Search in sources :

Example 1 with AuthorizationConstraintImpl

use of org.glassfish.web.deployment.descriptor.AuthorizationConstraintImpl in project Payara by payara.

the class DynamicWebServletRegistrationImpl method setSecurityConfig.

@Override
public void setSecurityConfig(SecurityConfig config) {
    if (config == null) {
        return;
    }
    this.config = config;
    LoginConfig lc = config.getLoginConfig();
    if (lc != null) {
        LoginConfiguration loginConf = new LoginConfigurationImpl();
        loginConf.setAuthenticationMethod(lc.getAuthMethod().name());
        loginConf.setRealmName(lc.getRealmName());
        FormLoginConfig form = lc.getFormLoginConfig();
        if (form != null) {
            loginConf.setFormErrorPage(form.getFormErrorPage());
            loginConf.setFormLoginPage(form.getFormLoginPage());
        }
        LoginConfigDecorator decorator = new LoginConfigDecorator(loginConf);
        setLoginConfig(decorator);
        getWebBundleDescriptor().setLoginConfiguration(loginConf);
    }
    Set<org.glassfish.embeddable.web.config.SecurityConstraint> securityConstraints = config.getSecurityConstraints();
    for (org.glassfish.embeddable.web.config.SecurityConstraint sc : securityConstraints) {
        com.sun.enterprise.deployment.web.SecurityConstraint securityConstraint = new SecurityConstraintImpl();
        Set<org.glassfish.embeddable.web.config.WebResourceCollection> wrcs = sc.getWebResourceCollection();
        for (org.glassfish.embeddable.web.config.WebResourceCollection wrc : wrcs) {
            WebResourceCollectionImpl webResourceColl = new WebResourceCollectionImpl();
            webResourceColl.setDisplayName(wrc.getName());
            for (String urlPattern : wrc.getUrlPatterns()) {
                webResourceColl.addUrlPattern(urlPattern);
            }
            securityConstraint.addWebResourceCollection(webResourceColl);
            AuthorizationConstraintImpl ac = null;
            if (sc.getAuthConstraint() != null && sc.getAuthConstraint().length > 0) {
                ac = new AuthorizationConstraintImpl();
                for (String roleName : sc.getAuthConstraint()) {
                    Role role = new Role(roleName);
                    getWebBundleDescriptor().addRole(role);
                    ac.addSecurityRole(roleName);
                }
            } else {
                // DENY
                ac = new AuthorizationConstraintImpl();
            }
            securityConstraint.setAuthorizationConstraint(ac);
            UserDataConstraint udc = new UserDataConstraintImpl();
            udc.setTransportGuarantee(((sc.getDataConstraint() == TransportGuarantee.CONFIDENTIAL) ? UserDataConstraint.CONFIDENTIAL_TRANSPORT : UserDataConstraint.NONE_TRANSPORT));
            securityConstraint.setUserDataConstraint(udc);
            if (wrc.getHttpMethods() != null) {
                for (String httpMethod : wrc.getHttpMethods()) {
                    webResourceColl.addHttpMethod(httpMethod);
                }
            }
            if (wrc.getHttpMethodOmissions() != null) {
                for (String httpMethod : wrc.getHttpMethodOmissions()) {
                    webResourceColl.addHttpMethodOmission(httpMethod);
                }
            }
            getWebBundleDescriptor().addSecurityConstraint(securityConstraint);
            TomcatDeploymentConfig.configureSecurityConstraint(this, getWebBundleDescriptor());
        }
    }
    if (pipeline != null) {
        GlassFishValve basic = pipeline.getBasic();
        if ((basic != null) && (basic instanceof java.net.Authenticator)) {
            removeValve(basic);
        }
        GlassFishValve[] valves = pipeline.getValves();
        for (GlassFishValve valve : valves) {
            if (valve instanceof java.net.Authenticator) {
                removeValve(valve);
            }
        }
    }
    if (realm != null && realm instanceof RealmInitializer) {
        ((RealmInitializer) realm).initializeRealm(this.getWebBundleDescriptor(), false, ((VirtualServer) parent).getAuthRealmName());
        ((RealmInitializer) realm).setVirtualServer(getParent());
        ((RealmInitializer) realm).updateWebSecurityManager();
        setRealm(realm);
    }
}
Also used : WebResourceCollection(com.sun.enterprise.deployment.web.WebResourceCollection) RealmInitializer(com.sun.enterprise.security.integration.RealmInitializer) AuthorizationConstraintImpl(org.glassfish.web.deployment.descriptor.AuthorizationConstraintImpl) SecurityConstraint(com.sun.enterprise.deployment.web.SecurityConstraint) LoginConfigurationImpl(org.glassfish.web.deployment.descriptor.LoginConfigurationImpl) FormLoginConfig(org.glassfish.embeddable.web.config.FormLoginConfig) LoginConfig(org.glassfish.embeddable.web.config.LoginConfig) SecurityConstraintImpl(org.glassfish.web.deployment.descriptor.SecurityConstraintImpl) UserDataConstraint(com.sun.enterprise.deployment.web.UserDataConstraint) FormLoginConfig(org.glassfish.embeddable.web.config.FormLoginConfig) UserDataConstraintImpl(org.glassfish.web.deployment.descriptor.UserDataConstraintImpl) LoginConfiguration(com.sun.enterprise.deployment.web.LoginConfiguration) SecurityConstraint(com.sun.enterprise.deployment.web.SecurityConstraint) GlassFishValve(org.glassfish.web.valve.GlassFishValve) Role(org.glassfish.security.common.Role) LoginConfigDecorator(com.sun.enterprise.web.deploy.LoginConfigDecorator) WebResourceCollectionImpl(org.glassfish.web.deployment.descriptor.WebResourceCollectionImpl)

Example 2 with AuthorizationConstraintImpl

use of org.glassfish.web.deployment.descriptor.AuthorizationConstraintImpl in project Payara by payara.

the class WebSecurityRoleName method check.

/**
 * The Web role-name element contains the name of a security role.
 *
 * @param descriptor the Web deployment descriptor
 *
 * @return <code>Result</code> the results for this assertion
 */
public Result check(WebBundleDescriptor descriptor) {
    Result result = getInitializedResult();
    ComponentNameConstructor compName = getVerifierContext().getComponentNameConstructor();
    if (descriptor.getSecurityConstraints().hasMoreElements()) {
        boolean oneFailed = false;
        boolean foundIt = false;
        int naSr = 0;
        int naAci = 0;
        int noAci = 0;
        int noSc = 0;
        // get the security role name's in this .war
        for (Enumeration e = descriptor.getSecurityConstraints(); e.hasMoreElements(); ) {
            foundIt = false;
            noSc++;
            SecurityConstraintImpl securityConstraintImpl = (SecurityConstraintImpl) e.nextElement();
            AuthorizationConstraintImpl aci = (AuthorizationConstraintImpl) securityConstraintImpl.getAuthorizationConstraint();
            if (aci != null) {
                noAci++;
                if (aci.getSecurityRoles().hasMoreElements()) {
                    for (Enumeration ee = aci.getSecurityRoles(); ee.hasMoreElements(); ) {
                        SecurityRoleDescriptor srd = (SecurityRoleDescriptor) ee.nextElement();
                        String roleName = srd.getName();
                        // jsb, nothing to test here...?
                        if (roleName.length() > 0) {
                            foundIt = true;
                        } else {
                            foundIt = false;
                        }
                        if (foundIt) {
                            result.addGoodDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
                            result.addGoodDetails(smh.getLocalString(getClass().getName() + ".passed", "The security role name [ {0} ] found within web application [ {1} ]", new Object[] { roleName, descriptor.getName() }));
                        } else {
                            if (!oneFailed) {
                                oneFailed = true;
                            }
                            result.addErrorDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
                            result.addErrorDetails(smh.getLocalString(getClass().getName() + ".failed", "Error: The security role name [ {0} ] not found within web application [ {1} ]", new Object[] { roleName, descriptor.getName() }));
                        }
                    }
                } else {
                    result.addNaDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
                    result.notApplicable(smh.getLocalString(getClass().getName() + ".notApplicable1", "Not Applicable: There are no security roles in this security constraint within [ {0} ]", new Object[] { descriptor.getName() }));
                    naSr++;
                }
            } else {
                result.addNaDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
                result.notApplicable(smh.getLocalString(getClass().getName() + ".notApplicable2", "Not Applicable: There is no authorization constraint in this security constraint within [ {0} ]", new Object[] { descriptor.getName() }));
                naAci++;
            }
        }
        if (oneFailed) {
            result.setStatus(Result.FAILED);
        } else if ((noSc == naAci) || (noAci == naSr)) {
            result.setStatus(Result.NOT_APPLICABLE);
        } else {
            result.setStatus(Result.PASSED);
        }
    } else {
        result.addNaDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
        result.notApplicable(smh.getLocalString(getClass().getName() + ".notApplicable", "There are no role-name elements within the web archive [ {0} ]", new Object[] { descriptor.getName() }));
    }
    return result;
}
Also used : AuthorizationConstraintImpl(org.glassfish.web.deployment.descriptor.AuthorizationConstraintImpl) SecurityConstraintImpl(org.glassfish.web.deployment.descriptor.SecurityConstraintImpl)

Aggregations

AuthorizationConstraintImpl (org.glassfish.web.deployment.descriptor.AuthorizationConstraintImpl)2 SecurityConstraintImpl (org.glassfish.web.deployment.descriptor.SecurityConstraintImpl)2 LoginConfiguration (com.sun.enterprise.deployment.web.LoginConfiguration)1 SecurityConstraint (com.sun.enterprise.deployment.web.SecurityConstraint)1 UserDataConstraint (com.sun.enterprise.deployment.web.UserDataConstraint)1 WebResourceCollection (com.sun.enterprise.deployment.web.WebResourceCollection)1 RealmInitializer (com.sun.enterprise.security.integration.RealmInitializer)1 LoginConfigDecorator (com.sun.enterprise.web.deploy.LoginConfigDecorator)1 FormLoginConfig (org.glassfish.embeddable.web.config.FormLoginConfig)1 LoginConfig (org.glassfish.embeddable.web.config.LoginConfig)1 Role (org.glassfish.security.common.Role)1 LoginConfigurationImpl (org.glassfish.web.deployment.descriptor.LoginConfigurationImpl)1 UserDataConstraintImpl (org.glassfish.web.deployment.descriptor.UserDataConstraintImpl)1 WebResourceCollectionImpl (org.glassfish.web.deployment.descriptor.WebResourceCollectionImpl)1 GlassFishValve (org.glassfish.web.valve.GlassFishValve)1