WebUserDataPermissionpublic final class WebUserDataPermission extends Permission implements Serializable| Class for Servlet Web user data permissions.
A WebUserDataPermission is a named permission and has actions.
The name of a WebUserDataPermission (also referred to as the target name)
identifies a Web resource by its context path relative URL pattern. |
| Fields Summary |
|---|
| private static String[] | transportKeys | | private static HashMap | transportHash | | private static int | TT_NONE | | private static int | TT_CONFIDENTIAL | | private transient javax.security.jacc.URLPatternSpec | urlPatternSpec | | private transient javax.security.jacc.HttpMethodSpec | methodSpec | | private transient int | transportType | | private transient int | hashCodeValue | | private static final transient String | EMPTY_STRING | | private static final long | serialVersionUID | | private static final ObjectStreamField[] | serialPersistentFieldsThe serialized fields of this permission are defined below. Whether
or not the serialized fields correspond to actual (private) fields
is an implementation decision. |
| Constructors Summary |
|---|
public WebUserDataPermission(String name, String actions)Creates a new WebUserDataPermission with the specified name and actions.
The name contains a URLPatternSpec that identifies the web
resources to which the permissions applies. The syntax of a URLPatternSpec
is as follows:
URLPatternList ::= URLPattern | URLPatternList colon URLPattern
URLPatternSpec ::= null | URLPattern | URLPattern colon URLPatternList
A null URLPatternSpec is translated to the default URLPattern, "/", by
the permission constructor. The empty string is an exact URLPattern, and
may occur anywhere in a URLPatternSpec that an exact URLPattern may occur.
The first URLPattern in a URLPatternSpec may be any of the pattern
types, exact, path-prefix, extension, or default as defined in the
Java Servlet Specification). When a URLPatternSpec includes
a URLPatternList, the patterns of the URLPatternList identify the
resources to which the permission does NOT apply and depend on the
pattern type and value of the first pattern as follows:
- No pattern may exist in the URLPatternList that matches the
first pattern.
- If the first pattern is a path-prefix
pattern, only exact patterns matched by the first pattern
and path-prefix patterns matched by, but different from,
the first pattern may occur in the URLPatternList.
- If the first pattern is an extension
pattern, only exact patterns that are matched by the first
pattern and path-prefix patterns may occur in the URLPatternList.
- If the first pattern is the default pattern, "/", any pattern
except the default pattern may occur in the URLPatternList.
- If the first pattern is an exact pattern a URLPatternList must not
be present in the URLPatternSpec.
The actions parameter contains a comma separated list of HTTP methods
that may be followed by a transportType separated from the HTTP
method by a colon.
ExtensionMethod ::= any token as defined by RFC 2616
(that is, 1*[any CHAR except CTLs or separators])
HTTPMethod ::= "Get" | "POST" | "PUT" | "DELETE" | "HEAD" |
"OPTIONS" | "TRACE" | ExtensionMethod
HTTPMethodList ::= HTTPMethod | HTTPMethodList comma HTTPMethod
HTTPMethodExceptionList ::= exclaimationPoint HTTPMethodList
HTTPMethodSpec ::= emptyString | HTTPMethodExceptionList |
HTTPMethodList
transportType ::= "INTEGRAL" | "CONFIDENTIAL" | "NONE"
actions ::= null | HTTPMethodSpec |
HTTPMethodSpec colon transportType
If duplicates occur in the HTTPMethodSpec
they must be eliminated by the permission constructor.
An empty string HTTPMethodSpec is a shorthand for a List
containing all the possible HTTP methods.
If the HTTPMethodSpec contains an HTTPMethodExceptionList (i.e.,
it begins with an exclaimationPoint), the permission pertains
to all methods except those occuring in the exception list.
An actions string without a transportType is a shorthand for a
actions string with the value "NONE" as its TransportType.
A granted permission representing a transportType of "NONE",
indicates that the associated resources may be accessed
using any conection type.
super(name);
this.urlPatternSpec = new URLPatternSpec(name);
parseActions(actions);
| public WebUserDataPermission(String urlPatternSpec, String[] HTTPMethods, String transportType)Creates a new WebUserDataPermission with name corresponding to the
URLPatternSpec, and actions composed from the array of HTTP methods
and the transport type.
super(urlPatternSpec);
this.urlPatternSpec = new URLPatternSpec(urlPatternSpec);
this.transportType = TT_NONE;
if (transportType != null) {
Integer bit = (Integer) transportHash.get(transportType);
if (bit == null)
throw new IllegalArgumentException("illegal transport value");
this.transportType = bit.intValue();
}
this.methodSpec = HttpMethodSpec.getSpec(HTTPMethods);
| public WebUserDataPermission(HttpServletRequest request)Creates a new WebUserDataPermission from the HttpServletRequest
object.
super(getUriMinusContextPath(request));
this.urlPatternSpec = new URLPatternSpec(super.getName());
this.transportType = request.isSecure() ? TT_CONFIDENTIAL : TT_NONE;
this.methodSpec = HttpMethodSpec.getSpec(request.getMethod());
|
| Methods Summary |
|---|
| public boolean | equals(java.lang.Object o)Checks two WebUserDataPermission objects for equality.
WebUserDataPermission objects are equivalent if their
URLPatternSpec and (canonicalized) actions values are equivalent.
The URLPatternSpec of a reference permission is equivalent to that
of an argument permission if their first patterns are
equivalent, and the patterns of the URLPatternList of the reference
permission collectively match exactly the same set of patterns
as are matched by the patterns of the URLPatternList of the
argument permission.
Two Permission objects, P1 and P2, are equivalent if and only if
P1.implies(P2) && P2.implies(P1).
if (o == null || ! (o instanceof WebUserDataPermission)) return false;
WebUserDataPermission that = (WebUserDataPermission) o;
if (this.transportType != that.transportType) return false;
if (!this.methodSpec.equals(that.methodSpec)) return false;
return this.urlPatternSpec.equals(that.urlPatternSpec);
| | public java.lang.String | getActions()Returns a canonical String representation of the actions of this
WebUserDataPermission. The canonical form of the actions of a
WebUserDataPermission is described by the following syntax description.
ExtensionMethod ::= any token as defined by RFC 2616
(that is, 1*[any CHAR except CTLs or separators])
HTTPMethod ::= "GET" | "POST" | "PUT" | "DELETE" | "HEAD" |
"OPTIONS" | "TRACE" | ExtensionMethod
HTTPMethodList ::= HTTPMethod | HTTPMethodList comma HTTPMethod
HTTPMethodExceptionList ::= exclaimationPoint HTTPMethodList
HTTPMethodSpec ::= emptyString | HTTPMethodExceptionList |
HTTPMethodList
transportType ::= "INTEGRAL" | "CONFIDENTIAL" | "NONE"
actions ::= null | HTTPMethodList |
HTTPMethodSpec colon transportType
If the permission's HTTP methods correspond to the entire HTTP method
set and the permission's transport type is "INTEGRAL" or "CONFIDENTIAL",
the HTTP methods shall be represented in the canonical form by an
emptyString HTTPMethodSpec. If the permission's HTTP methods correspond
to the entire HTTP method set, and the permission's transport type is not
"INTEGRAL"or "CONFIDENTIAL", the canonical actions value shall be the
null value.
If the permission's methods do not correspond to the entire HTTP
method set, duplicates must be eliminated and the remaining elements
must be ordered such that the predefined methods preceed the extension
methods, and such that within each method classification the corresponding
methods occur in ascending lexical order.
The resulting (non-emptyString) HTTPMethodSpec
must be included in the canonical form, and if the permission's
transport type is not "INTEGRAL" or "CONFIDENTIAL", the canonical
actions value must be exactly the resulting HTTPMethodSpec.
String result;
String hActions = this.methodSpec.getActions();
if (this.transportType == TT_NONE && hActions == null) result = null;
else if (this.transportType == TT_NONE) result = hActions;
else if (hActions == null)
result = ":" + transportKeys[this.transportType];
else result = hActions + ":" + transportKeys[this.transportType];
return result;
| | private static java.lang.String | getUriMinusContextPath(javax.servlet.http.HttpServletRequest request)Chops the ContextPath off the front of the requestURI to
yield the servletPath + PathInfo. For the special case where
the servletPath + PathInfo is the pattern, "/", this
routine returns the empty string.
String uri = request.getRequestURI();
if (uri != null) {
String contextPath = request.getContextPath();
int contextLength = contextPath == null ? 0 : contextPath.length();
if (contextLength > 0) {
uri = uri.substring(contextLength);
}
if (uri.equals("/")) {
uri = EMPTY_STRING;
}
} else {
uri = EMPTY_STRING;
}
return uri;
| | public int | hashCode()Returns the hash code value for this WebUserDataPermission. The
properties of the returned hash code must be as follows:
- During the lifetime of a Java application, the hashCode method
shall return the same integer value every time it is called on a
WebUserDataPermission object. The value returned by hashCode for a
particular EJBMethod permission need not remain consistent from
one execution of an application to another.
- If two WebUserDataPermission objects are equal according to the
equals method, then calling the hashCode method on each of the two
Permission objects must produce the same integer result (within an
application).
if (this.hashCodeValue == 0) {
String hashInput = new String(this.urlPatternSpec.toString() +
" " + this.methodSpec.hashCode() +
":" + this.transportType);
this.hashCodeValue = hashInput.hashCode();
}
return this.hashCodeValue;
| | public boolean | implies(java.security.Permission permission)Determines if the argument Permission is "implied by" this
WebUserDataPermission. For this to be the case all of the following
must be true:
- The argument is an instanceof WebUserDataPermission.
- The first URLPattern in the name of the argument permission
is matched by the first URLPattern in the name of this permission.
- The first URLPattern in the name of the argument permission
is NOT matched by any URLPattern in the URLPatternList of the
URLPatternSpec of this permission.
- If the first URLPattern in the name of the argument permission
matches the first URLPattern in the URLPatternSpec of this
permission, then every URLPattern in the URLPatternList of the
URLPatternSpec of this permission is matched by a URLPattern
in the URLPatternList of the argument permission.
- The HTTP methods represented by the actions of the argument
permission are a subset of the HTTP methods represented by the
actions of this permission.
- The transportType in the actions of this permission
either corresponds to the value "NONE", or equals the
transportType in the actions of the argument permission.
URLPattern matching is performed using the Servlet matching
rules where two URL patterns match if they are related as follows:
- their pattern values are String equivalent, or
- this pattern is the path-prefix pattern "/*", or
- this pattern is a path-prefix pattern (that is, it starts with
"/" and ends with "/*") and the argument pattern starts with the
substring of this pattern, minus its last 2 characters, and the
next character of the argument pattern, if there is one, is "/", or
- this pattern is an extension pattern (that is, it starts with
"*.") and the argument pattern ends with this pattern, or
- the reference pattern is the special default pattern, "/",
which matches all argument patterns.
All of the comparisons described above are case sensitive.
if (permission == null ||
! (permission instanceof WebUserDataPermission)) return false;
WebUserDataPermission that = (WebUserDataPermission) permission;
if (this.transportType != TT_NONE &&
this.transportType != that.transportType) return false;
if (!this.methodSpec.implies(that.methodSpec)) return false;
return this.urlPatternSpec.implies(that.urlPatternSpec);
| | private void | parseActions(java.lang.String actions)
this.transportType = TT_NONE;
if (actions == null || actions.equals("")) {
this.methodSpec = HttpMethodSpec.getSpec((String) null);
} else {
int colon = actions.indexOf(':");
if (colon < 0) {
this.methodSpec = HttpMethodSpec.getSpec(actions);
} else {
if (colon == 0) {
this.methodSpec = HttpMethodSpec.getSpec((String) null);
} else {
this.methodSpec = HttpMethodSpec.getSpec
(actions.substring(0,colon));
}
Integer bit = (Integer)
transportHash.get(actions.substring(colon+1));
if (bit == null)
throw new IllegalArgumentException
("illegal transport value");
this.transportType = bit.intValue();
}
}
| | private synchronized void | readObject(java.io.ObjectInputStream s)readObject reads the serialized fields from the
input stream and uses them to restore the permission.
This method need not be implemented if establishing the
values of the serialized fields (as is done by defaultReadObject)
is sufficient to initialize the permission.
parseActions((String) s.readFields().get("actions",null));
this.urlPatternSpec = new URLPatternSpec(super.getName());
| | private synchronized void | writeObject(java.io.ObjectOutputStream s)writeObject is used to establish the values of the serialized fields
before they are written to the output stream and need not be
implemented if the values of the serialized fields are always
available and up to date. The serialized fields are written to
the output stream in the same form as they would be written
by defaultWriteObject.
s.putFields().put("actions",this.getActions());
s.writeFields();
|
|
