Examples with HttpMethodConstraintElement javax.servlet.HttpMethodConstraintElement used on opensource projects

Example 1 with HttpMethodConstraintElement

use of javax.servlet.HttpMethodConstraintElement in project jetty.project by eclipse.

the class ConstraintSecurityHandler method createConstraintsWithMappingsForPath.

/* ------------------------------------------------------------ */
/** 
     * Generate Constraints and ContraintMappings for the given url pattern and ServletSecurityElement
     * 
     * @param name the name
     * @param pathSpec the path spec
     * @param securityElement the servlet security element
     * @return the list of constraint mappings
     */
public static List<ConstraintMapping> createConstraintsWithMappingsForPath(String name, String pathSpec, ServletSecurityElement securityElement) {
    List<ConstraintMapping> mappings = new ArrayList<ConstraintMapping>();
    //Create a constraint that will describe the default case (ie if not overridden by specific HttpMethodConstraints)
    Constraint httpConstraint = null;
    ConstraintMapping httpConstraintMapping = null;
    if (securityElement.getEmptyRoleSemantic() != EmptyRoleSemantic.PERMIT || securityElement.getRolesAllowed().length != 0 || securityElement.getTransportGuarantee() != TransportGuarantee.NONE) {
        httpConstraint = ConstraintSecurityHandler.createConstraint(name, securityElement);
        //Create a mapping for the pathSpec for the default case
        httpConstraintMapping = new ConstraintMapping();
        httpConstraintMapping.setPathSpec(pathSpec);
        httpConstraintMapping.setConstraint(httpConstraint);
        mappings.add(httpConstraintMapping);
    }
    //See Spec 13.4.1.2 p127
    List<String> methodOmissions = new ArrayList<String>();
    //make constraint mappings for this url for each of the HttpMethodConstraintElements
    Collection<HttpMethodConstraintElement> methodConstraintElements = securityElement.getHttpMethodConstraints();
    if (methodConstraintElements != null) {
        for (HttpMethodConstraintElement methodConstraintElement : methodConstraintElements) {
            //Make a Constraint that captures the <auth-constraint> and <user-data-constraint> elements supplied for the HttpMethodConstraintElement
            Constraint methodConstraint = ConstraintSecurityHandler.createConstraint(name, methodConstraintElement);
            ConstraintMapping mapping = new ConstraintMapping();
            mapping.setConstraint(methodConstraint);
            mapping.setPathSpec(pathSpec);
            if (methodConstraintElement.getMethodName() != null) {
                mapping.setMethod(methodConstraintElement.getMethodName());
                //See spec 13.4.1.2 p127 - add an omission for every method name to the default constraint
                methodOmissions.add(methodConstraintElement.getMethodName());
            }
            mappings.add(mapping);
        }
    }
    //UNLESS the default constraint contains all default values. In that case, we won't add it. See Servlet Spec 3.1 pg 129
    if (methodOmissions.size() > 0 && httpConstraintMapping != null)
        httpConstraintMapping.setMethodOmissions(methodOmissions.toArray(new String[methodOmissions.size()]));
    return mappings;
}

Example 2 with HttpMethodConstraintElement

use of javax.servlet.HttpMethodConstraintElement in project jetty.project by eclipse.

the class ConstraintTest method testSecurityElementExample13_7.

/**
     * Equivalent of Servlet Spec 3.1 pg 132, sec 13.4.1.1, Example 13-7
     * @ServletSecurity(value = @HttpConstraint(rolesAllowed = "R1"), 
     *                  httpMethodConstraints = @HttpMethodConstraint(value="TRACE",
     *                  emptyRoleSemantic = EmptyRoleSemantic.DENY))
     * @throws Exception if test fails
     */
@Test
public void testSecurityElementExample13_7() throws Exception {
    List<HttpMethodConstraintElement> methodElements = new ArrayList<HttpMethodConstraintElement>();
    methodElements.add(new HttpMethodConstraintElement("TRACE", new HttpConstraintElement(EmptyRoleSemantic.DENY)));
    ServletSecurityElement element = new ServletSecurityElement(new HttpConstraintElement(TransportGuarantee.NONE, "R1"), methodElements);
    List<ConstraintMapping> mappings = ConstraintSecurityHandler.createConstraintsWithMappingsForPath("foo", "/foo/*", element);
    Assert.assertTrue(!mappings.isEmpty());
    Assert.assertEquals(2, mappings.size());
    Assert.assertTrue(mappings.get(0).getMethodOmissions() != null);
    Assert.assertEquals("TRACE", mappings.get(0).getMethodOmissions()[0]);
    Assert.assertTrue(mappings.get(0).getConstraint().getAuthenticate());
    Assert.assertEquals("R1", mappings.get(0).getConstraint().getRoles()[0]);
    Assert.assertEquals("TRACE", mappings.get(1).getMethod());
    Assert.assertTrue(mappings.get(1).getMethodOmissions() == null);
    Assert.assertEquals(0, mappings.get(1).getConstraint().getDataConstraint());
    Assert.assertTrue(mappings.get(1).getConstraint().isForbidden());
}

Example 3 with HttpMethodConstraintElement

use of javax.servlet.HttpMethodConstraintElement in project jetty.project by eclipse.

the class ConstraintTest method testSecurityElementExample13_6.

/**
     * Equivalent of Servlet Spec 3.1 pg 132, sec 13.4.1.1, Example 13-6
     * @ServletSecurity(value = @HttpConstraint(rolesAllowed = "R1"), httpMethodConstraints = @HttpMethodConstraint("GET"))
     * @throws Exception if test fails
     */
@Test
public void testSecurityElementExample13_6() throws Exception {
    List<HttpMethodConstraintElement> methodElements = new ArrayList<HttpMethodConstraintElement>();
    methodElements.add(new HttpMethodConstraintElement("GET"));
    ServletSecurityElement element = new ServletSecurityElement(new HttpConstraintElement(TransportGuarantee.NONE, "R1"), methodElements);
    List<ConstraintMapping> mappings = ConstraintSecurityHandler.createConstraintsWithMappingsForPath("foo", "/foo/*", element);
    Assert.assertTrue(!mappings.isEmpty());
    Assert.assertEquals(2, mappings.size());
    Assert.assertTrue(mappings.get(0).getMethodOmissions() != null);
    Assert.assertEquals("GET", mappings.get(0).getMethodOmissions()[0]);
    Assert.assertTrue(mappings.get(0).getConstraint().getAuthenticate());
    Assert.assertEquals("R1", mappings.get(0).getConstraint().getRoles()[0]);
    Assert.assertEquals("GET", mappings.get(1).getMethod());
    Assert.assertTrue(mappings.get(1).getMethodOmissions() == null);
    Assert.assertEquals(0, mappings.get(1).getConstraint().getDataConstraint());
    Assert.assertFalse(mappings.get(1).getConstraint().getAuthenticate());
}

Example 4 with HttpMethodConstraintElement

use of javax.servlet.HttpMethodConstraintElement in project jetty.project by eclipse.

the class ConstraintTest method testSecurityElementExample13_5.

/**
     * Equivalent of Servlet Spec 3.1 pg 132, sec 13.4.1.1, Example 13-5
     * @ServletSecurity((httpMethodConstraints = {
     * @HttpMethodConstraint(value = "GET", rolesAllowed = "R1"),
     * @HttpMethodConstraint(value = "POST", rolesAllowed = "R1",
     *         transportGuarantee = TransportGuarantee.CONFIDENTIAL)})
     * @throws Exception if test fails
     */
@Test
public void testSecurityElementExample13_5() throws Exception {
    List<HttpMethodConstraintElement> methodElements = new ArrayList<HttpMethodConstraintElement>();
    methodElements.add(new HttpMethodConstraintElement("GET", new HttpConstraintElement(TransportGuarantee.NONE, "R1")));
    methodElements.add(new HttpMethodConstraintElement("POST", new HttpConstraintElement(TransportGuarantee.CONFIDENTIAL, "R1")));
    ServletSecurityElement element = new ServletSecurityElement(methodElements);
    List<ConstraintMapping> mappings = ConstraintSecurityHandler.createConstraintsWithMappingsForPath("foo", "/foo/*", element);
    Assert.assertTrue(!mappings.isEmpty());
    Assert.assertEquals(2, mappings.size());
    Assert.assertEquals("GET", mappings.get(0).getMethod());
    Assert.assertEquals("R1", mappings.get(0).getConstraint().getRoles()[0]);
    Assert.assertTrue(mappings.get(0).getMethodOmissions() == null);
    Assert.assertEquals(0, mappings.get(0).getConstraint().getDataConstraint());
    Assert.assertEquals("POST", mappings.get(1).getMethod());
    Assert.assertEquals("R1", mappings.get(1).getConstraint().getRoles()[0]);
    Assert.assertEquals(2, mappings.get(1).getConstraint().getDataConstraint());
    Assert.assertTrue(mappings.get(1).getMethodOmissions() == null);
}

Example 5 with HttpMethodConstraintElement

use of javax.servlet.HttpMethodConstraintElement in project blade by biezhi.

the class ConstraintSecurityHandler method createConstraintsWithMappingsForPath.

/* ------------------------------------------------------------ */
/** 
     * Generate Constraints and ContraintMappings for the given url pattern and ServletSecurityElement
     * 
     * @param name the name
     * @param pathSpec the path spec
     * @param securityElement the servlet security element
     * @return the list of constraint mappings
     */
public static List<ConstraintMapping> createConstraintsWithMappingsForPath(String name, String pathSpec, ServletSecurityElement securityElement) {
    List<ConstraintMapping> mappings = new ArrayList<ConstraintMapping>();
    //Create a constraint that will describe the default case (ie if not overridden by specific HttpMethodConstraints)
    Constraint httpConstraint = null;
    ConstraintMapping httpConstraintMapping = null;
    if (securityElement.getEmptyRoleSemantic() != EmptyRoleSemantic.PERMIT || securityElement.getRolesAllowed().length != 0 || securityElement.getTransportGuarantee() != TransportGuarantee.NONE) {
        httpConstraint = ConstraintSecurityHandler.createConstraint(name, securityElement);
        //Create a mapping for the pathSpec for the default case
        httpConstraintMapping = new ConstraintMapping();
        httpConstraintMapping.setPathSpec(pathSpec);
        httpConstraintMapping.setConstraint(httpConstraint);
        mappings.add(httpConstraintMapping);
    }
    //See Spec 13.4.1.2 p127
    List<String> methodOmissions = new ArrayList<String>();
    //make constraint mappings for this url for each of the HttpMethodConstraintElements
    Collection<HttpMethodConstraintElement> methodConstraintElements = securityElement.getHttpMethodConstraints();
    if (methodConstraintElements != null) {
        for (HttpMethodConstraintElement methodConstraintElement : methodConstraintElements) {
            //Make a Constraint that captures the <auth-constraint> and <user-data-constraint> elements supplied for the HttpMethodConstraintElement
            Constraint methodConstraint = ConstraintSecurityHandler.createConstraint(name, methodConstraintElement);
            ConstraintMapping mapping = new ConstraintMapping();
            mapping.setConstraint(methodConstraint);
            mapping.setPathSpec(pathSpec);
            if (methodConstraintElement.getMethodName() != null) {
                mapping.setMethod(methodConstraintElement.getMethodName());
                //See spec 13.4.1.2 p127 - add an omission for every method name to the default constraint
                methodOmissions.add(methodConstraintElement.getMethodName());
            }
            mappings.add(mapping);
        }
    }
    //UNLESS the default constraint contains all default values. In that case, we won't add it. See Servlet Spec 3.1 pg 129
    if (methodOmissions.size() > 0 && httpConstraintMapping != null)
        httpConstraintMapping.setMethodOmissions(methodOmissions.toArray(new String[methodOmissions.size()]));
    return mappings;
}