Examples of org.apache.tomcat.util.descriptor.web.SecurityConstraint

Package org.apache.tomcat.util.descriptor.web

Examples of org.apache.tomcat.util.descriptor.web.SecurityConstraint

org.apache.tomcat.util.descriptor.web.SecurityConstraint
Representation of a security constraint element for a web application, as represented in a <security-constraint> element in the deployment descriptor.
WARNING: It is assumed that instances of this class will be created and modified only within the context of a single thread, before the instance is made visible to the remainder of the application. After that, only read access is expected. Therefore, none of the read and write access within this class is synchronized. @author Craig R. McClanahan @version $Id: SecurityConstraint.java 1500964 2013-07-08 21:24:05Z markt $

        // Which user principal have we already authenticated?
        Principal principal = request.getPrincipal();
        boolean status = false;
        boolean denyfromall = false;
        for(int i=0; i < constraints.length; i++) {
            SecurityConstraint constraint = constraints[i];


            String roles[];
            if (constraint.getAllRoles()) {
                // * means all roles defined in web.xml
                roles = request.getContext().findSecurityRoles();
            } else {
                roles = constraint.findAuthRoles();
            }


            if (roles == null)
                roles = new String[0];


            if (log.isDebugEnabled())
                log.debug("  Checking roles " + principal);


            if (constraint.getAuthenticatedUsers() && principal != null) {
                if (log.isDebugEnabled()) {
                    log.debug("Passing all authenticated users");
                }
                status = true;
            } else if (roles.length == 0 && !constraint.getAllRoles() &&
                    !constraint.getAuthenticatedUsers()) {
                if(constraint.getAuthConstraint()) {
                    if( log.isDebugEnabled() )
                        log.debug("No roles");
                    status = false; // No listed roles means no access at all
                    denyfromall = true;
                    break;
                }


                if(log.isDebugEnabled())
                    log.debug("Passing all access");
                status = true;
            } else if (principal == null) {
                if (log.isDebugEnabled())
                    log.debug("  No user authenticated, cannot grant access");
            } else {
                for (int j = 0; j < roles.length; j++) {
                    if (hasRole(null, principal, roles[j])) {
                        status = true;
                        if( log.isDebugEnabled() )
                            log.debug( "Role found:  " + roles[j]);
                    }
                    else if( log.isDebugEnabled() )
                        log.debug( "No role found:  " + roles[j]);
                }
            }
        }


        if (!denyfromall && allRolesMode != AllRolesMode.STRICT_MODE &&
                !status && principal != null) {
            if (log.isDebugEnabled()) {
                log.debug("Checking for all roles mode: " + allRolesMode);
            }
            // Check for an all roles(role-name="*")
            for (int i = 0; i < constraints.length; i++) {
                SecurityConstraint constraint = constraints[i];
                String roles[];
                // If the all roles mode exists, sets
                if (constraint.getAllRoles()) {
                    if (allRolesMode == AllRolesMode.AUTH_ONLY_MODE) {
                        if (log.isDebugEnabled()) {
                            log.debug("Granting access for role-name=*, auth-only");
                        }
                        status = true;

View Full Code Here

            if (log.isDebugEnabled())
                log.debug("  No applicable security constraint defined");
            return (true);
        }
        for(int i=0; i < constraints.length; i++) {
            SecurityConstraint constraint = constraints[i];
            String userConstraint = constraint.getUserConstraint();
            if (userConstraint == null) {
                if (log.isDebugEnabled())
                    log.debug("  No applicable user data constraint defined");
                return (true);
            }

View Full Code Here

        // Add protected servlet
        Tomcat.addServlet(ctxt, "TesterServlet1", new TesterServlet());
        ctxt.addServletMapping(URI_PROTECTED, "TesterServlet1");
        SecurityCollection collection1 = new SecurityCollection();
        collection1.addPattern(URI_PROTECTED);
        SecurityConstraint sc1 = new SecurityConstraint();
        sc1.addAuthRole(ROLE);
        sc1.addCollection(collection1);
        ctxt.addConstraint(sc1);


        // Add unprotected servlet
        Tomcat.addServlet(ctxt, "TesterServlet2", new TesterServlet());
        ctxt.addServletMapping(URI_PUBLIC, "TesterServlet2");
        SecurityCollection collection2 = new SecurityCollection();
        collection2.addPattern(URI_PUBLIC);
        SecurityConstraint sc2 = new SecurityConstraint();
        // do not add a role - which signals access permitted without one
        sc2.addCollection(collection2);
        ctxt.addConstraint(sc2);


        // Configure the appropriate authenticator
        LoginConfig lc = new LoginConfig();
        lc.setAuthMethod("NONE");

View Full Code Here

        // Add protected servlet
        Tomcat.addServlet(ctxt, "TesterServlet3", new TesterServlet());
        ctxt.addServletMapping(URI_PROTECTED, "TesterServlet3");
        SecurityCollection collection = new SecurityCollection();
        collection.addPattern(URI_PROTECTED);
        SecurityConstraint sc = new SecurityConstraint();
        sc.addAuthRole(ROLE);
        sc.addCollection(collection);
        ctxt.addConstraint(sc);


        // Configure the appropriate authenticator
        LoginConfig lc = new LoginConfig();
        lc.setAuthMethod("DIGEST");

View Full Code Here

        ctx.addServletMapping("/protected", "simple");


        // Security constraints
        SecurityCollection collection = new SecurityCollection();
        collection.addPattern("/protected");
        SecurityConstraint sc = new SecurityConstraint();
        sc.addAuthRole("testrole");
        sc.addCollection(collection);
        ctx.addConstraint(sc);


        // Configure the Realm
        TesterMapRealm realm = new TesterMapRealm();
        realm.addUser("CN=user1, C=US", "not used");

View Full Code Here

0 1 2 3 4 5 6 7 8

TOP

Related Classes of org.apache.tomcat.util.descriptor.web.SecurityConstraint

com.cloudera.oryx.lambda.serving.ServingLayer

de.javakaffee.web.msm.integration.Tomcat8Builder

org.apache.catalina.authenticator.TestDigestAuthenticator

org.apache.catalina.authenticator.TestFormAuthenticator$FormAuthClientSelectedMethods

org.apache.catalina.authenticator.TestNonLoginAndBasicAuthenticator

org.apache.catalina.authenticator.TestSSOnonLoginAndBasicAuthenticator

org.apache.catalina.authenticator.TestSSOnonLoginAndDigestAuthenticator

org.apache.catalina.core.StandardContext

org.apache.catalina.realm.RealmBase

org.apache.catalina.realm.TestRealmBase

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.