diff options
author | Greg Wilkins | 2010-06-24 00:39:13 +0000 |
---|---|---|
committer | Greg Wilkins | 2010-06-24 00:39:13 +0000 |
commit | 517130e90918dc4003a14027831886634a960556 (patch) | |
tree | a6e4842ac2bf42317ae240d4f42dd305ce0211fc /jetty-security/src/main/java | |
parent | 3fabec8c5a121236ecee6ab534b83f8ffeb441d5 (diff) | |
download | org.eclipse.jetty.project-517130e90918dc4003a14027831886634a960556.tar.gz org.eclipse.jetty.project-517130e90918dc4003a14027831886634a960556.tar.xz org.eclipse.jetty.project-517130e90918dc4003a14027831886634a960556.zip |
317759 Allow roles and constraints to be added after init
git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@2043 7e9141cc-0065-0410-87d8-b60c137991c4
Diffstat (limited to 'jetty-security/src/main/java')
4 files changed, 165 insertions, 98 deletions
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintAware.java b/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintAware.java index 1135aa7591..2ec8d8db01 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintAware.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintAware.java @@ -13,6 +13,7 @@ package org.eclipse.jetty.security; +import java.util.List; import java.util.Set; /** @@ -20,9 +21,29 @@ import java.util.Set; */ public interface ConstraintAware { - ConstraintMapping[] getConstraintMappings(); - + List<ConstraintMapping> getConstraintMappings(); Set<String> getRoles(); - - void setConstraintMappings(ConstraintMapping[] constraintMappings, Set<String> roles); + + /* ------------------------------------------------------------ */ + /** Set Constraint Mappings and roles. + * Can only be called during initialization. + * @param constraintMappings + * @param roles + */ + void setConstraintMappings(List<ConstraintMapping> constraintMappings, Set<String> roles); + + /* ------------------------------------------------------------ */ + /** Add a Constraint Mapping. + * May be called for running webapplication as an annotated servlet is instantiated. + * @param mapping + */ + void addConstraintMapping(ConstraintMapping mapping); + + + /* ------------------------------------------------------------ */ + /** Add a Role definition. + * May be called on running webapplication as an annotated servlet is instantiated. + * @param role + */ + void addRole(String role); } diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java b/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java index c8daed4c99..ca2f3c4190 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java @@ -14,9 +14,13 @@ package org.eclipse.jetty.security; import java.io.IOException; +import java.util.Collection; import java.util.HashSet; +import java.util.List; import java.util.Map; import java.util.Set; +import java.util.concurrent.CopyOnWriteArrayList; +import java.util.concurrent.CopyOnWriteArraySet; import org.eclipse.jetty.http.PathMap; import org.eclipse.jetty.http.security.Constraint; @@ -36,9 +40,9 @@ import org.eclipse.jetty.util.StringMap; */ public class ConstraintSecurityHandler extends SecurityHandler implements ConstraintAware { - private ConstraintMapping[] _constraintMappings; - private Set<String> _roles; - private PathMap _constraintMap = new PathMap(); + private final List<ConstraintMapping> _constraintMappings= new CopyOnWriteArrayList<ConstraintMapping>(); + private final Set<String> _roles = new CopyOnWriteArraySet<String>(); + private final PathMap _constraintMap = new PathMap(); private boolean _strict = true; @@ -76,7 +80,7 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr /** * @return Returns the contraintMappings. */ - public ConstraintMapping[] getConstraintMappings() + public List<ConstraintMapping> getConstraintMappings() { return _constraintMappings; } @@ -96,7 +100,7 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr * The contraintMappings to set, from which the set of known roles * is determined. */ - public void setConstraintMappings(ConstraintMapping[] constraintMappings) + public void setConstraintMappings(List<ConstraintMapping> constraintMappings) { setConstraintMappings(constraintMappings,null); } @@ -110,11 +114,12 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr * The contraintMappings to set. * @param roles The known roles (or null to determine them from the mappings) */ - public void setConstraintMappings(ConstraintMapping[] constraintMappings, Set<String> roles) + public void setConstraintMappings(List<ConstraintMapping> constraintMappings, Set<String> roles) { if (isStarted()) throw new IllegalStateException("Started"); - _constraintMappings = constraintMappings; + _constraintMappings.clear(); + _constraintMappings.addAll(constraintMappings); if (roles==null) { @@ -146,7 +151,48 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr if (isStarted()) throw new IllegalStateException("Started"); - this._roles = roles; + _roles.clear(); + _roles.addAll(roles); + } + + + + /* ------------------------------------------------------------ */ + /** + * @see org.eclipse.jetty.security.ConstraintAware#addConstraintMapping(org.eclipse.jetty.security.ConstraintMapping) + */ + public void addConstraintMapping(ConstraintMapping mapping) + { + _constraintMappings.add(mapping); + if (mapping.getConstraint()!=null && mapping.getConstraint().getRoles()!=null) + for (String role : mapping.getConstraint().getRoles()) + addRole(role); + + if (isStarted()) + { + processContraintMapping(mapping); + } + } + + /* ------------------------------------------------------------ */ + /** + * @see org.eclipse.jetty.security.ConstraintAware#addRole(java.lang.String) + */ + public void addRole(String role) + { + boolean modified = _roles.add(role); + if (isStarted() && modified && _strict) + { + // Add the new role to currently defined any role role infos + for (Map<String,RoleInfo> map : (Collection<Map<String,RoleInfo>>)_constraintMap.values()) + { + for (RoleInfo info : map.values()) + { + if (info.isAnyRole()) + info.addRole(role); + } + } + } } /* ------------------------------------------------------------ */ @@ -161,92 +207,95 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr { for (ConstraintMapping mapping : _constraintMappings) { - Map<String, RoleInfo> mappings = (Map<String, RoleInfo>)_constraintMap.get(mapping.getPathSpec()); - if (mappings == null) - { - mappings = new StringMap(); - _constraintMap.put(mapping.getPathSpec(),mappings); - } - RoleInfo allMethodsRoleInfo = mappings.get(null); - if (allMethodsRoleInfo != null && allMethodsRoleInfo.isForbidden()) - { - continue; - } - String httpMethod = mapping.getMethod(); - RoleInfo roleInfo = mappings.get(httpMethod); - if (roleInfo == null) + processContraintMapping(mapping); + } + } + super.doStart(); + } + + protected void processContraintMapping(ConstraintMapping mapping) + { + Map<String, RoleInfo> mappings = (Map<String, RoleInfo>)_constraintMap.get(mapping.getPathSpec()); + if (mappings == null) + { + mappings = new StringMap(); + _constraintMap.put(mapping.getPathSpec(),mappings); + } + RoleInfo allMethodsRoleInfo = mappings.get(null); + if (allMethodsRoleInfo != null && allMethodsRoleInfo.isForbidden()) + return; + + String httpMethod = mapping.getMethod(); + RoleInfo roleInfo = mappings.get(httpMethod); + if (roleInfo == null) + { + roleInfo = new RoleInfo(); + mappings.put(httpMethod,roleInfo); + if (allMethodsRoleInfo != null) + { + roleInfo.combine(allMethodsRoleInfo); + } + } + if (roleInfo.isForbidden()) + return; + + Constraint constraint = mapping.getConstraint(); + boolean forbidden = constraint.isForbidden(); + roleInfo.setForbidden(forbidden); + if (forbidden) + { + if (httpMethod == null) + { + mappings.clear(); + mappings.put(null,roleInfo); + } + } + else + { + UserDataConstraint userDataConstraint = UserDataConstraint.get(constraint.getDataConstraint()); + roleInfo.setUserDataConstraint(userDataConstraint); + + boolean checked = constraint.getAuthenticate(); + roleInfo.setChecked(checked); + if (roleInfo.isChecked()) + { + if (constraint.isAnyRole()) { - roleInfo = new RoleInfo(); - mappings.put(httpMethod,roleInfo); - if (allMethodsRoleInfo != null) + if (_strict) { - roleInfo.combine(allMethodsRoleInfo); + // * means "all defined roles" + for (String role : _roles) + roleInfo.addRole(role); } + else + // * means any role + roleInfo.setAnyRole(true); } - if (roleInfo.isForbidden()) - { - continue; - } - Constraint constraint = mapping.getConstraint(); - boolean forbidden = constraint.isForbidden(); - roleInfo.setForbidden(forbidden); - if (forbidden) + else { - if (httpMethod == null) + String[] newRoles = constraint.getRoles(); + for (String role : newRoles) { - mappings.clear(); - mappings.put(null,roleInfo); + if (_strict &&!_roles.contains(role)) + throw new IllegalArgumentException("Attempt to use undeclared role: " + role + ", known roles: " + _roles); + roleInfo.addRole(role); } } - else + } + if (httpMethod == null) + { + for (Map.Entry<String, RoleInfo> entry : mappings.entrySet()) { - UserDataConstraint userDataConstraint = UserDataConstraint.get(constraint.getDataConstraint()); - roleInfo.setUserDataConstraint(userDataConstraint); - - boolean checked = constraint.getAuthenticate(); - roleInfo.setChecked(checked); - if (roleInfo.isChecked()) - { - if (constraint.isAnyRole()) - { - if (_strict) - { - // * means "all defined roles" - for (String role : _roles) - roleInfo.addRole(role); - } - else - // * means any role - roleInfo.setAnyRole(true); - } - else - { - String[] newRoles = constraint.getRoles(); - for (String role : newRoles) - { - if (_strict &&!_roles.contains(role)) - throw new IllegalArgumentException("Attempt to use undeclared role: " + role + ", known roles: " + _roles); - roleInfo.addRole(role); - } - } - } - if (httpMethod == null) + if (entry.getKey() != null) { - for (Map.Entry<String, RoleInfo> entry : mappings.entrySet()) - { - if (entry.getKey() != null) - { - RoleInfo specific = entry.getValue(); - specific.combine(roleInfo); - } - } + RoleInfo specific = entry.getValue(); + specific.combine(roleInfo); } } } } - super.doStart(); } - + protected Object prepareConstraintInfo(String pathInContext, Request request) { Map<String, RoleInfo> mappings = (Map<String, RoleInfo>)_constraintMap.match(pathInContext); @@ -353,8 +402,7 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr if (roleInfo.isAnyRole() && request.getAuthType()!=null) return true; - String[] roles = roleInfo.getRoles(); - for (String role : roles) + for (String role : roleInfo.getRoles()) { if (userIdentity.isUserInRole(role, null)) return true; diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java index c95c226c61..7075cc9792 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java @@ -24,7 +24,6 @@ import java.util.List; import java.util.Properties; import org.eclipse.jetty.http.security.Credential; -import org.eclipse.jetty.http.security.Password; import org.eclipse.jetty.server.UserIdentity; import org.eclipse.jetty.util.Loader; import org.eclipse.jetty.util.log.Log; diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/RoleInfo.java b/jetty-security/src/main/java/org/eclipse/jetty/security/RoleInfo.java index b58558f70d..35df88ce8f 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/RoleInfo.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/RoleInfo.java @@ -13,9 +13,8 @@ package org.eclipse.jetty.security; -import java.util.Arrays; - -import org.eclipse.jetty.util.LazyList; +import java.util.Set; +import java.util.concurrent.CopyOnWriteArraySet; /** * @@ -27,13 +26,12 @@ import org.eclipse.jetty.util.LazyList; */ public class RoleInfo { - private final static String[] NO_ROLES={}; private boolean _isAnyRole; private boolean _checked; private boolean _forbidden; private UserDataConstraint _userDataConstraint; - private String[] _roles = NO_ROLES; + private final Set<String> _roles = new CopyOnWriteArraySet<String>(); public RoleInfo() { @@ -50,7 +48,7 @@ public class RoleInfo if (!checked) { _forbidden=false; - _roles=NO_ROLES; + _roles.clear(); _isAnyRole=false; } } @@ -68,7 +66,7 @@ public class RoleInfo _checked = true; _userDataConstraint = null; _isAnyRole=false; - _roles=NO_ROLES; + _roles.clear(); } } @@ -83,7 +81,7 @@ public class RoleInfo if (anyRole) { _checked = true; - _roles=NO_ROLES; + _roles.clear(); } } @@ -105,14 +103,14 @@ public class RoleInfo } } - public String[] getRoles() + public Set<String> getRoles() { return _roles; } public void addRole(String role) { - _roles=(String[])LazyList.addToArray(_roles,role,String.class); + _roles.add(role); } public void combine(RoleInfo other) @@ -126,14 +124,15 @@ public class RoleInfo else if (!_isAnyRole) { for (String r : other._roles) - _roles=(String[])LazyList.addToArray(_roles,r,String.class); + _roles.add(r); } setUserDataConstraint(other._userDataConstraint); } + @Override public String toString() { - return "{RoleInfo"+(_forbidden?",F":"")+(_checked?",C":"")+(_isAnyRole?",*":Arrays.asList(_roles).toString())+"}"; + return "{RoleInfo"+(_forbidden?",F":"")+(_checked?",C":"")+(_isAnyRole?",*":_roles)+"}"; } } |