if (httpConstraint.rolesAllowed().length > 0 && httpConstraint.value().equals(ServletSecurity.EmptyRoleSemantic.DENY)) { throw new DeploymentException("EmptyRoleSemantic with value DENY is not allowed in combination with a non-empty rolesAllowed list in the class " + servletClassName);
@Override public void visitEnum(String name, String desc, String value) { LOG.trace(format("visit enum name=[%s], desc=[%s], value=[%s]", name, desc, value)); switch(name) { case "transportGuarantee": transportGuarantee = TransportGuarantee.valueOf(value); break; case "value": emptyRoleSemantic = EmptyRoleSemantic.valueOf(value); break; } }
boolean classPA = servletSecurity.getEmptyRoleSemantic().equals(EmptyRoleSemantic.PERMIT); boolean classDA = servletSecurity.getEmptyRoleSemantic().equals(EmptyRoleSemantic.DENY); boolean classTP = servletSecurity.getTransportGuarantee().equals(TransportGuarantee.CONFIDENTIAL); String[] classRA = servletSecurity.getRolesAllowed(); boolean methodPA = httpMethodConstraint.getEmptyRoleSemantic().equals(EmptyRoleSemantic.PERMIT); boolean methodDA = httpMethodConstraint.getEmptyRoleSemantic().equals(EmptyRoleSemantic.DENY); boolean methodTP = httpMethodConstraint.getTransportGuarantee().equals(TransportGuarantee.CONFIDENTIAL); String[] methodRA = httpMethodConstraint.getRolesAllowed();
boolean classPA = servletSecurity.getEmptyRoleSemantic().equals(EmptyRoleSemantic.PERMIT); boolean classDA = servletSecurity.getEmptyRoleSemantic().equals(EmptyRoleSemantic.DENY); boolean classTP = servletSecurity.getTransportGuarantee().equals(TransportGuarantee.CONFIDENTIAL); String[] classRA = servletSecurity.getRolesAllowed(); boolean methodPA = httpMethodConstraint.getEmptyRoleSemantic().equals(EmptyRoleSemantic.PERMIT); boolean methodDA = httpMethodConstraint.getEmptyRoleSemantic().equals(EmptyRoleSemantic.DENY); boolean methodTP = httpMethodConstraint.getTransportGuarantee().equals(TransportGuarantee.CONFIDENTIAL); String[] methodRA = httpMethodConstraint.getRolesAllowed();
if (servletSecurityAnnotation.getEmptyRoleSemantic() != null) emptyRoleSemantic = EmptyRoleSemantic.valueOf(servletSecurityAnnotation.getEmptyRoleSemantic().toString()); if (annotationMethodConstraint.getEmptyRoleSemantic() != null) emptyRoleSemantic = EmptyRoleSemantic.valueOf(annotationMethodConstraint.getEmptyRoleSemantic().toString());
if (permitOrDeny.equals(EmptyRoleSemantic.DENY))
if (permitOrDeny.equals(EmptyRoleSemantic.DENY))
if (permitOrDeny.equals(EmptyRoleSemantic.DENY))
HttpMethodConstraint[] httpMethodConstraints = servletSecurity.httpMethodConstraints(); metaData.setEmptyRoleSemantic(EmptyRoleSemanticType.valueOf(httpConstraint.value().toString())); metaData.setTransportGuarantee(TransportGuaranteeType.valueOf(httpConstraint.transportGuarantee().toString())); List<String> rolesAllowed = new ArrayList<String>(); methodConstraint.setEmptyRoleSemantic(EmptyRoleSemanticType.valueOf(httpMethodConstraint.emptyRoleSemantic().toString())); methodConstraint.setTransportGuarantee(TransportGuaranteeType.valueOf(httpMethodConstraint.transportGuarantee().toString())); rolesAllowed = new ArrayList<String>();
if (permitOrDeny.equals(EmptyRoleSemantic.DENY))
if (permitOrDeny.equals(EmptyRoleSemantic.DENY))
if (permitOrDeny.equals(EmptyRoleSemantic.DENY))
if (permitOrDeny.equals(EmptyRoleSemantic.DENY))
if (permitOrDeny.equals(EmptyRoleSemantic.DENY))
if (permitOrDeny.equals(EmptyRoleSemantic.DENY))
private SecurityConstraintInfo newSecurityConstraint(String[] rolesAllowed, TransportGuarantee transportGuarantee, ServletSecurity.EmptyRoleSemantic emptyRoleSemantic, boolean force) { //IF emptyRoleSemantic=PERMIT AND rolesAllowed={} AND transportGuarantee=NONE then // No Constraint //END IF if (force || rolesAllowed.length > 0 || transportGuarantee.equals(TransportGuarantee.CONFIDENTIAL) || emptyRoleSemantic.equals(ServletSecurity.EmptyRoleSemantic.DENY)) { SecurityConstraintInfo securityConstraint = new SecurityConstraintInfo(); WebResourceCollectionInfo webResourceCollection = new WebResourceCollectionInfo(); securityConstraint.webResourceCollections.add(webResourceCollection); if (transportGuarantee.equals(TransportGuarantee.CONFIDENTIAL)) { securityConstraint.userDataConstraint = TransportGuarantee.CONFIDENTIAL.name(); } if (emptyRoleSemantic.equals(ServletSecurity.EmptyRoleSemantic.DENY)) { securityConstraint.authConstraint = new AuthConstraintInfo(); } else if (rolesAllowed.length > 0) { //When rolesAllowed.length == 0 and emptyRoleSemantic.equals(ServletSecurity.EmptyRoleSemantic.PERMIT), no need to create the AuthConstraint object, as it means deny all AuthConstraintInfo authConstraint = new AuthConstraintInfo(); for (String roleAllowed : rolesAllowed) { authConstraint.roleNames.add(roleAllowed); } securityConstraint.authConstraint = authConstraint; } return securityConstraint; } return null; }
/** * Construct a constraint with an empty role semantic, a transport guarantee * and roles. * * @param emptyRoleSemantic The empty role semantic to apply to the newly * created constraint * @param transportGuarantee The transport guarantee to apply to the newly * created constraint * @param rolesAllowed The roles to associate with the newly created * constraint * @throws IllegalArgumentException if roles are specified when DENY is used */ public HttpConstraintElement(EmptyRoleSemantic emptyRoleSemantic, TransportGuarantee transportGuarantee, String... rolesAllowed) { if (rolesAllowed != null && rolesAllowed.length > 0 && EmptyRoleSemantic.DENY.equals(emptyRoleSemantic)) { throw new IllegalArgumentException(lStrings.getString( "httpConstraintElement.invalidRolesDeny")); } this.emptyRoleSemantic = emptyRoleSemantic; this.transportGuarantee = transportGuarantee; this.rolesAllowed = rolesAllowed; }
/** * Construct a constraint with an empty role semantic, a transport guarantee * and roles. * * @param emptyRoleSemantic The empty role semantic to apply to the newly * created constraint * @param transportGuarantee The transport guarantee to apply to the newly * created constraint * @param rolesAllowed The roles to associate with the newly created * constraint * @throws IllegalArgumentException if roles are specified when DENY is used */ public HttpConstraintElement(EmptyRoleSemantic emptyRoleSemantic, TransportGuarantee transportGuarantee, String... rolesAllowed) { if (rolesAllowed != null && rolesAllowed.length > 0 && EmptyRoleSemantic.DENY.equals(emptyRoleSemantic)) { throw new IllegalArgumentException(lStrings.getString( "httpConstraintElement.invalidRolesDeny")); } this.emptyRoleSemantic = emptyRoleSemantic; this.transportGuarantee = transportGuarantee; this.rolesAllowed = rolesAllowed; }
/** * Construct a constraint with an empty role semantic, a transport guarantee * and roles. * * @param emptyRoleSemantic The empty role semantic to apply to the newly * created constraint * @param transportGuarantee The transport guarantee to apply to the newly * created constraint * @param rolesAllowed The roles to associate with the newly created * constraint * @throws IllegalArgumentException if roles are specified when DENY is used */ public HttpConstraintElement(EmptyRoleSemantic emptyRoleSemantic, TransportGuarantee transportGuarantee, String... rolesAllowed) { if (rolesAllowed != null && rolesAllowed.length > 0 && EmptyRoleSemantic.DENY.equals(emptyRoleSemantic)) { throw new IllegalArgumentException(lStrings.getString( "httpConstraintElement.invalidRolesDeny")); } this.emptyRoleSemantic = emptyRoleSemantic; this.transportGuarantee = transportGuarantee; this.rolesAllowed = rolesAllowed; }
/** * * @param emptyRoleSemantic * @param transportGuarantee * @param rolesAllowed * @throws IllegalArgumentException if roles are specified when DENY is used */ public HttpConstraintElement(EmptyRoleSemantic emptyRoleSemantic, TransportGuarantee transportGuarantee, String... rolesAllowed) { if (rolesAllowed != null && rolesAllowed.length > 0 && EmptyRoleSemantic.DENY.equals(emptyRoleSemantic)) { throw new IllegalArgumentException(lStrings.getString( "httpConstraintElement.invalidRolesDeny")); } this.emptyRoleSemantic = emptyRoleSemantic; this.transportGuarantee = transportGuarantee; this.rolesAllowed = rolesAllowed; }