private SecurityPathMatches buildSecurityConstraints() {
SecurityPathMatches.Builder builder =
SecurityPathMatches.builder(deployment.getDeploymentInfo());
final Set<String> urlPatterns = new HashSet<String>();
for (SecurityConstraint constraint : deployment.getDeploymentInfo().getSecurityConstraints()) {
builder.addSecurityConstraint(constraint);
for (WebResourceCollection webResources : constraint.getWebResourceCollections()) {
urlPatterns.addAll(webResources.getUrlPatterns());
}
}
for (final ServletInfo servlet : deployment.getDeploymentInfo().getServlets().values()) {
final ServletSecurityInfo securityInfo = servlet.getServletSecurityInfo();
if (securityInfo != null) {
final Set<String> mappings = new HashSet<String>(servlet.getMappings());
mappings.removeAll(urlPatterns);
if (!mappings.isEmpty()) {
final Set<String> methods = new HashSet<String>();
for (HttpMethodSecurityInfo method : securityInfo.getHttpMethodSecurityInfo()) {
methods.add(method.getMethod());
if (method.getRolesAllowed().isEmpty()
&& method.getEmptyRoleSemantic() == ServletSecurity.EmptyRoleSemantic.PERMIT) {
// this is an implict allow
continue;
}
SecurityConstraint newConstraint =
new SecurityConstraint()
.addRolesAllowed(method.getRolesAllowed())
.setTransportGuaranteeType(method.getTransportGuaranteeType())
.addWebResourceCollection(
new WebResourceCollection()
.addUrlPatterns(mappings)
.addHttpMethod(method.getMethod()));
builder.addSecurityConstraint(newConstraint);
}
SecurityConstraint newConstraint =
new SecurityConstraint()
.addRolesAllowed(securityInfo.getRolesAllowed())
.setTransportGuaranteeType(securityInfo.getTransportGuaranteeType())
.addWebResourceCollection(
new WebResourceCollection()
.addUrlPatterns(mappings)
.addHttpMethodOmissions(methods));
builder.addSecurityConstraint(newConstraint);
}
}
}
return builder.build();
}
private DeploymentInfo createServletConfig(
final JBossWebMetaData mergedMetaData,
final DeploymentUnit deploymentUnit,
final Module module,
final DeploymentClassIndex classReflectionIndex,
final WebInjectionContainer injectionContainer,
final ComponentRegistry componentRegistry,
final ScisMetaData scisMetaData,
final VirtualFile deploymentRoot)
throws DeploymentUnitProcessingException {
try {
mergedMetaData.resolveAnnotations();
final DeploymentInfo d = new DeploymentInfo();
d.setContextPath(mergedMetaData.getContextRoot());
if (mergedMetaData.getDescriptionGroup() != null) {
d.setDisplayName(mergedMetaData.getDescriptionGroup().getDisplayName());
}
d.setDeploymentName(deploymentUnit.getName());
d.setResourceLoader(new DeploymentResourceLoader(deploymentRoot));
d.setClassLoader(module.getClassLoader());
final String servletVersion = mergedMetaData.getServletVersion();
if (servletVersion != null) {
d.setMajorVersion(Integer.parseInt(servletVersion.charAt(0) + ""));
d.setMinorVersion(Integer.parseInt(servletVersion.charAt(2) + ""));
} else {
d.setMajorVersion(3);
d.setMinorVersion(1);
}
// for 2.2 apps we do not require a leading / in path mappings
boolean is22OrOlder;
if (d.getMajorVersion() == 1) {
is22OrOlder = true;
} else if (d.getMajorVersion() == 2) {
is22OrOlder = d.getMinorVersion() < 3;
} else {
is22OrOlder = false;
}
HashMap<String, TagLibraryInfo> tldInfo =
createTldsInfo(deploymentUnit, classReflectionIndex, componentRegistry, d);
HashMap<String, JspPropertyGroup> propertyGroups = createJspConfig(mergedMetaData);
JspServletBuilder.setupDeployment(
d, propertyGroups, tldInfo, new UndertowJSPInstanceManager(injectionContainer));
d.setJspConfigDescriptor(
new JspConfigDescriptorImpl(tldInfo.values(), propertyGroups.values()));
d.setDefaultServletConfig(new DefaultServletConfig(true, Collections.<String>emptySet()));
// default JSP servlet
final ServletInfo jspServlet =
new ServletInfo("Default JSP Servlet", JspServlet.class)
.addMapping("*.jsp")
.addMapping("*.jspx")
.addInitParam("development", "false"); // todo: make configurable
d.addServlet(jspServlet);
final Set<String> jspPropertyGroupMappings = propertyGroups.keySet();
for (final String mapping : jspPropertyGroupMappings) {
jspServlet.addMapping(mapping);
}
d.setClassIntrospecter(new ComponentClassIntrospector(componentRegistry));
final Map<String, List<ServletMappingMetaData>> servletMappings = new HashMap<>();
if (mergedMetaData.getServletMappings() != null) {
for (final ServletMappingMetaData mapping : mergedMetaData.getServletMappings()) {
List<ServletMappingMetaData> list = servletMappings.get(mapping.getServletName());
if (list == null) {
servletMappings.put(mapping.getServletName(), list = new ArrayList<>());
}
list.add(mapping);
}
}
final Set<String> seenMappings = new HashSet<>(jspPropertyGroupMappings);
if (mergedMetaData.getServlets() != null) {
for (final JBossServletMetaData servlet : mergedMetaData.getServlets()) {
final ServletInfo s;
if (servlet.getJspFile() != null) {
// TODO: real JSP support
s = new ServletInfo(servlet.getName(), JspServlet.class);
s.addHandlerChainWrapper(new JspFileWrapper(servlet.getJspFile()));
} else {
Class<? extends Servlet> servletClass =
(Class<? extends Servlet>)
classReflectionIndex.classIndex(servlet.getServletClass()).getModuleClass();
ComponentRegistry.ComponentManagedReferenceFactory creator =
componentRegistry.getComponentsByClass().get(servletClass);
if (creator != null) {
InstanceFactory<Servlet> factory = createInstanceFactory(creator);
s = new ServletInfo(servlet.getName(), servletClass, factory);
} else {
s = new ServletInfo(servlet.getName(), servletClass);
}
}
s.setAsyncSupported(servlet.isAsyncSupported())
.setJspFile(servlet.getJspFile())
.setEnabled(servlet.isEnabled());
if (servlet.getRunAs() != null) {
s.setRunAs(servlet.getRunAs().getRoleName());
}
if (servlet
.getLoadOnStartupSet()) { // todo why not cleanup api and just use int everywhere
s.setLoadOnStartup(servlet.getLoadOnStartupInt());
}
List<ServletMappingMetaData> mappings = servletMappings.get(servlet.getName());
if (mappings != null) {
for (ServletMappingMetaData mapping : mappings) {
for (String pattern : mapping.getUrlPatterns()) {
if (is22OrOlder && !pattern.startsWith("*") && !pattern.startsWith("/")) {
pattern = "/" + pattern;
}
if (!seenMappings.contains(pattern)) {
s.addMapping(pattern);
seenMappings.add(pattern);
}
}
}
}
if (servlet.getInitParam() != null) {
for (ParamValueMetaData initParam : servlet.getInitParam()) {
if (!s.getInitParams().containsKey(initParam.getParamName())) {
s.addInitParam(initParam.getParamName(), initParam.getParamValue());
}
}
}
if (servlet.getServletSecurity() != null) {
ServletSecurityInfo securityInfo = new ServletSecurityInfo();
s.setServletSecurityInfo(securityInfo);
securityInfo
.setEmptyRoleSemantic(
servlet.getServletSecurity().getEmptyRoleSemantic()
== EmptyRoleSemanticType.PERMIT
? PERMIT
: DENY)
.setTransportGuaranteeType(
transportGuaranteeType(servlet.getServletSecurity().getTransportGuarantee()))
.addRolesAllowed(servlet.getServletSecurity().getRolesAllowed());
if (servlet.getServletSecurity().getHttpMethodConstraints() != null) {
for (HttpMethodConstraintMetaData method :
servlet.getServletSecurity().getHttpMethodConstraints()) {
securityInfo.addHttpMethodSecurityInfo(
new HttpMethodSecurityInfo()
.setEmptyRoleSemantic(
method.getEmptyRoleSemantic() == EmptyRoleSemanticType.PERMIT
? PERMIT
: DENY)
.setTransportGuaranteeType(
transportGuaranteeType(method.getTransportGuarantee()))
.addRolesAllowed(method.getRolesAllowed())
.setMethod(method.getMethod()));
}
}
}
if (servlet.getSecurityRoleRefs() != null) {
for (final SecurityRoleRefMetaData ref : servlet.getSecurityRoleRefs()) {
s.addSecurityRoleRef(ref.getRoleName(), ref.getRoleLink());
}
}
d.addServlet(s);
}
}
if (mergedMetaData.getFilters() != null) {
for (final FilterMetaData filter : mergedMetaData.getFilters()) {
Class<? extends Filter> filterClass =
(Class<? extends Filter>)
classReflectionIndex.classIndex(filter.getFilterClass()).getModuleClass();
ComponentRegistry.ComponentManagedReferenceFactory creator =
componentRegistry.getComponentsByClass().get(filterClass);
FilterInfo f;
if (creator != null) {
InstanceFactory<Filter> instanceFactory = createInstanceFactory(creator);
f = new FilterInfo(filter.getName(), filterClass, instanceFactory);
} else {
f = new FilterInfo(filter.getName(), filterClass);
}
f.setAsyncSupported(filter.isAsyncSupported());
d.addFilter(f);
if (filter.getInitParam() != null) {
for (ParamValueMetaData initParam : filter.getInitParam()) {
f.addInitParam(initParam.getParamName(), initParam.getParamValue());
}
}
}
}
if (mergedMetaData.getFilterMappings() != null) {
for (final FilterMappingMetaData mapping : mergedMetaData.getFilterMappings()) {
if (mapping.getUrlPatterns() != null) {
for (String url : mapping.getUrlPatterns()) {
if (is22OrOlder && !url.startsWith("*") && !url.startsWith("/")) {
url = "/" + url;
}
if (mapping.getDispatchers() != null && !mapping.getDispatchers().isEmpty()) {
for (DispatcherType dispatcher : mapping.getDispatchers()) {
d.addFilterUrlMapping(
mapping.getFilterName(),
url,
javax.servlet.DispatcherType.valueOf(dispatcher.name()));
}
} else {
d.addFilterUrlMapping(
mapping.getFilterName(), url, javax.servlet.DispatcherType.REQUEST);
}
}
}
if (mapping.getServletNames() != null) {
for (String servletName : mapping.getServletNames()) {
if (mapping.getDispatchers() != null && !mapping.getDispatchers().isEmpty()) {
for (DispatcherType dispatcher : mapping.getDispatchers()) {
d.addFilterServletNameMapping(
mapping.getFilterName(),
servletName,
javax.servlet.DispatcherType.valueOf(dispatcher.name()));
}
} else {
d.addFilterServletNameMapping(
mapping.getFilterName(), servletName, javax.servlet.DispatcherType.REQUEST);
}
}
}
}
}
if (scisMetaData != null && scisMetaData.getHandlesTypes() != null) {
for (final Map.Entry<ServletContainerInitializer, Set<Class<?>>> sci :
scisMetaData.getHandlesTypes().entrySet()) {
final ImmediateInstanceFactory<ServletContainerInitializer> instanceFactory =
new ImmediateInstanceFactory<>(sci.getKey());
d.addServletContainerInitalizer(
new ServletContainerInitializerInfo(
sci.getKey().getClass(), instanceFactory, sci.getValue()));
}
}
if (mergedMetaData.getListeners() != null) {
for (ListenerMetaData listener : mergedMetaData.getListeners()) {
addListener(classReflectionIndex, componentRegistry, d, listener);
}
}
if (mergedMetaData.getContextParams() != null) {
for (ParamValueMetaData param : mergedMetaData.getContextParams()) {
d.addInitParameter(param.getParamName(), param.getParamValue());
}
}
if (mergedMetaData.getWelcomeFileList() != null
&& mergedMetaData.getWelcomeFileList().getWelcomeFiles() != null) {
d.addWelcomePages(mergedMetaData.getWelcomeFileList().getWelcomeFiles());
} else {
d.addWelcomePages("index.html", "index.htm", "index.jsp");
}
if (mergedMetaData.getErrorPages() != null) {
for (final ErrorPageMetaData page : mergedMetaData.getErrorPages()) {
final ErrorPage errorPage;
if (page.getExceptionType() == null || page.getExceptionType().isEmpty()) {
errorPage = new ErrorPage(page.getLocation(), Integer.parseInt(page.getErrorCode()));
} else {
errorPage =
new ErrorPage(
page.getLocation(),
(Class<? extends Throwable>)
classReflectionIndex.classIndex(page.getExceptionType()).getModuleClass());
}
d.addErrorPages(errorPage);
}
}
if (mergedMetaData.getMimeMappings() != null) {
for (final MimeMappingMetaData mapping : mergedMetaData.getMimeMappings()) {
d.addMimeMapping(new MimeMapping(mapping.getExtension(), mapping.getMimeType()));
}
}
if (mergedMetaData.getSecurityConstraints() != null) {
for (SecurityConstraintMetaData constraint : mergedMetaData.getSecurityConstraints()) {
SecurityConstraint securityConstraint =
new SecurityConstraint()
.setTransportGuaranteeType(
transportGuaranteeType(constraint.getTransportGuarantee()))
.addRolesAllowed(constraint.getRoleNames());
if (constraint.getAuthConstraint() == null) {
// no auth constraint means we permit the empty roles
securityConstraint.setEmptyRoleSemantic(PERMIT);
}
if (constraint.getResourceCollections() != null) {
for (final WebResourceCollectionMetaData resourceCollection :
constraint.getResourceCollections()) {
securityConstraint.addWebResourceCollection(
new WebResourceCollection()
.addHttpMethods(resourceCollection.getHttpMethods())
.addHttpMethodOmissions(resourceCollection.getHttpMethodOmissions())
.addUrlPatterns(resourceCollection.getUrlPatterns()));
}
}
d.addSecurityConstraint(securityConstraint);
}
}
final LoginConfigMetaData loginConfig = mergedMetaData.getLoginConfig();
if (loginConfig != null) {
String authMethod = authMethod(loginConfig.getAuthMethod());
if (loginConfig.getFormLoginConfig() != null) {
d.setLoginConfig(
new LoginConfig(
authMethod,
loginConfig.getRealmName(),
loginConfig.getFormLoginConfig().getLoginPage(),
loginConfig.getFormLoginConfig().getErrorPage()));
} else {
d.setLoginConfig(new LoginConfig(authMethod, loginConfig.getRealmName()));
}
}
d.addSecurityRoles(mergedMetaData.getSecurityRoleNames());
if (mergedMetaData.getSecurityDomain() != null) {
String contextId = deploymentUnit.getName();
if (deploymentUnit.getParent() != null) {
contextId = deploymentUnit.getParent().getName() + "!" + contextId;
}
d.addOuterHandlerChainWrapper(
SecurityContextCreationHandler.wrapper(mergedMetaData.getSecurityDomain()));
d.addDispatchedHandlerChainWrapper(
SecurityContextAssociationHandler.wrapper(
mergedMetaData.getPrincipalVersusRolesMap(), contextId));
}
// Setup an deployer configured ServletContext attributes
final List<ServletContextAttribute> attributes =
deploymentUnit.getAttachmentList(ServletContextAttribute.ATTACHMENT_KEY);
for (ServletContextAttribute attribute : attributes) {
d.addServletContextAttribute(attribute.getName(), attribute.getValue());
}
if (mergedMetaData.getLocalEncodings() != null
&& mergedMetaData.getLocalEncodings().getMappings() != null) {
for (LocaleEncodingMetaData locale : mergedMetaData.getLocalEncodings().getMappings()) {
d.addLocaleCharsetMapping(locale.getLocale(), locale.getEncoding());
}
}
return d;
} catch (ClassNotFoundException e) {
throw new DeploymentUnitProcessingException(e);
}
}