下面列出了javax.servlet.ServletSecurityElement 类实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
@Override
public Set<String> setServletSecurity(ServletSecurityElement constraint) {
if (constraint == null) {
throw new IllegalArgumentException(sm.getString(
"applicationServletRegistration.setServletSecurity.iae",
getName(), context.getName()));
}
if (!context.getState().equals(LifecycleState.STARTING_PREP)) {
throw new IllegalStateException(sm.getString(
"applicationServletRegistration.setServletSecurity.ise",
getName(), context.getName()));
}
this.constraint = constraint;
return context.addServletSecurity(this, constraint);
}
@Override
public void onStartup(Set<Class<?>> c, ServletContext ctx)
throws ServletException {
// Register and map servlet
Servlet s = new TesterServlet();
ServletRegistration.Dynamic sr = ctx.addServlet("test", s);
sr.addMapping("/test");
// Add a constraint with uncovered methods
HttpConstraintElement hce = new HttpConstraintElement(
TransportGuarantee.NONE, "tomcat");
HttpMethodConstraintElement hmce =
new HttpMethodConstraintElement("POST", hce);
Set<HttpMethodConstraintElement> hmces = new HashSet<>();
hmces.add(hmce);
ServletSecurityElement sse = new ServletSecurityElement(hmces);
sr.setServletSecurity(sse);
}
public List<SecurityConstraint> getConstraintsFromSecurityElements(ServletContext servletContext, AuthorizationService authorizationService) throws ServletException {
List<Entry<List<String>, ServletSecurityElement>> elements = getOptionalAttribute(servletContext, SECURITY_ELEMENTS);
if (elements == null) {
return null;
}
List<SecurityConstraint> constraints = new ArrayList<>();
for (Entry<List<String>, ServletSecurityElement> elementEntry : elements) {
constraints.addAll(ElementsToConstraintsTransformer.createConstraints(
new HashSet<>(elementEntry.getKey()),
elementEntry.getValue()));
}
return constraints;
}
@Override
public Set<String> setServletSecurity(ServletSecurityElement constraint) {
if (constraint == null) {
throw new IllegalArgumentException(sm.getString(
"applicationServletRegistration.setServletSecurity.iae",
getName(), context.getName()));
}
if (!context.getState().equals(LifecycleState.STARTING_PREP)) {
throw new IllegalStateException(sm.getString(
"applicationServletRegistration.setServletSecurity.ise",
getName(), context.getName()));
}
return context.addServletSecurity(this, constraint);
}
private void processServletSecurityAnnotation(Class<?> clazz) {
// Calling this twice isn't harmful so no syncs
servletSecurityAnnotationScanRequired = false;
Context ctxt = (Context) getParent();
if (ctxt.getIgnoreAnnotations()) {
return;
}
ServletSecurity secAnnotation =
clazz.getAnnotation(ServletSecurity.class);
if (secAnnotation != null) {
ctxt.addServletSecurity(
new ApplicationServletRegistration(this, ctxt),
new ServletSecurityElement(secAnnotation));
}
}
@Override
public Set<String> setServletSecurity(ServletSecurityElement constraint) {
if (constraint == null) {
throw new IllegalArgumentException(sm.getString(
"applicationServletRegistration.setServletSecurity.iae",
getName(), context.getName()));
}
if (!context.getState().equals(LifecycleState.STARTING_PREP)) {
throw new IllegalStateException(sm.getString(
"applicationServletRegistration.setServletSecurity.ise",
getName(), context.getName()));
}
return context.addServletSecurity(this, constraint);
}
/**
* Process the annotations for the servlets.
*
* @param context The context which will have its annotations processed
*/
protected static void loadApplicationServletAnnotations(Context context) {
Container[] children = context.findChildren();
for (Container child : children) {
if (child instanceof Wrapper) {
Wrapper wrapper = (Wrapper) child;
if (wrapper.getServletClass() == null) {
continue;
}
Class<?> clazz = Introspection.loadClass(context, wrapper.getServletClass());
if (clazz == null) {
continue;
}
loadClassAnnotation(context, clazz);
loadFieldsAnnotation(context, clazz);
loadMethodsAnnotation(context, clazz);
/* Process RunAs annotation which can be only on servlets.
* Ref JSR 250, equivalent to the run-as element in
* the deployment descriptor
*/
RunAs runAs = clazz.getAnnotation(RunAs.class);
if (runAs != null) {
wrapper.setRunAs(runAs.value());
}
// Process ServletSecurity annotation
ServletSecurity servletSecurity = clazz.getAnnotation(ServletSecurity.class);
if (servletSecurity != null) {
context.addServletSecurity(
new ApplicationServletRegistration(wrapper, context),
new ServletSecurityElement(servletSecurity));
}
}
}
}
@Override
public void onStartup(Set<Class<?>> c, ServletContext ctx)
throws ServletException {
// Register and map servlet
Servlet s = new TesterServlet();
ServletRegistration.Dynamic sr = ctx.addServlet("bug50015", s);
sr.addMapping("/bug50015");
// Limit access to users in the Tomcat role
HttpConstraintElement hce = new HttpConstraintElement(
TransportGuarantee.NONE, "tomcat");
ServletSecurityElement sse = new ServletSecurityElement(hce);
sr.setServletSecurity(sse);
}
@Override
public Set<String> setServletSecurity(final ServletSecurityElement constraint) {
if (constraint == null) {
throw UndertowMessages.MESSAGES.argumentCannotBeNull("constraint");
}
DeploymentInfo deploymentInfo = deployment.getDeploymentInfo();
//this is not super efficient, but it does not really matter
final Set<String> urlPatterns = new HashSet<>();
for (SecurityConstraint sc : deploymentInfo.getSecurityConstraints()) {
for (WebResourceCollection webResources : sc.getWebResourceCollections()) {
urlPatterns.addAll(webResources.getUrlPatterns());
}
}
final Set<String> ret = new HashSet<>();
for (String url : servletInfo.getMappings()) {
if (urlPatterns.contains(url)) {
ret.add(url);
}
}
ServletSecurityInfo info = new ServletSecurityInfo();
servletInfo.setServletSecurityInfo(info);
info.setTransportGuaranteeType(constraint.getTransportGuarantee() == CONFIDENTIAL ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE)
.setEmptyRoleSemantic(emptyRoleSemantic(constraint.getEmptyRoleSemantic()))
.addRolesAllowed(constraint.getRolesAllowed());
for (final HttpMethodConstraintElement methodConstraint : constraint.getHttpMethodConstraints()) {
info.addHttpMethodSecurityInfo(new HttpMethodSecurityInfo()
.setTransportGuaranteeType(methodConstraint.getTransportGuarantee() == CONFIDENTIAL ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE)
.setMethod(methodConstraint.getMethodName())
.setEmptyRoleSemantic(emptyRoleSemantic(methodConstraint.getEmptyRoleSemantic()))
.addRolesAllowed(methodConstraint.getRolesAllowed()));
}
return ret;
}
@Override
public void onStartup(Set<Class<?>> c, ServletContext ctx)
throws ServletException {
// Register and map servlet
Servlet s = new Bug50015Servlet();
ServletRegistration.Dynamic sr = ctx.addServlet("bug50015", s);
sr.addMapping("/bug50015");
// Limit access to users in the Tomcat role
HttpConstraintElement hce = new HttpConstraintElement(
TransportGuarantee.NONE, "tomcat");
ServletSecurityElement sse = new ServletSecurityElement(hce);
sr.setServletSecurity(sse);
}
@Override
public Set<String> setServletSecurity(final ServletSecurityElement constraint) {
if (constraint == null) {
throw UndertowMessages.MESSAGES.argumentCannotBeNull("constraint");
}
DeploymentInfo deploymentInfo = deployment.getDeploymentInfo();
//this is not super efficient, but it does not really matter
final Set<String> urlPatterns = new HashSet<>();
for (SecurityConstraint sc : deploymentInfo.getSecurityConstraints()) {
for (WebResourceCollection webResources : sc.getWebResourceCollections()) {
urlPatterns.addAll(webResources.getUrlPatterns());
}
}
final Set<String> ret = new HashSet<>();
for (String url : servletInfo.getMappings()) {
if (urlPatterns.contains(url)) {
ret.add(url);
}
}
ServletSecurityInfo info = new ServletSecurityInfo();
servletInfo.setServletSecurityInfo(info);
info.setTransportGuaranteeType(constraint.getTransportGuarantee() == CONFIDENTIAL ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE)
.setEmptyRoleSemantic(emptyRoleSemantic(constraint.getEmptyRoleSemantic()))
.addRolesAllowed(constraint.getRolesAllowed());
for (final HttpMethodConstraintElement methodConstraint : constraint.getHttpMethodConstraints()) {
info.addHttpMethodSecurityInfo(new HttpMethodSecurityInfo()
.setTransportGuaranteeType(methodConstraint.getTransportGuarantee() == CONFIDENTIAL ? TransportGuaranteeType.CONFIDENTIAL : TransportGuaranteeType.NONE)
.setMethod(methodConstraint.getMethodName())
.setEmptyRoleSemantic(emptyRoleSemantic(methodConstraint.getEmptyRoleSemantic()))
.addRolesAllowed(methodConstraint.getRolesAllowed()));
}
return ret;
}
private RpcServlet registerRpcServlet(ServletContext ctx) {
LOGGER.info("Starting HTTP RPC runtime");
RpcServlet servlet = new RpcServlet();
ServletRegistration.Dynamic regInfo = ctx.addServlet(RpcServlet.class.getName(), servlet);
ServletSecurityElement sec = new ServletSecurityElement(new HttpConstraintElement());
regInfo.setServletSecurity(sec);
regInfo.setLoadOnStartup(1);
regInfo.addMapping(RpcConfig.getInstance().getPath() + "/http");
return servlet;
}
@Override
public void onStartup(Set<Class<?>> c, ServletContext ctx)
throws ServletException {
// Register and map servlet
Servlet s = new Bug50015Servlet();
ServletRegistration.Dynamic sr = ctx.addServlet("bug50015", s);
sr.addMapping("/bug50015");
// Limit access to users in the Tomcat role
HttpConstraintElement hce = new HttpConstraintElement(
TransportGuarantee.NONE, "tomcat");
ServletSecurityElement sse = new ServletSecurityElement(hce);
sr.setServletSecurity(sse);
}
@Override
public SecurityConstraint[] findSecurityConstraints(final Request request, final Context context) {
final Map<String, ServletSecurityElement> map = (Map<String, ServletSecurityElement>) invoke(findSecurityConstraintsMethod, request.getRequest(), context.getPath());
final List<SecurityConstraint> constraints = new ArrayList<SecurityConstraint>();
for (final Map.Entry<String, ServletSecurityElement> entry : map.entrySet()) {
constraints.addAll(Arrays.asList(SecurityConstraint.createConstraints(entry.getValue(), entry.getKey())));
}
return constraints.toArray(new SecurityConstraint[constraints.size()]);
}
@Override
public Set<String> addServletSecurity(
ServletRegistration.Dynamic registration,
ServletSecurityElement servletSecurityElement) { return null; }
private ServletRegistration.Dynamic addServlet(String servletName, String servletClass,
Servlet servlet, Map<String,String> initParams) throws IllegalStateException {
if (servletName == null || servletName.equals("")) {
throw new IllegalArgumentException(sm.getString(
"applicationContext.invalidServletName", servletName));
}
if (!context.getState().equals(LifecycleState.STARTING_PREP)) {
//TODO Spec breaking enhancement to ignore this restriction
throw new IllegalStateException(
sm.getString("applicationContext.addServlet.ise",
getContextPath()));
}
Wrapper wrapper = (Wrapper) context.findChild(servletName);
// Assume a 'complete' ServletRegistration is one that has a class and
// a name
if (wrapper == null) {
wrapper = context.createWrapper();
wrapper.setName(servletName);
context.addChild(wrapper);
} else {
if (wrapper.getName() != null &&
wrapper.getServletClass() != null) {
if (wrapper.isOverridable()) {
wrapper.setOverridable(false);
} else {
return null;
}
}
}
ServletSecurity annotation = null;
if (servlet == null) {
wrapper.setServletClass(servletClass);
Class<?> clazz = Introspection.loadClass(context, servletClass);
if (clazz != null) {
annotation = clazz.getAnnotation(ServletSecurity.class);
}
} else {
wrapper.setServletClass(servlet.getClass().getName());
wrapper.setServlet(servlet);
if (context.wasCreatedDynamicServlet(servlet)) {
annotation = servlet.getClass().getAnnotation(ServletSecurity.class);
}
}
if (initParams != null) {
for (Map.Entry<String, String> initParam: initParams.entrySet()) {
wrapper.addInitParameter(initParam.getKey(), initParam.getValue());
}
}
ServletRegistration.Dynamic registration =
new ApplicationServletRegistration(wrapper, context);
if (annotation != null) {
registration.setServletSecurity(new ServletSecurityElement(annotation));
}
return registration;
}
@Override
public Set<String> addServletSecurity(Dynamic registration,
ServletSecurityElement servletSecurityElement) {
return null;
}
@Override
public Set<String> setServletSecurity(ServletSecurityElement constraint) {
return null;
}
@Override
public Set<String> setServletSecurity(ServletSecurityElement constraint) {
return null;
}
@Override
public Set<String> setServletSecurity(ServletSecurityElement constraint) {
return null;
}
public ServletSecurityElement getServletSecurityElement() {
return servletSecurityElement;
}
@Override
public Set<String> setServletSecurity(ServletSecurityElement constraint) {
this.servletSecurityElement = constraint;
servletSecuritys.addAll(servletSecurityElement.getMethodNames());
return servletSecuritys;
}
@Override
public Set<String> setServletSecurity(ServletSecurityElement constraint) {
return null;
}
@Override
public Set<String> addServletSecurity(
ApplicationServletRegistration registration,
ServletSecurityElement servletSecurityElement) { return null; }
@Override
public Set<String> addServletSecurity(
ApplicationServletRegistration registration,
ServletSecurityElement servletSecurityElement) {
return null;
}
@Override
public Set<String> setServletSecurity(ServletSecurityElement constraint) {
return null;
}
@Override
public Set<String> setServletSecurity(ServletSecurityElement constraint) {
throw new UnsupportedOperationException(NOT_SUPPORTED_YET); //To change body of generated methods, choose Tools | Templates.
}
@Override
public Set<String> addServletSecurity(
ApplicationServletRegistration registration,
ServletSecurityElement servletSecurityElement) { return null; }
@Override
public Set<String> addServletSecurity(
ApplicationServletRegistration registration,
ServletSecurityElement servletSecurityElement) {
return null;
}
public void registerServlet(String servletName, Servlet servletClass, String urlMapping, String[] roles, int loadOnStartup, Map<String, String> initParameters) {
log.info("instantiating IbisInitializer servlet name ["+servletName+"] servletClass ["+servletClass+"] loadOnStartup ["+loadOnStartup+"]");
getServletContext().log("instantiating IbisInitializer servlet ["+servletName+"]");
AppConstants appConstants = AppConstants.getInstance();
String propertyPrefix = "servlet."+servletName+".";
if(!appConstants.getBoolean(propertyPrefix+"enabled", true))
return;
ServletRegistration.Dynamic serv = getServletContext().addServlet(servletName, servletClass);
ServletSecurity.TransportGuarantee transportGuarantee = getTransportGuarantee(propertyPrefix+"transportGuarantee");
String stage = appConstants.getString("dtap.stage", null);
String[] rolesCopy = new String[0];
if(roles != null && !stage.equalsIgnoreCase("LOC"))
rolesCopy = roles;
String roleNames = appConstants.getString(propertyPrefix+"securityroles", null);
if(StringUtils.isNotEmpty(roleNames))
rolesCopy = roleNames.split(",");
declareRoles(rolesCopy);
HttpConstraintElement httpConstraintElement = new HttpConstraintElement(transportGuarantee, rolesCopy);
ServletSecurityElement constraint = new ServletSecurityElement(httpConstraintElement);
String urlMappingCopy = appConstants.getString(propertyPrefix+"urlMapping", urlMapping);
if(!urlMappingCopy.startsWith("/") && !urlMappingCopy.startsWith("*")) {
urlMappingCopy = "/"+urlMappingCopy;
}
serv.addMapping(urlMappingCopy);
int loadOnStartupCopy = appConstants.getInt(propertyPrefix+"loadOnStartup", loadOnStartup);
serv.setLoadOnStartup(loadOnStartupCopy);
serv.setServletSecurity(constraint);
if(initParameters != null && !initParameters.isEmpty()) {
//Manually loop through the map as serv.setInitParameters will fail all parameters even if only 1 fails...
for (String key : initParameters.keySet()) {
String value = initParameters.get(key);
if(!serv.setInitParameter(key, value)) {
log("unable to set init-parameter ["+key+"] with value ["+value+"] for servlet ["+servletName+"]", Level.ERROR);
}
}
}
if(log.isDebugEnabled()) log.debug("registered servlet ["+servletName+"] class ["+servletClass+"] url ["+urlMapping+"] loadOnStartup ["+loadOnStartup+"]");
}