use of org.glassfish.web.deployment.descriptor.UserDataConstraintImpl in project Payara by payara.
the class DynamicWebServletRegistrationImpl method setSecurityConfig.
public void setSecurityConfig(SecurityConfig config) {
if (config == null) {
return;
}
this.config = config;
LoginConfig lc = config.getLoginConfig();
if (lc != null) {
LoginConfiguration loginConf = new LoginConfigurationImpl();
loginConf.setAuthenticationMethod(lc.getAuthMethod().name());
loginConf.setRealmName(lc.getRealmName());
FormLoginConfig form = lc.getFormLoginConfig();
if (form != null) {
loginConf.setFormErrorPage(form.getFormErrorPage());
loginConf.setFormLoginPage(form.getFormLoginPage());
}
LoginConfigDecorator decorator = new LoginConfigDecorator(loginConf);
setLoginConfig(decorator);
getWebBundleDescriptor().setLoginConfiguration(loginConf);
}
Set<org.glassfish.embeddable.web.config.SecurityConstraint> securityConstraints = config.getSecurityConstraints();
for (org.glassfish.embeddable.web.config.SecurityConstraint sc : securityConstraints) {
com.sun.enterprise.deployment.web.SecurityConstraint securityConstraint = new SecurityConstraintImpl();
Set<org.glassfish.embeddable.web.config.WebResourceCollection> wrcs = sc.getWebResourceCollection();
for (org.glassfish.embeddable.web.config.WebResourceCollection wrc : wrcs) {
WebResourceCollectionImpl webResourceColl = new WebResourceCollectionImpl();
webResourceColl.setDisplayName(wrc.getName());
for (String urlPattern : wrc.getUrlPatterns()) {
webResourceColl.addUrlPattern(urlPattern);
}
securityConstraint.addWebResourceCollection(webResourceColl);
AuthorizationConstraintImpl ac = null;
if (sc.getAuthConstraint() != null && sc.getAuthConstraint().length > 0) {
ac = new AuthorizationConstraintImpl();
for (String roleName : sc.getAuthConstraint()) {
Role role = new Role(roleName);
getWebBundleDescriptor().addRole(role);
ac.addSecurityRole(roleName);
}
} else {
// DENY
ac = new AuthorizationConstraintImpl();
}
securityConstraint.setAuthorizationConstraint(ac);
UserDataConstraint udc = new UserDataConstraintImpl();
udc.setTransportGuarantee(((sc.getDataConstraint() == TransportGuarantee.CONFIDENTIAL) ? UserDataConstraint.CONFIDENTIAL_TRANSPORT : UserDataConstraint.NONE_TRANSPORT));
securityConstraint.setUserDataConstraint(udc);
if (wrc.getHttpMethods() != null) {
for (String httpMethod : wrc.getHttpMethods()) {
webResourceColl.addHttpMethod(httpMethod);
}
}
if (wrc.getHttpMethodOmissions() != null) {
for (String httpMethod : wrc.getHttpMethodOmissions()) {
webResourceColl.addHttpMethodOmission(httpMethod);
}
}
getWebBundleDescriptor().addSecurityConstraint(securityConstraint);
TomcatDeploymentConfig.configureSecurityConstraint(this, getWebBundleDescriptor());
}
}
if (pipeline != null) {
GlassFishValve basic = pipeline.getBasic();
if ((basic != null) && (basic instanceof java.net.Authenticator)) {
removeValve(basic);
}
GlassFishValve[] valves = pipeline.getValves();
for (int i = 0; i < valves.length; i++) {
if (valves[i] instanceof java.net.Authenticator) {
removeValve(valves[i]);
}
}
}
if (realm != null && realm instanceof RealmInitializer) {
((RealmInitializer) realm).initializeRealm(this.getWebBundleDescriptor(), false, ((VirtualServer) parent).getAuthRealmName());
((RealmInitializer) realm).setVirtualServer(getParent());
((RealmInitializer) realm).updateWebSecurityManager();
setRealm(realm);
}
}
use of org.glassfish.web.deployment.descriptor.UserDataConstraintImpl in project Payara by payara.
the class TransportGuarantee method check.
/**
* The transport-guarantee element specifies that the communication between
* client and server should be "SECURE", "NONE", or "CONFIDENTIAL".
*
* @param descriptor the Web deployment descriptor
*
* @return <code>Result</code> the results for this assertion
*/
public Result check(WebBundleDescriptor descriptor) {
Result result = getInitializedResult();
ComponentNameConstructor compName = getVerifierContext().getComponentNameConstructor();
if (descriptor.getSecurityConstraints().hasMoreElements()) {
boolean oneFailed = false;
boolean foundIt = false;
int na = 0;
int noSc = 0;
// get the errorpage's in this .war
for (Enumeration e = descriptor.getSecurityConstraints(); e.hasMoreElements(); ) {
foundIt = false;
noSc++;
SecurityConstraintImpl securityConstraintImpl = (SecurityConstraintImpl) e.nextElement();
UserDataConstraintImpl userDataConstraint = (UserDataConstraintImpl) securityConstraintImpl.getUserDataConstraint();
if (userDataConstraint != null) {
String transportGuarantee = userDataConstraint.getTransportGuarantee();
if (transportGuarantee.length() > 0) {
if ((transportGuarantee.equals("NONE")) || (transportGuarantee.equals("INTEGRAL")) || (transportGuarantee.equals("CONFIDENTIAL"))) {
foundIt = true;
} else {
foundIt = false;
}
} else {
foundIt = false;
}
if (foundIt) {
result.addGoodDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
result.addGoodDetails(smh.getLocalString(getClass().getName() + ".passed", "transport-guarantee [ {0} ] specifies that the communication between client and server should be one of \"SECURE\", \"NONE\", or \"CONFIDENTIAL\" within web application [ {1} ]", new Object[] { transportGuarantee, descriptor.getName() }));
} else {
if (!oneFailed) {
oneFailed = true;
}
result.addErrorDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
result.addErrorDetails(smh.getLocalString(getClass().getName() + ".failed", "Error: transport-guarantee [ {0} ] does not specify that the communication between client and server is one of \"SECURE\", \"NONE\", or \"CONFIDENTIAL\" within web application [ {1} ]", new Object[] { transportGuarantee, descriptor.getName() }));
}
} else {
result.addNaDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
result.addNaDetails(smh.getLocalString(getClass().getName() + ".notApplicable1", "There are no transport-guarantee elements within the web application [ {0} ]", new Object[] { descriptor.getName() }));
na++;
}
}
if (oneFailed) {
result.setStatus(Result.FAILED);
} else if (na == noSc) {
result.setStatus(Result.NOT_APPLICABLE);
} else {
result.setStatus(Result.PASSED);
}
} else {
result.addNaDetails(smh.getLocalString("tests.componentNameConstructor", "For [ {0} ]", new Object[] { compName.toString() }));
result.notApplicable(smh.getLocalString(getClass().getName() + ".notApplicable", "There are no transport-guarantee elements within the web archive [ {0} ]", new Object[] { descriptor.getName() }));
}
return result;
}
Aggregations