public static void main(String args[]) { String list[] = null; System.out.println("Creating new collection"); SecurityCollection collection = new SecurityCollection(); System.out.println("Adding GET and POST methods"); collection.addMethod("GET"); collection.addMethod("POST"); System.out.println("Currently defined methods:"); list = collection.findMethods(); for (int i = 0; i < list.length; i++) System.out.println(" " + list[i]); System.out.println("Is DELETE included? " + collection.findMethod("DELETE")); System.out.println("Is POST included? " + collection.findMethod("POST")); System.out.println("Removing POST method"); collection.removeMethod("POST"); System.out.println("Currently defined methods:"); list = collection.findMethods(); for (int i = 0; i < list.length; i++) System.out.println(" " + list[i]); System.out.println("Is DELETE included? " + collection.findMethod("DELETE")); System.out.println("Is POST included? " + collection.findMethod("POST")); }
/** * Construct a new security collection instance with specified values. * * @param name Name of this security collection * @param description Description of this security collection */ public SecurityCollection(String name, String description) { super(); setName(name); setDescription(description); }
/** * Return <code>true</code> if the specified context-relative URI (and * associated HTTP method) are protected by this security constraint. * * @param uri Context-relative URI to check * @param method Request method being used */ public boolean included(String uri, String method) { // We cannot match without a valid request method if (method == null) return (false); // Check all of the collections included in this constraint for (int i = 0; i < collections.length; i++) { if (!collections[i].findMethod(method)) continue; String patterns[] = collections[i].findPatterns(); for (int j = 0; j < patterns.length; j++) { if (matchPattern(uri, patterns[j])) return (true); } } // No collection included in this constraint matches this request return (false); }
/** * Return <code>true</code> if the specified context-relative URI (and * associated HTTP method) are protected by this security constraint. * * @param uri Context-relative URI to check * @param method Request method being used */ public boolean included(String uri, String method) { // We cannot match without a valid request method if (method == null) return (false); // Check all of the collections included in this constraint for (int i = 0; i < collections.length; i++) { if (!collections[i].findMethod(method)) continue; if (collections[i].findMethodOmission(method)) continue; String patterns[] = collections[i].findPatterns(); for (int j = 0; j < patterns.length; j++) { if (matchPattern(uri, patterns[j])) return (true); } } // No collection included in this constraint matches this request return (false); }
setLoginConfig(loginConfig); final SecurityCollection collection = new SecurityCollection(); for (final Field f : HttpMethod.class.getFields()) { if (Modifier.isStatic(f.getModifiers())) { try { collection.addMethod(f.get(null).toString()); } catch (final IllegalAccessException e) { collection.addPattern("/*"); collection.setName(roles[0]);
sb.append(" <web-resource-collection>\n"); appendElement(sb, INDENT6, "web-resource-name", collection.getName()); appendElement(sb, INDENT6, "description", collection.getDescription()); for (String urlPattern : collection.findPatterns()) { appendElement(sb, INDENT6, "url-pattern", urlPattern); for (String method : collection.findMethods()) { appendElement(sb, INDENT6, "http-method", method); for (String method : collection.findOmittedMethods()) { appendElement(sb, INDENT6, "http-method-omission", method);
for (SecurityConstraint staticConstraint : staticConstraints) { for (SecurityCollection collection : staticConstraint.findCollections()) { for (String urlPattern : collection.findPatterns()) { excludedPatterns.add(urlPattern); constraint.setUserConstraint(org.apache.catalina.realm.Constants.CONFIDENTIAL_TRANSPORT); SecurityCollection collection = new SecurityCollection(); collection.addMethod(method); collection.addPattern(urlPattern); constraint.setUserConstraint(org.apache.catalina.realm.Constants.CONFIDENTIAL_TRANSPORT); SecurityCollection collection = new SecurityCollection(); collection.addPattern(urlPattern); collection.addMethodOmission(methodOmission);
SecurityCollection collection = new SecurityCollection(); boolean create = alwaysCreate; collection.addPattern(urlPattern); constraint.addCollection(collection); return constraint;
String patterns[] = collections[i].findPatterns(); for (int j = 0; j < patterns.length; j++) { patterns[j] = adjustURLPattern(patterns[j]); patterns[j])); if (collections[i].findMethods().length > 0 && collections[i].findOmittedMethods().length > 0) { throw new IllegalArgumentException(sm.getString( "standardContext.securityConstraint.mixHttpMethod"));
collection.addMethod(methodElement.getMethodName()); result.add(constraint); Iterator<String> ommittedMethod = element.getMethodNames().iterator(); while (ommittedMethod.hasNext()) { collection.addOmittedMethod(ommittedMethod.next());
/** * Return the web resource collection for the specified name, if any; * otherwise, return <code>null</code>. * * @param name Web resource collection name to return */ public SecurityCollection findCollection(String name) { if (name == null) return (null); for (int i = 0; i < collections.length; i++) { if (name.equals(collections[i].getName())) return (collections[i]); } return (null); }
/** * Add a security constraint to the set for this web application. */ @Override public void addConstraint(SecurityConstraint constraint) { // Validate the proposed constraint SecurityCollection collections[] = constraint.findCollections(); for(SecurityCollection collection : collections) { String patterns[] = collection.findPatterns(); for(int j = 0; j < patterns.length; j++) { patterns[j] = adjustURLPattern(patterns[j]); if(!validateURLPattern(patterns[j])) { String msg = MessageFormat.format(rb.getString(LogFacade.SECURITY_CONSTRAINT_PATTERN_EXCEPTION), patterns[j]); throw new IllegalArgumentException(msg); } } } // Add this constraint to the set for our web application constraints.add(constraint); }
for (final SecurityCollection collection : constraint.findCollections()) { if (collection.findMethods().length > 0) { for (final String httpMethod : collection.findMethods()) { if (httpMethod.equals(ori.getHttpMethod())) { ignore = false; for (final String pattern : collection.findPatterns()) { if (pattern.endsWith("*")) { final String substring = pattern.substring(0, pattern.length() - 1);
SecurityCollection collection = new SecurityCollection(); collection.addMethod("GET"); collection.addMethod("POST"); collection.addPattern("/*"); collection.setName("default"); SecurityConstraint sc = new SecurityConstraint(); sc.addAuthRole("*");
sb.append(" <web-resource-collection>\n"); appendElement(sb, INDENT6, "web-resource-name", collection.getName()); appendElement(sb, INDENT6, "description", collection.getDescription()); for (String urlPattern : collection.findPatterns()) { appendElement(sb, INDENT6, "url-pattern", urlPattern); for (String method : collection.findMethods()) { appendElement(sb, INDENT6, "http-method", method); for (String method : collection.findOmittedMethods()) { appendElement(sb, INDENT6, "http-method-omission", method);
for (SecurityConstraint staticConstraint : staticConstraints) { for (SecurityCollection collection : staticConstraint.findCollections()) { for (String urlPattern : collection.findPatterns()) { excludedPatterns.add(urlPattern); constraint.setUserConstraint(org.apache.catalina.realm.Constants.CONFIDENTIAL_TRANSPORT); SecurityCollection collection = new SecurityCollection(); collection.addMethod(method); collection.addPattern(urlPattern); constraint.setUserConstraint(org.apache.catalina.realm.Constants.CONFIDENTIAL_TRANSPORT); SecurityCollection collection = new SecurityCollection(); collection.addPattern(urlPattern); collection.addMethodOmission(methodOmission);
SecurityCollection securityCollection = new SecurityCollection("Protected Resources"); if (config.isConsoleOnlyPassword()) { securityCollection.addPattern("/index.jspx"); } else { securityCollection.addPattern("/*");
String patterns[] = collections[i].findPatterns(); for (int j = 0; j < patterns.length; j++) { patterns[j] = adjustURLPattern(patterns[j]); patterns[j])); if (collections[i].findMethods().length > 0 && collections[i].findOmittedMethods().length > 0) { throw new IllegalArgumentException(sm.getString( "standardContext.securityConstraint.mixHttpMethod"));
/** * Return <code>true</code> if the specified context-relative URI (and * associated HTTP method) are protected by this security constraint. * * @param uri Context-relative URI to check * @param method Request method being used */ public boolean included(String uri, String method) { // We cannot match without a valid request method if (method == null) return (false); // Check all of the collections included in this constraint for (int i = 0; i < collections.length; i++) { if (!collections[i].findMethod(method)) continue; if (collections[i].findMethodOmission(method)) continue; String patterns[] = collections[i].findPatterns(); for (int j = 0; j < patterns.length; j++) { if (matchPattern(uri, patterns[j])) return (true); } } // No collection included in this constraint matches this request return (false); }
collection.addMethod(methodElement.getMethodName()); result.add(constraint); Iterator<String> ommittedMethod = element.getMethodNames().iterator(); while (ommittedMethod.hasNext()) { collection.addOmittedMethod(ommittedMethod.next());