use of javax.servlet.HttpMethodConstraintElement in project jetty.project by eclipse.
the class ConstraintSecurityHandler method createConstraintsWithMappingsForPath.
/* ------------------------------------------------------------ */
/**
* Generate Constraints and ContraintMappings for the given url pattern and ServletSecurityElement
*
* @param name the name
* @param pathSpec the path spec
* @param securityElement the servlet security element
* @return the list of constraint mappings
*/
public static List<ConstraintMapping> createConstraintsWithMappingsForPath(String name, String pathSpec, ServletSecurityElement securityElement) {
List<ConstraintMapping> mappings = new ArrayList<ConstraintMapping>();
//Create a constraint that will describe the default case (ie if not overridden by specific HttpMethodConstraints)
Constraint httpConstraint = null;
ConstraintMapping httpConstraintMapping = null;
if (securityElement.getEmptyRoleSemantic() != EmptyRoleSemantic.PERMIT || securityElement.getRolesAllowed().length != 0 || securityElement.getTransportGuarantee() != TransportGuarantee.NONE) {
httpConstraint = ConstraintSecurityHandler.createConstraint(name, securityElement);
//Create a mapping for the pathSpec for the default case
httpConstraintMapping = new ConstraintMapping();
httpConstraintMapping.setPathSpec(pathSpec);
httpConstraintMapping.setConstraint(httpConstraint);
mappings.add(httpConstraintMapping);
}
//See Spec 13.4.1.2 p127
List<String> methodOmissions = new ArrayList<String>();
//make constraint mappings for this url for each of the HttpMethodConstraintElements
Collection<HttpMethodConstraintElement> methodConstraintElements = securityElement.getHttpMethodConstraints();
if (methodConstraintElements != null) {
for (HttpMethodConstraintElement methodConstraintElement : methodConstraintElements) {
//Make a Constraint that captures the <auth-constraint> and <user-data-constraint> elements supplied for the HttpMethodConstraintElement
Constraint methodConstraint = ConstraintSecurityHandler.createConstraint(name, methodConstraintElement);
ConstraintMapping mapping = new ConstraintMapping();
mapping.setConstraint(methodConstraint);
mapping.setPathSpec(pathSpec);
if (methodConstraintElement.getMethodName() != null) {
mapping.setMethod(methodConstraintElement.getMethodName());
//See spec 13.4.1.2 p127 - add an omission for every method name to the default constraint
methodOmissions.add(methodConstraintElement.getMethodName());
}
mappings.add(mapping);
}
}
//UNLESS the default constraint contains all default values. In that case, we won't add it. See Servlet Spec 3.1 pg 129
if (methodOmissions.size() > 0 && httpConstraintMapping != null)
httpConstraintMapping.setMethodOmissions(methodOmissions.toArray(new String[methodOmissions.size()]));
return mappings;
}
use of javax.servlet.HttpMethodConstraintElement in project jetty.project by eclipse.
the class ConstraintTest method testSecurityElementExample13_7.
/**
* Equivalent of Servlet Spec 3.1 pg 132, sec 13.4.1.1, Example 13-7
* @ServletSecurity(value = @HttpConstraint(rolesAllowed = "R1"),
* httpMethodConstraints = @HttpMethodConstraint(value="TRACE",
* emptyRoleSemantic = EmptyRoleSemantic.DENY))
* @throws Exception if test fails
*/
@Test
public void testSecurityElementExample13_7() throws Exception {
List<HttpMethodConstraintElement> methodElements = new ArrayList<HttpMethodConstraintElement>();
methodElements.add(new HttpMethodConstraintElement("TRACE", new HttpConstraintElement(EmptyRoleSemantic.DENY)));
ServletSecurityElement element = new ServletSecurityElement(new HttpConstraintElement(TransportGuarantee.NONE, "R1"), methodElements);
List<ConstraintMapping> mappings = ConstraintSecurityHandler.createConstraintsWithMappingsForPath("foo", "/foo/*", element);
Assert.assertTrue(!mappings.isEmpty());
Assert.assertEquals(2, mappings.size());
Assert.assertTrue(mappings.get(0).getMethodOmissions() != null);
Assert.assertEquals("TRACE", mappings.get(0).getMethodOmissions()[0]);
Assert.assertTrue(mappings.get(0).getConstraint().getAuthenticate());
Assert.assertEquals("R1", mappings.get(0).getConstraint().getRoles()[0]);
Assert.assertEquals("TRACE", mappings.get(1).getMethod());
Assert.assertTrue(mappings.get(1).getMethodOmissions() == null);
Assert.assertEquals(0, mappings.get(1).getConstraint().getDataConstraint());
Assert.assertTrue(mappings.get(1).getConstraint().isForbidden());
}
use of javax.servlet.HttpMethodConstraintElement in project jetty.project by eclipse.
the class ConstraintTest method testSecurityElementExample13_6.
/**
* Equivalent of Servlet Spec 3.1 pg 132, sec 13.4.1.1, Example 13-6
* @ServletSecurity(value = @HttpConstraint(rolesAllowed = "R1"), httpMethodConstraints = @HttpMethodConstraint("GET"))
* @throws Exception if test fails
*/
@Test
public void testSecurityElementExample13_6() throws Exception {
List<HttpMethodConstraintElement> methodElements = new ArrayList<HttpMethodConstraintElement>();
methodElements.add(new HttpMethodConstraintElement("GET"));
ServletSecurityElement element = new ServletSecurityElement(new HttpConstraintElement(TransportGuarantee.NONE, "R1"), methodElements);
List<ConstraintMapping> mappings = ConstraintSecurityHandler.createConstraintsWithMappingsForPath("foo", "/foo/*", element);
Assert.assertTrue(!mappings.isEmpty());
Assert.assertEquals(2, mappings.size());
Assert.assertTrue(mappings.get(0).getMethodOmissions() != null);
Assert.assertEquals("GET", mappings.get(0).getMethodOmissions()[0]);
Assert.assertTrue(mappings.get(0).getConstraint().getAuthenticate());
Assert.assertEquals("R1", mappings.get(0).getConstraint().getRoles()[0]);
Assert.assertEquals("GET", mappings.get(1).getMethod());
Assert.assertTrue(mappings.get(1).getMethodOmissions() == null);
Assert.assertEquals(0, mappings.get(1).getConstraint().getDataConstraint());
Assert.assertFalse(mappings.get(1).getConstraint().getAuthenticate());
}
use of javax.servlet.HttpMethodConstraintElement in project jetty.project by eclipse.
the class ConstraintTest method testSecurityElementExample13_5.
/**
* Equivalent of Servlet Spec 3.1 pg 132, sec 13.4.1.1, Example 13-5
* @ServletSecurity((httpMethodConstraints = {
* @HttpMethodConstraint(value = "GET", rolesAllowed = "R1"),
* @HttpMethodConstraint(value = "POST", rolesAllowed = "R1",
* transportGuarantee = TransportGuarantee.CONFIDENTIAL)})
* @throws Exception if test fails
*/
@Test
public void testSecurityElementExample13_5() throws Exception {
List<HttpMethodConstraintElement> methodElements = new ArrayList<HttpMethodConstraintElement>();
methodElements.add(new HttpMethodConstraintElement("GET", new HttpConstraintElement(TransportGuarantee.NONE, "R1")));
methodElements.add(new HttpMethodConstraintElement("POST", new HttpConstraintElement(TransportGuarantee.CONFIDENTIAL, "R1")));
ServletSecurityElement element = new ServletSecurityElement(methodElements);
List<ConstraintMapping> mappings = ConstraintSecurityHandler.createConstraintsWithMappingsForPath("foo", "/foo/*", element);
Assert.assertTrue(!mappings.isEmpty());
Assert.assertEquals(2, mappings.size());
Assert.assertEquals("GET", mappings.get(0).getMethod());
Assert.assertEquals("R1", mappings.get(0).getConstraint().getRoles()[0]);
Assert.assertTrue(mappings.get(0).getMethodOmissions() == null);
Assert.assertEquals(0, mappings.get(0).getConstraint().getDataConstraint());
Assert.assertEquals("POST", mappings.get(1).getMethod());
Assert.assertEquals("R1", mappings.get(1).getConstraint().getRoles()[0]);
Assert.assertEquals(2, mappings.get(1).getConstraint().getDataConstraint());
Assert.assertTrue(mappings.get(1).getMethodOmissions() == null);
}
use of javax.servlet.HttpMethodConstraintElement in project blade by biezhi.
the class ConstraintSecurityHandler method createConstraintsWithMappingsForPath.
/* ------------------------------------------------------------ */
/**
* Generate Constraints and ContraintMappings for the given url pattern and ServletSecurityElement
*
* @param name the name
* @param pathSpec the path spec
* @param securityElement the servlet security element
* @return the list of constraint mappings
*/
public static List<ConstraintMapping> createConstraintsWithMappingsForPath(String name, String pathSpec, ServletSecurityElement securityElement) {
List<ConstraintMapping> mappings = new ArrayList<ConstraintMapping>();
//Create a constraint that will describe the default case (ie if not overridden by specific HttpMethodConstraints)
Constraint httpConstraint = null;
ConstraintMapping httpConstraintMapping = null;
if (securityElement.getEmptyRoleSemantic() != EmptyRoleSemantic.PERMIT || securityElement.getRolesAllowed().length != 0 || securityElement.getTransportGuarantee() != TransportGuarantee.NONE) {
httpConstraint = ConstraintSecurityHandler.createConstraint(name, securityElement);
//Create a mapping for the pathSpec for the default case
httpConstraintMapping = new ConstraintMapping();
httpConstraintMapping.setPathSpec(pathSpec);
httpConstraintMapping.setConstraint(httpConstraint);
mappings.add(httpConstraintMapping);
}
//See Spec 13.4.1.2 p127
List<String> methodOmissions = new ArrayList<String>();
//make constraint mappings for this url for each of the HttpMethodConstraintElements
Collection<HttpMethodConstraintElement> methodConstraintElements = securityElement.getHttpMethodConstraints();
if (methodConstraintElements != null) {
for (HttpMethodConstraintElement methodConstraintElement : methodConstraintElements) {
//Make a Constraint that captures the <auth-constraint> and <user-data-constraint> elements supplied for the HttpMethodConstraintElement
Constraint methodConstraint = ConstraintSecurityHandler.createConstraint(name, methodConstraintElement);
ConstraintMapping mapping = new ConstraintMapping();
mapping.setConstraint(methodConstraint);
mapping.setPathSpec(pathSpec);
if (methodConstraintElement.getMethodName() != null) {
mapping.setMethod(methodConstraintElement.getMethodName());
//See spec 13.4.1.2 p127 - add an omission for every method name to the default constraint
methodOmissions.add(methodConstraintElement.getMethodName());
}
mappings.add(mapping);
}
}
//UNLESS the default constraint contains all default values. In that case, we won't add it. See Servlet Spec 3.1 pg 129
if (methodOmissions.size() > 0 && httpConstraintMapping != null)
httpConstraintMapping.setMethodOmissions(methodOmissions.toArray(new String[methodOmissions.size()]));
return mappings;
}
Aggregations