/** * Generate constraints for the Flume HTTP Source * @return ConstraintSecurityHandler for use with Jetty servlet */ public static ConstraintSecurityHandler enforceConstraints() { Constraint c = new Constraint(); c.setAuthenticate(true); ConstraintMapping cmt = new ConstraintMapping(); cmt.setConstraint(c); cmt.setMethod("TRACE"); cmt.setPathSpec("/*"); ConstraintMapping cmo = new ConstraintMapping(); cmo.setConstraint(c); cmo.setMethod("OPTIONS"); cmo.setPathSpec("/*"); ConstraintSecurityHandler sh = new ConstraintSecurityHandler(); sh.setConstraintMappings(new ConstraintMapping[]{cmt, cmo}); return sh; } }
mapping.setMethod(method); mapping.setPathSpec(url); mapping.setConstraint(sc);
/** * Add constraints to a Jetty Context to disallow undesirable Http methods. * @param ctxHandler The context to modify * @param allowOptionsMethod if true then OPTIONS method will not be set in constraint mapping */ public static void constrainHttpMethods(ServletContextHandler ctxHandler, boolean allowOptionsMethod) { Constraint c = new Constraint(); c.setAuthenticate(true); ConstraintMapping cmt = new ConstraintMapping(); cmt.setConstraint(c); cmt.setMethod("TRACE"); cmt.setPathSpec("/*"); ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler(); if (!allowOptionsMethod) { ConstraintMapping cmo = new ConstraintMapping(); cmo.setConstraint(c); cmo.setMethod("OPTIONS"); cmo.setPathSpec("/*"); securityHandler.setConstraintMappings(new ConstraintMapping[] { cmt, cmo }); } else { securityHandler.setConstraintMappings(new ConstraintMapping[] { cmt }); } ctxHandler.setSecurityHandler(securityHandler); }
if (methodConstraintElement.getMethodName() != null) mapping.setMethod(methodConstraintElement.getMethodName());
... ConstraintMapping cm = new ConstraintMapping(); cm.setMethod("GET"); //new line cm.setConstraint(constraint); cm.setPathSpec("/*"); ...
public ConstraintMapping getConstraintMapping() { ConstraintMapping constraintMapping = new ConstraintMapping(); constraintMapping.setMethod(method); if (methodOmissions != null) { constraintMapping.setMethodOmissions(methodOmissions.toArray(new String[methodOmissions.size()])); } constraintMapping.setConstraint(constraintConfig.getConstraint()); constraintMapping.setPathSpec(pathSpec); return constraintMapping; } }
private void addServlet(final Servlet servlet, final String path, WebPermission... permissions) { servletContextHandler.addServlet(new ServletHolder(servlet), path); if (permissions != null && permissions.length > 0) { for (WebPermission p : permissions) { Constraint constraint = getConstraintForPermission(p); ConstraintMapping mapping = new ConstraintMapping(); mapping.setPathSpec(servletContextHandler.getContextPath() + path); mapping.setConstraint(constraint); if (p.hasMethod()) { mapping.setMethod(p.getMethod().name()); } constraintMappings.add(mapping); } } LOGGER.info("Servlet added on path {}", path); }
private void addServlet(final Servlet servlet, final String path, WebPermission... permissions) { servletContextHandler.addServlet(new ServletHolder(servlet), path); if (permissions != null && permissions.length > 0) { for (WebPermission p : permissions) { Constraint constraint = getConstraintForPermission(p); ConstraintMapping mapping = new ConstraintMapping(); mapping.setPathSpec(servletContextHandler.getContextPath() + path); mapping.setConstraint(constraint); if (p.hasMethod()) { mapping.setMethod(p.getMethod().name()); } constraintMappings.add(mapping); } } LOGGER.info("Servlet added on path {}", path); }
private void auth(ServletContextHandler ctx, Authenticator authType, String... methods) { AbstractLoginService users = new TestMappedLoginService(authRole); List<ConstraintMapping> mappings = new ArrayList<>(); if (methods == null || methods.length == 0) { mappings.add(createConstraintMapping()); } else { for (String method : methods) { ConstraintMapping cm = createConstraintMapping(); cm.setMethod(method.toUpperCase(Locale.ROOT)); mappings.add(cm); } } ConstraintSecurityHandler sec = new ConstraintSecurityHandler(); sec.setRealmName(realm); sec.setAuthenticator(authType); sec.setLoginService(users); sec.setConstraintMappings( mappings.toArray(new ConstraintMapping[0])); sec.setHandler(ctx); contexts.removeHandler(ctx); contexts.addHandler(sec); }
/** * Generate constraints for the Flume HTTP Source * @return ConstraintSecurityHandler for use with Jetty servlet */ public static ConstraintSecurityHandler enforceConstraints() { Constraint c = new Constraint(); c.setAuthenticate(true); ConstraintMapping cmt = new ConstraintMapping(); cmt.setConstraint(c); cmt.setMethod("TRACE"); cmt.setPathSpec("/*"); ConstraintMapping cmo = new ConstraintMapping(); cmo.setConstraint(c); cmo.setMethod("OPTIONS"); cmo.setPathSpec("/*"); ConstraintSecurityHandler sh = new ConstraintSecurityHandler(); sh.setConstraintMappings(new ConstraintMapping[]{cmt, cmo}); return sh; } }
protected void configureTraceMethod(ConstraintSecurityHandler securityHandler, boolean enableTrace) { Constraint constraint = new Constraint(); constraint.setName("trace-security"); //If enableTrace is true, then we want to set authenticate to false to allow it constraint.setAuthenticate(!enableTrace); ConstraintMapping mapping = new ConstraintMapping(); mapping.setConstraint(constraint); mapping.setMethod("TRACE"); mapping.setPathSpec("/"); securityHandler.addConstraintMapping(mapping); }
protected void configureTraceMethod(ConstraintSecurityHandler securityHandler, boolean enableTrace) { Constraint constraint = new Constraint(); constraint.setName("trace-security"); //If enableTrace is true, then we want to set authenticate to false to allow it constraint.setAuthenticate(!enableTrace); ConstraintMapping mapping = new ConstraintMapping(); mapping.setConstraint(constraint); mapping.setMethod("TRACE"); mapping.setPathSpec("/"); securityHandler.addConstraintMapping(mapping); }
protected void configureTraceMethod(ConstraintSecurityHandler securityHandler, boolean enableTrace) { Constraint constraint = new Constraint(); constraint.setName("trace-security"); //If enableTrace is true, then we want to set authenticate to false to allow it constraint.setAuthenticate(!enableTrace); ConstraintMapping mapping = new ConstraintMapping(); mapping.setConstraint(constraint); mapping.setMethod("TRACE"); mapping.setPathSpec("/"); securityHandler.addConstraintMapping(mapping); }
static void setUnsecurePathConstraints( ServletContextHandler context, List<String> unsecurePaths ) { //we need to set unsecure path only if there is an existing security handler. Otherwise all // paths are by default unsecure if (context.getSecurityHandler() != null && !unsecurePaths.isEmpty()) { for (String path : unsecurePaths) { Constraint constraint = new Constraint(); constraint.setAuthenticate(false); ConstraintMapping constraintMapping = new ConstraintMapping(); constraintMapping.setConstraint(constraint); constraintMapping.setMethod("*"); constraintMapping.setPathSpec(path); ((ConstraintSecurityHandler) context.getSecurityHandler()) .addConstraintMapping(constraintMapping); } } }
/** * Add constraints to a Jetty Context to disallow undesirable Http methods. * @param ctxHandler The context to modify */ public static void constrainHttpMethods(ServletContextHandler ctxHandler) { Constraint c = new Constraint(); c.setAuthenticate(true); ConstraintMapping cmt = new ConstraintMapping(); cmt.setConstraint(c); cmt.setMethod("TRACE"); cmt.setPathSpec("/*"); ConstraintMapping cmo = new ConstraintMapping(); cmo.setConstraint(c); cmo.setMethod("OPTIONS"); cmo.setPathSpec("/*"); ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler(); securityHandler.setConstraintMappings(new ConstraintMapping[]{ cmt, cmo }); ctxHandler.setSecurityHandler(securityHandler); }
static void setUnsecurePathConstraints( ServletContextHandler context, List<String> unsecurePaths ) { //we need to set unsecure path only if there is an existing security handler. Otherwise all // paths are by default unsecure if (context.getSecurityHandler() != null && !unsecurePaths.isEmpty()) { for (String path : unsecurePaths) { Constraint constraint = new Constraint(); constraint.setAuthenticate(false); ConstraintMapping constraintMapping = new ConstraintMapping(); constraintMapping.setConstraint(constraint); constraintMapping.setMethod("*"); constraintMapping.setPathSpec(path); ((ConstraintSecurityHandler) context.getSecurityHandler()) .addConstraintMapping(constraintMapping); } } }
private void disableTrace(String where) { Constraint constraint = new Constraint(); constraint.setName("Disable TRACE"); constraint.setAuthenticate(true); // require auth, but no roles defined, so it'll never match ConstraintMapping mapping = new ConstraintMapping(); mapping.setConstraint(constraint); mapping.setMethod("TRACE"); mapping.setPathSpec(where); ConstraintSecurityHandler security = (ConstraintSecurityHandler) handler.getSecurityHandler(); security.addConstraintMapping(mapping); }
static ConstraintSecurityHandler createSecurityHandler(String realm, List<String> roles) { final ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler(); Constraint constraint = new Constraint(); constraint.setAuthenticate(true); constraint.setRoles(roles.toArray(new String[0])); ConstraintMapping constraintMapping = new ConstraintMapping(); constraintMapping.setConstraint(constraint); constraintMapping.setMethod("*"); constraintMapping.setPathSpec("/*"); securityHandler.addConstraintMapping(constraintMapping); securityHandler.setAuthenticator(new BasicAuthenticator()); securityHandler.setLoginService(new JAASLoginService(realm)); securityHandler.setIdentityService(new DefaultIdentityService()); securityHandler.setRealmName(realm); return securityHandler; }
static ConstraintSecurityHandler createSecurityHandler(String realm, List<String> roles) { final ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler(); Constraint constraint = new Constraint(); constraint.setAuthenticate(true); constraint.setRoles(roles.toArray(new String[0])); ConstraintMapping constraintMapping = new ConstraintMapping(); constraintMapping.setConstraint(constraint); constraintMapping.setMethod("*"); constraintMapping.setPathSpec("/*"); securityHandler.addConstraintMapping(constraintMapping); securityHandler.setAuthenticator(new BasicAuthenticator()); securityHandler.setLoginService(new JAASLoginService(realm)); securityHandler.setIdentityService(new DefaultIdentityService()); securityHandler.setRealmName(realm); return securityHandler; }
/** * Disables the HTTP TRACE method request which leads to Cross-Site Tracking (XST) problems. * * To disable it, we need to wrap the Handler (which has the HTTP TRACE enabled) with a constraint * that denies access to the HTTP TRACE method. * * @param handler The Handler which has the HTTP TRACE enabled. * @return A new Handler wrapped with the HTTP TRACE constraint and the Handler passed as * parameter. */ private Handler disableTraceMethod(Handler handler) { Constraint disableTraceConstraint = new Constraint(); disableTraceConstraint.setName("Disable TRACE"); disableTraceConstraint.setAuthenticate(true); ConstraintMapping mapping = new ConstraintMapping(); mapping.setConstraint(disableTraceConstraint); mapping.setMethod("TRACE"); mapping.setPathSpec("/"); ConstraintSecurityHandler constraintSecurityHandler = new ConstraintSecurityHandler(); constraintSecurityHandler.addConstraintMapping(mapping); constraintSecurityHandler.setHandler(handler); return constraintSecurityHandler; }