if (allMethodsRoleInfo != null && allMethodsRoleInfo.isForbidden()) return; if (roleInfo == null) roleInfo = new RoleInfo(); mappings.put(httpMethod,roleInfo); if (allMethodsRoleInfo != null) roleInfo.combine(allMethodsRoleInfo); if (roleInfo.isForbidden()) return; if (roleInfo.isForbidden())
ri.setForbidden(forbidden); ri.setUserDataConstraint(userDataConstraint); if (!ri.isForbidden()) ri.setChecked(checked); if (ri.isChecked()) ri.addRole(role); ri.setAnyRole(true); ri.setAnyAuth(true); ri.addRole(role);
public void combine(RoleInfo other) { if (other._forbidden) setForbidden(true); else if (!other._checked) // TODO is this the right way around??? setChecked(true); else if (other._isAnyRole) setAnyRole(true); else if (other._isAnyAuth) setAnyAuth(true); else if (!_isAnyRole) { for (String r : other._roles) _roles.add(r); } setUserDataConstraint(other._userDataConstraint); }
/** * @see org.eclipse.jetty.security.ConstraintAware#addRole(java.lang.String) */ @Override public void addRole(String role) { //add to list of declared roles boolean modified = _roles.add(role); if (isStarted() && modified) { // Add the new role to currently defined any role role infos for (Map<String,RoleInfo> map : _constraintMap.values()) { for (RoleInfo info : map.values()) { if (info.isAnyRole()) info.addRole(role); } } } }
@Override protected boolean checkWebResourcePermissions(String pathInContext, Request request, Response response, Object constraintInfo, UserIdentity userIdentity) throws IOException { if (constraintInfo == null) { return true; } RoleInfo roleInfo = (RoleInfo) constraintInfo; if (!roleInfo.isChecked()) { return true; } if (roleInfo.isAnyRole() && request.getAuthType() != null) return true; for (String role : roleInfo.getRoles()) { if (userIdentity.isUserInRole(role, null)) return true; } return false; }
roleInfo = new RoleInfo(); roleInfo.setForbidden(true); else roleInfo = new RoleInfo(); roleInfo.setUserDataConstraint(UserDataConstraint.None); roleInfo.combine(r);
else roleInfo = new RoleInfo(); roleInfo.setUserDataConstraint(UserDataConstraint.None); roleInfo.combine(r);
return true; if (roleInfo.isForbidden()) return false; UserDataConstraint dataConstraint = roleInfo.getUserDataConstraint(); if (dataConstraint == null || dataConstraint == UserDataConstraint.None) return true;
@Override protected boolean isAuthMandatory(Request baseRequest, Response base_response, Object constraintInfo) { return constraintInfo != null && ((RoleInfo)constraintInfo).isChecked(); }
/** Constraints that name method omissions are dealt with differently. * We create an entry in the mappings with key "<method>.omission". This entry * is only ever combined with other omissions for the same method to produce a * consolidated RoleInfo. Then, when we wish to find the relevant constraints for * a given Request (in prepareConstraintInfo()), we consult 3 types of entries in * the mappings: an entry that names the method of the Request specifically, an * entry that names constraints that apply to all methods, entries of the form * <method>.omission, where the method of the Request is not named in the omission. * @param mapping the constraint mapping * @param mappings the mappings of roles */ protected void processConstraintMappingWithMethodOmissions (ConstraintMapping mapping, Map<String, RoleInfo> mappings) { String[] omissions = mapping.getMethodOmissions(); StringBuilder sb = new StringBuilder(); for (int i=0; i<omissions.length; i++) { if (i > 0) sb.append("."); sb.append(omissions[i]); } sb.append(OMISSION_SUFFIX); RoleInfo ri = new RoleInfo(); mappings.put(sb.toString(), ri); configureRoleInfo(ri, mapping); }
public void combine(RoleInfo other) { if (other._forbidden) setForbidden(true); else if (!other._checked) // TODO is this the right way around??? setChecked(true); else if (other._isAnyRole) setAnyRole(true); else if (!_isAnyRole) { for (String r : other._roles) _roles.add(r); } setUserDataConstraint(other._userDataConstraint); }
/** * @see org.eclipse.jetty.security.SecurityHandler#checkWebResourcePermissions(java.lang.String, org.eclipse.jetty.server.Request, org.eclipse.jetty.server.Response, java.lang.Object, org.eclipse.jetty.server.UserIdentity) */ @Override protected boolean checkWebResourcePermissions(String pathInContext, Request request, Response response, Object constraintInfo, UserIdentity userIdentity) throws IOException { if (constraintInfo == null) { return true; } RoleInfo roleInfo = (RoleInfo)constraintInfo; if (!roleInfo.isChecked()) { return true; } if (roleInfo.isAnyRole() && request.getAuthType()!=null) return true; for (String role : roleInfo.getRoles()) { if (userIdentity.isUserInRole(role, null)) return true; } return false; }
roleInfo = new RoleInfo(); roleInfo.setForbidden(true); else roleInfo = new RoleInfo(); roleInfo.setUserDataConstraint(UserDataConstraint.None); roleInfo.combine(r);
else roleInfo = new RoleInfo(); roleInfo.setUserDataConstraint(UserDataConstraint.None); roleInfo.combine(r);
/** * @see org.eclipse.jetty.security.ConstraintAware#addRole(java.lang.String) */ public void addRole(String role) { boolean modified = roles.add(role); if (isStarted() && modified && strict) { // Add the new role to currently defined any role role infos for (Map<String, RoleInfo> map : constraintMap.values()) { for (RoleInfo info : map.values()) { if (info.isAnyRole()) info.addRole(role); } } } }
return true; if (roleInfo.isForbidden()) return false; UserDataConstraint dataConstraint = roleInfo.getUserDataConstraint(); if (dataConstraint == null || dataConstraint == UserDataConstraint.None) return true;
/** * @see org.eclipse.jetty.security.SecurityHandler#isAuthMandatory(org.eclipse.jetty.server.Request, org.eclipse.jetty.server.Response, java.lang.Object) */ protected boolean isAuthMandatory(Request baseRequest, Response base_response, Object constraintInfo) { if (constraintInfo == null) { return false; } return ((RoleInfo)constraintInfo).isChecked(); }
/** Constraints that name method omissions are dealt with differently. * We create an entry in the mappings with key "<method>.omission". This entry * is only ever combined with other omissions for the same method to produce a * consolidated RoleInfo. Then, when we wish to find the relevant constraints for * a given Request (in prepareConstraintInfo()), we consult 3 types of entries in * the mappings: an entry that names the method of the Request specifically, an * entry that names constraints that apply to all methods, entries of the form * <method>.omission, where the method of the Request is not named in the omission. * @param mapping * @param mappings */ protected void processConstraintMappingWithMethodOmissions (ConstraintMapping mapping, Map<String, RoleInfo> mappings) { String[] omissions = mapping.getMethodOmissions(); StringBuilder sb = new StringBuilder(); for (int i=0; i<omissions.length; i++) { if (i > 0) sb.append("."); sb.append(omissions[i]); } sb.append(OMISSION_SUFFIX); RoleInfo ri = new RoleInfo(); mappings.put(sb.toString(), ri); configureRoleInfo(ri, mapping); }
private void addConstraint(RoleInfo roleInfo, Constraint constraint) { if (roleInfo.isForbidden()) return; boolean forbidden = constraint.isForbidden(); roleInfo.setForbidden(forbidden); if (!forbidden) { UserDataConstraint userDataConstraint = UserDataConstraint.get(constraint.getDataConstraint()); roleInfo.setUserDataConstraint(userDataConstraint); boolean checked = constraint.getAuthenticate(); roleInfo.setChecked(checked); if (roleInfo.isChecked()) { if (constraint.isAnyRole()) { if (strict) { // * means "all defined roles" for (String role : roles) roleInfo.addRole(role); } else // * means any role roleInfo.setAnyRole(true); } else { String[] newRoles = constraint.getRoles(); for (String role : newRoles) { if (strict && !roles.contains(role)) throw new IllegalArgumentException("Attempt to use undeclared role: " + role + ", known roles: " + roles); roleInfo.addRole(role); } } } } }