mapping.setPathSpec(url); mapping.setConstraint(sc); ((ConstraintAware)context.getSecurityHandler()).addConstraintMapping(mapping); mapping.setPathSpec(url); mapping.setConstraint(sc); ((ConstraintAware)context.getSecurityHandler()).addConstraintMapping(mapping); mapping.setPathSpec(url); mapping.setConstraint(sc); ((ConstraintAware)context.getSecurityHandler()).addConstraintMapping(mapping);
public boolean declaredRolesContains(String roleName) { SecurityHandler security=SecurityHandler.getCurrentSecurityHandler(); if (security==null) return false; if (security instanceof ConstraintAware) { Set<String> declaredRoles = ((ConstraintAware)security).getRoles(); return (declaredRoles != null) && declaredRoles.contains(roleName); } return false; } }
((ConstraintAware)getSecurityHandler()).addConstraintMapping(m); ((ConstraintAware)getSecurityHandler()).checkPathsWithUncoveredHttpMethods(); getMetaData().setOriginAPI("constraint.url."+pathSpec); break; List<ConstraintMapping> constraintMappings = ConstraintSecurityHandler.removeConstraintMappingsForPath(pathSpec, ((ConstraintAware)getSecurityHandler()).getConstraintMappings()); ((ConstraintAware)getSecurityHandler()).checkPathsWithUncoveredHttpMethods(); break;
List<ConstraintMapping> constraintMappings = ((ConstraintAware)_context.getSecurityHandler()).getConstraintMappings(); securityHandler.addConstraintMapping(m);
for (String r:ca.getRoles()) out.openTag("security-role") .tag("role-name",r) .closeTag(); for (ConstraintMapping m : ca.getConstraintMappings())
public void visitSecurityRole(WebAppContext context, Descriptor descriptor, XmlParser.Node node) { if (context.getSecurityHandler() == null) { LOG.warn("security-role declared but SecurityHandler==null"); return; } //ServletSpec 3.0, p74 elements with multiplicity >1 are additive when merged XmlParser.Node roleNode = node.get("role-name"); String role = roleNode.toString(false, true); ((ConstraintAware)context.getSecurityHandler()).addRole(role); }
/** * Servlet spec 3.1. When present in web.xml, this means that http methods that are * not covered by security constraints should have access denied. * <p> * See section 13.8.4, pg 145 * * @param context the of the processing * @param descriptor the descriptor * @param node the xml node */ public void visitDenyUncoveredHttpMethods(WebAppContext context, Descriptor descriptor, XmlParser.Node node) { if (context.getSecurityHandler() == null) { LOG.warn("deny-uncovered-http-methods declared but SecurityHandler==null"); return; } ((ConstraintAware)context.getSecurityHandler()).setDenyUncoveredHttpMethods(true); } }
List<ConstraintMapping> constraintMappings = ((ConstraintAware)_context.getSecurityHandler()).getConstraintMappings(); securityHandler.addConstraintMapping(m);
/** * @param context * @param descriptor * @param node */ protected void visitSecurityRole(WebAppContext context, Descriptor descriptor, XmlParser.Node node) { //ServletSpec 3.0, p74 elements with multiplicity >1 are additive when merged XmlParser.Node roleNode = node.get("role-name"); String role = roleNode.toString(false, true); ((ConstraintAware)context.getSecurityHandler()).addRole(role); }
/** * Servlet spec 3.1. When present in web.xml, this means that http methods that are * not covered by security constraints should have access denied. * <p> * See section 13.8.4, pg 145 * * @param context the of the processing * @param descriptor the descriptor * @param node the xml node */ public void visitDenyUncoveredHttpMethods(WebAppContext context, Descriptor descriptor, XmlParser.Node node) { if (context.getSecurityHandler() == null) { LOG.warn("deny-uncovered-http-methods declared but SecurityHandler==null"); return; } ((ConstraintAware)context.getSecurityHandler()).setDenyUncoveredHttpMethods(true); }
List<ConstraintMapping> constraintMappings = ((ConstraintAware)_context.getSecurityHandler()).getConstraintMappings(); securityHandler.addConstraintMapping(m);
/** * Delegate for ServletRegistration.Dynamic.setServletSecurity method * @param registration ServletRegistration.Dynamic instance that setServletSecurity was called on * @param servletSecurityElement new security info * @return the set of exact URL mappings currently associated with the registration that are also present in the web.xml * security constraints and thus will be unaffected by this call. */ public Set<String> setServletSecurity(ServletRegistration.Dynamic registration, ServletSecurityElement servletSecurityElement) { //Default implementation is to just accept them all. If using a webapp, then this behaviour is overridden in WebAppContext.setServletSecurity Collection<String> pathSpecs = registration.getMappings(); if (pathSpecs != null) { for (String pathSpec:pathSpecs) { List<ConstraintMapping> mappings = ConstraintSecurityHandler.createConstraintsWithMappingsForPath(registration.getName(), pathSpec, servletSecurityElement); for (ConstraintMapping m:mappings) ((ConstraintAware)getSecurityHandler()).addConstraintMapping(m); } } return Collections.emptySet(); }
List<ConstraintMapping> constraintMappings = ((ConstraintAware)_context.getSecurityHandler()).getConstraintMappings(); securityHandler.addConstraintMapping(m); securityHandler.checkPathsWithUncoveredHttpMethods();
public boolean declaredRolesContains(String roleName) { SecurityHandler security=SecurityHandler.getCurrentSecurityHandler(); if (security==null) return false; if (security instanceof ConstraintAware) { Set<String> declaredRoles = ((ConstraintAware)security).getRoles(); return (declaredRoles != null) && declaredRoles.contains(roleName); } return false; } }
/** * @param context * @param descriptor * @param node */ protected void visitSecurityRole(WebAppContext context, Descriptor descriptor, XmlParser.Node node) { //ServletSpec 3.0, p74 elements with multiplicity >1 are additive when merged XmlParser.Node roleNode = node.get("role-name"); String role = roleNode.toString(false, true); ((ConstraintAware)context.getSecurityHandler()).addRole(role); }
((ConstraintAware)getSecurityHandler()).addConstraintMapping(m); getMetaData().setOrigin("constraint.url."+pathSpec, Origin.API); break; List<ConstraintMapping> constraintMappings = ConstraintSecurityHandler.removeConstraintMappingsForPath(pathSpec, ((ConstraintAware)getSecurityHandler()).getConstraintMappings());
/** * Delegate for ServletRegistration.Dynamic.setServletSecurity method * @param registration ServletRegistration.Dynamic instance that setServletSecurity was called on * @param servletSecurityElement new security info * @return the set of exact URL mappings currently associated with the registration that are also present in the web.xml * security constraints and thus will be unaffected by this call. */ public Set<String> setServletSecurity(ServletRegistration.Dynamic registration, ServletSecurityElement servletSecurityElement) { //Default implementation is to just accept them all. If using a webapp, then this behaviour is overridden in WebAppContext.setServletSecurity Collection<String> pathSpecs = registration.getMappings(); if (pathSpecs != null) { for (String pathSpec:pathSpecs) { List<ConstraintMapping> mappings = ConstraintSecurityHandler.createConstraintsWithMappingsForPath(registration.getName(), pathSpec, servletSecurityElement); for (ConstraintMapping m:mappings) ((ConstraintAware)getSecurityHandler()).addConstraintMapping(m); } } return Collections.emptySet(); }
((ConstraintAware)getSecurityHandler()).addConstraintMapping(m); ((ConstraintAware)getSecurityHandler()).checkPathsWithUncoveredHttpMethods(); getMetaData().setOriginAPI("constraint.url."+pathSpec); break; List<ConstraintMapping> constraintMappings = ConstraintSecurityHandler.removeConstraintMappingsForPath(pathSpec, ((ConstraintAware)getSecurityHandler()).getConstraintMappings()); ((ConstraintAware)getSecurityHandler()).checkPathsWithUncoveredHttpMethods(); break;
public boolean declaredRolesContains(String roleName) { SecurityHandler security=SecurityHandler.getCurrentSecurityHandler(); if (security==null) return false; if (security instanceof ConstraintAware) { Set<String> declaredRoles = ((ConstraintAware)security).getRoles(); return (declaredRoles != null) && declaredRoles.contains(roleName); } return false; } }
/** * @param context * @param descriptor * @param node */ protected void visitSecurityRole(WebAppContext context, Descriptor descriptor, XmlParser.Node node) { //ServletSpec 3.0, p74 elements with multiplicity >1 are additive when merged XmlParser.Node roleNode = node.get("role-name"); String role = roleNode.toString(false, true); ((ConstraintAware)context.getSecurityHandler()).addRole(role); }