io.undertow.servlet.api.TransportGuaranteeType Java Examples
The following examples show how to use
io.undertow.servlet.api.TransportGuaranteeType.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: ServletConfidentialityConstraintHandler.java From quarkus-http with Apache License 2.0 | 6 votes |
|
@Override
public void handleRequest(HttpServerExchange exchange) throws Exception {
final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
final AuthorizationManager authorizationManager = servletRequestContext.getDeployment().getDeploymentInfo().getAuthorizationManager();
TransportGuaranteeType connectionGuarantee = servletRequestContext.getOriginalRequest().isSecure() ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE;
TransportGuaranteeType transportGuarantee = authorizationManager.transportGuarantee(connectionGuarantee,
servletRequestContext.getTransportGuarenteeType(), servletRequestContext.getOriginalRequest());
servletRequestContext.setTransportGuarenteeType(transportGuarantee);
if (TransportGuaranteeType.REJECTED == transportGuarantee) {
HttpServletResponse response = (HttpServletResponse) servletRequestContext.getServletResponse();
response.sendError(StatusCodes.FORBIDDEN);
return;
}
super.handleRequest(exchange);
}
Example #2
| Source File: ServletConfidentialityConstraintHandler.java From lams with GNU General Public License v2.0 | 6 votes |
|
@Override
public void handleRequest(HttpServerExchange exchange) throws Exception {
final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
final AuthorizationManager authorizationManager = servletRequestContext.getDeployment().getDeploymentInfo().getAuthorizationManager();
TransportGuaranteeType connectionGuarantee = servletRequestContext.getOriginalRequest().isSecure() ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE;
TransportGuaranteeType transportGuarantee = authorizationManager.transportGuarantee(connectionGuarantee,
servletRequestContext.getTransportGuarenteeType(), servletRequestContext.getOriginalRequest());
servletRequestContext.setTransportGuarenteeType(transportGuarantee);
if (TransportGuaranteeType.REJECTED == transportGuarantee) {
HttpServletResponse response = (HttpServletResponse) servletRequestContext.getServletResponse();
response.sendError(StatusCodes.FORBIDDEN);
return;
}
super.handleRequest(exchange);
}
Example #3
| Source File: ServletSecurityConstraintHandler.java From quarkus-http with Apache License 2.0 | 6 votes |
|
@Override
public void handleRequest(final HttpServerExchange exchange) throws Exception {
final String path = exchange.getRelativePath();
SecurityPathMatch securityMatch = securityPathMatches.getSecurityInfo(path, exchange.getRequestMethod());
final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
List<SingleConstraintMatch> list = servletRequestContext.getRequiredConstrains();
if (list == null) {
servletRequestContext.setRequiredConstrains(list = new ArrayList<>());
}
list.add(securityMatch.getMergedConstraint());
TransportGuaranteeType type = servletRequestContext.getTransportGuarenteeType();
if (type == null || type.ordinal() < securityMatch.getTransportGuaranteeType().ordinal()) {
servletRequestContext.setTransportGuarenteeType(securityMatch.getTransportGuaranteeType());
}
UndertowLogger.SECURITY_LOGGER.debugf("Security constraints for request %s are %s", exchange.getRequestURI(), list);
next.handleRequest(exchange);
}
Example #4
| Source File: ServletSecurityConstraintHandler.java From lams with GNU General Public License v2.0 | 6 votes |
|
@Override
public void handleRequest(final HttpServerExchange exchange) throws Exception {
final String path = exchange.getRelativePath();
SecurityPathMatch securityMatch = securityPathMatches.getSecurityInfo(path, exchange.getRequestMethod().toString());
final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
List<SingleConstraintMatch> list = servletRequestContext.getRequiredConstrains();
if (list == null) {
servletRequestContext.setRequiredConstrains(list = new ArrayList<>());
}
list.add(securityMatch.getMergedConstraint());
TransportGuaranteeType type = servletRequestContext.getTransportGuarenteeType();
if (type == null || type.ordinal() < securityMatch.getTransportGuaranteeType().ordinal()) {
servletRequestContext.setTransportGuarenteeType(securityMatch.getTransportGuaranteeType());
}
UndertowLogger.SECURITY_LOGGER.debugf("Security constraints for request %s are %s", exchange.getRequestURI(), list);
next.handleRequest(exchange);
}
Example #5
| Source File: ServletRegistrationImpl.java From quarkus-http with Apache License 2.0 | 5 votes |
|
@Override
public Set<String> setServletSecurity(final ServletSecurityElement constraint) {
if (constraint == null) {
throw UndertowMessages.MESSAGES.argumentCannotBeNull("constraint");
}
DeploymentInfo deploymentInfo = deployment.getDeploymentInfo();
//this is not super efficient, but it does not really matter
final Set<String> urlPatterns = new HashSet<>();
for (SecurityConstraint sc : deploymentInfo.getSecurityConstraints()) {
for (WebResourceCollection webResources : sc.getWebResourceCollections()) {
urlPatterns.addAll(webResources.getUrlPatterns());
}
}
final Set<String> ret = new HashSet<>();
for (String url : servletInfo.getMappings()) {
if (urlPatterns.contains(url)) {
ret.add(url);
}
}
ServletSecurityInfo info = new ServletSecurityInfo();
servletInfo.setServletSecurityInfo(info);
info.setTransportGuaranteeType(constraint.getTransportGuarantee() == CONFIDENTIAL ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE)
.setEmptyRoleSemantic(emptyRoleSemantic(constraint.getEmptyRoleSemantic()))
.addRolesAllowed(constraint.getRolesAllowed());
for (final HttpMethodConstraintElement methodConstraint : constraint.getHttpMethodConstraints()) {
info.addHttpMethodSecurityInfo(new HttpMethodSecurityInfo()
.setTransportGuaranteeType(methodConstraint.getTransportGuarantee() == CONFIDENTIAL ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE)
.setMethod(methodConstraint.getMethodName())
.setEmptyRoleSemantic(emptyRoleSemantic(methodConstraint.getEmptyRoleSemantic()))
.addRolesAllowed(methodConstraint.getRolesAllowed()));
}
return ret;
}
Example #6
| Source File: ServletConfidentialityConstraintHandler.java From lams with GNU General Public License v2.0 | 5 votes |
|
@Override
protected boolean confidentialityRequired(HttpServerExchange exchange) {
TransportGuaranteeType transportGuarantee = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY).getTransportGuarenteeType();
// TODO - We may be able to add more flexibility here especially with authentication mechanisms such as Digest for
// INTEGRAL - for now just use SSL.
return (TransportGuaranteeType.CONFIDENTIAL == transportGuarantee || TransportGuaranteeType.INTEGRAL == transportGuarantee);
}
Example #7
| Source File: ServletRegistrationImpl.java From lams with GNU General Public License v2.0 | 5 votes |
|
@Override
public Set<String> setServletSecurity(final ServletSecurityElement constraint) {
if (constraint == null) {
throw UndertowMessages.MESSAGES.argumentCannotBeNull("constraint");
}
DeploymentInfo deploymentInfo = deployment.getDeploymentInfo();
//this is not super efficient, but it does not really matter
final Set<String> urlPatterns = new HashSet<>();
for (SecurityConstraint sc : deploymentInfo.getSecurityConstraints()) {
for (WebResourceCollection webResources : sc.getWebResourceCollections()) {
urlPatterns.addAll(webResources.getUrlPatterns());
}
}
final Set<String> ret = new HashSet<>();
for (String url : servletInfo.getMappings()) {
if (urlPatterns.contains(url)) {
ret.add(url);
}
}
ServletSecurityInfo info = new ServletSecurityInfo();
servletInfo.setServletSecurityInfo(info);
info.setTransportGuaranteeType(constraint.getTransportGuarantee() == CONFIDENTIAL ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE)
.setEmptyRoleSemantic(emptyRoleSemantic(constraint.getEmptyRoleSemantic()))
.addRolesAllowed(constraint.getRolesAllowed());
for (final HttpMethodConstraintElement methodConstraint : constraint.getHttpMethodConstraints()) {
info.addHttpMethodSecurityInfo(new HttpMethodSecurityInfo()
.setTransportGuaranteeType(methodConstraint.getTransportGuarantee() == CONFIDENTIAL ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE)
.setMethod(methodConstraint.getMethodName())
.setEmptyRoleSemantic(emptyRoleSemantic(methodConstraint.getEmptyRoleSemantic()))
.addRolesAllowed(methodConstraint.getRolesAllowed()));
}
return ret;
}
Example #8
| Source File: ServletContextImpl.java From lams with GNU General Public License v2.0 | 5 votes |
|
@Override
public Void run() {
final ServletSecurity security = servletInfo.getServletClass().getAnnotation(ServletSecurity.class);
if (security != null) {
ServletSecurityInfo servletSecurityInfo = new ServletSecurityInfo()
.setEmptyRoleSemantic(security.value().value() == ServletSecurity.EmptyRoleSemantic.DENY ? SecurityInfo.EmptyRoleSemantic.DENY : SecurityInfo.EmptyRoleSemantic.PERMIT)
.setTransportGuaranteeType(security.value().transportGuarantee() == ServletSecurity.TransportGuarantee.CONFIDENTIAL ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE)
.addRolesAllowed(security.value().rolesAllowed());
for (HttpMethodConstraint constraint : security.httpMethodConstraints()) {
servletSecurityInfo.addHttpMethodSecurityInfo(new HttpMethodSecurityInfo()
.setMethod(constraint.value()))
.setEmptyRoleSemantic(constraint.emptyRoleSemantic() == ServletSecurity.EmptyRoleSemantic.DENY ? SecurityInfo.EmptyRoleSemantic.DENY : SecurityInfo.EmptyRoleSemantic.PERMIT)
.setTransportGuaranteeType(constraint.transportGuarantee() == ServletSecurity.TransportGuarantee.CONFIDENTIAL ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE)
.addRolesAllowed(constraint.rolesAllowed());
}
servletInfo.setServletSecurityInfo(servletSecurityInfo);
}
final MultipartConfig multipartConfig = servletInfo.getServletClass().getAnnotation(MultipartConfig.class);
if (multipartConfig != null) {
servletInfo.setMultipartConfig(new MultipartConfigElement(multipartConfig.location(), multipartConfig.maxFileSize(), multipartConfig.maxRequestSize(), multipartConfig.fileSizeThreshold()));
}
final RunAs runAs = servletInfo.getServletClass().getAnnotation(RunAs.class);
if (runAs != null) {
servletInfo.setRunAs(runAs.value());
}
final DeclareRoles declareRoles = servletInfo.getServletClass().getAnnotation(DeclareRoles.class);
if (declareRoles != null) {
deploymentInfo.addSecurityRoles(declareRoles.value());
}
return null;
}
Example #9
| Source File: UndertowDeploymentRecorder.java From quarkus with Apache License 2.0 | 5 votes |
|
public void addSecurityConstraint(RuntimeValue<DeploymentInfo> deployment, SecurityInfo.EmptyRoleSemantic emptyRoleSemantic,
TransportGuaranteeType transportGuaranteeType,
Set<String> rolesAllowed, Set<WebResourceCollection> webResourceCollections) {
SecurityConstraint securityConstraint = new SecurityConstraint()
.setEmptyRoleSemantic(emptyRoleSemantic)
.addRolesAllowed(rolesAllowed)
.setTransportGuaranteeType(transportGuaranteeType)
.addWebResourceCollections(webResourceCollections.toArray(new WebResourceCollection[0]));
deployment.getValue().addSecurityConstraint(securityConstraint);
}
Example #10
| Source File: ConfidentialityConstraintUrlMappingTestCase.java From quarkus-http with Apache License 2.0 | 5 votes |
|
@BeforeClass
public static void setup() throws Exception {
DefaultServer.startSSLServer();
final PathHandler root = new PathHandler();
final ServletContainer container = ServletContainer.Factory.newInstance();
ServletInfo s = new ServletInfo("servlet", SendSchemeServlet.class)
.addMapping("/clear")
.addMapping("/integral")
.addMapping("/confidential");
DeploymentInfo info = new DeploymentInfo()
.setClassLoader(SimpleServletTestCase.class.getClassLoader())
.setContextPath("/servletContext")
.setClassIntrospecter(TestClassIntrospector.INSTANCE)
.setDeploymentName("servletContext.war")
.setConfidentialPortManager(TestConfidentialPortManager.INSTANCE)
.addServlet(s);
info.addSecurityConstraint(new SecurityConstraint()
.addWebResourceCollection(new WebResourceCollection()
.addUrlPattern("/integral"))
.setTransportGuaranteeType(TransportGuaranteeType.INTEGRAL)
.setEmptyRoleSemantic(EmptyRoleSemantic.PERMIT));
info.addSecurityConstraint(new SecurityConstraint()
.addWebResourceCollection(new WebResourceCollection()
.addUrlPattern("/confidential"))
.setTransportGuaranteeType(TransportGuaranteeType.CONFIDENTIAL)
.setEmptyRoleSemantic(EmptyRoleSemantic.PERMIT));
DeploymentManager manager = container.addDeployment(info);
manager.deploy();
root.addPrefixPath(info.getContextPath(), manager.start());
DefaultServer.setRootHandler(root);
}
Example #11
| Source File: ServletContextImpl.java From quarkus-http with Apache License 2.0 | 5 votes |
|
@Override
public Void run() {
final ServletSecurity security = servletInfo.getServletClass().getAnnotation(ServletSecurity.class);
if (security != null) {
ServletSecurityInfo servletSecurityInfo = new ServletSecurityInfo()
.setEmptyRoleSemantic(security.value().value() == ServletSecurity.EmptyRoleSemantic.DENY ? SecurityInfo.EmptyRoleSemantic.DENY : SecurityInfo.EmptyRoleSemantic.PERMIT)
.setTransportGuaranteeType(security.value().transportGuarantee() == ServletSecurity.TransportGuarantee.CONFIDENTIAL ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE)
.addRolesAllowed(security.value().rolesAllowed());
for (HttpMethodConstraint constraint : security.httpMethodConstraints()) {
servletSecurityInfo.addHttpMethodSecurityInfo(new HttpMethodSecurityInfo()
.setMethod(constraint.value()))
.setEmptyRoleSemantic(constraint.emptyRoleSemantic() == ServletSecurity.EmptyRoleSemantic.DENY ? SecurityInfo.EmptyRoleSemantic.DENY : SecurityInfo.EmptyRoleSemantic.PERMIT)
.setTransportGuaranteeType(constraint.transportGuarantee() == ServletSecurity.TransportGuarantee.CONFIDENTIAL ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE)
.addRolesAllowed(constraint.rolesAllowed());
}
servletInfo.setServletSecurityInfo(servletSecurityInfo);
}
final MultipartConfig multipartConfig = servletInfo.getServletClass().getAnnotation(MultipartConfig.class);
if (multipartConfig != null) {
servletInfo.setMultipartConfig(new MultipartConfigElement(multipartConfig.location(), multipartConfig.maxFileSize(), multipartConfig.maxRequestSize(), multipartConfig.fileSizeThreshold()));
}
final RunAs runAs = servletInfo.getServletClass().getAnnotation(RunAs.class);
if (runAs != null) {
servletInfo.setRunAs(runAs.value());
}
final DeclareRoles declareRoles = servletInfo.getServletClass().getAnnotation(DeclareRoles.class);
if (declareRoles != null) {
deploymentInfo.addSecurityRoles(declareRoles.value());
}
return null;
}
Example #12
| Source File: ServletConfidentialityConstraintHandler.java From quarkus-http with Apache License 2.0 | 5 votes |
|
@Override
protected boolean confidentialityRequired(HttpServerExchange exchange) {
TransportGuaranteeType transportGuarantee = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY).getTransportGuarenteeType();
// TODO - We may be able to add more flexibility here especially with authentication mechanisms such as Digest for
// INTEGRAL - for now just use SSL.
return (TransportGuaranteeType.CONFIDENTIAL == transportGuarantee || TransportGuaranteeType.INTEGRAL == transportGuarantee);
}
Example #13
| Source File: SecurityPathMatches.java From lams with GNU General Public License v2.0 | 4 votes |
|
private SecurityInformation(final Set<String> roles, final TransportGuaranteeType transportGuaranteeType, final SecurityInfo.EmptyRoleSemantic emptyRoleSemantic) {
this.emptyRoleSemantic = emptyRoleSemantic;
this.roles = new HashSet<>(roles);
this.transportGuaranteeType = transportGuaranteeType;
}
Example #14
| Source File: SecurityPathMatches.java From lams with GNU General Public License v2.0 | 4 votes |
|
private void transport(RuntimeMatch match, TransportGuaranteeType other) {
if (other.ordinal() > match.type.ordinal()) {
match.type = other;
}
}
Example #15
| Source File: ServletRequestContext.java From lams with GNU General Public License v2.0 | 4 votes |
|
public TransportGuaranteeType getTransportGuarenteeType() {
return transportGuarenteeType;
}
Example #16
| Source File: SecurityPathMatch.java From lams with GNU General Public License v2.0 | 4 votes |
|
TransportGuaranteeType getTransportGuaranteeType() {
return transportGuaranteeType;
}
Example #17
| Source File: SecurityPathMatch.java From lams with GNU General Public License v2.0 | 4 votes |
|
SecurityPathMatch(final TransportGuaranteeType transportGuaranteeType, final SingleConstraintMatch mergedConstraint) {
this.transportGuaranteeType = transportGuaranteeType;
this.mergedConstraint = mergedConstraint;
}
Example #18
| Source File: ServletRequestContext.java From lams with GNU General Public License v2.0 | 4 votes |
|
public void setTransportGuarenteeType(TransportGuaranteeType transportGuarenteeType) {
this.transportGuarenteeType = transportGuarenteeType;
}
Example #19
| Source File: DefaultAuthorizationManager.java From lams with GNU General Public License v2.0 | 4 votes |
|
@Override
public TransportGuaranteeType transportGuarantee(TransportGuaranteeType currentConnectionGuarantee, TransportGuaranteeType configuredRequiredGuarentee, HttpServletRequest request) {
return configuredRequiredGuarentee;
}
Example #20
| Source File: DeploymentManagerFactory.java From seed with Mozilla Public License 2.0 | 4 votes |
|
@SuppressFBWarnings(value = "BC_UNCONFIRMED_CAST_OF_RETURN_VALUE", justification = "False positive")
private DeploymentInfo configureDeploymentInfo() {
// Basic deployment attributes
DeploymentInfo deploymentInfo = Servlets.deployment()
.setEagerFilterInit(true)
.setClassLoader(mostCompleteClassLoader)
.setDeploymentName(applicationConfig.getId())
.setDisplayName(applicationConfig.getName())
.setDefaultSessionTimeout(serverConfig.getDefaultSessionTimeout())
.setResourceManager(new ClassPathResourceManager(mostCompleteClassLoader, META_INF_RESOURCES))
.addWelcomePages(serverConfig.getWelcomeFiles())
.addErrorPages(buildUndertowErrorPages(serverConfig.getErrorPages()))
.setContextPath(serverConfig.getContextPath());
// Configure WebSockets if enabled
if (serverConfig.webSocket().isEnabled()) {
LOGGER.info("WebSocket support is enabled");
deploymentInfo.addServletContextAttribute(
WebSocketDeploymentInfo.ATTRIBUTE_NAME,
new WebSocketDeploymentInfo()
.setBuffers(new DefaultByteBufferPool(
undertowConfig.isDirectBuffers(),
undertowConfig.getBufferSize()))
.setWorker(xnioWorker)
);
}
// Redirect to HTTPS if configured
if (serverConfig.isHttp() && serverConfig.isHttps() && serverConfig.isPreferHttps()) {
LOGGER.info("Automatic redirection to HTTPS is enabled");
deploymentInfo
.addSecurityConstraint(new SecurityConstraint()
.addWebResourceCollection(new WebResourceCollection().addUrlPattern("/*"))
.setTransportGuaranteeType(TransportGuaranteeType.CONFIDENTIAL)
.setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.PERMIT))
.setConfidentialPortManager(ex -> serverConfig.getSecurePort());
}
// Add custom init parameters
for (Map.Entry<String, String> initParameter : initParameters.entrySet()) {
LOGGER.debug("Servlet init parameter {} = {}", initParameter.getKey(), initParameter.getValue());
deploymentInfo.addInitParameter(initParameter.getKey(), initParameter.getValue());
}
// Register ServletContainerInitializers
for (ServletContainerInitializer sci : loadServletContainerInitializers()) {
LOGGER.debug("Registering ServletContainerInitializer {}", sci.getClass().getName());
deploymentInfo.addServletContainerInitializer(createServletContainerInitializerInfo(sci));
}
return deploymentInfo;
}
Example #21
| Source File: ServletSecurityInfoProxy.java From quarkus with Apache License 2.0 | 4 votes |
|
public ServletSecurityInfoProxy setTransportGuaranteeType(TransportGuaranteeType transportGuaranteeType) {
this.transportGuaranteeType = transportGuaranteeType;
return this;
}
Example #22
| Source File: ServletSecurityInfoProxy.java From quarkus with Apache License 2.0 | 4 votes |
|
public TransportGuaranteeType getTransportGuaranteeType() {
return transportGuaranteeType;
}
Example #23
| Source File: DefaultAuthorizationManager.java From quarkus-http with Apache License 2.0 | 4 votes |
|
@Override
public TransportGuaranteeType transportGuarantee(TransportGuaranteeType currentConnectionGuarantee, TransportGuaranteeType configuredRequiredGuarentee, HttpServletRequest request) {
return configuredRequiredGuarentee;
}
Example #24
| Source File: ServletRequestContext.java From quarkus-http with Apache License 2.0 | 4 votes |
|
public void setTransportGuarenteeType(TransportGuaranteeType transportGuarenteeType) {
this.transportGuarenteeType = transportGuarenteeType;
}
Example #25
| Source File: ServletRequestContext.java From quarkus-http with Apache License 2.0 | 4 votes |
|
public TransportGuaranteeType getTransportGuarenteeType() {
return transportGuarenteeType;
}
Example #26
| Source File: SecurityPathMatches.java From quarkus-http with Apache License 2.0 | 4 votes |
|
private SecurityInformation(final Set<String> roles, final TransportGuaranteeType transportGuaranteeType, final SecurityInfo.EmptyRoleSemantic emptyRoleSemantic) {
this.emptyRoleSemantic = emptyRoleSemantic;
this.roles = new HashSet<>(roles);
this.transportGuaranteeType = transportGuaranteeType;
}
Example #27
| Source File: SecurityPathMatches.java From quarkus-http with Apache License 2.0 | 4 votes |
|
private void transport(RuntimeMatch match, TransportGuaranteeType other) {
if (other.ordinal() > match.type.ordinal()) {
match.type = other;
}
}
Example #28
| Source File: SecurityPathMatch.java From quarkus-http with Apache License 2.0 | 4 votes |
|
public TransportGuaranteeType getTransportGuaranteeType() {
return transportGuaranteeType;
}
Example #29
| Source File: SecurityPathMatch.java From quarkus-http with Apache License 2.0 | 4 votes |
|
SecurityPathMatch(final TransportGuaranteeType transportGuaranteeType, final SingleConstraintMatch mergedConstraint) {
this.transportGuaranteeType = transportGuaranteeType;
this.mergedConstraint = mergedConstraint;
}
