/** * Servlet spec 3.1. When present in web.xml, this means that http methods that are * not covered by security constraints should have access denied. * <p> * See section 13.8.4, pg 145 * * @param context the of the processing * @param descriptor the descriptor * @param node the xml node */ public void visitDenyUncoveredHttpMethods(WebAppContext context, Descriptor descriptor, XmlParser.Node node) { if (context.getSecurityHandler() == null) { LOG.warn("deny-uncovered-http-methods declared but SecurityHandler==null"); return; } ((ConstraintAware)context.getSecurityHandler()).setDenyUncoveredHttpMethods(true); } }
public void visitSecurityRole(WebAppContext context, Descriptor descriptor, XmlParser.Node node) { if (context.getSecurityHandler() == null) { LOG.warn("security-role declared but SecurityHandler==null"); return; } //ServletSpec 3.0, p74 elements with multiplicity >1 are additive when merged XmlParser.Node roleNode = node.get("role-name"); String role = roleNode.toString(false, true); ((ConstraintAware)context.getSecurityHandler()).addRole(role); }
((ConstraintAware)getSecurityHandler()).addConstraintMapping(m); ((ConstraintAware)getSecurityHandler()).checkPathsWithUncoveredHttpMethods(); getMetaData().setOriginAPI("constraint.url."+pathSpec); break; List<ConstraintMapping> constraintMappings = ConstraintSecurityHandler.removeConstraintMappingsForPath(pathSpec, ((ConstraintAware)getSecurityHandler()).getConstraintMappings()); ((ConstraintSecurityHandler)getSecurityHandler()).setConstraintMappings(constraintMappings); ((ConstraintAware)getSecurityHandler()).checkPathsWithUncoveredHttpMethods(); break;
context.getSecurityHandler().setAuthMethod(method.toString(false, true)); context.getMetaData().setOrigin("auth-method", descriptor); break; context.getSecurityHandler().setAuthMethod(method.toString(false, true)); context.getMetaData().setOrigin("auth-method", descriptor); if (!context.getSecurityHandler().getAuthMethod().equals(method.toString(false, true))) throw new IllegalStateException("Conflicting auth-method value in "+descriptor.getResource()); break; context.getSecurityHandler().setRealmName(nameStr); context.getMetaData().setOrigin("realm-name", descriptor); break; context.getSecurityHandler().setRealmName(nameStr); context.getMetaData().setOrigin("realm-name", descriptor); if (!context.getSecurityHandler().getRealmName().equals(nameStr)) throw new IllegalStateException("Conflicting realm-name value in "+descriptor.getResource()); break; if (Constraint.__FORM_AUTH.equalsIgnoreCase(context.getSecurityHandler().getAuthMethod())) context.getSecurityHandler().setInitParameter(FormAuthenticator.__FORM_LOGIN_PAGE,loginPageName); context.getMetaData().setOrigin("form-login-page",descriptor); break; context.getSecurityHandler().setInitParameter(FormAuthenticator.__FORM_LOGIN_PAGE,loginPageName);
public void visitSecurityConstraint(WebAppContext context, Descriptor descriptor, XmlParser.Node node) if (context.getSecurityHandler() == null) mapping.setPathSpec(url); mapping.setConstraint(sc); ((ConstraintAware)context.getSecurityHandler()).addConstraintMapping(mapping); mapping.setPathSpec(url); mapping.setConstraint(sc); ((ConstraintAware)context.getSecurityHandler()).addConstraintMapping(mapping); mapping.setPathSpec(url); mapping.setConstraint(sc); ((ConstraintAware)context.getSecurityHandler()).addConstraintMapping(mapping);
/** * Servlet spec 3.1. When present in web.xml, this means that http methods that are * not covered by security constraints should have access denied. * <p> * See section 13.8.4, pg 145 * * @param context the of the processing * @param descriptor the descriptor * @param node the xml node */ public void visitDenyUncoveredHttpMethods(WebAppContext context, Descriptor descriptor, XmlParser.Node node) { if (context.getSecurityHandler() == null) { LOG.warn("deny-uncovered-http-methods declared but SecurityHandler==null"); return; } ((ConstraintAware)context.getSecurityHandler()).setDenyUncoveredHttpMethods(true); }
/** * @see org.eclipse.jetty.annotations.AnnotationIntrospector.AbstractIntrospectableAnnotationHandler#doHandle(java.lang.Class) */ public void doHandle(Class clazz) { if (!Servlet.class.isAssignableFrom(clazz)) return; //only applicable on javax.servlet.Servlet derivatives DeclareRoles declareRoles = (DeclareRoles) clazz.getAnnotation(DeclareRoles.class); if (declareRoles == null) return; String[] roles = declareRoles.value(); if (roles != null && roles.length > 0) { for (String r:roles) ((ConstraintSecurityHandler)_context.getSecurityHandler()).addRole(r); } }
/** * @see org.eclipse.jetty.annotations.AnnotationIntrospector.AbstractIntrospectableAnnotationHandler#doHandle(java.lang.Class) */ public void doHandle(Class clazz) { if (!Servlet.class.isAssignableFrom(clazz)) return; //only applicable on javax.servlet.Servlet derivatives DeclareRoles declareRoles = (DeclareRoles) clazz.getAnnotation(DeclareRoles.class); if (declareRoles == null) return; String[] roles = declareRoles.value(); if (roles != null && roles.length > 0) { for (String r:roles) ((ConstraintSecurityHandler)_context.getSecurityHandler()).addRole(r); } }
public void visitSecurityRole(WebAppContext context, Descriptor descriptor, XmlParser.Node node) { if (context.getSecurityHandler() == null) { LOG.warn("security-role declared but SecurityHandler==null"); return; } //ServletSpec 3.0, p74 elements with multiplicity >1 are additive when merged XmlParser.Node roleNode = node.get("role-name"); String role = roleNode.toString(false, true); ((ConstraintAware)context.getSecurityHandler()).addRole(role); }
/** * @see org.eclipse.jetty.annotations.AnnotationIntrospector.AbstractIntrospectableAnnotationHandler#doHandle(java.lang.Class) */ public void doHandle(Class clazz) { if (!Servlet.class.isAssignableFrom(clazz)) return; //only applicable on javax.servlet.Servlet derivatives DeclareRoles declareRoles = (DeclareRoles) clazz.getAnnotation(DeclareRoles.class); if (declareRoles == null) return; String[] roles = declareRoles.value(); if (roles != null && roles.length > 0) { for (String r:roles) ((ConstraintSecurityHandler)_context.getSecurityHandler()).addRole(r); } }
/** * @param context * @param descriptor * @param node */ protected void visitSecurityRole(WebAppContext context, Descriptor descriptor, XmlParser.Node node) { //ServletSpec 3.0, p74 elements with multiplicity >1 are additive when merged XmlParser.Node roleNode = node.get("role-name"); String role = roleNode.toString(false, true); ((ConstraintAware)context.getSecurityHandler()).addRole(role); }
/** * @param context * @param descriptor * @param node */ protected void visitSecurityRole(WebAppContext context, Descriptor descriptor, XmlParser.Node node) { //ServletSpec 3.0, p74 elements with multiplicity >1 are additive when merged XmlParser.Node roleNode = node.get("role-name"); String role = roleNode.toString(false, true); ((ConstraintAware)context.getSecurityHandler()).addRole(role); }
/** * @param context * @param descriptor * @param node */ protected void visitSecurityRole(WebAppContext context, Descriptor descriptor, XmlParser.Node node) { //ServletSpec 3.0, p74 elements with multiplicity >1 are additive when merged XmlParser.Node roleNode = node.get("role-name"); String role = roleNode.toString(false, true); ((ConstraintAware)context.getSecurityHandler()).addRole(role); }
/** * @param context * @param descriptor * @param node */ protected void visitSecurityRole(WebAppContext context, Descriptor descriptor, XmlParser.Node node) { //ServletSpec 3.0, p74 elements with multiplicity >1 are additive when merged XmlParser.Node roleNode = node.get("role-name"); String role = roleNode.toString(false, true); ((ConstraintAware)context.getSecurityHandler()).addRole(role); }
/** * @param context * @param descriptor * @param node */ protected void visitSecurityRole(WebAppContext context, Descriptor descriptor, XmlParser.Node node) { //ServletSpec 3.0, p74 elements with multiplicity >1 are additive when merged XmlParser.Node roleNode = node.get("role-name"); String role = roleNode.toString(false, true); ((ConstraintAware)context.getSecurityHandler()).addRole(role); }
/** * Sets up Jetty without any actual TCP port serving HTTP. */ @Override protected ServletContext createWebServer() throws Exception { QueuedThreadPool queuedThreadPool = new QueuedThreadPool(10); server = new Server(queuedThreadPool); WebAppContext context = new WebAppContext(bootstrap.warDir.getPath(), contextPath); context.setClassLoader(getClass().getClassLoader()); context.setConfigurations(new Configuration[]{new WebXmlConfiguration()}); context.addBean(new NoListenerConfiguration(context)); server.setHandler(context); context.getSecurityHandler().setLoginService(configureUserRealm()); context.setResourceBase(bootstrap.warDir.getPath()); server.start(); localPort = -1; setPluginManager(new PluginManagerImpl(context.getServletContext(), bootstrap.pluginsDir)); return context.getServletContext(); }
/** * Sets up Jetty without any actual TCP port serving HTTP. */ @Override protected ServletContext createWebServer() throws Exception { QueuedThreadPool queuedThreadPool = new QueuedThreadPool(10); server = new Server(queuedThreadPool); WebAppContext context = new WebAppContext(bootstrap.warDir.getPath(), contextPath); context.setClassLoader(getClass().getClassLoader()); context.setConfigurations(new Configuration[]{new WebXmlConfiguration()}); context.addBean(new NoListenerConfiguration(context)); server.setHandler(context); context.getSecurityHandler().setLoginService(configureUserRealm()); context.setResourceBase(bootstrap.warDir.getPath()); server.start(); localPort = -1; setPluginManager(new PluginManagerImpl(context.getServletContext(), bootstrap.pluginsDir)); return context.getServletContext(); }
protected static void process(WebAppContext wac, boolean startNewHandler) throws Exception { EclipseWeldServletHandler wHandler = new EclipseWeldServletHandler(wac.getServletHandler(), wac.getServletContext()); wac.setServletHandler(wHandler); wac.getSecurityHandler().setHandler(wHandler); if (startNewHandler) { wHandler.start(); } Resource jettyEnv = null; Resource webInf = wac.getWebInf(); if (webInf != null && webInf.exists()) { jettyEnv = webInf.addPath("jetty-env.xml"); } if (jettyEnv == null || !(jettyEnv.exists())) { JettyLogger.LOG.missingJettyEnvXml(); } }
protected static void process(WebAppContext wac, boolean startNewHandler) throws Exception { EclipseWeldServletHandler wHandler = new EclipseWeldServletHandler(wac.getServletHandler(), wac.getServletContext()); wac.setServletHandler(wHandler); wac.getSecurityHandler().setHandler(wHandler); if (startNewHandler) { wHandler.start(); } Resource jettyEnv = null; Resource webInf = wac.getWebInf(); if (webInf != null && webInf.exists()) { jettyEnv = webInf.addPath("jetty-env.xml"); } if (jettyEnv == null || !(jettyEnv.exists())) { JettyLogger.LOG.missingJettyEnvXml(); } }
protected static void process(WebAppContext wac, boolean startNewHandler) throws Exception { EclipseWeldServletHandler wHandler = new EclipseWeldServletHandler(wac.getServletHandler(), wac.getServletContext()); wac.setServletHandler(wHandler); wac.getSecurityHandler().setHandler(wHandler); if (startNewHandler) { wHandler.start(); } Resource jettyEnv = null; Resource webInf = wac.getWebInf(); if (webInf != null && webInf.exists()) { jettyEnv = webInf.addPath("jetty-env.xml"); } if (jettyEnv == null || !(jettyEnv.exists())) { JettyLogger.LOG.missingJettyEnvXml(); } }