SecurityCollection securityCollection = new SecurityCollection(); securityCollection.addPattern("/*"); SecurityConstraint securityConstraint = new SecurityConstraint(); securityConstraint.addCollection(securityCollection);
public SecurityConstaintBuilder addCollection(final String name, final String pattern, final String... methods) { final SecurityCollection collection = new SecurityCollection(); collection.setName(name); collection.addPattern(pattern); for (final String httpMethod : methods) { collection.addMethod(httpMethod); } securityConstraint.addCollection(collection); return this; }
/** * Construct a new security collection instance with specified values. * * @param name Name of this security collection * @param description Description of this security collection */ public SecurityCollection(String name, String description) { super(); setName(name); setDescription(description); }
SecurityCollection[] collections = constraint.findCollections(); for (SecurityCollection collection : collections) { String[] patterns = collection.findPatterns(); String[] methods = collection.findMethods(); String[] omittedMethods = collection.findOmittedMethods(); "securityConstraint.uncoveredHttpMethodFix", pattern, msg.toString().trim())); SecurityCollection collection = new SecurityCollection(); for (String method : methods) { collection.addOmittedMethod(method); collection.addPattern(pattern); collection.setName("deny-uncovered-http-methods"); SecurityConstraint constraint = new SecurityConstraint(); constraint.setAuthConstraint(true); "securityConstraint.uncoveredHttpOmittedMethodFix", pattern, msg.toString().trim())); SecurityCollection collection = new SecurityCollection(); for (String method : omittedMethods) { collection.addMethod(method); collection.addPattern(pattern); collection.setName("deny-uncovered-http-methods"); SecurityConstraint constraint = new SecurityConstraint(); constraint.setAuthConstraint(true); "securityConstraint.uncoveredHttpOmittedMethodFix",
SecurityCollection tomcatSecCollection = new SecurityCollection(); tomcatSecCollection.setName(collection.getName()); tomcatSecCollection.setDescription(collection.getDescription()); tomcatSecCollection.addPattern(pattern); tomcatSecCollection.addMethod(method); tomcatSecCollection.addOmittedMethod(method);
SecurityCollection[] collections = constraint.findCollections(); for (SecurityCollection collection : collections) { String[] patterns = collection.findPatterns(); String[] methods = collection.findMethods(); String[] omittedMethods = collection.findOmittedMethods(); "securityConstraint.uncoveredHttpMethodFix", pattern, msg.toString().trim())); SecurityCollection collection = new SecurityCollection(); for (String method : methods) { collection.addOmittedMethod(method); collection.addPatternDecoded(pattern); collection.setName("deny-uncovered-http-methods"); SecurityConstraint constraint = new SecurityConstraint(); constraint.setAuthConstraint(true);
@Override public SecurityConstraint[] findSecurityConstraints(final Request request, final Context context) { final SecurityConstraint[] sc = super.findSecurityConstraints(request, context); if (beanManager() == null) { return sc; } final FindSecurityConstraintsEvent event = new FindSecurityConstraintsEvent(request.getRequest(), context.getPath()); beanManager().fireEvent(event); if (!event.getRoles().isEmpty()) { final SecurityConstraint s = new SecurityConstraint(); final SecurityCollection collection = new SecurityCollection(); collection.addPattern("/*"); // only for the current request collection.addMethod(request.getMethod()); s.addCollection(collection); if (event.getUserConstraint() != null) { s.setUserConstraint(event.getUserConstraint()); } for(final String r: event.getRoles()) { s.addAuthRole(r); } return new SecurityConstraint[] { s }; } return sc; }
private static void handleOmittedMethods(Set<String> omittedMethods, String pattern, boolean denyUncoveredHttpMethods, List<SecurityConstraint> newConstraints, Log log) { if (omittedMethods.size() > 0) { StringBuilder msg = new StringBuilder(); for (String method : omittedMethods) { msg.append(method); msg.append(' '); } if (denyUncoveredHttpMethods) { log.info(sm.getString( "securityConstraint.uncoveredHttpOmittedMethodFix", pattern, msg.toString().trim())); SecurityCollection collection = new SecurityCollection(); for (String method : omittedMethods) { collection.addMethod(method); } collection.addPatternDecoded(pattern); collection.setName("deny-uncovered-http-methods"); SecurityConstraint constraint = new SecurityConstraint(); constraint.setAuthConstraint(true); constraint.addCollection(collection); newConstraints.add(constraint); } else { log.error(sm.getString( "securityConstraint.uncoveredHttpOmittedMethod", pattern, msg.toString().trim())); } } } }
sb.append(" <web-resource-collection>\n"); appendElement(sb, INDENT6, "web-resource-name", collection.getName()); appendElement(sb, INDENT6, "description", collection.getDescription()); for (String urlPattern : collection.findPatterns()) { appendElement(sb, INDENT6, "url-pattern", urlPattern); for (String method : collection.findMethods()) { appendElement(sb, INDENT6, "http-method", method); for (String method : collection.findOmittedMethods()) { appendElement(sb, INDENT6, "http-method-omission", method);
String patterns[] = collections[i].findPatterns(); for (int j = 0; j < patterns.length; j++) { patterns[j] = adjustURLPattern(patterns[j]); patterns[j])); if (collections[i].findMethods().length > 0 && collections[i].findOmittedMethods().length > 0) { throw new IllegalArgumentException(sm.getString( "standardContext.securityConstraint.mixHttpMethod"));
/** * Return <code>true</code> if the specified context-relative URI (and * associated HTTP method) are protected by this security constraint. * * @param uri Context-relative URI to check * @param method Request method being used */ public boolean included(String uri, String method) { // We cannot match without a valid request method if (method == null) return (false); // Check all of the collections included in this constraint for (int i = 0; i < collections.length; i++) { if (!collections[i].findMethod(method)) continue; String patterns[] = collections[i].findPatterns(); for (int j = 0; j < patterns.length; j++) { if (matchPattern(uri, patterns[j])) return (true); } } // No collection included in this constraint matches this request return (false); }
collection.addMethod(methodElement.getMethodName()); result.add(constraint); Iterator<String> ommittedMethod = element.getMethodNames().iterator(); while (ommittedMethod.hasNext()) { collection.addOmittedMethod(ommittedMethod.next());
SecurityCollection[] collections = constraint.findCollections(); for (SecurityCollection collection : collections) { String[] patterns = collection.findPatterns(); String[] methods = collection.findMethods(); String[] omittedMethods = collection.findOmittedMethods(); "securityConstraint.uncoveredHttpMethodFix", pattern, msg.toString().trim())); SecurityCollection collection = new SecurityCollection(); for (String method : methods) { collection.addOmittedMethod(method); collection.addPatternDecoded(pattern); collection.setName("deny-uncovered-http-methods"); SecurityConstraint constraint = new SecurityConstraint(); constraint.setAuthConstraint(true);
private static void handleOmittedMethods(Set<String> omittedMethods, String pattern, boolean denyUncoveredHttpMethods, List<SecurityConstraint> newConstraints, Log log) { if (omittedMethods.size() > 0) { StringBuilder msg = new StringBuilder(); for (String method : omittedMethods) { msg.append(method); msg.append(' '); } if (denyUncoveredHttpMethods) { log.info(sm.getString( "securityConstraint.uncoveredHttpOmittedMethodFix", pattern, msg.toString().trim())); SecurityCollection collection = new SecurityCollection(); for (String method : omittedMethods) { collection.addMethod(method); } collection.addPatternDecoded(pattern); collection.setName("deny-uncovered-http-methods"); SecurityConstraint constraint = new SecurityConstraint(); constraint.setAuthConstraint(true); constraint.addCollection(collection); newConstraints.add(constraint); } else { log.error(sm.getString( "securityConstraint.uncoveredHttpOmittedMethod", pattern, msg.toString().trim())); } } } }
sb.append(" <web-resource-collection>\n"); appendElement(sb, INDENT6, "web-resource-name", collection.getName()); appendElement(sb, INDENT6, "description", collection.getDescription()); for (String urlPattern : collection.findPatterns()) { appendElement(sb, INDENT6, "url-pattern", encodeUrl(urlPattern)); for (String method : collection.findMethods()) { appendElement(sb, INDENT6, "http-method", method); for (String method : collection.findOmittedMethods()) { appendElement(sb, INDENT6, "http-method-omission", method);
String patterns[] = collections[i].findPatterns(); for (int j = 0; j < patterns.length; j++) { patterns[j] = adjustURLPattern(patterns[j]); patterns[j])); if (collections[i].findMethods().length > 0 && collections[i].findOmittedMethods().length > 0) { throw new IllegalArgumentException(sm.getString( "standardContext.securityConstraint.mixHttpMethod"));
/** * Check if the constraint applies to a URI and method. * @param uri Context-relative URI to check * @param method Request method being used * @return <code>true</code> if the specified context-relative URI (and * associated HTTP method) are protected by this security constraint. */ public boolean included(String uri, String method) { // We cannot match without a valid request method if (method == null) return false; // Check all of the collections included in this constraint for (int i = 0; i < collections.length; i++) { if (!collections[i].findMethod(method)) continue; String patterns[] = collections[i].findPatterns(); for (int j = 0; j < patterns.length; j++) { if (matchPattern(uri, patterns[j])) return true; } } // No collection included in this constraint matches this request return false; }
collection.addMethod(methodElement.getMethodName()); result.add(constraint); collection.addOmittedMethod(name);
/** * Construct a new security collection instance with specified values. * * @param name Name of this security collection * @param description Description of this security collection */ public SecurityCollection(String name, String description) { super(); setName(name); setDescription(description); }
protected void postProcessContext(Context context) { SecurityConstraint securityConstraint = new SecurityConstraint(); securityConstraint.setUserConstraint("CONFIDENTIAL"); SecurityCollection collection = new SecurityCollection(); collection.addPattern("/*"); securityConstraint.addCollection(collection); context.addConstraint(securityConstraint); } };