Package com.sun.enterprise.deployment.web

Examples of com.sun.enterprise.deployment.web.SecurityConstraint

188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
            Set<String> urlPatterns, String[] rolesAllowed,
            EmptyRoleSemantic emptyRoleSemantic,
            TransportGuarantee transportGuarantee,
            String httpMethod) {

        SecurityConstraint securityConstraint = new SecurityConstraintImpl();
        WebResourceCollectionImpl webResourceColl = new WebResourceCollectionImpl();
        securityConstraint.addWebResourceCollection(webResourceColl);
        for (String urlPattern : urlPatterns) {
            webResourceColl.addUrlPattern(urlPattern);
        }

        AuthorizationConstraintImpl ac = null;
        if (rolesAllowed != null && rolesAllowed.length > 0) {
            if (emptyRoleSemantic ==  EmptyRoleSemantic.DENY) {
                 throw new IllegalArgumentException(localStrings.getLocalString(
                        "enterprise.deployment.annotation.handlers.denyWithRolesAllowed",
                        "One cannot specify DENY with an non-empty array of rolesAllowed in @ServletSecurity / ServletSecurityElement"));
            }

            ac = new AuthorizationConstraintImpl();
            for (String roleName : rolesAllowed) {
                Role role = new Role(roleName);
                webBundleDesc.addRole(role);
                ac.addSecurityRole(roleName);
            }
        } else if (emptyRoleSemantic == EmptyRoleSemantic.PERMIT) {
            // ac is null
        } else { // DENY
            ac = new AuthorizationConstraintImpl();
        }
        securityConstraint.setAuthorizationConstraint(ac);

        UserDataConstraint udc = new UserDataConstraintImpl();
        udc.setTransportGuarantee(
                ((transportGuarantee == TransportGuarantee.CONFIDENTIAL) ?
                UserDataConstraint.CONFIDENTIAL_TRANSPORT :
                UserDataConstraint.NONE_TRANSPORT));
        securityConstraint.setUserDataConstraint(udc);

        if (httpMethod != null) {
            webResourceColl.addHttpMethod(httpMethod);
        }
View Full Code Here
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
                // guarantee is INTEGRAL or CONDIFIDENTIAL for any
                // security constraint with this url-pattern.
                Collection constraints =
                        bundle.getSecurityConstraintsForUrlPattern(uri);
                for(Iterator i = constraints.iterator(); i.hasNext();) {
                    SecurityConstraint next = (SecurityConstraint) i.next();

                    UserDataConstraint dataConstraint =
                            next.getUserDataConstraint();
                    String guarantee = (dataConstraint != null) ?
                            dataConstraint.getTransportGuarantee() : null;

                    if( (guarantee != null) &&
                            ( guarantee.equals
View Full Code Here
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
                                + methodString);
                    }
                }
            }
            if (!isDefault || (httpMethodConstraints.length == 0)) {
                SecurityConstraint securityConstraint =
                        createSecurityConstraint(webBundleDesc,
                        urlPatterns, httpConstraint.rolesAllowed(),
                        httpConstraint.value(),
                        httpConstraint.transportGuarantee(),
                        null);

                // we know there is one WebResourceCollection there
                WebResourceCollection webResColl =
                        securityConstraint.getWebResourceCollections().iterator().next();
                for (HttpMethodConstraint httpMethodConstraint : httpMethodConstraints) {
                    //exclude constrained httpMethod from the top level constraint
                    webResColl.addHttpMethodOmission(httpMethodConstraint.value());               
                }
            }
View Full Code Here
200
201
202
203
204
205
206
207
208
209
210
211
        WebBundleDescriptor webBundleDesc = webCompDesc.getWebBundleDescriptor();

        Enumeration<SecurityConstraint> eSecConstr = webBundleDesc.getSecurityConstraints();
        while (eSecConstr.hasMoreElements()) {
            SecurityConstraint sc = eSecConstr.nextElement();
            for (WebResourceCollection wrc : sc.getWebResourceCollections()) {
                urlPatternsWithoutSC.removeAll(wrc.getUrlPatterns());
            }
        }

        return urlPatternsWithoutSC;
View Full Code Here
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
            Set<String> urlPatterns, String[] rolesAllowed,
            EmptyRoleSemantic emptyRoleSemantic,
            TransportGuarantee transportGuarantee,
            String httpMethod) {

        SecurityConstraint securityConstraint = new SecurityConstraintImpl();
        WebResourceCollectionImpl webResourceColl = new WebResourceCollectionImpl();
        securityConstraint.addWebResourceCollection(webResourceColl);
        for (String urlPattern : urlPatterns) {
            webResourceColl.addUrlPattern(urlPattern);
        }

        AuthorizationConstraintImpl ac = null;
        if (rolesAllowed != null && rolesAllowed.length > 0) {
            if (emptyRoleSemantic ==  EmptyRoleSemantic.DENY) {
                 throw new IllegalArgumentException(localStrings.getLocalString(
                        "web.deployment.annotation.handlers.denyWithRolesAllowed",
                        "One cannot specify DENY with an non-empty array of rolesAllowed in @ServletSecurity / ServletSecurityElement"));
            }

            ac = new AuthorizationConstraintImpl();
            for (String roleName : rolesAllowed) {
                Role role = new Role(roleName);
                webBundleDesc.addRole(role);
                ac.addSecurityRole(roleName);
            }
        } else if (emptyRoleSemantic == EmptyRoleSemantic.PERMIT) {
            // ac is null
        } else { // DENY
            ac = new AuthorizationConstraintImpl();
        }
        securityConstraint.setAuthorizationConstraint(ac);

        UserDataConstraint udc = new UserDataConstraintImpl();
        udc.setTransportGuarantee(
                ((transportGuarantee == TransportGuarantee.CONFIDENTIAL) ?
                UserDataConstraint.CONFIDENTIAL_TRANSPORT :
                UserDataConstraint.NONE_TRANSPORT));
        securityConstraint.setUserDataConstraint(udc);

        if (httpMethod != null) {
            webResourceColl.addHttpMethod(httpMethod);
        }
View Full Code Here
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
                // guarantee is INTEGRAL or CONDIFIDENTIAL for any
                // security constraint with this url-pattern.
                Collection constraints =
                    bundle.getSecurityConstraintsForUrlPattern(uri);
                for(Iterator i = constraints.iterator(); i.hasNext();) {
                    SecurityConstraint next = (SecurityConstraint) i.next();
                       
                    UserDataConstraint dataConstraint =
                        next.getUserDataConstraint();
                    String guarantee = (dataConstraint != null) ?
                        dataConstraint.getTransportGuarantee() : null;

                    if( (guarantee != null) &&
                        ( guarantee.equals
View Full Code Here
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
            // security constraints
            logger.finest("  Security constraints:");
            Enumeration scEnum = wbd.getSecurityConstraints();
            while (scEnum.hasMoreElements()) {

                SecurityConstraint sc =
                    (SecurityConstraint)scEnum.nextElement();

                for (WebResourceCollection wrc: sc.getWebResourceCollections()) {
                    // show list of methods for this collection
                    StringBuffer sbm = new StringBuffer();
                    for (String httpMethod: wrc.getHttpMethods()) {
                        sbm.append(httpMethod);
                        sbm.append(" ");
                    }
                    logger.finest("     Using method: "+sbm.toString());

                    // and then list of url patterns
                    for (String urlPattern: wrc.getUrlPatterns()) {
                        logger.finest("       "+ urlPattern);
                    }
                } // end res.collection iterator

                // show roles which apply to above set of collections
                AuthorizationConstraint authCons =
                        sc.getAuthorizationConstraint();
                Enumeration rolesEnum = authCons.getSecurityRoles();
                StringBuffer rsb = new StringBuffer();
                rsb.append("     Accessible by roles: ");
                while (rolesEnum.hasMoreElements()) {
                    SecurityRole sr = (SecurityRole)rolesEnum.nextElement();
                    rsb.append(sr.getName());
                    rsb.append(" ");
                }
                logger.finest(rsb.toString());

                // show transport guarantee
                UserDataConstraint udc =sc.getUserDataConstraint();
                if (udc != null) {
                    logger.finest("     Transport guarantee: "+
                                  udc.getTransportGuarantee());
                }
               
View Full Code Here
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
                // guarantee is INTEGRAL or CONDIFIDENTIAL for any
                // security constraint with this url-pattern.
                Collection constraints =
                    bundle.getSecurityConstraintsForUrlPattern(uri);
                for(Iterator i = constraints.iterator(); i.hasNext();) {
                    SecurityConstraint next = (SecurityConstraint) i.next();
                       
                    UserDataConstraint dataConstraint =
                        next.getUserDataConstraint();
                    String guarantee = (dataConstraint != null) ?
                        dataConstraint.getTransportGuarantee() : null;

                    if( (guarantee != null) &&
                        ( guarantee.equals
View Full Code Here
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
                // guarantee is INTEGRAL or CONDIFIDENTIAL for any
                // security constraint with this url-pattern.
                Collection constraints =
                    bundle.getSecurityConstraintsForUrlPattern(uri);
                for(Iterator i = constraints.iterator(); i.hasNext();) {
                    SecurityConstraint next = (SecurityConstraint) i.next();
                       
                    UserDataConstraint dataConstraint =
                        next.getUserDataConstraint();
                    String guarantee = (dataConstraint != null) ?
                        dataConstraint.getTransportGuarantee() : null;

                    if( (guarantee != null) &&
                        ( guarantee.equals
View Full Code Here
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
        if (urlPatterns != null && urlPatterns.size() > 0) {
            WebBundleDescriptor webBundleDesc = webCompDesc.getWebBundleDescriptor();
            ServletSecurity servletSecurityAn = (ServletSecurity)ainfo.getAnnotation();
            HttpConstraint httpConstraint = servletSecurityAn.value();

            SecurityConstraint securityConstraint =
                    createSecurityConstraint(webBundleDesc,
                    urlPatterns, httpConstraint.rolesAllowed(),
                    httpConstraint.value(),
                    httpConstraint.transportGuarantee(),
                    null);

            // we know there is one WebResourceCollection there
            WebResourceCollection webResColl =
                    securityConstraint.getWebResourceCollections().iterator().next();
            HttpMethodConstraint[] httpMethodConstraints = servletSecurityAn.httpMethodConstraints();
            for (HttpMethodConstraint httpMethodConstraint : httpMethodConstraints) {
                String httpMethod = httpMethodConstraint.value();
                if (httpMethod == null || httpMethod.length() == 0) {
                    return getDefaultFailedResult();
View Full Code Here
TOP

Related Classes of com.sun.enterprise.deployment.web.SecurityConstraint

  • com.sun.enterprise.deployment.annotation.handlers.ServletSecurityHandler
  • com.sun.enterprise.deployment.WebBundleDescriptor
  • com.sun.enterprise.deployment.WebServiceEndpoint
  • com.sun.enterprise.security.ee.Audit
  • com.sun.enterprise.tools.verifier.tests.web.URLPattern
  • com.sun.enterprise.web.TomcatDeploymentConfig
  • com.sun.enterprise.webservice.WsUtil
  • org.glassfish.web.deployment.annotation.handlers.ServletSecurityHandler
  • org.glassfish.webservices.WsUtil
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.