How to programmatically setup a in Servlets 3.x?

前端未结

关注

 3  393

In my current web application I am trying to get rid of web.xml and I have not been able to properly setup the security constraint that forces all requests to the applicatio

相关标签:

3条回答

耶瑟儿～

2020-12-20 12:38

I believe you are looking for the @ServletSecurity annotation

@WebServlet(urlPatterns = "/*")
@ServletSecurity(value = @HttpConstraint(transportGuarantee = TransportGuarantee.CONFIDENTIAL))
public class SomeServlet extends HttpServlet { ... }

Or with ServletRegistration in a ServletContainerInitializer (or anywhere you have access to a ServletContext)

ServletRegistration.Dynamic dynamic = context.addServlet("someServlet", SomeServlet.class);
dynamic.addMapping("/*");
HttpConstraintElement httpConstraintElement = new HttpConstraintElement(TransportGuarantee.CONFIDENTIAL);
ServletSecurityElement servletSecurityElement = new ServletSecurityElement(httpConstraintElement);
dynamic.setServletSecurity(servletSecurityElement);

0 讨论(0)

傲寒

2020-12-20 12:38

If you after deploy to JBoss or WildFly (Undertow based server ) there is a solution.

add ServletContainerInitializer or WebApplicationInitializer to you project .

onStartup(Set<Class<?>> c, ServletContext ctx) or onStartup(ServletContext ctx)

io.undertow.servlet.spec.ServletContextImpl servletContextImpl = (ServletContextImpl) ctx;
io.undertow.servlet.api.Deployment deployment = (DeploymentImpl) servletContextImpl.getDeployment();
DeploymentInfo deploymentInfo = deployment.getDeploymentInfo();
deploymentInfo.addSecurityConstraint(Servlets.securityConstraint()
                    .addRoleAllowed("*")
                    .addWebResourceCollections(Servlets.webResourceCollection().addUrlPattern("/*")));

//auth-mode 
deploymentInfo.setLoginConfig(Servlets.loginConfig("BASIC", null));
//deploymentInfo.setLoginConfig(Servlets.loginConfig("SPNEGO", "SPNEGO"));

deploymentInfo.addSecurityRole("*");
deploymentInfo.setSecurityDisabled(false);

....
 //ur Servlets go here
 ServletRegistration.Dynamic servlet = ctx.addServlet("rwtServlet", "org.eclipse.rap.rwt.engine.RWTServlet");

 servlet.addMapping("/rap");

 ctx.addListener("org.eclipse.rap.rwt.engine.RWTServletContextListener");

note: make sure to add undertow-servlet as compile time time dependency

<dependency>
    <groupId>io.undertow</groupId>
    <artifactId>undertow-servlet</artifactId>
    <version>2.0.30.Final</version>
</dependency>

0 讨论(0)

一生所求

2020-12-20 12:45

I was able to do this for a project by configuring the glassfish domain security:

Create a new security domain, in this example call it: FooRealm
Add users w (or w/o) passwords to FooRealm
Add each user to "GroupFoo"

That covers your glassfish config, here is your web.xml:

<security-constraint>
    <display-name>SecurityConstraint</display-name>
    <web-resource-collection>
        <web-resource-name>Everything</web-resource-name>
        <description>Everything</description>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <description>UserAuthenticationConstraint</description>
        <role-name>GroupFoo</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>FooRealm</realm-name>
    <form-login-config>
        <form-login-page>/Login.jsp</form-login-page>
        <form-error-page>/LoginError.html</form-error-page>
    </form-login-config>
</login-config>

0 讨论(0)