servletContextHandler.setSecurityHandler(createSecurityHandler(config)); servletContextHandler.setSessionHandler(createSessionHandler(config, servletContextHandler.getSecurityHandler()));
public void addUser(String userName, Credential credential, String[] roles) { ((HashLoginService)context.getSecurityHandler().getLoginService()).putUser(userName, credential, roles); }
static void setUnsecurePathConstraints( ServletContextHandler context, List<String> unsecurePaths ) { //we need to set unsecure path only if there is an existing security handler. Otherwise all // paths are by default unsecure if (context.getSecurityHandler() != null && !unsecurePaths.isEmpty()) { for (String path : unsecurePaths) { Constraint constraint = new Constraint(); constraint.setAuthenticate(false); ConstraintMapping constraintMapping = new ConstraintMapping(); constraintMapping.setConstraint(constraint); constraintMapping.setMethod("*"); constraintMapping.setPathSpec(path); ((ConstraintSecurityHandler) context.getSecurityHandler()) .addConstraintMapping(constraintMapping); } } }
static void setUnsecurePathConstraints( ServletContextHandler context, List<String> unsecurePaths ) { //we need to set unsecure path only if there is an existing security handler. Otherwise all // paths are by default unsecure if (context.getSecurityHandler() != null && !unsecurePaths.isEmpty()) { for (String path : unsecurePaths) { Constraint constraint = new Constraint(); constraint.setAuthenticate(false); ConstraintMapping constraintMapping = new ConstraintMapping(); constraintMapping.setConstraint(constraint); constraintMapping.setMethod("*"); constraintMapping.setPathSpec(path); ((ConstraintSecurityHandler) context.getSecurityHandler()) .addConstraintMapping(constraintMapping); } } }
/** * Delegate for ServletRegistration.Dynamic.setServletSecurity method * @param registration ServletRegistration.Dynamic instance that setServletSecurity was called on * @param servletSecurityElement new security info * @return the set of exact URL mappings currently associated with the registration that are also present in the web.xml * security constraints and thus will be unaffected by this call. */ public Set<String> setServletSecurity(ServletRegistration.Dynamic registration, ServletSecurityElement servletSecurityElement) { //Default implementation is to just accept them all. If using a webapp, then this behaviour is overridden in WebAppContext.setServletSecurity Collection<String> pathSpecs = registration.getMappings(); if (pathSpecs != null) { for (String pathSpec:pathSpecs) { List<ConstraintMapping> mappings = ConstraintSecurityHandler.createConstraintsWithMappingsForPath(registration.getName(), pathSpec, servletSecurityElement); for (ConstraintMapping m:mappings) ((ConstraintAware)getSecurityHandler()).addConstraintMapping(m); } } return Collections.emptySet(); }
/** * Delegate for ServletRegistration.Dynamic.setServletSecurity method * @param registration ServletRegistration.Dynamic instance that setServletSecurity was called on * @param servletSecurityElement new security info * @return the set of exact URL mappings currently associated with the registration that are also present in the web.xml * security constraints and thus will be unaffected by this call. */ public Set<String> setServletSecurity(ServletRegistration.Dynamic registration, ServletSecurityElement servletSecurityElement) { //Default implementation is to just accept them all. If using a webapp, then this behaviour is overridden in WebAppContext.setServletSecurity Collection<String> pathSpecs = registration.getMappings(); if (pathSpecs != null) { for (String pathSpec:pathSpecs) { List<ConstraintMapping> mappings = ConstraintSecurityHandler.createConstraintsWithMappingsForPath(registration.getName(), pathSpec, servletSecurityElement); for (ConstraintMapping m:mappings) ((ConstraintAware)getSecurityHandler()).addConstraintMapping(m); } } return Collections.emptySet(); }
/** * Delegate for ServletRegistration.Dynamic.setServletSecurity method * @param registration ServletRegistration.Dynamic instance that setServletSecurity was called on * @param servletSecurityElement new security info * @return the set of exact URL mappings currently associated with the registration that are also present in the web.xml * security constraints and thus will be unaffected by this call. */ public Set<String> setServletSecurity(ServletRegistration.Dynamic registration, ServletSecurityElement servletSecurityElement) { //Default implementation is to just accept them all. If using a webapp, then this behaviour is overridden in WebAppContext.setServletSecurity Collection<String> pathSpecs = registration.getMappings(); if (pathSpecs != null) { for (String pathSpec:pathSpecs) { List<ConstraintMapping> mappings = ConstraintSecurityHandler.createConstraintsWithMappingsForPath(registration.getName(), pathSpec, servletSecurityElement); for (ConstraintMapping m:mappings) ((ConstraintAware)getSecurityHandler()).addConstraintMapping(m); } } return Collections.emptySet(); }
/** * Delegate for ServletRegistration.Dynamic.setServletSecurity method * @param registration ServletRegistration.Dynamic instance that setServletSecurity was called on * @param servletSecurityElement new security info * @return the set of exact URL mappings currently associated with the registration that are also present in the web.xml * security constraints and thus will be unaffected by this call. */ public Set<String> setServletSecurity(ServletRegistration.Dynamic registration, ServletSecurityElement servletSecurityElement) { //Default implementation is to just accept them all. If using a webapp, then this behaviour is overridden in WebAppContext.setServletSecurity Collection<String> pathSpecs = registration.getMappings(); if (pathSpecs != null) { for (String pathSpec:pathSpecs) { List<ConstraintMapping> mappings = ConstraintSecurityHandler.createConstraintsWithMappingsForPath(registration.getName(), pathSpec, servletSecurityElement); for (ConstraintMapping m:mappings) ((ConstraintAware)getSecurityHandler()).addConstraintMapping(m); } } return Collections.emptySet(); }
/** * Delegate for ServletRegistration.Dynamic.setServletSecurity method * @param registration ServletRegistration.Dynamic instance that setServletSecurity was called on * @param servletSecurityElement new security info * @return the set of exact URL mappings currently associated with the registration that are also present in the web.xml * security constraints and thus will be unaffected by this call. */ public Set<String> setServletSecurity(ServletRegistration.Dynamic registration, ServletSecurityElement servletSecurityElement) { //Default implementation is to just accept them all. If using a webapp, then this behaviour is overridden in WebAppContext.setServletSecurity Collection<String> pathSpecs = registration.getMappings(); if (pathSpecs != null) { for (String pathSpec:pathSpecs) { List<ConstraintMapping> mappings = ConstraintSecurityHandler.createConstraintsWithMappingsForPath(registration.getName(), pathSpec, servletSecurityElement); for (ConstraintMapping m:mappings) ((ConstraintAware)getSecurityHandler()).addConstraintMapping(m); } } return Collections.emptySet(); }
/** * Delegate for ServletRegistration.Dynamic.setServletSecurity method * @param registration ServletRegistration.Dynamic instance that setServletSecurity was called on * @param servletSecurityElement new security info * @return the set of exact URL mappings currently associated with the registration that are also present in the web.xml * security constraints and thus will be unaffected by this call. */ public Set<String> setServletSecurity(ServletRegistration.Dynamic registration, ServletSecurityElement servletSecurityElement) { //Default implementation is to just accept them all. If using a webapp, then this behaviour is overridden in WebAppContext.setServletSecurity Collection<String> pathSpecs = registration.getMappings(); if (pathSpecs != null) { for (String pathSpec:pathSpecs) { List<ConstraintMapping> mappings = ConstraintSecurityHandler.createConstraintsWithMappingsForPath(registration.getName(), pathSpec, servletSecurityElement); for (ConstraintMapping m:mappings) ((ConstraintAware)getSecurityHandler()).addConstraintMapping(m); } } return Collections.emptySet(); }
/** * Delegate for ServletRegistration.Dynamic.setServletSecurity method * @param registration ServletRegistration.Dynamic instance that setServletSecurity was called on * @param servletSecurityElement new security info * @return the set of exact URL mappings currently associated with the registration that are also present in the web.xml * security constraints and thus will be unaffected by this call. */ public Set<String> setServletSecurity(ServletRegistration.Dynamic registration, ServletSecurityElement servletSecurityElement) { //Default implementation is to just accept them all. If using a webapp, then this behaviour is overridden in WebAppContext.setServletSecurity Collection<String> pathSpecs = registration.getMappings(); if (pathSpecs != null) { for (String pathSpec:pathSpecs) { List<ConstraintMapping> mappings = ConstraintSecurityHandler.createConstraintsWithMappingsForPath(registration.getName(), pathSpec, servletSecurityElement); for (ConstraintMapping m:mappings) ((ConstraintAware)getSecurityHandler()).addConstraintMapping(m); } } return Collections.emptySet(); }
/** * Delegate for ServletRegistration.Dynamic.setServletSecurity method * @param registration ServletRegistration.Dynamic instance that setServletSecurity was called on * @param servletSecurityElement new security info * @return the set of exact URL mappings currently associated with the registration that are also present in the web.xml * security constraints and thus will be unaffected by this call. */ public Set<String> setServletSecurity(ServletRegistration.Dynamic registration, ServletSecurityElement servletSecurityElement) { //Default implementation is to just accept them all. If using a webapp, then this behaviour is overridden in WebAppContext.setServletSecurity Collection<String> pathSpecs = registration.getMappings(); if (pathSpecs != null) { for (String pathSpec:pathSpecs) { List<ConstraintMapping> mappings = ConstraintSecurityHandler.createConstraintsWithMappingsForPath(registration.getName(), pathSpec, servletSecurityElement); for (ConstraintMapping m:mappings) ((ConstraintAware)getSecurityHandler()).addConstraintMapping(m); } } return Collections.emptySet(); }
configureTraceMethod((ConstraintSecurityHandler) contextHandler.getSecurityHandler(), httpOptions.isEnableTrace());
configureTraceMethod((ConstraintSecurityHandler) contextHandler.getSecurityHandler(), httpOptions.isEnableTrace());
configureTraceMethod((ConstraintSecurityHandler) contextHandler.getSecurityHandler(), httpOptions.isEnableTrace());
@Override public void removeSecurityConstraintMappings( final SecurityConstraintMappingModel model) { final ServletContextHandler context = server.getContext(model .getContextModel().getHttpContext()); if (context == null) { return; // context already gone } final SecurityHandler securityHandler = context.getSecurityHandler(); if (securityHandler == null) { throw new IllegalStateException( "Internal error: Cannot find the security handler. Please report."); } List<ConstraintMapping> constraintMappings = ((ConstraintSecurityHandler) securityHandler) .getConstraintMappings(); for (ConstraintMapping constraintMapping : constraintMappings) { boolean urlMatch = constraintMapping.getPathSpec() .equalsIgnoreCase(model.getUrl()); boolean methodMatch = (constraintMapping.getMethod() == null && model.getMapping() == null) || (constraintMapping.getMethod().equalsIgnoreCase(model.getMapping())); if (urlMatch && methodMatch) { constraintMappings.remove(constraintMapping); } } removeContext(model.getContextModel().getHttpContext()); }
private void disableTrace(String where) { Constraint constraint = new Constraint(); constraint.setName("Disable TRACE"); constraint.setAuthenticate(true); // require auth, but no roles defined, so it'll never match ConstraintMapping mapping = new ConstraintMapping(); mapping.setConstraint(constraint); mapping.setMethod("TRACE"); mapping.setPathSpec(where); ConstraintSecurityHandler security = (ConstraintSecurityHandler) handler.getSecurityHandler(); security.addConstraintMapping(mapping); }
final SecurityConstraintMappingModel model) { final ServletContextHandler context = server.getOrCreateContext(model); final SecurityHandler securityHandler = context.getSecurityHandler(); if (securityHandler == null) { throw new IllegalStateException(