use of org.glassfish.web.deployment.descriptor.AuthorizationConstraintImpl in project Payara by payara.
the class DynamicWebServletRegistrationImpl method setSecurityConfig.
@Override
public void setSecurityConfig(SecurityConfig config) {
if (config == null) {
return;
}
this.config = config;
LoginConfig lc = config.getLoginConfig();
if (lc != null) {
LoginConfiguration loginConf = new LoginConfigurationImpl();
loginConf.setAuthenticationMethod(lc.getAuthMethod().name());
loginConf.setRealmName(lc.getRealmName());
FormLoginConfig form = lc.getFormLoginConfig();
if (form != null) {
loginConf.setFormErrorPage(form.getFormErrorPage());
loginConf.setFormLoginPage(form.getFormLoginPage());
}
LoginConfigDecorator decorator = new LoginConfigDecorator(loginConf);
setLoginConfig(decorator);
getWebBundleDescriptor().setLoginConfiguration(loginConf);
}
Set<org.glassfish.embeddable.web.config.SecurityConstraint> securityConstraints = config.getSecurityConstraints();
for (org.glassfish.embeddable.web.config.SecurityConstraint sc : securityConstraints) {
com.sun.enterprise.deployment.web.SecurityConstraint securityConstraint = new SecurityConstraintImpl();
Set<org.glassfish.embeddable.web.config.WebResourceCollection> wrcs = sc.getWebResourceCollection();
for (org.glassfish.embeddable.web.config.WebResourceCollection wrc : wrcs) {
WebResourceCollectionImpl webResourceColl = new WebResourceCollectionImpl();
webResourceColl.setDisplayName(wrc.getName());
for (String urlPattern : wrc.getUrlPatterns()) {
webResourceColl.addUrlPattern(urlPattern);
}
securityConstraint.addWebResourceCollection(webResourceColl);
AuthorizationConstraintImpl ac = null;
if (sc.getAuthConstraint() != null && sc.getAuthConstraint().length > 0) {
ac = new AuthorizationConstraintImpl();
for (String roleName : sc.getAuthConstraint()) {
Role role = new Role(roleName);
getWebBundleDescriptor().addRole(role);
ac.addSecurityRole(roleName);
}
} else {
// DENY
ac = new AuthorizationConstraintImpl();
}
securityConstraint.setAuthorizationConstraint(ac);
UserDataConstraint udc = new UserDataConstraintImpl();
udc.setTransportGuarantee(((sc.getDataConstraint() == TransportGuarantee.CONFIDENTIAL) ? UserDataConstraint.CONFIDENTIAL_TRANSPORT : UserDataConstraint.NONE_TRANSPORT));
securityConstraint.setUserDataConstraint(udc);
if (wrc.getHttpMethods() != null) {
for (String httpMethod : wrc.getHttpMethods()) {
webResourceColl.addHttpMethod(httpMethod);
}
}
if (wrc.getHttpMethodOmissions() != null) {
for (String httpMethod : wrc.getHttpMethodOmissions()) {
webResourceColl.addHttpMethodOmission(httpMethod);
}
}
getWebBundleDescriptor().addSecurityConstraint(securityConstraint);
TomcatDeploymentConfig.configureSecurityConstraint(this, getWebBundleDescriptor());
}
}
if (pipeline != null) {
GlassFishValve basic = pipeline.getBasic();
if ((basic != null) && (basic instanceof java.net.Authenticator)) {
removeValve(basic);
}
GlassFishValve[] valves = pipeline.getValves();
for (GlassFishValve valve : valves) {
if (valve instanceof java.net.Authenticator) {
removeValve(valve);
}
}
}
if (realm != null && realm instanceof RealmInitializer) {
((RealmInitializer) realm).initializeRealm(this.getWebBundleDescriptor(), false, ((VirtualServer) parent).getAuthRealmName());
((RealmInitializer) realm).setVirtualServer(getParent());
((RealmInitializer) realm).updateWebSecurityManager();
setRealm(realm);
}
}
use of org.glassfish.web.deployment.descriptor.AuthorizationConstraintImpl in project Payara by payara.
the class WebSecurityRoleName method check.
/**
* The Web role-name element contains the name of a security role.
*
* @param descriptor the Web deployment descriptor
*
* @return <code>Result</code> the results for this assertion
*/
public Result check(WebBundleDescriptor descriptor) {
Result result = getInitializedResult();
ComponentNameConstructor compName = getVerifierContext().getComponentNameConstructor();
if (descriptor.getSecurityConstraints().hasMoreElements()) {
boolean oneFailed = false;
boolean foundIt = false;
int naSr = 0;
int naAci = 0;
int noAci = 0;
int noSc = 0;
// get the security role name's in this .war
for (Enumeration e = descriptor.getSecurityConstraints(); e.hasMoreElements(); ) {
foundIt = false;
noSc++;
SecurityConstraintImpl securityConstraintImpl = (SecurityConstraintImpl) e.nextElement();
AuthorizationConstraintImpl aci = (AuthorizationConstraintImpl) securityConstraintImpl.getAuthorizationConstraint();
if (aci != null) {
noAci++;
if (aci.getSecurityRoles().hasMoreElements()) {
for (Enumeration ee = aci.getSecurityRoles(); ee.hasMoreElements(); ) {
SecurityRoleDescriptor srd = (SecurityRoleDescriptor) ee.nextElement();
String roleName = srd.getName();
// jsb, nothing to test here...?
if (roleName.length() > 0) {
foundIt = true;
} else {
foundIt = false;
}
if (foundIt) {
result.addGoodDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
result.addGoodDetails(smh.getLocalString(getClass().getName() + ".passed", "The security role name [ {0} ] found within web application [ {1} ]", new Object[] { roleName, descriptor.getName() }));
} else {
if (!oneFailed) {
oneFailed = true;
}
result.addErrorDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
result.addErrorDetails(smh.getLocalString(getClass().getName() + ".failed", "Error: The security role name [ {0} ] not found within web application [ {1} ]", new Object[] { roleName, descriptor.getName() }));
}
}
} else {
result.addNaDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
result.notApplicable(smh.getLocalString(getClass().getName() + ".notApplicable1", "Not Applicable: There are no security roles in this security constraint within [ {0} ]", new Object[] { descriptor.getName() }));
naSr++;
}
} else {
result.addNaDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
result.notApplicable(smh.getLocalString(getClass().getName() + ".notApplicable2", "Not Applicable: There is no authorization constraint in this security constraint within [ {0} ]", new Object[] { descriptor.getName() }));
naAci++;
}
}
if (oneFailed) {
result.setStatus(Result.FAILED);
} else if ((noSc == naAci) || (noAci == naSr)) {
result.setStatus(Result.NOT_APPLICABLE);
} else {
result.setStatus(Result.PASSED);
}
} else {
result.addNaDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
result.notApplicable(smh.getLocalString(getClass().getName() + ".notApplicable", "There are no role-name elements within the web archive [ {0} ]", new Object[] { descriptor.getName() }));
}
return result;
}
Aggregations