You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by dj...@apache.org on 2010/09/27 00:02:33 UTC
svn commit: r1001535 - in /geronimo/server/trunk/plugins:
j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/WebSecurityConstraintStore.java
jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoWebAppContext.java
Author: djencks
Date: Sun Sep 26 22:02:32 2010
New Revision: 1001535
URL: http://svn.apache.org/viewvc?rev=1001535&view=rev
Log:
GERONIMO-5624 fix up dynamic security constraint processing for jetty
Modified:
geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/WebSecurityConstraintStore.java
geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoWebAppContext.java
Modified: geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/WebSecurityConstraintStore.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/WebSecurityConstraintStore.java?rev=1001535&r1=1001534&r2=1001535&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/WebSecurityConstraintStore.java (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/WebSecurityConstraintStore.java Sun Sep 26 22:02:32 2010
@@ -66,6 +66,7 @@ public class WebSecurityConstraintStore
private Map<String, String> containerCreatedDynamicServletNameClassMap = new HashMap<String, String>();
private Map<String, ServletSecurityElement> dynamicServletNameSecurityElementMap = new LinkedHashMap<String, ServletSecurityElement>();
+ private Map<RegistrationKey, ServletSecurityElement> registrationSecurityElementMap = new LinkedHashMap<RegistrationKey, ServletSecurityElement>();
private Set<String> securityRoles = new HashSet<String>();
@@ -91,10 +92,27 @@ public class WebSecurityConstraintStore
initialize();
}
+ public void setAnnotationScanRequired(boolean scanRequired) {
+ annotationScanRequired = scanRequired;
+ }
+
public void addContainerCreatedDynamicServlet(javax.servlet.Servlet servlet) {
containerCreatedDynamicServlets.put(servlet, null);
}
+ public boolean isContainerCreatedDynamicServlet(javax.servlet.Servlet servlet) {
+ return containerCreatedDynamicServlets.containsKey(servlet);
+ }
+
+ public void addContainerCreatedDynamicServletEntry(ServletRegistration.Dynamic registration, String servletClass) {
+ if (annotationScanRequired) {
+ ServletSecurityElement servletSecurityElement = processServletConstraintAnnotation(servletClass);
+ if (servletSecurityElement != null) {
+ setDynamicServletSecurity(registration, servletSecurityElement);
+ }
+ }
+ }
+
public void addContainerCreatedDynamicServletEntry(String servletName, String servletClass) {
containerCreatedDynamicServletNameClassMap.put(servletName, servletClass);
}
@@ -123,11 +141,12 @@ public class WebSecurityConstraintStore
List<SecurityConstraintInfo> securityConstraints = new ArrayList<SecurityConstraintInfo>();
//Scan ServletSecurity annotation if required
if (annotationScanRequired) {
- for (ServletInfo servlet : webXmlAppInfo.servlets) {
- Collection<String> urlPatterns = servletContext.getServletRegistration(servlet.servletName).getMappings();
- urlPatterns.removeAll(webXmlConstraintUrlPatterns);
- processServletConstraintAnnotation(securityConstraints, servlet.servletName, servlet.servletClass, urlPatterns);
- }
+ //these will already have been added and be in the containerCreatedDynamicServletNameClassMap
+// for (ServletInfo servlet : webXmlAppInfo.servlets) {
+// Collection<String> urlPatterns = servletContext.getServletRegistration(servlet.servletName).getMappings();
+// urlPatterns.removeAll(webXmlConstraintUrlPatterns);
+// processServletConstraintAnnotation(securityConstraints, servlet.servletName, servlet.servletClass, urlPatterns);
+// }
for (Map.Entry<String, String> entry : containerCreatedDynamicServletNameClassMap.entrySet()) {
String servletName = entry.getKey();
@@ -145,16 +164,18 @@ public class WebSecurityConstraintStore
urlPatterns.removeAll(webXmlConstraintUrlPatterns);
processServletSecurityElement(securityConstraints, entry.getValue(), urlPatterns);
}
+ for (Map.Entry<RegistrationKey, ServletSecurityElement> entry : registrationSecurityElementMap.entrySet()) {
+ Collection<String> urlPatterns = entry.getKey().registration.getMappings();
+ urlPatterns.removeAll(webXmlConstraintUrlPatterns);
+ processServletSecurityElement(securityConstraints, entry.getValue(), urlPatterns);
+ }
+
webXmlAppInfo.securityConstraints.addAll(securityConstraints);
return webXmlAppInfo;
}
- public boolean isContainerCreatedDynamicServlet(javax.servlet.Servlet servlet) {
- return containerCreatedDynamicServlets.containsKey(servlet);
- }
-
public Set<String> setDynamicServletSecurity(ServletRegistration.Dynamic registration, ServletSecurityElement constraint) {
- dynamicServletNameSecurityElementMap.put(registration.getName(), constraint);
+ registrationSecurityElementMap.put(new RegistrationKey(registration), constraint);
Set<String> uneffectedUrlPatterns = new HashSet<String>(registration.getMappings());
uneffectedUrlPatterns.retainAll(webXmlConstraintUrlPatterns);
return uneffectedUrlPatterns;
@@ -184,13 +205,11 @@ public class WebSecurityConstraintStore
}
private SecurityConstraintInfo newHTTPSecurityConstraint(String[] rolesAllowed, TransportGuarantee transportGuarantee, ServletSecurity.EmptyRoleSemantic emptyRoleSemantic,
- String[] omissionMethods, Collection<String> urlPatterns) {
- SecurityConstraintInfo securityConstraint = newSecurityConstraint(rolesAllowed, transportGuarantee, emptyRoleSemantic, omissionMethods.length > 0);
+ Collection<String> omissionMethods, Collection<String> urlPatterns) {
+ SecurityConstraintInfo securityConstraint = newSecurityConstraint(rolesAllowed, transportGuarantee, emptyRoleSemantic, !omissionMethods.isEmpty());
if (securityConstraint != null) {
WebResourceCollectionInfo webResourceCollection = securityConstraint.webResourceCollections.get(0);
- for (String omissionMethod : omissionMethods) {
- webResourceCollection.httpMethods.add(omissionMethod);
- }
+ webResourceCollection.httpMethods.addAll(omissionMethods);
webResourceCollection.urlPatterns.addAll(urlPatterns);
webResourceCollection.omission = true;
}
@@ -246,6 +265,24 @@ public class WebSecurityConstraintStore
}
}
+ private ServletSecurityElement processServletConstraintAnnotation(String servletClassName) {
+ try {
+ Class<?> cls = bundle.loadClass(servletClassName);
+ if (!javax.servlet.Servlet.class.isAssignableFrom(cls)) {
+ return null;
+ }
+ ServletSecurity servletSecurity = cls.getAnnotation(ServletSecurity.class);
+ if (servletSecurity == null) {
+ return null;
+ }
+ return new ServletSecurityElement(servletSecurity);
+ } catch (ClassNotFoundException e) {
+ //Should never occur, as webservice builder have already checked it.
+ logger.error("Fail to load class", e);
+ }
+ return null;
+ }
+
private void processServletSecurityAnnotation(List<SecurityConstraintInfo> securityConstraints, ServletSecurity servletSecurity, Collection<String> urlPatterns) {
processServletSecurityElement(securityConstraints, new ServletSecurityElement(servletSecurity), urlPatterns);
}
@@ -263,11 +300,30 @@ public class WebSecurityConstraintStore
}
}
SecurityConstraintInfo securityConstraint = newHTTPSecurityConstraint(servletSecurityElement.getRolesAllowed(), servletSecurityElement.getTransportGuarantee(),
- servletSecurityElement.getEmptyRoleSemantic(), servletSecurityElement.getMethodNames().toArray(new String[0]), urlPatterns);
+ servletSecurityElement.getEmptyRoleSemantic(), servletSecurityElement.getMethodNames(), urlPatterns);
if (securityConstraint != null) {
securityConstraints.add(securityConstraint);
}
declareRoles(servletSecurityElement.getRolesAllowed());
}
+ private final static class RegistrationKey {
+ private final ServletRegistration.Dynamic registration;
+
+ private RegistrationKey(ServletRegistration.Dynamic registration) {
+ this.registration = registration;
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ return (o instanceof RegistrationKey) &&
+ registration.getName().equals(((RegistrationKey)o).registration.getName());
+ }
+
+ @Override
+ public int hashCode() {
+ return registration.getName().hashCode();
+ }
+ }
+
}
Modified: geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoWebAppContext.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoWebAppContext.java?rev=1001535&r1=1001534&r2=1001535&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoWebAppContext.java (original)
+++ geronimo/server/trunk/plugins/jetty8/geronimo-jetty8/src/main/java/org/apache/geronimo/jetty8/handler/GeronimoWebAppContext.java Sun Sep 26 22:02:32 2010
@@ -59,6 +59,7 @@ import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.handler.ErrorHandler;
import org.eclipse.jetty.server.session.SessionHandler;
import org.eclipse.jetty.servlet.ServletHandler;
+import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.util.StringUtil;
import org.eclipse.jetty.util.URIUtil;
import org.eclipse.jetty.util.resource.Resource;
@@ -139,6 +140,7 @@ public class GeronimoWebAppContext exten
try {
Assembler assembler = new Assembler();
assembler.assemble(getServletContext(), webAppInfo);
+ webSecurityConstraintStore.setAnnotationScanRequired(true);
((GeronimoWebAppContext.Context) _scontext).webXmlProcessed = true;
super.doStart();
if (applicationPolicyConfigurationManager != null) {
@@ -270,8 +272,17 @@ public class GeronimoWebAppContext exten
return paths;
}
-
@Override
+ protected ServletRegistration.Dynamic dynamicHolderAdded(ServletHolder holder) {
+ ServletRegistration.Dynamic registration = holder.getRegistration();
+ String servletClassName = holder.getClassName();
+ Servlet servlet = holder.getServletInstance();
+ if (servlet == null || webSecurityConstraintStore.isContainerCreatedDynamicServlet(servlet)) {
+ webSecurityConstraintStore.addContainerCreatedDynamicServletEntry(registration, servletClassName);
+ }
+ return registration;
+ }
+
public Set<String> setServletSecurity(ServletRegistration.Dynamic registration, ServletSecurityElement servletSecurityElement) {
return webSecurityConstraintStore.setDynamicServletSecurity(registration, servletSecurityElement);
}