FileDocCategorySizeDatePackage
SecurityConstraint.javaAPI DocGlassfish v2 API14561Fri May 04 22:32:08 BST 2007org.apache.catalina.deploy

SecurityConstraint

public class SecurityConstraint extends Object implements Serializable
Representation of a security constraint element for a web application, as represented in a <security-constraint> element in the deployment descriptor.

WARNING: It is assumed that instances of this class will be created and modified only within the context of a single thread, before the instance is made visible to the remainder of the application. After that, only read access is expected. Therefore, none of the read and write access within this class is synchronized.

author
Craig R. McClanahan
version
$Revision: 1.4 $ $Date: 2007/05/05 05:32:08 $

Fields Summary
private boolean
allRoles
Was the "all roles" wildcard included in the authorization constraints for this security constraint?
private boolean
authConstraint
Was an authorization constraint included in this security constraint? This is necessary to distinguish the case where an auth-constraint with no roles (signifying no direct access at all) was requested, versus a lack of auth-constraint which implies no access control checking.
private String[]
authRoles
The set of roles permitted to access resources protected by this security constraint.
private SecurityCollection[]
collections
The set of web resource collections protected by this security constraint.
private String
displayName
The display name of this security constraint.
private String
userConstraint
The user data constraint for this security constraint. Must be NONE, INTEGRAL, or CONFIDENTIAL.
Constructors Summary
public SecurityConstraint()
Construct a new security constraint instance with default values.


        super();

    
Methods Summary
public voidaddAuthRole(java.lang.String authRole)
Add an authorization role, which is a role name that will be permitted access to the resources protected by this security constraint.

param
authRole Role name to be added


        if (authRole == null)
            return;
        if ("*".equals(authRole)) {
            allRoles = true;
            return;
        }
        String results[] = new String[authRoles.length + 1];
        for (int i = 0; i < authRoles.length; i++)
            results[i] = authRoles[i];
        results[authRoles.length] = authRole;
        authRoles = results;
        authConstraint = true;

    
public voidaddCollection(SecurityCollection collection)
Add a new web resource collection to those protected by this security constraint.

param
collection The new web resource collection


        if (collection == null)
            return;
        SecurityCollection results[] =
            new SecurityCollection[collections.length + 1];
        for (int i = 0; i < collections.length; i++)
            results[i] = collections[i];
        results[collections.length] = collection;
        collections = results;

    
public booleanfindAuthRole(java.lang.String role)
Return true if the specified role is permitted access to the resources protected by this security constraint.

param
role Role name to be checked


        if (role == null)
            return (false);
        for (int i = 0; i < authRoles.length; i++) {
            if (role.equals(authRoles[i]))
                return (true);
        }
        return (false);

    
public java.lang.String[]findAuthRoles()
Return the set of roles that are permitted access to the resources protected by this security constraint. If none have been defined, a zero-length array is returned (which implies that all authenticated users are permitted access).


        return (authRoles);

    
public SecurityCollectionfindCollection(java.lang.String name)
Return the web resource collection for the specified name, if any; otherwise, return null.

param
name Web resource collection name to return


        if (name == null)
            return (null);
        for (int i = 0; i < collections.length; i++) {
            if (name.equals(collections[i].getName()))
                return (collections[i]);
        }
        return (null);

    
public SecurityCollection[]findCollections()
Return all of the web resource collections protected by this security constraint. If there are none, a zero-length array is returned.


        return (collections);

    
public booleangetAllRoles()
Was the "all roles" wildcard included in this authentication constraint?



    // ------------------------------------------------------------- Properties


                   
       

        return (this.allRoles);

    
public booleangetAuthConstraint()
Return the authorization constraint present flag for this security constraint.


        return (this.authConstraint);

    
public java.lang.StringgetDisplayName()
Return the display name of this security constraint.


        return (this.displayName);

    
public java.lang.StringgetUserConstraint()
Return the user data constraint for this security constraint.


        return (userConstraint);

    
public booleanincluded(java.lang.String uri, java.lang.String method, boolean caseSensitiveMapping)
Return true if the specified context-relative URI (and associated HTTP method) are protected by this security constraint.

param
uri Context-relative URI to check
param
method Request method being used

    // END SJSWS 6324431

        // We cannot match without a valid request method
        if (method == null)
            return (false);

        // Check all of the collections included in this constraint
        for (int i = 0; i < collections.length; i++) {
            if (!collections[i].findMethod(method))
                continue;
            String patterns[] = collections[i].findPatterns();
            for (int j = 0; j < patterns.length; j++) {
                /* SJSWS 6324431
                if (matchPattern(uri, patterns[j]))
                */
                // START SJSWS 6324431
                if (matchPattern(uri, patterns[j], 
                                 caseSensitiveMapping))
                // END SJSWS 6324431
                    return (true);
            }
        }

        // No collection included in this constraint matches this request
        return (false);

    
private booleanmatchPattern(java.lang.String path, java.lang.String pattern, boolean caseSensitiveMapping)
Does the specified request path match the specified URL pattern? This method follows the same rules (in the same order) as those used for mapping requests to servlets.

param
path Context-relative request path to be checked (must start with '/')
param
pattern URL pattern to be compared against

    // END SJSWS 6324431        

        // Normalize the argument strings
        if ((path == null) || (path.length() == 0))
            path = "/";
        if ((pattern == null) || (pattern.length() == 0))
            pattern = "/";

        // START SJSWS 6324431
        if (!caseSensitiveMapping) {
            path = path.toLowerCase();
            pattern = pattern.toLowerCase();
        }
        // END SJSWS 6324431

        // Check for exact match
        if (path.equals(pattern))
            return (true);

        // Check for path prefix matching
        if (pattern.startsWith("/") && pattern.endsWith("/*")) {
            pattern = pattern.substring(0, pattern.length() - 2);
            if (pattern.length() == 0)
                return (true);  // "/*" is the same as "/"
            if (path.endsWith("/"))
                path = path.substring(0, path.length() - 1);
            while (true) {
                if (pattern.equals(path))
                    return (true);
                int slash = path.lastIndexOf('/");
                if (slash <= 0)
                    break;
                path = path.substring(0, slash);
            }
            return (false);
        }

        // Check for suffix matching
        if (pattern.startsWith("*.")) {
            int slash = path.lastIndexOf('/");
            int period = path.lastIndexOf('.");
            if ((slash >= 0) && (period > slash) &&
                path.endsWith(pattern.substring(1))) {
                return (true);
            }
            return (false);
        }

        // Check for universal mapping
        if (pattern.equals("/"))
            return (true);

        return (false);

    
public voidremoveAuthRole(java.lang.String authRole)
Remove the specified role from the set of roles permitted to access the resources protected by this security constraint.

param
authRole Role name to be removed


        if (authRole == null)
            return;
        int n = -1;
        for (int i = 0; i < authRoles.length; i++) {
            if (authRoles[i].equals(authRole)) {
                n = i;
                break;
            }
        }
        if (n >= 0) {
            int j = 0;
            String results[] = new String[authRoles.length - 1];
            for (int i = 0; i < authRoles.length; i++) {
                if (i != n)
                    results[j++] = authRoles[i];
            }
            authRoles = results;
        }

    
public voidremoveCollection(SecurityCollection collection)
Remove the specified web resource collection from those protected by this security constraint.

param
collection Web resource collection to be removed


        if (collection == null)
            return;
        int n = -1;
        for (int i = 0; i < collections.length; i++) {
            if (collections[i].equals(collection)) {
                n = i;
                break;
            }
        }
        if (n >= 0) {
            int j = 0;
            SecurityCollection results[] =
                new SecurityCollection[collections.length - 1];
            for (int i = 0; i < collections.length; i++) {
                if (i != n)
                    results[j++] = collections[i];
            }
            collections = results;
        }

    
public voidsetAuthConstraint(boolean authConstraint)
Set the authorization constraint present flag for this security constraint.


        this.authConstraint = authConstraint;

    
public voidsetDisplayName(java.lang.String displayName)
Set the display name of this security constraint.


        this.displayName = displayName;

    
public voidsetUserConstraint(java.lang.String userConstraint)
Set the user data constraint for this security constraint.

param
userConstraint The new user data constraint


        if (userConstraint != null)
            this.userConstraint = userConstraint;

    
public java.lang.StringtoString()
Return a String representation of this security constraint.


        StringBuffer sb = new StringBuffer("SecurityConstraint[");
        for (int i = 0; i < collections.length; i++) {
            if (i > 0)
                sb.append(", ");
            sb.append(collections[i].getName());
        }
        sb.append("]");
        return (sb.toString());