Refine search
private AccessLogDefinition() { super(new Parameters(UndertowExtension.PATH_ACCESS_LOG, UndertowExtension.getResolver(Constants.ACCESS_LOG)) .setAddHandler(AccessLogAdd.INSTANCE) .setRemoveHandler(AccessLogRemove.INSTANCE) .setCapabilities(ACCESS_LOG_CAPABILITY) ); SensitivityClassification sc = new SensitivityClassification(UndertowExtension.SUBSYSTEM_NAME, "web-access-log", false, false, false); this.accessConstraints = new SensitiveTargetAccessConstraintDefinition(sc).wrapAsList(); }
private ApplicationSecurityDomainDefinition() { this((Parameters) new Parameters(UndertowExtension.PATH_APPLICATION_SECURITY_DOMAIN, UndertowExtension.getResolver(Constants.APPLICATION_SECURITY_DOMAIN)) .setCapabilities(APPLICATION_SECURITY_DOMAIN_RUNTIME_CAPABILITY) .addAccessConstraints(new SensitiveTargetAccessConstraintDefinition(new SensitivityClassification(UndertowExtension.SUBSYSTEM_NAME, Constants.APPLICATION_SECURITY_DOMAIN, false, false, false)), new ApplicationTypeAccessConstraintDefinition(new ApplicationTypeConfig(UndertowExtension.SUBSYSTEM_NAME, Constants.APPLICATION_SECURITY_DOMAIN))) , new AddHandler()); }
public SensitiveTargetAccessConstraintDefinition(SensitivityClassification sensitivity) { // Register this sensitivity, and if a compatible one is already registered, use that instead final SensitivityClassification toUse = SensitiveTargetConstraint.FACTORY.addSensitivity(sensitivity); this.sensitivity = toUse; this.key = new AccessConstraintKey(ModelDescriptionConstants.SENSITIVITY_CLASSIFICATION, toUse.isCore(), toUse.getSubsystem(), toUse.getName()); }
private boolean isSensitiveAction(Action action, Action.ActionEffect effect) { for (AccessConstraintDefinition constraintDefinition : action.getAccessConstraints()) { if (constraintDefinition instanceof SensitiveTargetAccessConstraintDefinition) { SensitiveTargetAccessConstraintDefinition stcd = (SensitiveTargetAccessConstraintDefinition) constraintDefinition; SensitivityClassification sensitivity = stcd.getSensitivity(); if (sensitivity.isSensitive(effect)) { return true; } } } return false; }
@Override public String getSubsystemName() { return sensitivity.isCore() ? null : sensitivity.getSubsystem(); }
@Override public String getName() { return sensitivity.getName(); }
public final void addSensitivity(SensitivityClassification sensitivity) { SensitivityClassification.Key key = sensitivity.getKey(); SensitivityClassification existing = sensitivities.get(key); if (existing == null) { sensitivities.put(key, sensitivity); } else { // Check for programming error -- SensitivityClassification with same key created with // differing default settings assert existing.isCompatibleWith(sensitivity) : "incompatible " + sensitivity.getClass().getSimpleName(); } }
@Override public boolean isCore() { return sensitivity.isCore(); }
@Override public boolean equals(Object obj) { return obj instanceof SensitiveTargetAccessConstraintDefinition && sensitivity.equals(((SensitiveTargetAccessConstraintDefinition)obj).sensitivity); }
@Override public int hashCode() { return sensitivity.hashCode(); }
private ApplicationSecurityDomainDefinition() { this(new Parameters(PathElement.pathElement(EJB3SubsystemModel.APPLICATION_SECURITY_DOMAIN), EJB3Extension.getResourceDescriptionResolver(EJB3SubsystemModel.APPLICATION_SECURITY_DOMAIN)) .setCapabilities(APPLICATION_SECURITY_DOMAIN_RUNTIME_CAPABILITY) .addAccessConstraints(new SensitiveTargetAccessConstraintDefinition(new SensitivityClassification(EJB3Extension.SUBSYSTEM_NAME, EJB3SubsystemModel.APPLICATION_SECURITY_DOMAIN, false, false, false)), new ApplicationTypeAccessConstraintDefinition(new ApplicationTypeConfig(EJB3Extension.SUBSYSTEM_NAME, EJB3SubsystemModel.APPLICATION_SECURITY_DOMAIN))) , new AddHandler()); }
public SensitiveTargetAccessConstraintDefinition(SensitivityClassification sensitivity) { this.sensitivity = sensitivity; this.key = new AccessConstraintKey(ModelDescriptionConstants.SENSITIVITY_CLASSIFICATION, sensitivity.isCore(), sensitivity.getSubsystem(), sensitivity.getName()); SensitiveTargetConstraint.FACTORY.addSensitivity(sensitivity); }
private boolean isSensitiveResource(TargetResource target, Action.ActionEffect effect) { for (AccessConstraintDefinition constraintDefinition : target.getAccessConstraints()) { if (constraintDefinition instanceof SensitiveTargetAccessConstraintDefinition) { SensitiveTargetAccessConstraintDefinition stcd = (SensitiveTargetAccessConstraintDefinition) constraintDefinition; SensitivityClassification sensitivity = stcd.getSensitivity(); if (sensitivity.isSensitive(effect)) { return true; } } } return false; }
@Override public String getSubsystemName() { return sensitivity.isCore() ? null : sensitivity.getSubsystem(); }
@Override public String getName() { return sensitivity.getName(); }
/** * Stores a sensitivity classification for use in constraints. * * @param sensitivity the classification * @return either the provided classification, or if a compatible one with the same key is already present, that one * * @throws AssertionError if a classification with the same key is already register and it is not * {@linkplain SensitivityClassification#isCompatibleWith(AbstractSensitivity) compatible with} the * one to be added */ public final SensitivityClassification addSensitivity(SensitivityClassification sensitivity) { SensitivityClassification.Key key = sensitivity.getKey(); SensitivityClassification existing = sensitivities.get(key); SensitivityClassification result; if (existing == null) { sensitivities.put(key, sensitivity); result = sensitivity; } else { // Check for programming error -- SensitivityClassification with same key created with // differing default settings assert existing.isCompatibleWith(sensitivity) : "incompatible " + sensitivity.getClass().getSimpleName(); result = existing; } return result; }
@Override public boolean isCore() { return sensitivity.isCore(); }
@Override public boolean equals(Object obj) { return obj instanceof SensitiveTargetAccessConstraintDefinition && sensitivity.equals(((SensitiveTargetAccessConstraintDefinition)obj).sensitivity); }
@Override public int hashCode() { return sensitivity.hashCode(); }
private AccessLogDefinition() { super(new Parameters(UndertowExtension.PATH_ACCESS_LOG, UndertowExtension.getResolver(Constants.ACCESS_LOG)) .setAddHandler(AccessLogAdd.INSTANCE) .setRemoveHandler(AccessLogRemove.INSTANCE) .setCapabilities(ACCESS_LOG_CAPABILITY) ); SensitivityClassification sc = new SensitivityClassification(UndertowExtension.SUBSYSTEM_NAME, "web-access-log", false, false, false); this.accessConstraints = new SensitiveTargetAccessConstraintDefinition(sc).wrapAsList(); }