if (mergedMetaData.getSecurityConstraints() != null) { for (SecurityConstraintMetaData constraint : mergedMetaData.getSecurityConstraints()) { SecurityConstraint securityConstraint = new SecurityConstraint() .setTransportGuaranteeType(transportGuaranteeType(constraint.getTransportGuarantee())); securityConstraint.setEmptyRoleSemantic(PERMIT); } else if (roleNames.size() == 1 && roleNames.contains("*") && securityRoleNames.contains("*")) { securityConstraint.setEmptyRoleSemantic(AUTHENTICATE); } else { securityConstraint.addRolesAllowed(roleNames); securityConstraint.addWebResourceCollection(new WebResourceCollection() .addHttpMethods(resourceCollection.getHttpMethods()) .addHttpMethodOmissions(resourceCollection.getHttpMethodOmissions())
public void removeCollection(SipSecurityCollection sipSecurityCollection) { super.getWebResourceCollections().remove(sipSecurityCollection); }
final String relativeUriPath = isRelativeUri ? uriPath.substring(mainContextPath.length()) : null; for (SecurityConstraint mainSecurityConstraint : mainDeploymentInfo.getSecurityConstraints()) { final SecurityConstraint endpointSecurityConstraint = new SecurityConstraint(); for (WebResourceCollection mainResourceCollection : mainSecurityConstraint.getWebResourceCollections()) { final WebResourceCollection endpointResourceCollection = new WebResourceCollection(); for (String mainUrlPattern : mainResourceCollection.getUrlPatterns()) { endpointResourceCollection.addHttpMethods(mainResourceCollection.getHttpMethods()); endpointResourceCollection.addHttpMethodOmissions(mainResourceCollection.getHttpMethodOmissions()); endpointSecurityConstraint.addWebResourceCollection(endpointResourceCollection); if (!endpointSecurityConstraint.getWebResourceCollections().isEmpty()) { endpointSecurityConstraint.addRolesAllowed(mainSecurityConstraint.getRolesAllowed()); endpointSecurityConstraint.setEmptyRoleSemantic(mainSecurityConstraint.getEmptyRoleSemantic()); endpointSecurityConstraint.setTransportGuaranteeType( transportGuaranteeType(uri, mainSecurityConstraint.getTransportGuaranteeType())); result.add(endpointSecurityConstraint); webResourceCollection.addUrlPattern("/*"); final SecurityConstraint endpointSecurityConstraint = new SecurityConstraint(); endpointSecurityConstraint.addWebResourceCollection(webResourceCollection); endpointSecurityConstraint.setTransportGuaranteeType(TransportGuaranteeType.CONFIDENTIAL); endpointSecurityConstraint.setEmptyRoleSemantic(EmptyRoleSemantic.PERMIT); result.add(endpointSecurityConstraint);
private UndertowDeploymentInfoCustomizer enableAuthUDICustomizer() { return (DeploymentInfo di) -> { if(StringUtils.isEmpty(encodedPass)) { return; } SecurityConstraint sc = new SecurityConstraint(); sc.setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.AUTHENTICATE); // empty web resource interpret as default sc.addWebResourceCollection(new WebResourceCollection()); di.addSecurityConstraints(sc); di.setSecurityDisabled(false); di.setAuthenticationMode(AuthenticationMode.PRO_ACTIVE); di.setLoginConfig(new LoginConfig(HttpServletRequest.BASIC_AUTH, "Haven Agent")); di.setIdentityManager(new IdentityManagerImpl(encodedPass)); }; }
final SecurityConstraint ui = new SecurityConstraint(); ui.setEmptyRoleSemantic( EmptyRoleSemantic.PERMIT ); final WebResourceCollection uiCollection = new WebResourceCollection(); uiCollection.addUrlPatterns( UIServlet.PATHS ); uiCollection.addHttpMethods( UIServlet.METHODS ); ui.addWebResourceCollection( uiCollection ); di.addSecurityConstraint( ui ); final SecurityConstraint sc = new SecurityConstraint(); sc.setEmptyRoleSemantic( EmptyRoleSemantic.PERMIT ); final WebResourceCollection collection = new WebResourceCollection(); collection.addUrlPattern( constraint.getUrlPattern() ); sc.addWebResourceCollection( collection ); sc.addRoleAllowed( constraint.getRole() );
private void configureDeploymentSecurity(DeploymentInfo deploymentInfo) { deploymentInfo.setIdentityManager(identityManager); deploymentInfo.setLoginConfig(new LoginConfig(HttpServletRequest.BASIC_AUTH, "lightblueRealm")); deploymentInfo.addSecurityConstraint(new SecurityConstraint() .addWebResourceCollection(new WebResourceCollection().addUrlPattern("/*")) .addRoleAllowed(SECURITY_ROLE_AUTHENTICATED)); deploymentInfo.addSecurityRole(SECURITY_ROLE_AUTHENTICATED); }
public Builder registerSecurePaths(final Collection<String> securePaths) { context.addSecurityConstraint(Servlets.securityConstraint() .setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.AUTHENTICATE) .addWebResourceCollection(Servlets.webResourceCollection().addUrlPatterns(securePaths))); return this; }
private List<io.undertow.servlet.api.SecurityConstraint> getSecurityConstraints() { List<io.undertow.servlet.api.SecurityConstraint> undertowSecurityConstraints = new ArrayList<io.undertow.servlet.api.SecurityConstraint>(); for (KeycloakSpringBootProperties.SecurityConstraint constraintDefinition : keycloakProperties.getSecurityConstraints()) { io.undertow.servlet.api.SecurityConstraint undertowSecurityConstraint = new io.undertow.servlet.api.SecurityConstraint(); undertowSecurityConstraint.addRolesAllowed(constraintDefinition.getAuthRoles()); for (KeycloakSpringBootProperties.SecurityCollection collectionDefinition : constraintDefinition.getSecurityCollections()) { WebResourceCollection webResourceCollection = new WebResourceCollection(); webResourceCollection.addHttpMethods(collectionDefinition.getMethods()); webResourceCollection.addHttpMethodOmissions(collectionDefinition.getOmittedMethods()); webResourceCollection.addUrlPatterns(collectionDefinition.getPatterns()); undertowSecurityConstraint.addWebResourceCollections(webResourceCollection); } undertowSecurityConstraints.add(undertowSecurityConstraint); } return undertowSecurityConstraints; } }
public void addCollection(SipSecurityCollection sipSecurityCollection) { super.addWebResourceCollection(sipSecurityCollection); }
public void addSecurityConstraint(final SecurityConstraint securityConstraint) { final Set<String> roles = expandRolesAllowed(securityConstraint.getRolesAllowed()); final SecurityInformation securityInformation = new SecurityInformation(roles, securityConstraint.getTransportGuaranteeType(), securityConstraint.getEmptyRoleSemantic()); for (final WebResourceCollection webResources : securityConstraint.getWebResourceCollections()) { if (webResources.getUrlPatterns().isEmpty()) {
@Override protected SecurityConstraint createInstance() { return new SecurityConstraint(); }
return false; for (String assignedRole : ((SecurityConstraint) constraint).getRolesAllowed()) { if (principal.isUserInRole(assignedRole)) { constraintSatisfied = true;
final String relativeUriPath = isRelativeUri ? uriPath.substring(mainContextPath.length()) : null; for (SecurityConstraint mainSecurityConstraint : mainDeploymentInfo.getSecurityConstraints()) { final SecurityConstraint endpointSecurityConstraint = new SecurityConstraint(); for (WebResourceCollection mainResourceCollection : mainSecurityConstraint.getWebResourceCollections()) { final WebResourceCollection endpointResourceCollection = new WebResourceCollection(); for (String mainUrlPattern : mainResourceCollection.getUrlPatterns()) { endpointResourceCollection.addHttpMethods(mainResourceCollection.getHttpMethods()); endpointResourceCollection.addHttpMethodOmissions(mainResourceCollection.getHttpMethodOmissions()); endpointSecurityConstraint.addWebResourceCollection(endpointResourceCollection); if (!endpointSecurityConstraint.getWebResourceCollections().isEmpty()) { endpointSecurityConstraint.addRolesAllowed(mainSecurityConstraint.getRolesAllowed()); endpointSecurityConstraint.setEmptyRoleSemantic(mainSecurityConstraint.getEmptyRoleSemantic()); endpointSecurityConstraint.setTransportGuaranteeType( transportGuaranteeType(uri, mainSecurityConstraint.getTransportGuaranteeType())); result.add(endpointSecurityConstraint); webResourceCollection.addUrlPattern("/*"); final SecurityConstraint endpointSecurityConstraint = new SecurityConstraint(); endpointSecurityConstraint.addWebResourceCollection(webResourceCollection); endpointSecurityConstraint.setTransportGuaranteeType(TransportGuaranteeType.CONFIDENTIAL); endpointSecurityConstraint.setEmptyRoleSemantic(EmptyRoleSemantic.PERMIT); result.add(endpointSecurityConstraint);
public void addCollection(SipSecurityCollection sipSecurityCollection) { super.addWebResourceCollection(sipSecurityCollection); }
public static SecurityConstraint securityConstraint() { return new SecurityConstraint(); }
return false; for (String assignedRole : ((SecurityConstraint) constraint).getRolesAllowed()) { if (principal.isUserInRole(assignedRole)) { constraintSatisfied = true;
private DeploymentInfo deploymentInfo() throws InterruptedException { final ResteasyDeployment resteasyDeployment = new ResteasyDeployment(); Utils.waitForCDIProvider(context); resteasyDeployment.setResourceFactories(resourceFactories()); final DeploymentInfo deploymentInfo = this.server.undertowDeployment(resteasyDeployment, String.valueOf(this.context.getProperties().get(HTTP_SERVER_REST_SERVLET_MAPPING_PREFIX))) .setContextPath(String.valueOf(this.context.getProperties().get(HTTP_SERVER_REST_CONTEXT_PATH))) .setClassLoader(this.getClass().getClassLoader()) .setDeploymentName("Silverware rest deployment"); if (this.sslEnabled) { deploymentInfo .addSecurityConstraint(new SecurityConstraint().addWebResourceCollection(new WebResourceCollection() .addUrlPattern("/*")) .setTransportGuaranteeType(TransportGuaranteeType.CONFIDENTIAL) .setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.PERMIT)) .setConfidentialPortManager(exchange -> sslPort()); } return deploymentInfo; }
@Override public SecurityConstraint clone() { SecurityConstraint info = super.clone(); for (WebResourceCollection wr : webResourceCollections) { info.addWebResourceCollection(wr.clone()); } return info; }
public void removeCollection(SipSecurityCollection sipSecurityCollection) { super.getWebResourceCollections().remove(sipSecurityCollection); }
for (SecurityConstraint constraint : deployment.getDeploymentInfo().getSecurityConstraints()) { builder.addSecurityConstraint(constraint); for (WebResourceCollection webResources : constraint.getWebResourceCollections()) { urlPatterns.addAll(webResources.getUrlPatterns()); SecurityConstraint newConstraint = new SecurityConstraint() .addRolesAllowed(method.getRolesAllowed()) .setTransportGuaranteeType(method.getTransportGuaranteeType()) .addWebResourceCollection(new WebResourceCollection().addUrlPatterns(mappings) .addHttpMethod(method.getMethod())); builder.addSecurityConstraint(newConstraint); || securityInfo.getEmptyRoleSemantic() != EmptyRoleSemantic.PERMIT || methods.isEmpty()) { SecurityConstraint newConstraint = new SecurityConstraint() .setEmptyRoleSemantic(securityInfo.getEmptyRoleSemantic()) .addRolesAllowed(securityInfo.getRolesAllowed()) .setTransportGuaranteeType(securityInfo.getTransportGuaranteeType()) .addWebResourceCollection(new WebResourceCollection().addUrlPatterns(mappings) .addHttpMethodOmissions(methods)); builder.addSecurityConstraint(newConstraint);