Package javax.security.jacc

Examples of javax.security.jacc.WebResourcePermission

108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
        WebAppInfoBuilder webAppInfoBuilder = new WebAppInfoBuilder(webApp, new DefaultWebAppInfoFactory());
        webAppInfoBuilder.build();
        SpecSecurityBuilder builder = new SpecSecurityBuilder(webAppInfoBuilder.getWebAppInfo());
        ComponentPermissions permissions = builder.buildSpecSecurityConfig();
        // test excluding longer path than allowed
        Permission p = new WebResourcePermission("/Foo/Baz", "GET");
        assertTrue(implies(p, permissions, "Admin"));
        assertFalse(implies(p, permissions, "Peon"));
        p = new WebResourcePermission("/Foo/Bar/Foo", "POST");
        assertTrue(implies(p, permissions, "Admin"));
        assertFalse(implies(p, permissions, "Peon"));
        p = new WebResourcePermission("/Foo/Bar/Foo", "GET");
        assertFalse(implies(p, permissions, "Admin"));
        assertFalse(implies(p, permissions, "Peon"));
        // test excluding longer path allows unchecked access to other http methods
        p = new WebResourcePermission("/Bar/Baz", "GET");
        assertTrue(implies(p, permissions, "Admin"));
        assertFalse(implies(p, permissions, "Peon"));
        p = new WebResourcePermission("/Bar/Bar/Bar", "POST");
        assertTrue(implies(p, permissions, "Admin"));
        //This one is false unless excluded constraint allows other https methods unchecked access
//        assertFalse(implies(p, permissions, "Peon"));
        assertTrue(implies(p, permissions, "Peon"));
        p = new WebResourcePermission("/Bar/Bar/Bar", "GET");
        assertFalse(implies(p, permissions, "Admin"));
        assertFalse(implies(p, permissions, "Peon"));
    }
View Full Code Here
139
140
141
142
143
144
145
146
147
148
149
150
151
152
        WebAppInfoBuilder webAppInfoBuilder = new WebAppInfoBuilder(webApp, new DefaultWebAppInfoFactory());
        webAppInfoBuilder.build();
        SpecSecurityBuilder builder = new SpecSecurityBuilder(webAppInfoBuilder.getWebAppInfo());
        ComponentPermissions permissions = builder.buildSpecSecurityConfig();
        // test excluding longer path than allowed
        Permission p = new WebResourcePermission("/foo/Baz", "GET");
        assertFalse(implies(p, permissions, "user"));
        assertFalse(implies(p, permissions, null));
        p = new WebResourcePermission("/bar", "GET");
        assertTrue(implies(p, permissions, "user"));
        assertTrue(implies(p, permissions, null));
        p = new WebUserDataPermission("/bar", "GET");
        assertTrue(implies(p, permissions, "user"));
        assertTrue(implies(p, permissions, null));
View Full Code Here
156
157
158
159
160
161
162
163
164
165
        WebApp webApp = parse("security/web6.xml");
        WebAppInfoBuilder webAppInfoBuilder = new WebAppInfoBuilder(webApp, new DefaultWebAppInfoFactory());
        webAppInfoBuilder.build();
        SpecSecurityBuilder builder = new SpecSecurityBuilder(webAppInfoBuilder.getWebAppInfo());
        ComponentPermissions permissions = builder.buildSpecSecurityConfig();
        Permission p = new WebResourcePermission("/app/*", "GET");
        assertFalse(implies(p, permissions, null));
        p = new WebResourcePermission("/app/home", "POST");
        assertTrue(implies(p, permissions, null));
    }
View Full Code Here
168
169
170
171
172
173
174
175
176
177
178
179
        WebApp webApp = parse("security/web7.xml");
        WebAppInfoBuilder webAppInfoBuilder = new WebAppInfoBuilder(webApp, new DefaultWebAppInfoFactory());
        webAppInfoBuilder.build();
        SpecSecurityBuilder builder = new SpecSecurityBuilder(webAppInfoBuilder.getWebAppInfo());
        ComponentPermissions permissions = builder.buildSpecSecurityConfig();
        Permission p = new WebResourcePermission("/app/*", "GET");
        assertTrue(implies(p, permissions, "userGet"));
        assertFalse(implies(p, permissions, "userPost"));
        p = new WebResourcePermission("/app/home", "POST");
        assertTrue(implies(p, permissions, "userPost"));
        assertFalse(implies(p, permissions, "userGet"));
    }
View Full Code Here
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
    private ComponentPermissions buildComponentPermissions() throws PolicyContextException {
        for (URLPattern pattern : excludedPatterns.values()) {
            String name = pattern.getQualifiedPattern(allSet);
            String actions = pattern.getMethods();
            policyConfiguration.addToExcludedPolicy(new WebResourcePermission(name, actions));
            policyConfiguration.addToExcludedPolicy(new WebUserDataPermission(name, actions));
        }
        for (Map.Entry<String, Map<String, URLPattern>> entry : rolesPatterns.entrySet()) {
            Set<URLPattern> currentRolePatterns = new HashSet<URLPattern>(entry.getValue().values());
            for (URLPattern pattern : entry.getValue().values()) {
                String name = pattern.getQualifiedPattern(currentRolePatterns);
                String actions = pattern.getMethods();
                WebResourcePermission permission = new WebResourcePermission(name, actions);
                policyConfiguration.addToRole(entry.getKey(), permission);
                HTTPMethods methods = pattern.getHTTPMethods();
                int transportType = pattern.getTransport();
                addOrUpdatePattern(uncheckedUserPatterns, name, methods, transportType);
            }
        }
        for (URLPattern pattern : uncheckedPatterns.values()) {
            String name = pattern.getQualifiedPattern(allSet);
            HTTPMethods methods = pattern.getHTTPMethods();
            addOrUpdatePattern(uncheckedResourcePatterns, name, methods, URLPattern.NA);
            int transportType = pattern.getTransport();
            addOrUpdatePattern(uncheckedUserPatterns, name, methods, transportType);
        }
        /**
         * A <code>WebResourcePermission</code> and a <code>WebUserDataPermission</code> must be instantiated for
         * each <tt>url-pattern</tt> in the deployment descriptor and the default pattern "/", that is not combined
         * by the <tt>web-resource-collection</tt> elements of the deployment descriptor with ever HTTP method
         * value.  The permission objects must be contructed using the qualified pattern as their name and with
         * actions defined by the subset of the HTTP methods that do not occur in combination with the pattern.
         * The resulting permissions that must be added to the unchecked policy statements by calling the
         * <code>addToUncheckedPolcy</code> method on the <code>PolicyConfiguration</code> object.
         */
        for (URLPattern pattern : allSet) {
            String name = pattern.getQualifiedPattern(allSet);
            HTTPMethods methods = pattern.getComplementedHTTPMethods();
            if (methods.isNone()) {
                continue;
            }
            addOrUpdatePattern(uncheckedResourcePatterns, name, methods, URLPattern.NA);
            addOrUpdatePattern(uncheckedUserPatterns, name, methods, URLPattern.NA);
        }
        if (!allMap.containsKey("/")) {
            URLPattern pattern = new URLPattern("/", Collections.<String> emptySet(), false);
            String name = pattern.getQualifiedPattern(allSet);
            HTTPMethods methods = pattern.getComplementedHTTPMethods();
            addOrUpdatePattern(uncheckedResourcePatterns, name, methods, URLPattern.NA);
            addOrUpdatePattern(uncheckedUserPatterns, name, methods, URLPattern.NA);
        }
        //Create the uncheckedPermissions for WebResourcePermissions
        for (UncheckedItem item : uncheckedResourcePatterns.keySet()) {
            HTTPMethods methods = uncheckedResourcePatterns.get(item);
            String actions = URLPattern.getMethodsWithTransport(methods, item.getTransportType());
            policyConfiguration.addToUncheckedPolicy(new WebResourcePermission(item.getName(), actions));
        }
        //Create the uncheckedPermissions for WebUserDataPermissions
        for (UncheckedItem item : uncheckedUserPatterns.keySet()) {
            HTTPMethods methods = uncheckedUserPatterns.get(item);
            String actions = URLPattern.getMethodsWithTransport(methods, item.getTransportType());
View Full Code Here
166
167
168
169
170
171
172
173
174
175
176
177
178
179
                    //TODO allow jaspi authentication
                    boolean secured = wsSecurity.getAuthMethod() != null && AuthMethodType.NONE != (wsSecurity.getAuthMethod());// || wsSecurity.isSetAuthentication();
                    if (secured) {
                        boolean getSecured = properties.get("getSecured") == null? true: Boolean.valueOf((String) properties.get("getSecured"));
                        if (!getSecured) {
                            uncheckedPermissions.add(new WebResourcePermission("/*", "GET"));
                        }
                    } else {
                        uncheckedPermissions.add(new WebResourcePermission("/*", (String[]) null));
                    }
                    ComponentPermissions permissions = new ComponentPermissions(new Permissions(), uncheckedPermissions, rolePermissions);
                    earContext.addSecurityContext(policyContextID, permissions);

                }
View Full Code Here
167
168
169
170
171
172
173
174
175
176
177
178
179
180
                    //TODO allow jaspi authentication
                    boolean secured = wsSecurity.getAuthMethod() != null && AuthMethodType.NONE != (wsSecurity.getAuthMethod());// || wsSecurity.isSetAuthentication();
                    if (secured) {
                        boolean getSecured = properties.get("getSecured") == null? true: Boolean.valueOf((String) properties.get("getSecured"));
                        if (!getSecured) {
                            uncheckedPermissions.add(new WebResourcePermission("/*", "GET"));
                        }
                    } else {
                        uncheckedPermissions.add(new WebResourcePermission("/*", (String[]) null));
                    }
                    ComponentPermissions permissions = new ComponentPermissions(new Permissions(), uncheckedPermissions, rolePermissions);
                    earContext.addSecurityContext(policyContextID, permissions);
                }
            }
View Full Code Here
195
196
197
198
199
200
201
202
203
204
205

            /**
             * JACC v1.0 section 4.1.2
             */
            acc.checkPermission(new WebResourcePermission(request));

        } catch (AccessControlException ace) {
            response.sendError(Response.SC_FORBIDDEN);
            return false;
        }
View Full Code Here
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
        while (iter.hasNext()) {
            URLPattern pattern = (URLPattern) excludedPatterns.get(iter.next());
            String name = pattern.getQualifiedPattern(allSet);
            String actions = pattern.getMethods();

            excludedPermissions.add(new WebResourcePermission(name, actions));
            excludedPermissions.add(new WebUserDataPermission(name, actions));
        }

        iter = rolesPatterns.keySet().iterator();
        while (iter.hasNext()) {
            URLPattern pattern = (URLPattern) rolesPatterns.get(iter.next());
            String name = pattern.getQualifiedPattern(allSet);
            String actions = pattern.getMethods();
            WebResourcePermission permission = new WebResourcePermission(name, actions);

            for (Iterator names = pattern.getRoles().iterator(); names.hasNext();) {
                String roleName = (String) names.next();
                addPermissionToRole(roleName, permission, rolePermissions);
            }
        }

        iter = uncheckedPatterns.keySet().iterator();
        while (iter.hasNext()) {
            URLPattern pattern = (URLPattern) uncheckedPatterns.get(iter.next());
            String name = pattern.getQualifiedPattern(allSet);
            String actions = pattern.getMethods();

            addOrUpdatePattern(uncheckedResourcePatterns, name, actions);
        }

        iter = rolesPatterns.keySet().iterator();
        while (iter.hasNext()) {
            URLPattern pattern = (URLPattern) rolesPatterns.get(iter.next());
            String name = pattern.getQualifiedPattern(allSet);
            String actions = pattern.getMethodsWithTransport();

            addOrUpdatePattern(uncheckedUserPatterns, name, actions);
        }

        iter = uncheckedPatterns.keySet().iterator();
        while (iter.hasNext()) {
            URLPattern pattern = (URLPattern) uncheckedPatterns.get(iter.next());
            String name = pattern.getQualifiedPattern(allSet);
            String actions = pattern.getMethodsWithTransport();

            addOrUpdatePattern(uncheckedUserPatterns, name, actions);
        }

        /**
         * A <code>WebResourcePermission</code> and a <code>WebUserDataPermission</code> must be instantiated for
         * each <tt>url-pattern</tt> in the deployment descriptor and the default pattern "/", that is not combined
         * by the <tt>web-resource-collection</tt> elements of the deployment descriptor with ever HTTP method
         * value.  The permission objects must be contructed using the qualified pattern as their name and with
         * actions defined by the subset of the HTTP methods that do not occur in combination with the pattern.
         * The resulting permissions that must be added to the unchecked policy statements by calling the
         * <code>addToUncheckedPolcy</code> method on the <code>PolicyConfiguration</code> object.
         */
        iter = allSet.iterator();
        while (iter.hasNext()) {
            URLPattern pattern = (URLPattern) iter.next();
            String name = pattern.getQualifiedPattern(allSet);
            String actions = pattern.getComplementedMethods();

            if (actions.length() == 0) {
                continue;
            }

            addOrUpdatePattern(uncheckedResourcePatterns, name, actions);
            addOrUpdatePattern(uncheckedUserPatterns, name, actions);
        }

        URLPattern pattern = new URLPattern("/");
        if (!allSet.contains(pattern)) {
            String name = pattern.getQualifiedPattern(allSet);
            String actions = pattern.getComplementedMethods();

            addOrUpdatePattern(uncheckedResourcePatterns, name, actions);
            addOrUpdatePattern(uncheckedUserPatterns, name, actions);
        }

        //Create the uncheckedPermissions for WebResourcePermissions
        iter = uncheckedResourcePatterns.keySet().iterator();
        while (iter.hasNext()) {
            UncheckedItem item = (UncheckedItem) iter.next();
            String actions = (String) uncheckedResourcePatterns.get(item);

            uncheckedPermissions.add(new WebResourcePermission(item.getName(), actions));
        }
        //Create the uncheckedPermissions for WebUserDataPermissions
        iter = uncheckedUserPatterns.keySet().iterator();
        while (iter.hasNext()) {
            UncheckedItem item = (UncheckedItem) iter.next();
View Full Code Here
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
        buildPrincipalRoleMap(securityConfig, roleDesignates, principalRoleMap);

        PermissionCollection uncheckedPermissions = new Permissions();

        PermissionCollection excludedPermissions = new Permissions();
        excludedPermissions.add(new WebResourcePermission("/auth/login.html", ""));
        excludedPermissions.add(new WebUserDataPermission("/auth/login.html", ""));

        Map rolePermissions = new HashMap();
        PermissionCollection permissions = new Permissions();
        permissions.add(new WebUserDataPermission("/protected/*", ""));
        permissions.add(new WebResourcePermission("/protected/*", ""));
        rolePermissions.put("content-administrator", permissions);
        rolePermissions.put("auto-administrator", permissions);

        PermissionCollection checked = permissions;

View Full Code Here
TOP

Related Classes of javax.security.jacc.WebResourcePermission

  • com.sun.enterprise.security.web.integration.WebPermissionUtil
  • com.sun.web.security.WebPermissionUtil
  • org.apache.geronimo.axis.builder.AxisModuleBuilderExtension
  • org.apache.geronimo.jaxws.builder.JAXWSEJBModuleBuilderExtension
  • org.apache.geronimo.jaxws.ejb.builder.JAXWSEJBModuleBuilderExtension
  • org.apache.geronimo.jetty.deployment.JettyModuleBuilder
  • org.apache.geronimo.jetty.interceptor.SecurityContextBeforeAfter
  • org.apache.geronimo.jetty.JettyWebAppJACCContext
  • org.apache.geronimo.jetty.JettyXMLConfiguration
  • org.apache.geronimo.jetty.SecurityTest
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.