use of org.eclipse.jetty.security.ConstraintAware in project jetty.project by eclipse.
the class ServletSecurityAnnotationHandler method doHandle.
/**
* @see org.eclipse.jetty.annotations.AnnotationIntrospector.IntrospectableAnnotationHandler#handle(java.lang.Class)
*/
public void doHandle(Class clazz) {
if (!(_context.getSecurityHandler() instanceof ConstraintAware)) {
LOG.warn("SecurityHandler not ConstraintAware, skipping security annotation processing");
return;
}
ServletSecurity servletSecurity = (ServletSecurity) clazz.getAnnotation(ServletSecurity.class);
if (servletSecurity == null)
return;
//If there are already constraints defined (ie from web.xml) that match any
//of the url patterns defined for this servlet, then skip the security annotation.
List<ServletMapping> servletMappings = getServletMappings(clazz.getCanonicalName());
List<ConstraintMapping> constraintMappings = ((ConstraintAware) _context.getSecurityHandler()).getConstraintMappings();
if (constraintsExist(servletMappings, constraintMappings)) {
LOG.warn("Constraints already defined for " + clazz.getName() + ", skipping ServletSecurity annotation");
return;
}
//Make a fresh list
constraintMappings = new ArrayList<ConstraintMapping>();
ServletSecurityElement securityElement = new ServletSecurityElement(servletSecurity);
for (ServletMapping sm : servletMappings) {
for (String url : sm.getPathSpecs()) {
_context.getMetaData().setOrigin("constraint.url." + url, servletSecurity, clazz);
constraintMappings.addAll(ConstraintSecurityHandler.createConstraintsWithMappingsForPath(clazz.getName(), url, securityElement));
}
}
//set up the security constraints produced by the annotation
ConstraintAware securityHandler = (ConstraintAware) _context.getSecurityHandler();
for (ConstraintMapping m : constraintMappings) securityHandler.addConstraintMapping(m);
//Servlet Spec 3.1 requires paths with uncovered http methods to be reported
securityHandler.checkPathsWithUncoveredHttpMethods();
}
use of org.eclipse.jetty.security.ConstraintAware in project jetty.project by eclipse.
the class StandardDescriptorProcessor method visitSecurityRole.
public void visitSecurityRole(WebAppContext context, Descriptor descriptor, XmlParser.Node node) {
//ServletSpec 3.0, p74 elements with multiplicity >1 are additive when merged
XmlParser.Node roleNode = node.get("role-name");
String role = roleNode.toString(false, true);
((ConstraintAware) context.getSecurityHandler()).addRole(role);
}
use of org.eclipse.jetty.security.ConstraintAware in project jetty.project by eclipse.
the class StandardDescriptorProcessor method visitSecurityConstraint.
public void visitSecurityConstraint(WebAppContext context, Descriptor descriptor, XmlParser.Node node) {
Constraint scBase = new Constraint();
//TODO: need to remember origin of the constraints
try {
XmlParser.Node auths = node.get("auth-constraint");
if (auths != null) {
scBase.setAuthenticate(true);
// auth-constraint
Iterator<XmlParser.Node> iter = auths.iterator("role-name");
List<String> roles = new ArrayList<String>();
while (iter.hasNext()) {
String role = iter.next().toString(false, true);
roles.add(role);
}
scBase.setRoles(roles.toArray(new String[roles.size()]));
}
XmlParser.Node data = node.get("user-data-constraint");
if (data != null) {
data = data.get("transport-guarantee");
String guarantee = data.toString(false, true).toUpperCase(Locale.ENGLISH);
if (guarantee == null || guarantee.length() == 0 || "NONE".equals(guarantee))
scBase.setDataConstraint(Constraint.DC_NONE);
else if ("INTEGRAL".equals(guarantee))
scBase.setDataConstraint(Constraint.DC_INTEGRAL);
else if ("CONFIDENTIAL".equals(guarantee))
scBase.setDataConstraint(Constraint.DC_CONFIDENTIAL);
else {
LOG.warn("Unknown user-data-constraint:" + guarantee);
scBase.setDataConstraint(Constraint.DC_CONFIDENTIAL);
}
}
Iterator<XmlParser.Node> iter = node.iterator("web-resource-collection");
while (iter.hasNext()) {
XmlParser.Node collection = iter.next();
String name = collection.getString("web-resource-name", false, true);
Constraint sc = (Constraint) scBase.clone();
sc.setName(name);
Iterator<XmlParser.Node> iter2 = collection.iterator("url-pattern");
while (iter2.hasNext()) {
String url = iter2.next().toString(false, true);
url = ServletPathSpec.normalize(url);
//remember origin so we can process ServletRegistration.Dynamic.setServletSecurityElement() correctly
context.getMetaData().setOrigin("constraint.url." + url, descriptor);
Iterator<XmlParser.Node> methods = collection.iterator("http-method");
Iterator<XmlParser.Node> ommissions = collection.iterator("http-method-omission");
if (methods.hasNext()) {
if (ommissions.hasNext())
throw new IllegalStateException("web-resource-collection cannot contain both http-method and http-method-omission");
//configure all the http-method elements for each url
while (methods.hasNext()) {
String method = ((XmlParser.Node) methods.next()).toString(false, true);
ConstraintMapping mapping = new ConstraintMapping();
mapping.setMethod(method);
mapping.setPathSpec(url);
mapping.setConstraint(sc);
((ConstraintAware) context.getSecurityHandler()).addConstraintMapping(mapping);
}
} else if (ommissions.hasNext()) {
// TODO use the array
while (ommissions.hasNext()) {
String method = ((XmlParser.Node) ommissions.next()).toString(false, true);
ConstraintMapping mapping = new ConstraintMapping();
mapping.setMethodOmissions(new String[] { method });
mapping.setPathSpec(url);
mapping.setConstraint(sc);
((ConstraintAware) context.getSecurityHandler()).addConstraintMapping(mapping);
}
} else {
//No http-methods or http-method-omissions specified, the constraint applies to all
ConstraintMapping mapping = new ConstraintMapping();
mapping.setPathSpec(url);
mapping.setConstraint(sc);
((ConstraintAware) context.getSecurityHandler()).addConstraintMapping(mapping);
}
}
}
} catch (CloneNotSupportedException e) {
LOG.warn(e);
}
}
use of org.eclipse.jetty.security.ConstraintAware in project jetty.project by eclipse.
the class QuickStartDescriptorGenerator method generateQuickStartWebXml.
/**
* Perform the generation of the xml file
* @param stream the stream to generate the quickstart-web.xml to
* @throws IOException if unable to generate the quickstart-web.xml
* @throws FileNotFoundException if unable to find the file
*/
public void generateQuickStartWebXml(OutputStream stream) throws FileNotFoundException, IOException {
if (_webApp == null)
throw new IllegalStateException("No webapp for quickstart generation");
if (stream == null)
throw new IllegalStateException("No output for quickstart generation");
_webApp.getMetaData().getOrigins();
if (_webApp.getBaseResource() == null)
throw new IllegalArgumentException("No base resource for " + this);
LOG.info("Quickstart generating");
XmlAppendable out = new XmlAppendable(stream, "UTF-8");
MetaData md = _webApp.getMetaData();
Map<String, String> webappAttr = new HashMap<>();
webappAttr.put("xmlns", "http://xmlns.jcp.org/xml/ns/javaee");
webappAttr.put("xmlns:xsi", "http://www.w3.org/2001/XMLSchema-instance");
webappAttr.put("xsi:schemaLocation", "http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd");
webappAttr.put("metadata-complete", "true");
webappAttr.put("version", "3.1");
out.openTag("web-app", webappAttr);
if (_webApp.getDisplayName() != null)
out.tag("display-name", _webApp.getDisplayName());
// Set some special context parameters
// The location of the war file on disk
AttributeNormalizer normalizer = new AttributeNormalizer(_webApp.getBaseResource());
// The library order
addContextParamFromAttribute(out, ServletContext.ORDERED_LIBS);
//the servlet container initializers
addContextParamFromAttribute(out, AnnotationConfiguration.CONTAINER_INITIALIZERS);
//the tlds discovered
addContextParamFromAttribute(out, MetaInfConfiguration.METAINF_TLDS, normalizer);
//the META-INF/resources discovered
addContextParamFromAttribute(out, MetaInfConfiguration.METAINF_RESOURCES, normalizer);
//add the name of the origin attribute, if it is being used
if (_generateOrigin) {
out.openTag("context-param").tag("param-name", ORIGIN).tag("param-value", _originAttribute).closeTag();
}
// init params
for (String p : _webApp.getInitParams().keySet()) out.openTag("context-param", origin(md, "context-param." + p)).tag("param-name", p).tag("param-value", _webApp.getInitParameter(p)).closeTag();
if (_webApp.getEventListeners() != null)
for (EventListener e : _webApp.getEventListeners()) out.openTag("listener", origin(md, e.getClass().getCanonicalName() + ".listener")).tag("listener-class", e.getClass().getCanonicalName()).closeTag();
ServletHandler servlets = _webApp.getServletHandler();
if (servlets.getFilters() != null) {
for (FilterHolder holder : servlets.getFilters()) outholder(out, md, holder);
}
if (servlets.getFilterMappings() != null) {
for (FilterMapping mapping : servlets.getFilterMappings()) {
out.openTag("filter-mapping");
out.tag("filter-name", mapping.getFilterName());
if (mapping.getPathSpecs() != null)
for (String s : mapping.getPathSpecs()) out.tag("url-pattern", s);
if (mapping.getServletNames() != null)
for (String n : mapping.getServletNames()) out.tag("servlet-name", n);
if (!mapping.isDefaultDispatches()) {
if (mapping.appliesTo(DispatcherType.REQUEST))
out.tag("dispatcher", "REQUEST");
if (mapping.appliesTo(DispatcherType.ASYNC))
out.tag("dispatcher", "ASYNC");
if (mapping.appliesTo(DispatcherType.ERROR))
out.tag("dispatcher", "ERROR");
if (mapping.appliesTo(DispatcherType.FORWARD))
out.tag("dispatcher", "FORWARD");
if (mapping.appliesTo(DispatcherType.INCLUDE))
out.tag("dispatcher", "INCLUDE");
}
out.closeTag();
}
}
if (servlets.getServlets() != null) {
for (ServletHolder holder : servlets.getServlets()) outholder(out, md, holder);
}
if (servlets.getServletMappings() != null) {
for (ServletMapping mapping : servlets.getServletMappings()) {
out.openTag("servlet-mapping", origin(md, mapping.getServletName() + ".servlet.mappings"));
out.tag("servlet-name", mapping.getServletName());
if (mapping.getPathSpecs() != null)
for (String s : mapping.getPathSpecs()) out.tag("url-pattern", s);
out.closeTag();
}
}
// Security elements
SecurityHandler security = _webApp.getSecurityHandler();
if (security != null && (security.getRealmName() != null || security.getAuthMethod() != null)) {
out.openTag("login-config");
if (security.getAuthMethod() != null)
out.tag("auth-method", origin(md, "auth-method"), security.getAuthMethod());
if (security.getRealmName() != null)
out.tag("realm-name", origin(md, "realm-name"), security.getRealmName());
if (Constraint.__FORM_AUTH.equalsIgnoreCase(security.getAuthMethod())) {
out.openTag("form-login-config");
out.tag("form-login-page", origin(md, "form-login-page"), security.getInitParameter(FormAuthenticator.__FORM_LOGIN_PAGE));
out.tag("form-error-page", origin(md, "form-error-page"), security.getInitParameter(FormAuthenticator.__FORM_ERROR_PAGE));
out.closeTag();
}
out.closeTag();
}
if (security instanceof ConstraintAware) {
ConstraintAware ca = (ConstraintAware) security;
for (String r : ca.getRoles()) out.openTag("security-role").tag("role-name", r).closeTag();
for (ConstraintMapping m : ca.getConstraintMappings()) {
out.openTag("security-constraint");
out.openTag("web-resource-collection");
{
if (m.getConstraint().getName() != null)
out.tag("web-resource-name", m.getConstraint().getName());
if (m.getPathSpec() != null)
out.tag("url-pattern", origin(md, "constraint.url." + m.getPathSpec()), m.getPathSpec());
if (m.getMethod() != null)
out.tag("http-method", m.getMethod());
if (m.getMethodOmissions() != null)
for (String o : m.getMethodOmissions()) out.tag("http-method-omission", o);
out.closeTag();
}
if (m.getConstraint().getAuthenticate()) {
String[] roles = m.getConstraint().getRoles();
if (roles != null && roles.length > 0) {
out.openTag("auth-constraint");
if (m.getConstraint().getRoles() != null)
for (String r : m.getConstraint().getRoles()) out.tag("role-name", r);
out.closeTag();
} else
out.tag("auth-constraint");
}
switch(m.getConstraint().getDataConstraint()) {
case Constraint.DC_NONE:
out.openTag("user-data-constraint").tag("transport-guarantee", "NONE").closeTag();
break;
case Constraint.DC_INTEGRAL:
out.openTag("user-data-constraint").tag("transport-guarantee", "INTEGRAL").closeTag();
break;
case Constraint.DC_CONFIDENTIAL:
out.openTag("user-data-constraint").tag("transport-guarantee", "CONFIDENTIAL").closeTag();
break;
default:
break;
}
out.closeTag();
}
}
if (_webApp.getWelcomeFiles() != null) {
out.openTag("welcome-file-list");
for (String welcomeFile : _webApp.getWelcomeFiles()) {
out.tag("welcome-file", welcomeFile);
}
out.closeTag();
}
Map<String, String> localeEncodings = _webApp.getLocaleEncodings();
if (localeEncodings != null && !localeEncodings.isEmpty()) {
out.openTag("locale-encoding-mapping-list");
for (Map.Entry<String, String> entry : localeEncodings.entrySet()) {
out.openTag("locale-encoding-mapping", origin(md, "locale-encoding." + entry.getKey()));
out.tag("locale", entry.getKey());
out.tag("encoding", entry.getValue());
out.closeTag();
}
out.closeTag();
}
//session-config
if (_webApp.getSessionHandler() != null) {
out.openTag("session-config");
int maxInactiveSec = _webApp.getSessionHandler().getMaxInactiveInterval();
out.tag("session-timeout", (maxInactiveSec == 0 ? "0" : Integer.toString(maxInactiveSec / 60)));
//cookie-config
SessionCookieConfig cookieConfig = _webApp.getSessionHandler().getSessionCookieConfig();
if (cookieConfig != null) {
out.openTag("cookie-config");
if (cookieConfig.getName() != null)
out.tag("name", origin(md, "cookie-config.name"), cookieConfig.getName());
if (cookieConfig.getDomain() != null)
out.tag("domain", origin(md, "cookie-config.domain"), cookieConfig.getDomain());
if (cookieConfig.getPath() != null)
out.tag("path", origin(md, "cookie-config.path"), cookieConfig.getPath());
if (cookieConfig.getComment() != null)
out.tag("comment", origin(md, "cookie-config.comment"), cookieConfig.getComment());
out.tag("http-only", origin(md, "cookie-config.http-only"), Boolean.toString(cookieConfig.isHttpOnly()));
out.tag("secure", origin(md, "cookie-config.secure"), Boolean.toString(cookieConfig.isSecure()));
out.tag("max-age", origin(md, "cookie-config.max-age"), Integer.toString(cookieConfig.getMaxAge()));
out.closeTag();
}
// tracking-modes
Set<SessionTrackingMode> modes = _webApp.getSessionHandler().getEffectiveSessionTrackingModes();
if (modes != null) {
for (SessionTrackingMode mode : modes) out.tag("tracking-mode", mode.toString());
}
out.closeTag();
}
//error-pages
Map<String, String> errorPages = ((ErrorPageErrorHandler) _webApp.getErrorHandler()).getErrorPages();
if (errorPages != null) {
for (Map.Entry<String, String> entry : errorPages.entrySet()) {
out.openTag("error-page", origin(md, "error." + entry.getKey()));
//a global or default error page has no code or exception
if (!ErrorPageErrorHandler.GLOBAL_ERROR_PAGE.equals(entry.getKey())) {
if (entry.getKey().matches("\\d{3}"))
out.tag("error-code", entry.getKey());
else
out.tag("exception-type", entry.getKey());
}
out.tag("location", entry.getValue());
out.closeTag();
}
}
//mime-types
MimeTypes mimeTypes = _webApp.getMimeTypes();
if (mimeTypes != null) {
for (Map.Entry<String, String> entry : mimeTypes.getMimeMap().entrySet()) {
out.openTag("mime-mapping");
out.tag("extension", origin(md, "extension." + entry.getKey()), entry.getKey());
out.tag("mime-type", entry.getValue());
out.closeTag();
}
}
//jsp-config
JspConfig jspConfig = (JspConfig) _webApp.getServletContext().getJspConfigDescriptor();
if (jspConfig != null) {
out.openTag("jsp-config");
Collection<TaglibDescriptor> tlds = jspConfig.getTaglibs();
if (tlds != null && !tlds.isEmpty()) {
for (TaglibDescriptor tld : tlds) {
out.openTag("taglib");
out.tag("taglib-uri", tld.getTaglibURI());
out.tag("taglib-location", tld.getTaglibLocation());
out.closeTag();
}
}
Collection<JspPropertyGroupDescriptor> jspPropertyGroups = jspConfig.getJspPropertyGroups();
if (jspPropertyGroups != null && !jspPropertyGroups.isEmpty()) {
for (JspPropertyGroupDescriptor jspPropertyGroup : jspPropertyGroups) {
out.openTag("jsp-property-group");
Collection<String> strings = jspPropertyGroup.getUrlPatterns();
if (strings != null && !strings.isEmpty()) {
for (String urlPattern : strings) out.tag("url-pattern", urlPattern);
}
if (jspPropertyGroup.getElIgnored() != null)
out.tag("el-ignored", jspPropertyGroup.getElIgnored());
if (jspPropertyGroup.getPageEncoding() != null)
out.tag("page-encoding", jspPropertyGroup.getPageEncoding());
if (jspPropertyGroup.getScriptingInvalid() != null)
out.tag("scripting-invalid", jspPropertyGroup.getScriptingInvalid());
if (jspPropertyGroup.getIsXml() != null)
out.tag("is-xml", jspPropertyGroup.getIsXml());
if (jspPropertyGroup.getDeferredSyntaxAllowedAsLiteral() != null)
out.tag("deferred-syntax-allowed-as-literal", jspPropertyGroup.getDeferredSyntaxAllowedAsLiteral());
if (jspPropertyGroup.getTrimDirectiveWhitespaces() != null)
out.tag("trim-directive-whitespaces", jspPropertyGroup.getTrimDirectiveWhitespaces());
if (jspPropertyGroup.getDefaultContentType() != null)
out.tag("default-content-type", jspPropertyGroup.getDefaultContentType());
if (jspPropertyGroup.getBuffer() != null)
out.tag("buffer", jspPropertyGroup.getBuffer());
if (jspPropertyGroup.getErrorOnUndeclaredNamespace() != null)
out.tag("error-on-undeclared-namespace", jspPropertyGroup.getErrorOnUndeclaredNamespace());
strings = jspPropertyGroup.getIncludePreludes();
if (strings != null && !strings.isEmpty()) {
for (String prelude : strings) out.tag("include-prelude", prelude);
}
strings = jspPropertyGroup.getIncludeCodas();
if (strings != null && !strings.isEmpty()) {
for (String coda : strings) out.tag("include-coda", coda);
}
out.closeTag();
}
}
out.closeTag();
}
//lifecycle: post-construct, pre-destroy
LifeCycleCallbackCollection lifecycles = ((LifeCycleCallbackCollection) _webApp.getAttribute(LifeCycleCallbackCollection.LIFECYCLE_CALLBACK_COLLECTION));
if (lifecycles != null) {
Collection<LifeCycleCallback> tmp = lifecycles.getPostConstructCallbacks();
for (LifeCycleCallback c : tmp) {
out.openTag("post-construct");
out.tag("lifecycle-callback-class", c.getTargetClassName());
out.tag("lifecycle-callback-method", c.getMethodName());
out.closeTag();
}
tmp = lifecycles.getPreDestroyCallbacks();
for (LifeCycleCallback c : tmp) {
out.openTag("pre-destroy");
out.tag("lifecycle-callback-class", c.getTargetClassName());
out.tag("lifecycle-callback-method", c.getMethodName());
out.closeTag();
}
}
out.literal(_extraXML);
out.closeTag();
}
Aggregations