private void processServletSecurityAnnotation(Class<?> clazz) { // Calling this twice isn't harmful so no syncs servletSecurityAnnotationScanRequired = false; Context ctxt = (Context) getParent(); if (ctxt.getIgnoreAnnotations()) { return; } ServletSecurity secAnnotation = clazz.getAnnotation(ServletSecurity.class); if (secAnnotation != null) { ctxt.addServletSecurity( new ApplicationServletRegistration(this, ctxt), new ServletSecurityElement(secAnnotation)); } }
/** * Create from an annotation. * @param annotation * @throws IllegalArgumentException if a method name is specified more than */ public ServletSecurityElement(ServletSecurity annotation) { this(new HttpConstraintElement(annotation.value().value(), annotation.value().transportGuarantee(), annotation.value().rolesAllowed())); List<HttpMethodConstraintElement> l = new ArrayList<HttpMethodConstraintElement>(); HttpMethodConstraint[] constraints = annotation.httpMethodConstraints(); if (constraints != null) { for (int i = 0; i < constraints.length; i++) { HttpMethodConstraintElement e = new HttpMethodConstraintElement(constraints[i].value(), new HttpConstraintElement( constraints[i].emptyRoleSemantic(), constraints[i].transportGuarantee(), constraints[i].rolesAllowed())); l.add(e); } } addHttpMethodConstraints(l); }
/** * Constructs an instance from a {@link ServletSecurity} annotation value. * * @param annotation the annotation value * * @throws IllegalArgumentException if duplicate method names are * detected */ public ServletSecurityElement(ServletSecurity annotation) { super(annotation.value().value(), annotation.value().transportGuarantee(), annotation.value().rolesAllowed()); this.methodConstraints = new HashSet<HttpMethodConstraintElement>(); for (HttpMethodConstraint constraint : annotation.httpMethodConstraints()) { this.methodConstraints.add( new HttpMethodConstraintElement( constraint.value(), new HttpConstraintElement(constraint.emptyRoleSemantic(), constraint.transportGuarantee(), constraint.rolesAllowed()))); } methodNames = checkMethodNames(this.methodConstraints); }
private void processServletSecurityAnnotation(Class<?> clazz) { // Calling this twice isn't harmful so no syncs servletSecurityAnnotationScanRequired = false; Context ctxt = (Context) getParent(); if (ctxt.getIgnoreAnnotations()) { return; } ServletSecurity secAnnotation = clazz.getAnnotation(ServletSecurity.class); if (secAnnotation != null) { ctxt.addServletSecurity(new ApplicationServletRegistration(this, ctxt), new ServletSecurityElement(secAnnotation)); } }
/** * Create from an annotation. * * @param annotation * @throws IllegalArgumentException * if a method name is specified more than */ public ServletSecurityElement(ServletSecurity annotation) { this(new HttpConstraintElement(annotation.value().value(), annotation.value().transportGuarantee(), annotation.value().rolesAllowed())); List<HttpMethodConstraintElement> l = new ArrayList<HttpMethodConstraintElement>(); HttpMethodConstraint[] constraints = annotation.httpMethodConstraints(); if (constraints != null) { for (int i = 0; i < constraints.length; i++) { HttpMethodConstraintElement e = new HttpMethodConstraintElement(constraints[i].value(), new HttpConstraintElement(constraints[i].emptyRoleSemantic(), constraints[i].transportGuarantee(), constraints[i].rolesAllowed())); l.add(e); } } addHttpMethodConstraints(l); }
@Override public void contextInitialized(ServletContextEvent servletContextEvent) { System.out.println(getClass() + " contextInitialized"); ServletContext ctx = servletContextEvent.getServletContext(); ServletRegistration reg = ctx.addServlet("uploadServlet", FileUploadServlet.class); reg.addMapping("/upload"); reg.setInitParameter("text", "Servlet init parameter"); FilterRegistration filterReg = ctx.addFilter("/*", MyFilter.class); filterReg.addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST), true, "/*"); filterReg.setInitParameter("log", "Log message in filter"); ctx.addListener(MyRequestlistener.class); ServletRegistration.Dynamic securedServlet = ctx.addServlet("Programmatic Security Servlet", MyProgrammaticSecuredServlet.class); securedServlet.addMapping("/progsec"); HttpConstraintElement sec = new HttpConstraintElement(ServletSecurity.TransportGuarantee.CONFIDENTIAL, new String[] { "admin" }); ServletSecurityElement secElem = new ServletSecurityElement(sec); securedServlet.setServletSecurity(secElem); }
private static SecurityConstraint createConstraint( HttpConstraintElement element, String urlPattern, boolean alwaysCreate) { SecurityConstraint constraint = new SecurityConstraint(); SecurityCollection collection = new SecurityCollection(); boolean create = alwaysCreate; if (element.getTransportGuarantee() != ServletSecurity.TransportGuarantee.NONE) { constraint.setUserConstraint(element.getTransportGuarantee().name()); create = true; } if (element.getRolesAllowed().length > 0) { String[] roles = element.getRolesAllowed(); for (String role : roles) { constraint.addAuthRole(role); } create = true; } if (element.getEmptyRoleSemantic() != EmptyRoleSemantic.PERMIT) { constraint.setAuthConstraint(true); create = true; } if (create) { collection.addPattern(urlPattern); constraint.addCollection(collection); return constraint; } return null; }
@Override public Void run() { final ServletSecurity security = servletInfo.getServletClass().getAnnotation(ServletSecurity.class); if (security != null) { ServletSecurityInfo servletSecurityInfo = new ServletSecurityInfo() .setEmptyRoleSemantic(security.value().value() == ServletSecurity.EmptyRoleSemantic.DENY ? SecurityInfo.EmptyRoleSemantic.DENY : SecurityInfo.EmptyRoleSemantic.PERMIT) .setTransportGuaranteeType(security.value().transportGuarantee() == ServletSecurity.TransportGuarantee.CONFIDENTIAL ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE) .addRolesAllowed(security.value().rolesAllowed()); for (HttpMethodConstraint constraint : security.httpMethodConstraints()) { servletSecurityInfo.addHttpMethodSecurityInfo(new HttpMethodSecurityInfo() .setMethod(constraint.value())) .setEmptyRoleSemantic(constraint.emptyRoleSemantic() == ServletSecurity.EmptyRoleSemantic.DENY ? SecurityInfo.EmptyRoleSemantic.DENY : SecurityInfo.EmptyRoleSemantic.PERMIT) .setTransportGuaranteeType(constraint.transportGuarantee() == ServletSecurity.TransportGuarantee.CONFIDENTIAL ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE) .addRolesAllowed(constraint.rolesAllowed()); } servletInfo.setServletSecurityInfo(servletSecurityInfo); } final MultipartConfig multipartConfig = servletInfo.getServletClass().getAnnotation(MultipartConfig.class); if (multipartConfig != null) { servletInfo.setMultipartConfig(new MultipartConfigElement(multipartConfig.location(), multipartConfig.maxFileSize(), multipartConfig.maxRequestSize(), multipartConfig.fileSizeThreshold())); } final RunAs runAs = servletInfo.getServletClass().getAnnotation(RunAs.class); if (runAs != null) { servletInfo.setRunAs(runAs.value()); } final DeclareRoles declareRoles = servletInfo.getServletClass().getAnnotation(DeclareRoles.class); if (declareRoles != null) { deploymentInfo.addSecurityRoles(declareRoles.value()); } return null; }
private static SecurityConstraint createConstraint(HttpConstraintElement element, String urlPattern, boolean alwaysCreate) { SecurityConstraint constraint = new SecurityConstraint(); SecurityCollection collection = new SecurityCollection(); boolean create = alwaysCreate; if (element.getTransportGuarantee() != ServletSecurity.TransportGuarantee.NONE) { constraint.setUserConstraint(element.getTransportGuarantee().name()); create = true; } if (element.getRolesAllowed().length > 0) { String[] roles = element.getRolesAllowed(); for (String role : roles) { constraint.addAuthRole(role); } create = true; } if (element.getEmptyRoleSemantic() != EmptyRoleSemantic.PERMIT) { constraint.setAuthConstraint(true); create = true; } if (create) { collection.addPattern(urlPattern); constraint.addCollection(collection); return constraint; } return null; }
