Skip to main content
aboutsummaryrefslogtreecommitdiffstats
path: root/jetty-security/src/main/java
diff options
context:
space:
mode:
authorGreg Wilkins2010-06-24 00:39:13 +0000
committerGreg Wilkins2010-06-24 00:39:13 +0000
commit517130e90918dc4003a14027831886634a960556 (patch)
treea6e4842ac2bf42317ae240d4f42dd305ce0211fc /jetty-security/src/main/java
parent3fabec8c5a121236ecee6ab534b83f8ffeb441d5 (diff)
downloadorg.eclipse.jetty.project-517130e90918dc4003a14027831886634a960556.tar.gz
org.eclipse.jetty.project-517130e90918dc4003a14027831886634a960556.tar.xz
org.eclipse.jetty.project-517130e90918dc4003a14027831886634a960556.zip
317759 Allow roles and constraints to be added after init
git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@2043 7e9141cc-0065-0410-87d8-b60c137991c4
Diffstat (limited to 'jetty-security/src/main/java')
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintAware.java29
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java210
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java1
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/RoleInfo.java23
4 files changed, 165 insertions, 98 deletions
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintAware.java b/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintAware.java
index 1135aa7591..2ec8d8db01 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintAware.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintAware.java
@@ -13,6 +13,7 @@
package org.eclipse.jetty.security;
+import java.util.List;
import java.util.Set;
/**
@@ -20,9 +21,29 @@ import java.util.Set;
*/
public interface ConstraintAware
{
- ConstraintMapping[] getConstraintMappings();
-
+ List<ConstraintMapping> getConstraintMappings();
Set<String> getRoles();
-
- void setConstraintMappings(ConstraintMapping[] constraintMappings, Set<String> roles);
+
+ /* ------------------------------------------------------------ */
+ /** Set Constraint Mappings and roles.
+ * Can only be called during initialization.
+ * @param constraintMappings
+ * @param roles
+ */
+ void setConstraintMappings(List<ConstraintMapping> constraintMappings, Set<String> roles);
+
+ /* ------------------------------------------------------------ */
+ /** Add a Constraint Mapping.
+ * May be called for running webapplication as an annotated servlet is instantiated.
+ * @param mapping
+ */
+ void addConstraintMapping(ConstraintMapping mapping);
+
+
+ /* ------------------------------------------------------------ */
+ /** Add a Role definition.
+ * May be called on running webapplication as an annotated servlet is instantiated.
+ * @param role
+ */
+ void addRole(String role);
}
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java b/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java
index c8daed4c99..ca2f3c4190 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java
@@ -14,9 +14,13 @@
package org.eclipse.jetty.security;
import java.io.IOException;
+import java.util.Collection;
import java.util.HashSet;
+import java.util.List;
import java.util.Map;
import java.util.Set;
+import java.util.concurrent.CopyOnWriteArrayList;
+import java.util.concurrent.CopyOnWriteArraySet;
import org.eclipse.jetty.http.PathMap;
import org.eclipse.jetty.http.security.Constraint;
@@ -36,9 +40,9 @@ import org.eclipse.jetty.util.StringMap;
*/
public class ConstraintSecurityHandler extends SecurityHandler implements ConstraintAware
{
- private ConstraintMapping[] _constraintMappings;
- private Set<String> _roles;
- private PathMap _constraintMap = new PathMap();
+ private final List<ConstraintMapping> _constraintMappings= new CopyOnWriteArrayList<ConstraintMapping>();
+ private final Set<String> _roles = new CopyOnWriteArraySet<String>();
+ private final PathMap _constraintMap = new PathMap();
private boolean _strict = true;
@@ -76,7 +80,7 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
/**
* @return Returns the contraintMappings.
*/
- public ConstraintMapping[] getConstraintMappings()
+ public List<ConstraintMapping> getConstraintMappings()
{
return _constraintMappings;
}
@@ -96,7 +100,7 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
* The contraintMappings to set, from which the set of known roles
* is determined.
*/
- public void setConstraintMappings(ConstraintMapping[] constraintMappings)
+ public void setConstraintMappings(List<ConstraintMapping> constraintMappings)
{
setConstraintMappings(constraintMappings,null);
}
@@ -110,11 +114,12 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
* The contraintMappings to set.
* @param roles The known roles (or null to determine them from the mappings)
*/
- public void setConstraintMappings(ConstraintMapping[] constraintMappings, Set<String> roles)
+ public void setConstraintMappings(List<ConstraintMapping> constraintMappings, Set<String> roles)
{
if (isStarted())
throw new IllegalStateException("Started");
- _constraintMappings = constraintMappings;
+ _constraintMappings.clear();
+ _constraintMappings.addAll(constraintMappings);
if (roles==null)
{
@@ -146,7 +151,48 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
if (isStarted())
throw new IllegalStateException("Started");
- this._roles = roles;
+ _roles.clear();
+ _roles.addAll(roles);
+ }
+
+
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.security.ConstraintAware#addConstraintMapping(org.eclipse.jetty.security.ConstraintMapping)
+ */
+ public void addConstraintMapping(ConstraintMapping mapping)
+ {
+ _constraintMappings.add(mapping);
+ if (mapping.getConstraint()!=null && mapping.getConstraint().getRoles()!=null)
+ for (String role : mapping.getConstraint().getRoles())
+ addRole(role);
+
+ if (isStarted())
+ {
+ processContraintMapping(mapping);
+ }
+ }
+
+ /* ------------------------------------------------------------ */
+ /**
+ * @see org.eclipse.jetty.security.ConstraintAware#addRole(java.lang.String)
+ */
+ public void addRole(String role)
+ {
+ boolean modified = _roles.add(role);
+ if (isStarted() && modified && _strict)
+ {
+ // Add the new role to currently defined any role role infos
+ for (Map<String,RoleInfo> map : (Collection<Map<String,RoleInfo>>)_constraintMap.values())
+ {
+ for (RoleInfo info : map.values())
+ {
+ if (info.isAnyRole())
+ info.addRole(role);
+ }
+ }
+ }
}
/* ------------------------------------------------------------ */
@@ -161,92 +207,95 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
{
for (ConstraintMapping mapping : _constraintMappings)
{
- Map<String, RoleInfo> mappings = (Map<String, RoleInfo>)_constraintMap.get(mapping.getPathSpec());
- if (mappings == null)
- {
- mappings = new StringMap();
- _constraintMap.put(mapping.getPathSpec(),mappings);
- }
- RoleInfo allMethodsRoleInfo = mappings.get(null);
- if (allMethodsRoleInfo != null && allMethodsRoleInfo.isForbidden())
- {
- continue;
- }
- String httpMethod = mapping.getMethod();
- RoleInfo roleInfo = mappings.get(httpMethod);
- if (roleInfo == null)
+ processContraintMapping(mapping);
+ }
+ }
+ super.doStart();
+ }
+
+ protected void processContraintMapping(ConstraintMapping mapping)
+ {
+ Map<String, RoleInfo> mappings = (Map<String, RoleInfo>)_constraintMap.get(mapping.getPathSpec());
+ if (mappings == null)
+ {
+ mappings = new StringMap();
+ _constraintMap.put(mapping.getPathSpec(),mappings);
+ }
+ RoleInfo allMethodsRoleInfo = mappings.get(null);
+ if (allMethodsRoleInfo != null && allMethodsRoleInfo.isForbidden())
+ return;
+
+ String httpMethod = mapping.getMethod();
+ RoleInfo roleInfo = mappings.get(httpMethod);
+ if (roleInfo == null)
+ {
+ roleInfo = new RoleInfo();
+ mappings.put(httpMethod,roleInfo);
+ if (allMethodsRoleInfo != null)
+ {
+ roleInfo.combine(allMethodsRoleInfo);
+ }
+ }
+ if (roleInfo.isForbidden())
+ return;
+
+ Constraint constraint = mapping.getConstraint();
+ boolean forbidden = constraint.isForbidden();
+ roleInfo.setForbidden(forbidden);
+ if (forbidden)
+ {
+ if (httpMethod == null)
+ {
+ mappings.clear();
+ mappings.put(null,roleInfo);
+ }
+ }
+ else
+ {
+ UserDataConstraint userDataConstraint = UserDataConstraint.get(constraint.getDataConstraint());
+ roleInfo.setUserDataConstraint(userDataConstraint);
+
+ boolean checked = constraint.getAuthenticate();
+ roleInfo.setChecked(checked);
+ if (roleInfo.isChecked())
+ {
+ if (constraint.isAnyRole())
{
- roleInfo = new RoleInfo();
- mappings.put(httpMethod,roleInfo);
- if (allMethodsRoleInfo != null)
+ if (_strict)
{
- roleInfo.combine(allMethodsRoleInfo);
+ // * means "all defined roles"
+ for (String role : _roles)
+ roleInfo.addRole(role);
}
+ else
+ // * means any role
+ roleInfo.setAnyRole(true);
}
- if (roleInfo.isForbidden())
- {
- continue;
- }
- Constraint constraint = mapping.getConstraint();
- boolean forbidden = constraint.isForbidden();
- roleInfo.setForbidden(forbidden);
- if (forbidden)
+ else
{
- if (httpMethod == null)
+ String[] newRoles = constraint.getRoles();
+ for (String role : newRoles)
{
- mappings.clear();
- mappings.put(null,roleInfo);
+ if (_strict &&!_roles.contains(role))
+ throw new IllegalArgumentException("Attempt to use undeclared role: " + role + ", known roles: " + _roles);
+ roleInfo.addRole(role);
}
}
- else
+ }
+ if (httpMethod == null)
+ {
+ for (Map.Entry<String, RoleInfo> entry : mappings.entrySet())
{
- UserDataConstraint userDataConstraint = UserDataConstraint.get(constraint.getDataConstraint());
- roleInfo.setUserDataConstraint(userDataConstraint);
-
- boolean checked = constraint.getAuthenticate();
- roleInfo.setChecked(checked);
- if (roleInfo.isChecked())
- {
- if (constraint.isAnyRole())
- {
- if (_strict)
- {
- // * means "all defined roles"
- for (String role : _roles)
- roleInfo.addRole(role);
- }
- else
- // * means any role
- roleInfo.setAnyRole(true);
- }
- else
- {
- String[] newRoles = constraint.getRoles();
- for (String role : newRoles)
- {
- if (_strict &&!_roles.contains(role))
- throw new IllegalArgumentException("Attempt to use undeclared role: " + role + ", known roles: " + _roles);
- roleInfo.addRole(role);
- }
- }
- }
- if (httpMethod == null)
+ if (entry.getKey() != null)
{
- for (Map.Entry<String, RoleInfo> entry : mappings.entrySet())
- {
- if (entry.getKey() != null)
- {
- RoleInfo specific = entry.getValue();
- specific.combine(roleInfo);
- }
- }
+ RoleInfo specific = entry.getValue();
+ specific.combine(roleInfo);
}
}
}
}
- super.doStart();
}
-
+
protected Object prepareConstraintInfo(String pathInContext, Request request)
{
Map<String, RoleInfo> mappings = (Map<String, RoleInfo>)_constraintMap.match(pathInContext);
@@ -353,8 +402,7 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
if (roleInfo.isAnyRole() && request.getAuthType()!=null)
return true;
- String[] roles = roleInfo.getRoles();
- for (String role : roles)
+ for (String role : roleInfo.getRoles())
{
if (userIdentity.isUserInRole(role, null))
return true;
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java
index c95c226c61..7075cc9792 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java
@@ -24,7 +24,6 @@ import java.util.List;
import java.util.Properties;
import org.eclipse.jetty.http.security.Credential;
-import org.eclipse.jetty.http.security.Password;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.Loader;
import org.eclipse.jetty.util.log.Log;
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/RoleInfo.java b/jetty-security/src/main/java/org/eclipse/jetty/security/RoleInfo.java
index b58558f70d..35df88ce8f 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/RoleInfo.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/RoleInfo.java
@@ -13,9 +13,8 @@
package org.eclipse.jetty.security;
-import java.util.Arrays;
-
-import org.eclipse.jetty.util.LazyList;
+import java.util.Set;
+import java.util.concurrent.CopyOnWriteArraySet;
/**
*
@@ -27,13 +26,12 @@ import org.eclipse.jetty.util.LazyList;
*/
public class RoleInfo
{
- private final static String[] NO_ROLES={};
private boolean _isAnyRole;
private boolean _checked;
private boolean _forbidden;
private UserDataConstraint _userDataConstraint;
- private String[] _roles = NO_ROLES;
+ private final Set<String> _roles = new CopyOnWriteArraySet<String>();
public RoleInfo()
{
@@ -50,7 +48,7 @@ public class RoleInfo
if (!checked)
{
_forbidden=false;
- _roles=NO_ROLES;
+ _roles.clear();
_isAnyRole=false;
}
}
@@ -68,7 +66,7 @@ public class RoleInfo
_checked = true;
_userDataConstraint = null;
_isAnyRole=false;
- _roles=NO_ROLES;
+ _roles.clear();
}
}
@@ -83,7 +81,7 @@ public class RoleInfo
if (anyRole)
{
_checked = true;
- _roles=NO_ROLES;
+ _roles.clear();
}
}
@@ -105,14 +103,14 @@ public class RoleInfo
}
}
- public String[] getRoles()
+ public Set<String> getRoles()
{
return _roles;
}
public void addRole(String role)
{
- _roles=(String[])LazyList.addToArray(_roles,role,String.class);
+ _roles.add(role);
}
public void combine(RoleInfo other)
@@ -126,14 +124,15 @@ public class RoleInfo
else if (!_isAnyRole)
{
for (String r : other._roles)
- _roles=(String[])LazyList.addToArray(_roles,r,String.class);
+ _roles.add(r);
}
setUserDataConstraint(other._userDataConstraint);
}
+ @Override
public String toString()
{
- return "{RoleInfo"+(_forbidden?",F":"")+(_checked?",C":"")+(_isAnyRole?",*":Arrays.asList(_roles).toString())+"}";
+ return "{RoleInfo"+(_forbidden?",F":"")+(_checked?",C":"")+(_isAnyRole?",*":_roles)+"}";
}
}

Back to the top