@Override public Set<String> setServletSecurity(ServletSecurityElement constraint) { this.servletSecurityElement = constraint; Set<String> conflictUrls = new HashSet<String>(wcd.getUrlPatternsSet()); conflictUrls.removeAll(ServletSecurityHandler.getUrlPatternsWithoutSecurityConstraint(wcd)); conflictUrls.addAll(super.setServletSecurity(constraint)); return conflictUrls; }
@Override protected HandlerProcessingResult processAnnotation( AnnotationInfo ainfo, WebBundleContext webBundleContext) throws AnnotationProcessorException { return getInvalidAnnotatedElementHandlerResult( ainfo.getProcessingContext().getHandler(), ainfo); }
@Override protected HandlerProcessingResult processAnnotation(AnnotationInfo ainfo, WebComponentContext[] webCompContexts) throws AnnotationProcessorException { HandlerProcessingResult result = null; for (WebComponentContext webCompContext : webCompContexts) { result = processAnnotation(ainfo, webCompContext.getDescriptor()); if (result.getOverallResult() == ResultType.FAILED) { break; } } return result; }
log(Level.SEVERE, ainfo, localStrings.getLocalString( "enterprise.deployment.annotation.handlers.needtoextend", "The Class {0} having annotation {1} need to be a derived class of {2}.", new Object[] { webCompClass.getName(), SecurityConstraint.class.getName(), HttpServlet.class.getName() })); return getDefaultFailedResult(); Set<String> urlPatterns = getUrlPatternsWithoutSecurityConstraint(webCompDesc); createSecurityConstraint(webBundleDesc, urlPatterns, httpConstraint.rolesAllowed(), httpConstraint.value(), String httpMethod = httpMethodConstraint.value(); if (httpMethod == null || httpMethod.length() == 0) { return getDefaultFailedResult(); createSecurityConstraint(webBundleDesc, urlPatterns, httpMethodConstraint.rolesAllowed(), httpMethodConstraint.emptyRoleSemantic(), return getDefaultProcessedResult();
void processServletSecurityElement(ServletSecurityElement servletSecurityElement, WebBundleDescriptor wbd, WebComponentDescriptor wcd) { Set<String> urlPatterns = ServletSecurityHandler.getUrlPatternsWithoutSecurityConstraint(wcd); if (urlPatterns.size() > 0) { SecurityConstraint securityConstraint = ServletSecurityHandler.createSecurityConstraint(wbd, urlPatterns, servletSecurityElement.getRolesAllowed(), servletSecurityElement.getEmptyRoleSemantic(), servletSecurityElement.getTransportGuarantee(), null); //we know there is one WebResourceCollection there WebResourceCollection webResColl = securityConstraint.getWebResourceCollections().iterator().next(); for (HttpMethodConstraintElement httpMethodConstraintElement : servletSecurityElement.getHttpMethodConstraints()) { String httpMethod = httpMethodConstraintElement.getMethodName(); ServletSecurityHandler.createSecurityConstraint(wbd, urlPatterns, httpMethodConstraintElement.getRolesAllowed(), httpMethodConstraintElement.getEmptyRoleSemantic(), httpMethodConstraintElement.getTransportGuarantee(), httpMethod); //exclude this from the top level constraint webResColl.addHttpMethodOmission(httpMethod); } } }