEndpointConfig)
SecurityCollection(org.apache.catalina.deploy.SecurityCollection)
Test(org.junit.Test)
Example 17 with SecurityCollection
use of org.apache.catalina.deploy.SecurityCollection in project tomcat70 by apache.
the class TestSSOnonLoginAndBasicAuthenticator method setUpNonLogin.
private void setUpNonLogin() throws Exception {
// No file system docBase required
nonloginContext = tomcat.addContext(CONTEXT_PATH_NOLOGIN, null);
nonloginContext.setSessionTimeout(LONG_SESSION_TIMEOUT_MINS);
// Add protected servlet to the context
Tomcat.addServlet(nonloginContext, "TesterServlet1", new TesterServletEncodeUrl());
nonloginContext.addServletMapping(URI_PROTECTED, "TesterServlet1");
SecurityCollection collection1 = new SecurityCollection();
collection1.addPattern(URI_PROTECTED);
SecurityConstraint sc1 = new SecurityConstraint();
sc1.addAuthRole(ROLE);
sc1.addCollection(collection1);
nonloginContext.addConstraint(sc1);
// Add unprotected servlet to the context
Tomcat.addServlet(nonloginContext, "TesterServlet2", new TesterServletEncodeUrl());
nonloginContext.addServletMapping(URI_PUBLIC, "TesterServlet2");
SecurityCollection collection2 = new SecurityCollection();
collection2.addPattern(URI_PUBLIC);
SecurityConstraint sc2 = new SecurityConstraint();
// do not add a role - which signals access permitted without one
sc2.addCollection(collection2);
nonloginContext.addConstraint(sc2);
// Configure the authenticator and inherit the Realm from Engine
LoginConfig lc = new LoginConfig();
lc.setAuthMethod("NONE");
nonloginContext.setLoginConfig(lc);
AuthenticatorBase nonloginAuthenticator = new NonLoginAuthenticator();
nonloginContext.getPipeline().addValve(nonloginAuthenticator);
}
Also used :
TesterServletEncodeUrl(org.apache.catalina.startup.TesterServletEncodeUrl)
LoginConfig(org.apache.catalina.deploy.LoginConfig)
SecurityConstraint(org.apache.catalina.deploy.SecurityConstraint)
SecurityCollection(org.apache.catalina.deploy.SecurityCollection)
Example 18 with SecurityCollection
use of org.apache.catalina.deploy.SecurityCollection in project Payara by payara.
the class StandardContext method addConstraint.
/**
* Add a security constraint to the set for this web application.
*/
@Override
public void addConstraint(SecurityConstraint constraint) {
// Validate the proposed constraint
SecurityCollection[] collections = constraint.findCollections();
for (SecurityCollection collection : collections) {
String[] patterns = collection.findPatterns();
for (int j = 0; j < patterns.length; j++) {
patterns[j] = adjustURLPattern(patterns[j]);
if (!validateURLPattern(patterns[j])) {
String msg = MessageFormat.format(rb.getString(LogFacade.SECURITY_CONSTRAINT_PATTERN_EXCEPTION), patterns[j]);
throw new IllegalArgumentException(msg);
}
}
}
// Add this constraint to the set for our web application
constraints.add(constraint);
}
Also used :
SecurityConstraint(org.apache.catalina.deploy.SecurityConstraint)
SecurityCollection(org.apache.catalina.deploy.SecurityCollection)
Example 19 with SecurityCollection
use of org.apache.catalina.deploy.SecurityCollection in project Payara by payara.
the class RealmBase method findSecurityConstraints.
/**
* Gets the security constraints configured by the given context for the given request URI and method.
*
* @param uri the request URI (minus the context Path)
* @param method the request method
* @param context the context
*
* @return the security constraints configured by the given context for the given request URI and method, or null
*/
@Override
public SecurityConstraint[] findSecurityConstraints(String uri, String method, Context context) {
ArrayList<SecurityConstraint> results = null;
// Are there any defined security constraints?
if (!context.hasConstraints()) {
if (log.isLoggable(Level.FINE))
log.log(Level.FINE, " No applicable constraints defined");
return (null);
}
// START SJSWS 6324431
String origUri = uri;
boolean caseSensitiveMapping = ((StandardContext) context).isCaseSensitiveMapping();
if (uri != null && !caseSensitiveMapping) {
uri = uri.toLowerCase(Locale.ENGLISH);
}
// END SJSWS 6324431
boolean found = false;
List<SecurityConstraint> constraints = context.getConstraints();
Iterator<SecurityConstraint> i = constraints.iterator();
while (i.hasNext()) {
SecurityConstraint constraint = i.next();
SecurityCollection[] collection = constraint.findCollections();
// See Bugzilla 30624
if (collection == null) {
continue;
}
if (log.isLoggable(Level.FINEST)) {
/*
* SJSWS 6324431 log.trace(" Checking constraint '" + constraints[i] + "' against " + method + " " + uri + " --> " +
* constraints[i].included(uri, method));
*/
// START SJSWS 6324431
String msg = "Checking constraint '" + constraint + "' against " + method + " " + origUri + " --> " + constraint.included(uri, method, caseSensitiveMapping);
log.log(Level.FINEST, msg);
// END SJSWS 6324431
}
// START SJSWS 6324431
if (log.isLoggable(Level.FINE) && constraint.included(uri, method, caseSensitiveMapping)) {
log.log(Level.FINE, " Matched constraint ''{0}'' against {1} {2}", new Object[] { constraint, method, origUri });
}
// END SJSWS 6324431
for (SecurityCollection collection1 : collection) {
String[] patterns = collection1.findPatterns();
// See Bugzilla 30624
if (patterns == null) {
continue;
}
for (int k = 0; k < patterns.length; k++) {
/*
* SJSWS 6324431 if(uri.equals(patterns[k])) {
*/
// START SJSWS 6324431
String pattern = caseSensitiveMapping ? patterns[k] : patterns[k].toLowerCase(Locale.ENGLISH);
if (uri != null && uri.equals(pattern)) {
// END SJSWS 6324431
found = true;
if (collection1.findMethod(method)) {
if (results == null) {
results = new ArrayList<SecurityConstraint>();
}
results.add(constraint);
}
}
}
}
}
if (found) {
return resultsToArray(results);
}
int longest = -1;
i = constraints.iterator();
while (i.hasNext()) {
SecurityConstraint constraint = i.next();
SecurityCollection[] collection = constraint.findCollections();
// See Bugzilla 30624
if (collection == null) {
continue;
}
if (log.isLoggable(Level.FINEST)) {
/*
* SJSWS 6324431 log.trace(" Checking constraint '" + constraints[i] + "' against " + method + " " + uri + " --> " +
* constraints[i].included(uri, method));
*/
// START SJSWS 6324431
String msg = " Checking constraint '" + constraint + "' against " + method + " " + origUri + " --> " + constraint.included(uri, method, caseSensitiveMapping);
log.log(Level.FINE, msg);
// END SJSWS 6324431
}
// START SJSWS 6324431
if (log.isLoggable(Level.FINE) && constraint.included(uri, method, caseSensitiveMapping)) {
log.log(Level.FINE, " Matched constraint ''{0}'' against {1} {2}", new Object[] { constraint, method, origUri });
}
for (int j = 0; j < collection.length; j++) {
String[] patterns = collection[j].findPatterns();
// See Bugzilla 30624
if (patterns == null) {
continue;
}
boolean matched = false;
int length = -1;
for (String pattern1 : patterns) {
/*
* SJSWS 6324431 String pattern = patterns[k];
*/
// START SJSWS 6324431
String pattern = caseSensitiveMapping ? pattern1 : pattern1.toLowerCase(Locale.ENGLISH);
// END SJSWS 6324431
if (pattern.startsWith("/") && pattern.endsWith("/*") && pattern.length() >= longest) {
if (pattern.length() == 2) {
matched = true;
length = pattern.length();
} else if (uri != null && (pattern.regionMatches(0, uri, 0, pattern.length() - 1) || (pattern.length() - 2 == uri.length() && pattern.regionMatches(0, uri, 0, pattern.length() - 2)))) {
matched = true;
length = pattern.length();
}
}
}
if (matched) {
found = true;
if (length > longest) {
if (results != null) {
results.clear();
}
longest = length;
}
if (collection[j].findMethod(method)) {
if (results == null) {
results = new ArrayList<SecurityConstraint>();
}
results.add(constraint);
}
}
}
}
if (found) {
return resultsToArray(results);
}
i = constraints.iterator();
while (i.hasNext()) {
SecurityConstraint constraint = i.next();
SecurityCollection[] collection = constraint.findCollections();
// See Bugzilla 30624
if (collection == null) {
continue;
}
if (log.isLoggable(Level.FINEST)) {
/*
* SJSWS 6324431 log.trace(" Checking constraint '" + constraints[i] + "' against " + method + " " + uri + " --> " +
* constraints[i].included(uri, method));
*/
// START SJSWS 6324431
String msg = " Checking constraint '" + constraint + "' against " + method + " " + origUri + " --> " + constraint.included(uri, method, caseSensitiveMapping);
log.log(Level.FINEST, msg);
// END SJSWS 6324431
}
// START SJSWS 6324431
if (log.isLoggable(Level.FINE) && constraint.included(uri, method, caseSensitiveMapping)) {
log.log(Level.FINE, " Matched constraint ''{0}'' against {1} {2}", new Object[] { constraint, method, origUri });
}
// END SJSWS 6324431
boolean matched = false;
int pos = -1;
for (int j = 0; j < collection.length; j++) {
String[] patterns = collection[j].findPatterns();
// See Bugzilla 30624
if (patterns == null) {
continue;
}
for (int k = 0; k < patterns.length && !matched; k++) {
/*
* SJSWS 6324431 String pattern = patterns[k];
*/
// START SJSWS 6324431
String pattern = caseSensitiveMapping ? patterns[k] : patterns[k].toLowerCase(Locale.ENGLISH);
// END SJSWS 6324431
if (uri != null && pattern.startsWith("*.")) {
int slash = uri.lastIndexOf('/');
int dot = uri.lastIndexOf('.');
if (slash >= 0 && dot > slash && dot != uri.length() - 1 && uri.length() - dot == pattern.length() - 1) {
if (pattern.regionMatches(1, uri, dot, uri.length() - dot)) {
matched = true;
pos = j;
}
}
}
}
}
if (matched) {
found = true;
if (collection[pos].findMethod(method)) {
if (results == null) {
results = new ArrayList<SecurityConstraint>();
}
results.add(constraint);
}
}
}
if (found) {
return resultsToArray(results);
}
i = constraints.iterator();
while (i.hasNext()) {
SecurityConstraint constraint = i.next();
SecurityCollection[] collection = constraint.findCollections();
// See Bugzilla 30624
if (collection == null) {
continue;
}
if (log.isLoggable(Level.FINEST)) {
/*
* SJSWS 6324431 log.trace(" Checking constraint '" + constraints[i] + "' against " + method + " " + uri + " --> " +
* constraints[i].included(uri, method));
*/
// START SJSWS 6324431
String msg = " Checking constraint '" + constraint + "' against " + method + " " + origUri + " --> " + constraint.included(uri, method, caseSensitiveMapping);
log.log(Level.FINEST, msg);
// END SJSWS 6324431
}
// START SJSWS 6324431
if (log.isLoggable(Level.FINE) && constraint.included(uri, method, caseSensitiveMapping)) {
log.log(Level.FINE, " Matched constraint ''{0}'' against {1} {2}", new Object[] { constraint, method, origUri });
}
for (int j = 0; j < collection.length; j++) {
String[] patterns = collection[j].findPatterns();
// See Bugzilla 30624
if (patterns == null) {
continue;
}
boolean matched = false;
for (int k = 0; k < patterns.length && !matched; k++) {
/*
* SJSWS 6324431 String pattern = patterns[k];
*/
// START SJSWS 6324431
String pattern = caseSensitiveMapping ? patterns[k] : patterns[k].toLowerCase(Locale.ENGLISH);
// END SJSWS 6324431
if (pattern.equals("/")) {
matched = true;
}
}
if (matched) {
if (results == null) {
results = new ArrayList<SecurityConstraint>();
}
results.add(constraint);
}
}
}
if (results == null) {
// No applicable security constraint was found
if (log.isLoggable(Level.FINE))
log.log(Level.FINE, " No applicable constraint located");
}
return resultsToArray(results);
}
Also used :
StandardContext(org.apache.catalina.core.StandardContext)
SecurityConstraint(org.apache.catalina.deploy.SecurityConstraint)
SecurityConstraint(org.apache.catalina.deploy.SecurityConstraint)
SecurityCollection(org.apache.catalina.deploy.SecurityCollection)
Aggregations
SecurityCollection (org.apache.catalina.deploy.SecurityCollection)19
SecurityConstraint (org.apache.catalina.deploy.SecurityConstraint)19
LoginConfig (org.apache.catalina.deploy.LoginConfig)11
Context (org.apache.catalina.Context)9
TesterServlet (org.apache.catalina.startup.TesterServlet)5
Tomcat (org.apache.catalina.startup.Tomcat)5
Test (org.junit.Test)4
AuthenticatorBase (org.apache.catalina.authenticator.AuthenticatorBase)3
ClientEndpointConfig (javax.websocket.ClientEndpointConfig)2
DefaultServlet (org.apache.catalina.servlets.DefaultServlet)2
MapRealm (org.apache.catalina.startup.TestTomcat.MapRealm)2
TesterServletEncodeUrl (org.apache.catalina.startup.TesterServletEncodeUrl)2
TesterContext (org.apache.tomcat.unittest.TesterContext)2
File (java.io.File)1
IOException (java.io.IOException)1
URISyntaxException (java.net.URISyntaxException)1
UnknownHostException (java.net.UnknownHostException)1
KeyManagementException (java.security.KeyManagementException)1
KeyStore (java.security.KeyStore)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
