public SecurityCollectionDecorator(WebResourceCollection decoree){ this.decoree = decoree; for (String urlPattern: decoree.getUrlPatterns()) { addPattern(urlPattern); } for (String httpMethod: decoree.getHttpMethods()) { addMethod(httpMethod); } for (String httpMethodOmission: decoree.getHttpMethodOmissions()) { addMethodOmission(httpMethodOmission); } }
/** * Return the description of this web resource collection. */ public String getDescription() { return decoree.getDescription(); }
for (String url: wrc.getUrlPatterns()) { if (url != null) { String[] methodNames = wrc.getHttpMethodsAsArray(); BitSet methods = MethodValue.methodArrayToSet(methodNames); wrc.getHttpMethodOmissionsAsArray(); omittedMethods = MethodValue.methodArrayToSet(omittedNames);
for (String httpMethod: wrc.getHttpMethods()) { sbm.append(httpMethod); sbm.append(" "); for (String urlPattern: wrc.getUrlPatterns()) { logger.finest(" "+ urlPattern);
public Collection<SecurityConstraint> getSecurityConstraintsForUrlPattern(String urlPattern) { Collection<SecurityConstraint> constraints = new HashSet<SecurityConstraint>(); for (Iterator<SecurityConstraint> i = getSecurityConstraintsSet().iterator(); i.hasNext();) { SecurityConstraint next = i.next(); boolean include = false; for (WebResourceCollection nextCol: next.getWebResourceCollections()) { for (String nextPattern: nextCol.getUrlPatterns()) { if ((urlPattern != null) && urlPattern.equals(nextPattern)) { include = true; break; } } if (include) { break; } } if (include) { constraints.add(next); } } return constraints; }
void processServletSecurityElement(ServletSecurityElement servletSecurityElement, WebBundleDescriptor wbd, WebComponentDescriptor wcd) { Set<String> urlPatterns = ServletSecurityHandler.getUrlPatternsWithoutSecurityConstraint(wcd); if (urlPatterns.size() > 0) { SecurityConstraint securityConstraint = ServletSecurityHandler.createSecurityConstraint(wbd, urlPatterns, servletSecurityElement.getRolesAllowed(), servletSecurityElement.getEmptyRoleSemantic(), servletSecurityElement.getTransportGuarantee(), null); //we know there is one WebResourceCollection there WebResourceCollection webResColl = securityConstraint.getWebResourceCollections().iterator().next(); for (HttpMethodConstraintElement httpMethodConstraintElement : servletSecurityElement.getHttpMethodConstraints()) { String httpMethod = httpMethodConstraintElement.getMethodName(); ServletSecurityHandler.createSecurityConstraint(wbd, urlPatterns, httpMethodConstraintElement.getRolesAllowed(), httpMethodConstraintElement.getEmptyRoleSemantic(), httpMethodConstraintElement.getTransportGuarantee(), httpMethod); //exclude this from the top level constraint webResColl.addHttpMethodOmission(httpMethod); } } }
for (String url: wrc.getUrlPatterns()) { if (url != null) { String[] methodNames = wrc.getHttpMethodsAsArray(); BitSet methods = MethodValue.methodArrayToSet(methodNames); wrc.getHttpMethodOmissionsAsArray(); omittedMethods = MethodValue.methodArrayToSet(omittedNames);
for (String httpMethod: wrc.getHttpMethods()) { sbm.append(httpMethod); sbm.append(" "); for (String urlPattern: wrc.getUrlPatterns()) { logger.finest(" "+ urlPattern);
protected void combineSecurityConstraints(Set<SecurityConstraint> firstScSet, Set<SecurityConstraint> secondScSet) { Set<String> allUrlPatterns = new HashSet<String>(); for (SecurityConstraint sc : firstScSet) { for (WebResourceCollection wrc : sc.getWebResourceCollections()) { allUrlPatterns.addAll(wrc.getUrlPatterns()); } } for (SecurityConstraint sc : secondScSet) { SecurityConstraint newSc = new SecurityConstraintImpl((SecurityConstraintImpl)sc); boolean addSc = false; Iterator<WebResourceCollection> iter = newSc.getWebResourceCollections().iterator(); while (iter.hasNext()) { WebResourceCollection wrc = iter.next(); Set<String> urlPatterns = wrc.getUrlPatterns(); urlPatterns.removeAll(allUrlPatterns); boolean isEmpty = (urlPatterns.size() == 0); addSc = (addSc || (!isEmpty)); if (isEmpty) { iter.remove(); } } if (addSc) { firstScSet.add(newSc); } } }
webResColl.addHttpMethodOmission(httpMethod);
/** * Given a WebComponentDescriptor, find the set of urlPattern which does not have * any existing url pattern in SecurityConstraint * @param webCompDesc * @return a list of url String */ public static Set<String> getUrlPatternsWithoutSecurityConstraint(WebComponentDescriptor webCompDesc) { Set<String> urlPatternsWithoutSC = new HashSet<String>(webCompDesc.getUrlPatternsSet()); WebBundleDescriptor webBundleDesc = webCompDesc.getWebBundleDescriptor(); Set<String> urlPatterns = webCompDesc.getUrlPatternsSet(); Enumeration<SecurityConstraint> eSecConstr = webBundleDesc.getSecurityConstraints(); while (eSecConstr.hasMoreElements()) { SecurityConstraint sc = eSecConstr.nextElement(); for (WebResourceCollection wrc : sc.getWebResourceCollections()) { urlPatternsWithoutSC.removeAll(wrc.getUrlPatterns()); } } return urlPatternsWithoutSC; }